Patron data. Access control. Cryptographic tools. Multi-agent AI. The common thread is the same: systems that hold up under scrutiny because that's how they were built from the first line of code.
Every system I ship carries an explicit threat model, a fail-closed posture, and an honest accounting of what it does and doesn't guarantee.
Secure file transfer across an air gap. Two computers that will never touch a network exchange data through animated QR-code streams on a phone screen. The phone is treated as an untrusted optical channel — every cryptographic guarantee stays on the secure endpoints.
The threat model is the point. Not the primitives — the primitives are standard. What's rare is the discipline of deciding up front what you're defending against, designing for that, and documenting honestly where the protection ends.
Stack: AES-256-GCM · Argon2id · ML-KEM-1024 hybrid (post-quantum) · fountain codes · versioned byte-level protocol · fail-closed parsing
Meow Decoder didn't appear from nowhere. It sits at the end of a deliberate learning path — from classical ciphers, to primitive selection, to modern cryptographic experimentation, to applied security engineering.
These five projects form one arc:
| # | Project | Role in the arc |
|---|---|---|
| 1 | Cipher Museum · repo | Learn the history. 3,900 years of cryptography through 84 historically important ciphers, 13 exhibit halls, live demos, and cryptanalysis tools. |
| 2 | Cipher Detective AI · repo | Analyze intelligently. AI-assisted cipher identification and cryptanalysis exploration — connecting classical cipher patterns with modern machine-learning techniques. |
| 3 | Crypto Compare · repo | Choose wisely. Side-by-side algorithm comparisons across 17 categories with misuse-resistant recommendations. |
| 4 | Crypto Lab · repo | Experiment deeply. 99+ browser-based demos — post-quantum cryptography, ZK proofs, homomorphic encryption, MPC, threshold schemes, attacks, and steganography. Browser-constrained. Educational by design. No accounts. Just the math. |
| 5 | Meow Decoder · repo | Apply securely. Everything above, put to work in an applied security engineering project focused on optical air-gap data transfer and modern encrypted-transfer experiments. |
The same arc has grown into a practical .NET package ecosystem — 35 small, documented libraries that bring post-quantum cryptography into the places developers actually work: file and data encryption, JWT/authentication, secure channels, key management and rotation, password hashing, configuration secrets, Entity Framework Core, and first-class ASP.NET Core integration. A few anchors in the ecosystem:
PostQuantum.Cryptography — the foundation library: clean, secure-by-default wrappers over .NET's native FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA) implementations.
PostQuantum.Jwt / PostQuantum.AspNetCore — JOSE-style post-quantum tokens with one-line authentication wiring (AddPostQuantumJwtBearer()), including Roslyn analyzers that enforce safe-by-construction verification.
PostQuantum.Hybrid — high-level hybrid cryptography that pairs classical primitives (X25519, Ed25519) with the NIST-standardized post-quantum algorithms (ML-KEM-768, ML-DSA-65), so a payload stays secure as long as either half holds.
PostQuantum.FileFormat (PQF) — a draft specification and reference implementation for hybrid post-quantum encrypted files at rest. It treats the file format itself as a security boundary: deterministic CBOR encoding, explicit versioning, test vectors, fail-closed parsing, and honest preview-stage documentation.
PostQuantum.SecureChannel — three messages to a live, mutually-authenticated, forward-secret session built on X-Wing hybrid key agreement.
PostQuantum.DataProtection — drops into ASP.NET Core Data Protection to wrap cookie, antiforgery, and session keys, with key stores for Azure Key Vault, AWS Secrets Manager, and Redis.
The packages are intentionally labeled by maturity — from release candidates down to early previews. The goal is not to claim finished cryptography; it is to make post-quantum migration understandable, testable, and reviewable in real .NET code, with misuse-resistant APIs, build-time analyzers, and test fakes throughout. Current direction: X-Wing / ML-KEM · ML-DSA · X25519 · Ed25519 · AES-256-GCM · Argon2id · HKDF · CBOR · ASP.NET Core · secure-by-default developer APIs.
Secure File Upload Pipeline (.NET) · repo
Most real-world breaches don’t break cryptography — they exploit file uploads and input validation failures.
This project demonstrates a hardened ASP.NET Core upload pipeline with a live demo:
- spoofed file rejection (extension vs content mismatch)
- magic number validation (file signature verification)
- strict allowlisting and fail-closed behavior
- size and abuse protections
A real attack surface — and what it takes to defend it correctly.
Live systems serving a public library institution and its community. This is where the discipline meets the daily work.
Patron Registration Platform + Staff Admin Dashboard
Replaced a vendor-managed legacy Perl system that had become a single point of failure. Built a modern ASP.NET Core 8 platform integrated with SirsiDynix Symphony Web Services — with a security-first document pipeline (AES-256-GCM encryption, ClamAV malware scanning, deep file content validation), automated patron creation, billing, and barcode lifecycle management.
Outcome: staff own the registration workflow for the first time. No vendor dependency for day-to-day operations.
ASP.NET Core MVC C# AES-256-GCM SirsiDynix
SwipeWatcher — Real-Time Access Control Monitor
Before this system, staff had no live view of who was entering or exiting the building. SwipeWatcher monitors C•CURE 9000 door events via HMAC-validated webhooks and delivers immediate alerting and structured logging.
Outcome: operational visibility staff had never had before.
C# .NET 8 Victor Web Services C•CURE 9000
LibCal ↔ C•CURE 9000 Integration · 🏆 I² Innovator/Inspirator Award
Patrons now unlock meeting rooms with their library cards at the scheduled time — automatic provisioning and revocation driven entirely by LibCal reservation data.
Outcome: no staff intervention, no manual access grants, no friction.
C# LibCal APIs Victor Web Services
LibCal ↔ SirsiDynix Integration
Circulation transactions trigger automatically from LibCal reservation events for Library of Things equipment.
Outcome: eliminated a manual checkout step previously required on every loan.
C# LibCal APIs SirsiDynix Symphony Web Services
The same way of building — intentional architecture, honest design, long-term thinking — applied to something eternal. Structured as a path, not a collection.
| Stage | Project | What it does |
|---|---|---|
| Understand | Scripture Journey | Maps 200+ OT messianic prophecies to NT fulfillments across 7 categories. Scripture as one unified story, with Jesus at the center. |
| Remember | Hide in Heart | Daily companion for Scripture memorization. Rooted in Psalm 119:11. |
| Discern | HisWillGuide | A 10-step biblical framework for finding God's will through Scripture, prayer, and community wisdom. |
| Intercede | PrayerWarriors | Mobile-first platform for organizing prayer requests and tracking intercession. Live mockup at prayerwarriors.mobi — in active design. Long-term ministry goal. |
I use AI the way I use any other powerful primitive: with an explicit model of what it's good at, what it fails at, and where the guardrails belong.
AI Conversation Platform is the most visible example — async orchestration of autonomous conversations between Claude, ChatGPT, Gemini, Grok, and Perplexity. The point isn't novelty. It's stress-testing reasoning by putting competing models against the same problem and watching what holds up.
Circuit breakers · Prometheus + Grafana observability · LLM Guard · 90%+ test coverage.
Security is a posture — not a layer.
Define the threat model first. Build fail-closed. Document honestly where guarantees end.
Understand the primitive before you trust it — at implementation depth.
Systems should be reliable, observable, and self-sustaining in production.
Engineering Focus
Languages — C# · TypeScript · JavaScript · Python · Dart · Rust · SQL
Frameworks — .NET 8 · ASP.NET Core MVC · Next.js · Node.js · Vite · Flutter · Firebase
Security — AES-256-GCM · Argon2id · HMAC · HKDF · BIP-39 · ML-KEM · ML-DSA · X-Wing (X25519 + ML-KEM) · Ed25519 · HQC · multivariate & ZK schemes · E2EE · forward secrecy · threat modeling · fail-closed design
Cryptography Education — crypto-lab (90+ browser demos) · Cipher Museum (140 exhibits, 110 demos) · crypto-compare (97 algorithms) · real-primitive demos · KNOWN-GAPS documentation
Library Systems — SirsiDynix Symphony · LibCal · C•CURE 9000 · Victor Web Services
Practices — TDD · CI-proven invariants · ADR-driven design · security reviews · WCAG accessibility · explicit threat models · honest capability documentation
National and industry recognition for leadership, advocacy, and public impact in library systems and community access:
- 🏆 Florida Librarian of the Year (2011)
- 🌍 Library Journal Mover & Shaker — Global Leadership (2012)
- ❤️ I Love My Librarian Award (2010) — Carnegie Corporation of New York, The New York Times, American Library Association
- 🗣️ Advocate of the Year (2010) — Florida Association of Counties
- 🏅 I² Innovator/Inspirator Award (2024, 2025) — LibCal ↔ C•CURE Integration
These recognitions reflect earlier work in advocacy and community leadership — the same focus on public impact now carried forward through system design, security, and infrastructure.
If what I've described sounds like the way you think — public infrastructure, applied cryptography, AI systems that have to be responsible — let's talk.
"So whether you eat or drink or whatever you do, do it all for the glory of God."
— 1 Corinthians 10:31 (NIV)