Security engineering, research, and writing

Technical writing on Windows internals, reverse engineering, and security engineering.

Principal software engineer with more than a decade of experience across Windows kernel development, endpoint detection, CNO tooling, vulnerability research, and security platform engineering. The site brings together technical articles, selected research notes, and a concise view of recent work.

Read the blog View resume View GitHub

10+

Experience

Principal Engineer

Current role

TS/SCI + FSP

Prior clearance

Selected certifications

Highlights

Resume, selected experience, and recent technical writing.

View the PDF

Capabilities

Areas of focus

The work here centers on endpoint engineering, offensive research, reverse engineering, and platform modernization.

Endpoint engineering

Windows Kernel & EDR Engineering

I build low-level telemetry, detection, and hardening capabilities intended for production environments and real attacker behavior.

Kernel- and user-mode endpoint components in modern C++
Behavioral detection for shellcode injection and exploit activity
High-fidelity telemetry pipelines with practical cost discipline

Offensive research

Offensive Security & CNO Tooling

Experience building and assessing offensive tooling informs the defensive side of my work and keeps it grounded in operator reality.

Implants, loaders, and command-and-control support tooling
Threat modeling and OPSEC-aware engineering
Cross-platform evasive research spanning Windows, macOS, iOS, and Linux

Reverse engineering

Reverse Engineering & Vulnerability Research

When a system is opaque, I am comfortable working at the binary level until the relevant behavior is understood.

Binary manipulation and malicious subversion analysis
Compiler, supply chain, and code-injection research
Exploit development and root-cause driven security analysis

Platform modernization

Security Architecture & Platform Modernization

I work at the intersection of architecture, tooling, and engineering process, especially where mature codebases need to become faster and safer at the same time.

Agentic and AI-assisted engineering workflows for large codebases
Testing and CI improvements under operational constraints
Hardening reviews against advanced attacker techniques

Featured writing

Selected writing

Recent technical articles and research notes.

March 23, 2026 9 min read

How I Found 3 Router 0-Days and Built an AI-Assisted Firmware Emulation Platform

A disclosure-safe look at using rootless Podman, QEMU user-mode, and AI automation to bring up router firmware in WSL, work through the ugly realities of embedded userspace, and turn 3 findings into a repeatable testing platform.

#firmware #reverse-engineering #ai #emulation #research

Selected experience

Recent experience

A concise overview of the roles and engineering work behind the writing.

2024 - Present

Principal Software Engineer

Sophos / SecureWorks

Leading Windows agent and EDR platform work across kernel and user mode, with a focus on exploit-aware telemetry, defensive hardening, and practical platform modernization.

Architected enterprise EDR capabilities across kernel and user mode
Established AI-assisted workflows and engineering standards across a large legacy codebase
Built crash-dump and behavioral-analysis utilities for production defense

2022 - 2024

Senior CNO Software Engineer

Raytheon Cyber

Developed advanced CNO tooling and led research into evasion, anti-analysis, and validation infrastructure across multiple operating systems.

Built implants, loaders, and supporting command-and-control infrastructure
Researched hypervisor-based and hardware-assisted evasion techniques
Introduced automated testing and CI patterns inside constrained environments

2020 - 2022

Software Engineer / Systems Vulnerability Analyst

National Security Agency

Worked across red- and blue-team assessments, supply-chain research, vulnerability analysis, and technical reporting for senior stakeholders.

Contributed to work referenced in senior-level cyber policy discussions
Researched SolarWinds-class attack paths and defensive replication strategies
Performed reverse engineering, application security audits, and tool evaluation

Resume and contact

Resume, contact, and recent writing

For a concise overview, start with the resume. For deeper technical context, read the blog.

View resume Email Cameron