The Retooling

A 100-Day Sprint into the AI Security Frontier

I’ve spent the last eight years in security, most recently focusing on Insider Threat Mitigation at Amazon. One lesson stands out: we are traditionally defensive by nature. We build walls around the data we know.

But the walls are changing.

With the explosion of LLMs and agentic workflows, the “insider” isn’t just a person anymore—it’s the model itself, the prompt, and the entire RAG pipeline. The traditional playbooks for detection and response are starting to feel inadequate for the scale of the challenge.

I’m spending the next 100 days retooling.

I am shifting my focus toward AI Security Engineering. This isn’t just a pivot; it’s a necessity for staying relevant as the industry moves toward autonomous intelligence.

The Strategic Plan

I am moving beyond theory to technical execution, focusing on three core pillars:

SANS SEC545 Mastery Deep-diving into the Applied Generative AI Security curriculum to master model-specific vulnerabilities and defense-in-depth for AI infrastructure.
Security Automation (Python) Building and open-sourcing technical solutions, starting with a Semantic Sanitizer and a robust Prompt Firewall to intercept adversarial misuse in real-time.
Cloud-Native Foundations Hardening the GCP and AWS environments that power these models, focusing on IAM granularity and VPC Service Controls for AI workloads.

Why Public Documentation?

I am documenting this journey here for two reasons: Accountability and Clarity.

In a high-pressure role at Amazon, it’s easy to let long-term learning slide. Public documentation ensures consistent execution. Furthermore, there is a lack of “ground-truth” engineering talk regarding AI security at scale. I intend to share my lab notes, the logic behind the code I build, and my reflections on scaling trust.

If you are also navigating the gap between traditional AppSec and the AI frontier, I hope you find this series useful.

Up Next: Architecting a Prompt Firewall: The Logic and the Code.