I turn research into businesses. I do my best work just past the edge of what I already understand.
Principal Security Program Manager, AI Research at Microsoft · Raleigh, NC
curt@raleigh:~$
this terminal works: type help · or just click a directory below · esc closes windows
curt@raleigh:~$ ls ~/ # click anything to open it
$ cat ~/story.md
The short version
I was born in Singapore and grew up wherever the oil fields sent my dad.
I learned C at 12. At 13 a regional ISP found a bot I'd written running on
their servers and offered me a job, then asked my age. I've been building
ever since: firmware, smart grid, semiconductors, security, and now AI.
Security is a deliberate choice, not an accident of career path. Either
leaders treat it as a first-class priority or we all quietly accept
constant breach. The part that keeps me curious is doing that without
locking people out of the things they need. Getting that balance right
is the job.
Georgia Tech EMBAMississippi State CompEInfinite Mindset Award ×2piano since age 5
[ me and Sharla ]
$ git log --reverse career/ # click a stop on the timeline
Twenty years, five bets
$ cd ~/ai-security && ls
Agents doing security work
At Microsoft I run the research and evaluation programs behind agents that
do security work. The bet, over and over, is the same one:
autonomous agents doing security work, and the evaluation and
runtime discipline that make them safe to ship. Open a file for the part
you care about.
I'm the research and evaluation program lead for an AI static-analysis platform. It pairs modern models with custom agents built for each vulnerability class and scans managed and unmanaged code at a fraction of frontier-model cost. It has surfaced a large volume of previously unknown vulnerabilities in decades-old production code, several of which led to CVE assignments, and it's now launching to enterprise customers. The research breakthrough is a colleague's. Taking it from an idea to a product and a running operation is mine.
launching to customersbeats far larger models
Founding PM for an autonomous security-investigation agent. I wrote the vision document our EVP personally approved, then took it to private preview, where it cut alert triage time 50% at 85 to 90% precision on the kind of production alerts legacy detection-first tools leave to humans. Detection work I shipped elsewhere generated 61,000 customer alerts in 48 hours and disrupted 73 live business-email-compromise attacks in two weeks.
50% triage cut85-90% precision
In the same stretch I ran an AI red-team agent program that hunts breach paths across simulated enterprise environments. Building the attacker and the defender side by side is the most fascinating problem I have worked on. Watch an environment light up as the offensive agents move, then watch the defenders drive it back.
I own the benchmarking that decides whether the vuln platform ships. Leadership trusts the numbers because the method controls for non-determinism, counts reliability from runs started rather than runs scored, and puts cost next to accuracy. I also own the GPU footprint for these workloads, and the capacity models I built cut $500K a month of idle infrastructure. Earlier I co-invented a patented platform that validates generative-AI security assistant outputs at scale, cutting manual validation about 80%.
1 patent filed$500K/mo GPU saved
When Microsoft responded to the Midnight Blizzard nation-state attack, I served as an AI incident commander. I directed AI-led investigation and aligned dozens of researchers to collapse a projected multi-year manual effort into days. I also wrote the deployment guidance federal cloud data teams used during an active incident.
$ systemctl --user status my-life.service
My house has a chief of staff. I built her.
A persistent agent named Dabbles runs my home, my infrastructure,
and a good chunk of my daily life. I talk to her over Telegram like a team
member. She has long-term semantic memory, scheduled autonomy, real tools,
and a research partner agent named Hermes. She is where I test every idea
about agents before I bet on it professionally.
She is also threat-modeled like she's hostile: HMAC-signed scheduled
prompts, hard inbound allowlists, sandboxed execution, an audit trail of
every action. What an agent may touch, and how you check what it did, are
questions I get to rehearse at home every single day.
telegram
signed · allowlisted
dabblesdaily ops
<····> shared memory
hermesresearch
tools: shell · k8s · home assistant · calendar · mail
It started as a hobby and got wonderfully out of hand: an 8-node
Kubernetes cluster with GPU nodes, Ceph distributed storage, GitOps
for 40+ services, and disaster-recovery backups. It hosts the page you're
reading. It's where infrastructure and AI ideas prove themselves before I
trust them at work.
A real-time solar and battery dashboard I built for Duke Energy's time-of-use plan: live power flow over server-sent events and battery strategy verdicts with per-tier math. I spent seven years selling to this utility. Now I optimize against their rate card from my own roof.
The whole house is automated: switches, locks, the alarm, cameras, and sensors in nearly every room, all local-first on the cluster. Coupling that with the LLM work is where it gets fun. The agents see the same sensors I do, so the house watches its own patterns and keeps itself comfortable and ready: lights and climate follow how rooms actually get used, "goodnight" is one word, and if something looks off on a camera at 2am, I hear about it. The closest thing to a Jarvis I know how to build, and I get to iterate on it every week.
GPU nodes serving local LLM and TTS inference: the embedding models behind the agents' memory, plus speech synthesis experiments including performance work on a C++ TTS runtime. If a capability the agents need can run locally, it does.
[ the rack: Dell PowerEdge and Supermicro on APC UPS ]
[ the compute stack: 3× AMD mini-nodes and Cenmate bays ]
$ cat ~/keyboards/README.md
The 39-key situation
Split ergonomic keyboards, built and flashed by hand. Daily driver is a
Keyball39: 39 keys with an integrated trackball, running ZMK
firmware from my own config repo with custom layers and a slow-scroll
overlay I tuned myself. It took a week to relearn typing. Worth it.
The current build is a Delta Omega, a 34-key ultra-low-profile
wireless split, and this one goes all the way down the stack: bare PCBs
hand-soldered a diode and a switch at a time, a chassis CNC-machined from
aluminum, LiPo batteries wired straight to the board because the connector
doesn't fit, and ZMK firmware built for it before the solder cooled.
There's something clarifying about typing on an object where you know
every joint personally.
39 keys6 layers1 trackballzmk firmware
[ the Keyball39, white, with the trackball ]
[ the Delta Omega, black, ultra-low-profile ]
$ cd ~/hobbies && ls
Off the clock
I'm a Carolina Hurricanes fan with a season pass, and there is no
better reset than a loud night at the arena. At home it's board games,
around 250 of them and counting, played with a crew of friends who have
become family. I've played piano since I was five, and lately I've
been deep in flight simulation, slowly working through a virtual
commercial pilot's license because apparently I can't do a hobby halfway.
The one that means the most: mentoring FIRST Robotics students,
teaching them git, Java, and how a real team ships. Watching a kid's face
when their code moves a robot never gets old.
[ Canes game, from the seats ]
[ game night with the crew ]
$ cat ~/dogs/README.md
Tali and Milo
Two chihuahuas who run this household with absolute authority. Tali
is a professional lap warmer and quality-control inspector for every home
project. Milo joined us in 2019 and has never once missed a chance
to supervise from the couch. The house may be automated, but the real
motion sensors have four legs.