Security / Provenance Engineer

Data Provenance SEC-001 Data provenance is the complete, verifiable record of where a piece of data came from, every transformation it underwent, and who or what performed those transformations. In satellite imagery and remote sensing, provenance is not a nice-to-have audit trail — it is the difference between evidence and hearsay. Trusted Execution Environments for Geospatial Processing SEC-003 A Trusted Execution Environment (TEE) is a hardware-enforced isolated region within a processor where code and data are protected from the rest of the system — including the operating system, hypervisor, and anyone with physical access to the machine. In geospatial processing, TEEs enable cryptographic proof that a specific transformation was applied to specific data, generated by hardware that the operator cannot tamper with. This is the mechanism that turns provenance from a claim into a proof. Chain of Custody in Multi-Sensor Fusion SEC-002 When multiple sensor datasets are combined — SAR with optical, optical with terrain models, thermal with multispectral — the provenance record is no longer a chain. It is a graph. Most processing systems were designed for linear workflows and cannot adequately represent what happens when data from independent sources converges into a single product. This is the central unsolved problem in geospatial data provenance. Space Cybersecurity: The Attack Surface Above Us SEC-004 Space systems are among the most critical and least defended digital infrastructure on Earth. Satellites underpin GPS navigation, financial transaction timing, weather forecasting, military communications, and Earth observation — yet most were designed with security as an afterthought, operate on decades-old firmware that cannot be patched remotely, and communicate over radio frequency links that are inherently exposed to interception, jamming, and spoofing. The attack surface spans three segments — ground, link, and space — each with distinct vulnerabilities. As the orbital population grows past 15,000 active satellites and commercial dependence deepens, the gap between threat sophistication and defensive capability is widening. Information Networks & Truth PHI-004 The structure of an information network — not just the data flowing through it — determines whether that network produces truth or delusion. A network with self-correction mechanisms, error detection, and distributed verification tends toward truth. A network optimized for speed, engagement, or institutional convenience tends toward whatever narrative serves its operators. This principle, drawn from Yuval Noah Harari's Nexus, is foundational to how M33 designs its data architecture: provenance is not a feature but a structural requirement for any system that claims to represent reality.