Testimonial background
Sea landscape background

Red G / DevSecOps / AppSec / Automation

I build software, automate delivery, and strengthen security.

I combine application security, DevSecOps, product engineering, and applied AI to help teams ship dependable software with less manual work.

AppSecDevSecOpsApplied AIAutomationCloud securityProduct delivery
View projects
Profile photo

About me

I build, automate, and secure: writing software that removes manual work, then making sure what remains is hard to break.

Automation has been the thread through my career, from programming Olympiads and laser research systems to enterprise integrations, DevSecOps, application security, and AI-assisted workflows.

After software and integration roles at Hewlett Packard, I moved deep into Application Security: helping grow Swyftx security from scratch to 20+ specialists, rolling out scanning and threat assessment practices at Officeworks, and maturing secure software delivery lifecycle work at Belong.

AI is not a separate side interest for me. It is part of how I research, design, build, secure, document, and ship software. I use tools like ChatGPT, Gemini, NotebookLM, Claude Desktop, Cursor, Antigravity, Flow, Pomelli, Ollama, Hermes, and local LLMs to move faster while still applying security judgement and practical delivery discipline.

I stay hands-on outside of work too, building production apps like Alfie's Almanac, automated trading systems, local LLM experiments, and creative AI workflows. The best way to know what is possible is to keep building it myself.

  • Location:QLD, Australia
  • Interests:Coding, Surfing
  • Study:Computer Science / Physics

Career history

For my full employment history, roles, certifications, and professional recommendations, visit my LinkedIn profile.

View experience on LinkedIn

Selected work

Projects I have built

Production products and experiments across security, automation, local AI, and software delivery.

Featured
Alfie's Almanac screenshot 1

Alfie's Almanac

A production surf-planning app that I designed, built, secured, and deployed. It combines location data, weather and marine conditions, original map artwork, and AI-assisted development in a complete consumer product.

Hermes Stack screenshot 1

Hermes Stack

A private AI agent setup using Hermes and local Ollama models over Tailscale. It includes sandboxed execution, independent model review, and Discord and Telegram interfaces for research and community workflows.

Strategy Factory screenshot 1

Strategy Factory

An experimental trading platform for testing strategies, monitoring positions, reviewing risk, and tracking system health.

Yeah Nah Dosh Muncher screenshot 1
Yeah Nah Dosh Muncher screenshot 2

Yeah Nah Dosh Muncher

A personal and small-business finance app for tracking clients, projects, revenue, expenses, and spending categories. Its informal Australian voice is designed to make routine money management feel less intimidating.

Services

Fixed-scope security services

I offer focused security engagements with a clear scope, capped estimate, and practical deliverables. My standard rate is $200 AUD per hour, excluding GST.

Methodology: I use carefully controlled AI-assisted analysis alongside manual application security review, using tools such as Cursor, Claude Desktop / Code, ChatGPT, and Antigravity. Work can be completed within your existing development environment or in an isolated environment, depending on your privacy and security requirements.

Supply Chain FocusCloud Hardening

Supply Chain and Cloud Hardening Audit

A focused assessment of open-source dependencies and the cloud and delivery controls around them.

  • The Focus: Identify vulnerabilities and version drift across application dependencies, third-party CI/CD actions, and container base images.
  • Infrastructure Check: Auditing adjacent cloud engineering elements (AWS IAM configurations, base Docker layers, deployment pipeline hygiene, and secrets handling).
  • The Deliverable: A reviewed, prioritised list of risks with specific remediation and upgrade guidance, without automated report bloat.

Estimated investment

15–20 hours ($3,000 – $4,000 AUD ex GST)

Hands-on WorkshopPipeline Automation

Pipeline Automation and Dependabot Coaching

Collaborative implementation of automated dependency controls in your GitHub Actions pipelines.

  • The Focus: Work with the software author to map, pin, and automate version controls across the stack so package drift is caught early.
  • Multi-Layer Dependency Gates: Designing and embedding tailored Dependabot configurations and pipeline checks to continuously track application libraries (JavaScript, Python, etc.), GitHub Actions workflow versions, and Docker image layers.

Estimated investment

8–10 hours ($1,600 – $2,000 AUD ex GST)

Skills

What I work with

Security, automation, cloud, AI, and product engineering skills developed through professional delivery and independent projects.

Application Security & SSDLC

Threat modelling, secure software delivery, OWASP, SCA/SAST rollout, vulnerability management, developer engagement, and practical security uplift across engineering teams.

Applied professionallySecurity reviewedDeveloper enablementRisk reduction
Threat ModellingOWASP ASVSSCASASTSSDLCVulnerability ManagementSecure Code ReviewDeveloper Enablement

DevSecOps & Automation

Automating security and delivery workflows through CI/CD, GitHub/GitLab pipelines, Docker, policy checks, dependency scanning, and repeatable engineering processes.

Applied professionallyAutomated with itBuilt with itUsed in real workflows
GitHub ActionsGitLab CI/CDDockerDependabotSnykPipeline SecurityAutomationPolicy Gates

Applied AI Engineering

Using AI for research, design, coding, security review, documentation, automation, and product delivery, with independent review and clear security boundaries.

Built with itShipped to productionAutomated with itUsed in real workflows
ChatGPTGeminiNotebookLMClaude DesktopCursorAntigravityFlowPomelliOllamaHermesLocal LLMsAI Review Loops

Cloud & Container Security

Practical cloud and container security across AWS, identity, secrets, logging, deployment hardening, infrastructure design, and production environments.

Applied professionallySecurity reviewedShipped to productionUsed in real workflows
AWSIAMDockerContainersSecrets ManagementLoggingDeployment SecurityInfrastructure Hardening

Product Engineering

Full-stack product building from concept to production, combining frontend delivery, backend services, databases, authentication, storage, user experience, and deployment.

Built with itShipped to productionAutomated with itUsed in real workflows
Next.jsReactTypeScriptNode.jsPostgreSQLSupabaseVercelGitHubAPI DesignProduct Delivery

Governance, Privacy & Compliance

Security-aware delivery with consideration for privacy, risk, governance, documentation, and regulated environments.

Applied professionallySecurity reviewedRisk reductionUsed in real workflows
Privacy ActISMISO 27001NISTSecurity DocumentationRisk ManagementSBOMSupplier Review

Applied AI

How I use AI

I use AI throughout software delivery, including research, design, implementation, testing, security review, and documentation. I also run local models when privacy or greater control matters.

The value is not the number of tools I use. It is how I combine them with engineering judgement, independent review, and clear security boundaries.

AI workflow loop

A connected process that takes work from an early idea through review, security, and release.

1

Research

Explore ideas, compare approaches, summarise research, understand complex topics, and turn vague concepts into structured direction.

ChatGPTGeminiNotebookLMClaude
2

Build

Generate, refactor, debug, and review code while maintaining ownership of architecture and implementation decisions.

CursorAntigravityChatGPTClaude
3

Secure

Threat model features, review secrets handling, consider privacy risks, check dependency/security concerns, and strengthen delivery practices.

ChatGPTClaudeSecurity tooling
4

Ship

Move from idea to deployed product with version control, deployment workflows, and production feedback.

GitHubVercelDockerCI/CD workflows

AI supports the work. Responsibility for the architecture, security decisions, and finished product remains with me.

Recommendations

What colleagues say

Red G and I worked together in Swyftx security. For our entire time together, he was always supremely adaptable, eager to learn, kind hearted, and passionate about making Swyftx great. He has strong technical skills, stretching across a broad range of topics. He was most recently in an Application Security role, in which he was supporting a number of our engineering squads. I will be eagerly following where your career will take you!

-- Head of Security at Swyftx

I thoroughly enjoyed working with Red G during his time at Swyftx. Given his previous experience at Microfocus with Fortify, I found Red G to have a good knowledge of the AppSec space and was engaged & inquisitive to learn more on Snyk’s approach. During the roll out Snyk, our Customer Success Team who assisted during implementation, found Red G to be a great communicator and his proactive nature resulted in a huge amount of progress in a short period of time. I wish Red G all the best and look forward to seeing what his next move is.

-- Senior Account Executive at Snyk

Red G is a fantastic teammate to work alongside. He is diligent, thorough, knowledgeable, and considerate of the needs of others. He brings humour and a unique perspective and I have enjoyed all the time spent working with him.

-- Peer at Swyftx

Red G is a very thorough individual, Always ensuring that tasks are completed to ensure that customers of our team are aware of what we expect of them as well as what they should expect from us. Red G is incredibly knowledgeable across many disciplines and applies his knowledge learned elsewhere to all aspects of his work.

-- Lead Solution Architect at Micro Focus

Contact

Have something useful to build or improve?

I am available for fixed-scope security work, automation, product engineering, and selected contract opportunities.