About the author

Welcome to my blog

I share thoughts on technology, open source, license compliance, Linux, and more. I write in Spanish and English—though Spanish is my native language, please excuse any rough edges in my English posts.

ABOUT

I'm a Principal Engineer and Technical Program Leader who specializes in AI governance, open source compliance, and software supply chain security. Over 15+ years, I've built programs that balance security with innovation, creating frameworks that protect organizations while enabling engineers to move fast.

WHAT I DO NOW

At Amazon, I lead technical compliance programs across 20+ engineering organizations, focusing on AI governance, OSS compliance, and software supply chain security. My role combines three things: defining security strategy, leading complex cross-functional programs, and personally building the automation platforms that make it all scale.

I'm not just a program leader who tells engineers what to build. I write Python code for production systems, architect ML/AI frameworks, and develop proof-of-concept prototypes based on my research. This "player-coach" approach means I understand the technical constraints and can design solutions that actually work.

MY BACKGROUND

I started my career in telecommunications as a Specialist Engineer at Telefónica in Chile, managing contractor teams and building OSS/BSS monitoring systems for specialized telecom networks. My background in electronics and informatics gave me a strong foundation in systems thinking and large-scale infrastructure management.

When I joined Amazon in 2014, I transitioned into program management as a Technical Program Manager for Kindle, leading 30+ engineering teams with 200+ engineers across Seattle, Bangalore, and Beijing. That experience taught me how to coordinate massive, multi-organizational initiatives and align stakeholders with competing priorities.

I then moved into security engineering because I wanted deeper technical expertise in an area that was becoming critical. I spent years building compliance automation, conducting M&A due diligence (30+ acquisitions), and establishing policies that became standard practice across Amazon organizations, including AWS, Alexa, Ring, and Lab126.

Now, as a Principal Engineer, I combine all three backgrounds: telecommunications systems experience, program leadership skills to drive enterprise initiatives, and the technical depth to architect and build security solutions.

INDUSTRY IMPACT

I help shape the future of AI and open source security through standards work. I serve as a board member for OpenChain (ISO/IEC 5230), the Yocto Project, and Software Heritage, contributing to specifications and providing technical input on global standards development.

I'm also an international speaker, presenting at conferences across North America, Europe, and Asia on topics like SBOM automation, AI governance, and building compliance programs that scale. Published researcher on AI supply chain security, semantic code analysis, and agentic AI frameworks for compliance automation.

WHAT I'VE BUILT

  • AI governance frameworks for GenAI/LLM deployments, including threat modeling and risk assessment
  • ML-powered compliance platforms using Python, NLP, and RAG architecture, achieving 84% accuracy in license analysis
  • Agentic AI systems for SBOM analysis and vulnerability detection
  • M&A security due diligence methodology for 30+ acquisitions
  • Policy-as-code enforcement integrated into CI/CD pipelines
  • Organization-wide OSS compliance policies adopted across multiple Amazon business units

EXPERTISE

AI Governance & Risk Management | Software Supply Chain Security | Open Source Compliance & Licensing | SBOM Automation | M&A Security Due Diligence | Technical Program Management | Policy-as-Code | Compliance Automation | ML/AI Security Platforms | Cross-functional Leadership

WHAT DRIVES ME

Building security and compliance systems that enable innovation rather than block it. Creating automation that helps engineers move fast while staying secure. Shaping industry standards that make software supply chains safer for everyone.

Connect with me if you're working on AI governance, supply chain security, OSS compliance, or building security platforms that scale.

Licenses

* All the scripts and code I developed are under MIT or Apache-2.0.
* The content is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.