OPFORGE
Adversary emulation and detection validation platform built to evaluate defensive performance across enterprise telemetry pipelines.
Explore OPFORGE →Adversary Emulation & Detection Validation
Test whether your cyber defenses actually work
Validate to Dominate
I design adversary-driven cyber experimentation environments that measure whether defensive capabilities actually detect, inform, and improve response under realistic adversary conditions.
- Led threat emulation and detection validation efforts across multi-team cyber operations environments
- Designed cyber experimentation platforms supporting enterprise telemetry, detection pipelines, and defensive workflows
- Evaluated defensive capabilities against real-world adversary tradecraft to identify detection gaps and improve operational readiness
- Supported defensive cyber operations across multi-team environments responsible for real-world mission execution
The Problem
A detection can look good in a demo and still fail when adversary tradecraft unfolds across host, network, and analytic layers. Many security programs measure deployed tools and alert counts, but not whether defensive capability actually works under realistic conditions.
Selected Work
Tactical Validation & Assessment
Mission-focused work centered on measuring how defensive cyber capabilities perform when exposed to realistic adversary tradecraft.
View project summary →Validation Methodology
A practical framework linking adversary behavior, telemetry capture, detection evaluation, and defensive improvement.
Read methodology →Who This Helps
Cyber Defense Programs
Teams that need to measure whether enterprise defensive capabilities actually work against realistic adversary behavior.
Research & Experimentation Labs
Organizations building environments to test cyber capabilities, telemetry pipelines, and defensive architectures.
Detection Engineering Teams
Defenders who need evidence that their detections produce timely, useful, and operationally relevant signal.
Featured Writing
Silent Tank Overfill: When a Single Register Write Changes Physical Reality
A simple ICS scenario showing why detection validation must measure physical impact, not just alert generation.
Detection Validation Is Not Just Alerting
Why useful detection engineering requires more than writing rules.
Building Cyber Experimentation Platforms That Matter
What makes a cyber experimentation environment useful instead of decorative.
Let’s Talk
If you’re working on adversary emulation, detection validation, or cyber experimentation, I focus on helping organizations evaluate and improve defensive capability.
Start a Conversation