Rolling CodesHomeTech NewsAboutContact
View Source Code
Thom Morgan
Technical Lead & Security Engineering Manager | AI/ML Security Architect | Red Team Operations
thom@noodleofdeath.com
|
(703) 215-5735
|
Everett, MA
Skills
Core Expertise: Security & AI Red Teaming
LLM Security & Red Teaming; Adversarial AI Testing; Offensive Security (OSCP); Security Architecture & Strategy; Application Security Automation;
Leadership & Management
Engineering Leadership; Team & Product Management; Technical Strategy; Security Culture Building; People Leadership;
AI/ML Engineering
Retrieval-Augmented Generation; LLM Fine-tuning & Optimization; Prompt Engineering; Deep Learning Architecture; ML Operations & Governance; Explainable AI;
Programming Languages
TypeScript; Python; JavaScript; Rust; C++; Go;
Frameworks & Technologies
PyTorch / TensorFlow; LangChain / LlamaIndex; Hugging Face Transformers; Pinecone / Weaviate / ChromaDB; React / Next.js; Backend Frameworks; Docker / Kubernetes; Testing Frameworks;
DevOps & Cloud Infrastructure
AWS Cloud Platform; Kubernetes Ecosystem; Terraform / Pulumi; CI/CD Platforms; Datadog / Prometheus / Grafana; Infrastructure Automation;
Security Tools & Compliance
Security Testing Tools; Red/Purple Team Operations; Security Compliance;
Methodologies & Best Practices
Agile Methodologies; Secure Development; Software Engineering Practices; Site Reliability Engineering;
Robotics & Simulation
Gazebo; MuJoCo;
Certifications
AWS Developer Certified; Offensive Security Certified Professional (OSCP); Professional Scrum Master I (PSM I);
Education
Bachelor of Science
Majors: Computer Science & Mathematics
Minor: Film Studies
Summary
Technical Lead and Security Engineering Manager with 12+ years specializing in secure AI/ML systems and offensive security. Progressive evolution from full stack penetration tester → DevOps/AI engineer → technical leadership orchestrating cross-functional teams. Currently at Boston Dynamics, leading 6-7 senior developers in architecting secure GenAI/LLM systems for production robotics while directing security red team operations. Core expertise: AI/LLM security architecture, adversarial ML testing, secure full stack development, and DevSecOps automation. Reduced critical vulnerabilities 47% through strategic implementation of shift-left security, automated SQA pipelines, and zero-trust architectures. OSCP-certified with proven track record building high-performing security-focused engineering teams.
Work Experience
Technical Lead - Security Red Team & AI Systems
Boston Dynamics
MailJun 2022 - present (3 yrs 5 mths)MailFull-TimeMailWaltham, MA (Hybrid)
  • Led cross-functional agile team of 6-7 senior developers in cloud-native microservices architecture and embedded GenAI/LLM deployment for Spot and Atlas robots. Orchestrated security red team operations, identifying and remediating 150+ vulnerabilities across web applications, RESTful/GraphQL APIs, and ML pipelines. Reduced critical security findings by 47% year-over-year through shift-left security, automated SQA pipelines, and DevSecOps practices.
  • Established GitOps-based CI/CD infrastructure leveraging containerization (Docker/Kubernetes) with automated security testing, SAST/DAST scanning, and dependency vulnerability checks. Accelerated release cycles by 35% while maintaining zero security regressions in production, implementing infrastructure-as-code (Terraform) and zero-trust network architecture principles.
  • Directed engineering of adversarial AI testing frameworks for transformer-based vision models (ViT) and reinforcement learning policies. Designed automated red team attack simulation probing LLM jailbreaks, prompt injection, RAG poisoning, and model inversion attacks, identifying 40+ critical AI safety vulnerabilities pre-production using MLSecOps best practices.
  • Mentored team in secure-by-design architecture, conducting weekly threat modeling (STRIDE), security champions training, and pair programming sessions. Improved team security awareness scores by 60% and reduced security-related bugs by 52% through implementation of security guardrails and automated policy enforcement.
  • Architected observable AI/ML infrastructure with real-time model performance monitoring, drift detection using statistical process control, and automated retraining pipelines. Applied advanced prompt engineering, few-shot learning, and retrieval-augmented generation (RAG) achieving 23% improvement in safety-critical edge case detection for autonomous navigation systems.
Senior Full Stack Engineer - DevOps & AI/ML
Absci Corp
MailJun 2020 - Jun 2022 (2 yrs)MailContractMailOregon, WA (Remote)
  • Built end-to-end MLOps and DevOps pipelines with automated model versioning, CI/CD orchestration, A/B testing frameworks, and observability dashboards tracking model drift, data quality, and adversarial robustness. Reduced false positive rates by 37% through hyperparameter optimization, ensemble methods, and feature engineering using XGBoost and deep learning architectures.
  • Architected and trained state-of-the-art generative AI models (GANs) for synthetic DNA sequence generation, implementing custom loss functions and attention mechanisms to optimize convergence. Deployed scalable inference pipelines on AWS Lambda and ECS, processing millions of biomarker predictions with sub-100ms latency.
  • Designed comprehensive AI governance and model evaluation frameworks incorporating explainability (SHAP/LIME), fairness metrics, adversarial robustness testing, and automated red team probing. Implemented MLSecOps practices detecting data poisoning, model extraction attacks, and backdoor vulnerabilities in production ML systems.
  • Performed security assessments and penetration testing of cloud-based ML systems processing PHI/PII, implementing differential privacy, federated learning, and homomorphic encryption protocols to ensure HIPAA/GDPR compliance. Architected zero-trust data access patterns and secure enclaves for model training on sensitive genomic data.
Full Stack Penetration Tester & Red Team Operator
Unisys Federal SAIC
MailMay 2016 - Jun 2020 (4 yrs 1 mth)MailFull-TimeMailAlexandria, VA
  • Conducted comprehensive OWASP Top 10 penetration testing across cloud-native web applications, RESTful/SOAP APIs, mobile apps (iOS/Android), and network infrastructure for FedRAMP-compliant government systems. Performed manual code review and automated security assessments using Burp Suite, Metasploit, and custom exploit development, identifying 200+ critical/high severity vulnerabilities including SQL injection, XSS, CSRF, authentication bypasses, and privilege escalation.
  • Executed sophisticated red team operations simulating nation-state APT tactics (MITRE ATT&CK framework) against federal infrastructure. Successfully compromised air-gapped networks through spear phishing, watering hole attacks, social engineering, and zero-day exploit chains. Produced executive-level threat intelligence reports and delivered security awareness training achieving 85% phishing detection improvement.
  • Developed adversarial ML testing frameworks for biometric identification systems (facial recognition, fingerprint analysis) processing sensitive PII. Designed white-box and black-box attacks including prompt injection, model inversion, membership inference, and adversarial perturbations. Reduced evasion attack success by 64% through adversarial training, input validation, and rate limiting.
  • Architected DevSecOps pipelines integrating shift-left security practices with SAST (SonarQube, Checkmarx), DAST (OWASP ZAP), SCA (Snyk, Dependabot), and container scanning (Trivy, Clair). Implemented security-as-code using policy engines (OPA) and secret management (Vault), detecting and remediating 12 critical CVEs pre-production, establishing foundation for later DevOps/SRE specialization.