

Recent
MITRE ATT&CK for Developers: Beyond OWASP
·839 words·4 mins
Most developers know the OWASP Top 10, but fewer know MITRE ATT&CK. OWASP tells you what can break. ATT&CK tells you how attackers actually operate. Together, they give you a complete picture of application security.
I’ll be presenting this topic at NDC Security 2026 in Oslo, March 2-5. If you’re attending, come check out my talk — MITRE ATT&CK for Developers — on Wednesday, March 4 at 10:20.

NDC Security 2026
·410 words·2 mins
I’m excited to be speaking at NDC Security 2026 in Oslo, March 2-5! I’ll be presenting MITRE ATT&CK for Developers — showing how developers can go beyond the OWASP Top 10 and use the ATT&CK framework to think like attackers and build stronger defenses.

Promoted to Principal Software Engineer at Microsoft
I’m thrilled to share that I’ve been promoted to Principal Software Engineer at Microsoft!

Aspire CLI Part 3 - MCP for AI Coding Agents
·1352 words·7 mins
In Part 1, we covered creating and running Aspire apps. In Part 2, we explored deployment and CI/CD. Now let’s look at one of Aspire’s most exciting features: MCP (Model Context Protocol) support for AI coding agents.

Aspire CLI Part 2 - Deployment and Pipelines
·1488 words·7 mins
In Part 1, we covered the basics of the Aspire CLI: creating projects with aspire new, adding Aspire to existing apps with aspire init, running with aspire run, and managing integrations with aspire add and aspire update. Now let’s dive into deployment and CI/CD pipelines.
Migrating from Jekyll to Hugo Part 3: Deployment and Lessons Learned
·1099 words·6 mins
In the final part of this series, I cover deploying Hugo to GitHub Pages and share the challenges I encountered.