Colleen M Lohr
Engineer. Founder. I build things that don't break quietly.
23 years in software. CISSP/SSCP certified. Founder of 0x R&D β a research and development company building security tooling, AI infrastructure, and software that fails closed, never open.
About
I've been writing software since before "full-stack" was a job title. I started in English β which means I think in systems and communicate like a human, not a spec sheet.
My background spans NASA contracting, crypto C-suite, and enough production fires to know that the most dangerous line of code is the one nobody thinks about. I founded 0x R&D to build the tools I couldn't find: local-first AI infrastructure, defense-grade security tooling, and software that treats hostile input as the default, not the edge case.
When I'm not shipping, I'm probably reading orbital mechanics papers or vibing with my cat.
Dual-certified. The audits I run on my own code would scare your current vendor.
From NASA contracting to crypto C-suite to founding 0x R&D. Teams led, systems built, fires survived.
Measurable impact across security, infrastructure, and product.
Experience
Founder & CEO
Building local-first AI infrastructure, security tooling, and software that treats hostile input as the default. Current Research & Architecting: Echo Core Platform (Rust/Tauri/Svelte), 0xide (Rust WAF/reverse proxy), and MyCICO β all built secure by design from line one.
Director of Technology & Cybersecurity
Owns the full technology systems architecture, operational management, and security posture for a food manufacturing operation β infrastructure, compliance, risk management, and incident response.
Founder & Principal Engineer
Eight years of independent consulting across software architecture, security design, and systems engineering. Clients ranging from startups to enterprise. Delivered the kind of work that doesn't make headlines because nothing broke.
- CISSP
- SSCP
- Google Compute Engine
Projects & Artifacts
What I've built, hardened, and shipped β and what it cost to get it right.
Rust-native reverse proxy and WAF. Caught and resolved 49 security findings in its own audit. Test coverage grew from 215 to 393 during hardening. It defends itself first. DETAILS COMING SOON.
Calorie tracking built on one thesis: friction is the failure mode of every existing tracker. On-device AI. No account required for core functionality. Your data stays on your device because that's the only architecture that deserves your trust. DETAILS COMING SOON.
Open-source SOC playbooks, runbooks, and tooling. DETAILS COMING SOON.
Local-first AI orchestration platform. Rust/Tauri/Svelte. Ephemeral agent primitives with isolated memory, a behavioral watchdog with kill authority, and egress protection that assumes every outbound call is hostile until proven otherwise. DETAILS COMING SOON.
A sample incident report detailing a simulated security breach scenario. The report includes an executive summary, timeline of events, impact assessment, root cause analysis, and recommended remediation steps.
A detailed case study of a security architecture project for a manufacturing client with a vulnerable HVAC control system. The case study covers the risk assessment process, design and implementation of a threat isolation strategy, and the measurable outcomes in terms of risk reduction and operational stability.
A strategic framework for modernizing legacy IT infrastructure without risking operational stability. The numbers are in the case study.
A sample risk exposure report for a hypothetical e-commerce company undergoing PCI DSS compliance. The report identifies and assesses risks across the cardholder data environment, providing actionable insights for remediation and risk reduction.
Let's work together.
I take on selective consulting engagements in cybersecurity architecture, AI infrastructure, and secure software development. If you're building something that needs to be right β not just done β I'd like to hear about it.