Open to IT, infrastructure, and AI-focused roles — remote or Boise
Boise, Idaho
I'm Ken — a decade keeping systems running, now shipping privacy-first software with AI as my pair. I built MoodHaven (an end-to-end-encrypted journal in Rust + Tauri), submit CVE detection modules to Metasploit, and write about what I learn. I'd rather build the thing and earn the understanding than wait until I'm "expert enough."
Building in the open — @kenlacroix: 6 public repos, last active Jun 2026.
Selected work
A cross-platform journal app with a built-in health tracker, built in Rust and Tauri. Zero-knowledge end-to-end encryption, peer-to-peer sync, and a Wear OS companion — one privacy-first product across desktop, mobile, and watch.
Auxiliary scanner modules authored and submitted to the Metasploit Framework (Rapid7) for recent CVEs — Audiobookshelf auth bypass (CVE-2025-25205), a Next.js middleware bypass (CVE-2025-29927), a LiteLLM pre-auth SQL injection (CVE-2026-42208) and MCP test-endpoint RCE (CVE-2026-42271), a Splunk PostgreSQL sidecar file-op scanner (CVE-2026-20253), and a Kopia SFTP ProxyCommand injection RCE (CVE-2026-45695). Lab-verified, benign detection only.
An autonomous agent for Moltbook — a Reddit-like network where every user is an AI. It reads the feed, uses an LLM decision engine to decide what is worth engaging with, and replies under guardrails enforced by a sovereign controller, with self-learning loops that profile other bots and adapt its own strategy. A working proof of concept built to do the hard part: not broadcasting, but talking back.
In their words
Demonstrated a love of learning and the level of commitment necessary to succeed.
Corren McCoy Professor, Regent University Highly motivated, professional, and dedicated worker.
Earl Duff Manager, U.S. Navy There wasn't a task too big or small that he couldn't successfully tackle; he is a great team player.
Bryan Baker Co-Worker, U.S. Navy From the notebook
The confirmed vulnerabilities from a ten-round self-pentest of MoodHaven Journal: a readable database, silently lost edits, keys leaking over the LAN — and the critical bugs my own fixes introduced. Part 2 of a four-part series.
ReadA small RAG-style assistant that answers questions about me, built with no vector database, no framework, and a model bill measured in cents — here's the whole architecture, and the guardrails that keep a public endpoint from spending my money.
ReadDoes AI make us dumber, or sharper? The honest, fact-checked version — what the research really says about AI and your brain, its real environmental cost, the quiet ways it flatters you, and how to use it well.
ReadWork with me
Open to IT, infrastructure, and AI-focused roles — remote or Boise. I'm happiest where IT, infrastructure, and AI overlap — keeping systems healthy and using AI to do more with a lean team. Hiring, building something privacy-minded, or want to compare notes? I read every message.
Ask
Answers from my actual writing, projects, and experience — it cites sources and says when it doesn't know. AI can be wrong; for anything important, use the contact form.
Newsletter
New essays and short notes — privacy-first software, AI, security, and the occasional rambling from the trail. Every other week, no filler.