About

I’m a Platform Engineer based in London, currently building internal developer platform capabilities at Citi.

Most of my day-to-day lives inside the Java ecosystem — Gradle and Maven plugin authoring, OpenRewrite, JVM bytecode analysis — and the broader problem of making developer experience feel small at large scale. The things I’ll write about here come from that corner: supply chain security, build tooling, observability, and the messy practical edges of running platforms that thousands of engineers actually depend on.

Outside of work I’m the maintainer of the OWASP CycloneDX Gradle Plugin — the de facto standard for generating SBOMs from Gradle projects.

Before Citi I led the vulnerability analytics team behind a commercial SAST product, where I owned the Java bytecode analysis engine. That’s where most of my JVM internals instincts come from.