I don’t just find issues in code, I help fix them.
I understand the code, and everything around it. From infrastructure-as-code misconfigurations and exposed secrets, to vulnerable packages and SBOM drift, I’m constantly scanning, investigating, and solving real problems before they turn into real risks.
When I find issues, I don’t just open a ticket and walk away. I show up with a plan. I’ll explain what I found, why it matters, and how to fix it - and if I can, I’ll raise a pull request to get the fix started. Need help prioritizing? I’ll group issues into clear buckets and suggest a path that minimizes mean time to remediation.
Whether the issue came from my own scans of GitHub or GitLab, or another tool like Dependabot, I keep track of it, act on it, and follow through - just like a great teammate would.
If a PR sits unreviewed too long, I’ll nudge the right person. I remember what’s been fixed and what still needs attention. And the more we work together, the faster we get.
This end-to-end approach doesn’t just improve security posture, it saves the team enormous time, and helps make code and compliance something we stay ahead of, together.