# mills

> Andrew Mills (`mills`) — Corporate Security Engineer at Trail of Bits.
> Based in Seattle, WA · remote. 10+ years across identity and access
> management, endpoint security, and security automation.

This site is a personal portfolio styled as a Y2K-pink retro desktop.
It's released under MIT as a community template — fork it if you like
the layout.

## pages

- [about.me](https://millsymills.com/about/): mills — corporate security engineer @ Trail of Bits, based in Seattle. ten years of breaking and building.
- [resume](https://millsymills.com/resume/): mills' resume — IAM, endpoint, automation, compliance. 10+ years across Trail of Bits, Leviathan, RealSelf, Commonwealth.
- [photos](https://millsymills.com/photos/): photos, mostly of cats.
- [terminal](https://millsymills.com/terminal/): a mock shell. `help`, `ls`, `nmap 192.168.1.0/24`, `flag status`. try it.
- [projects](https://millsymills.com/projects/): MCP servers (unraid, unifi) + the source for this site. community releases, MIT.
- [uses](https://millsymills.com/uses/): gear on the desk + chimera in the rack. keyboard, keycaps, unraid, unifi, coffee.
- [music](https://millsymills.com/music/): a tiny y2k winamp for whatever track mills is spinning this week.
- [memes](https://millsymills.com/memes/): memes. a small but earnest collection.
- [incidents](https://millsymills.com/incidents/): notable security incidents and CVEs mills has personally responded to. structured war stories, not resume bullets.
- [privacy](https://millsymills.com/privacy/): the site's data posture — no tracking, no cookies, no third-party scripts. a privacy page you can verify.
- [security](https://millsymills.com/security/): controls shipped on this site — DNSSEC, CAA, CT monitoring, SBOM, mail-auth stack. every claim links to the implementation.
- [inspector](https://millsymills.com/inspector/): live security-headers inspector. fetches the site's own response headers and grades them against the controls listed in security.txt.
- [trash](https://millsymills.com/trash/): deleted files. mostly garbage.
- [vscode](https://millsymills.com/vscode/): an evocative, pink-tinted vscode reskin. browse real dotfiles and snippets of the site's own source.
- [minesweeper](https://millsymills.com/minesweeper/): easter-egg homage to the winxp minesweeper screenshot. no game logic — just the picture.
- [display](https://millsymills.com/display/): a tiny windows-style display panel. pick a desktop theme and wallpaper; choices persist in localStorage.

## machine-readable

- [resume.md](https://millsymills.com/files/resume.md) — full resume as markdown.
- [llms-full.txt](https://millsymills.com/llms-full.txt) — the entire site serialized
  as markdown, one file.
- [sitemap.xml](https://millsymills.com/sitemap.xml) — canonical URL list.
- [.well-known/security.txt](https://millsymills.com/.well-known/security.txt) — RFC
  9116 security contact + PGP, points at /security/ for the controls
  registry.
- [.well-known/sbom.spdx.json](https://millsymills.com/.well-known/sbom.spdx.json) —
  SPDX SBOM regenerated on every deploy.

## tech

- Astro 6 static output.
- Terraform for AWS (S3 + CloudFront + Route53 + ACM).
- CI via GitHub Actions with OIDC deploy role.
- Source: <https://github.com/millsmillsymills/millsymills.com>.

## contact

- email: <mailto:mills@millsymills.com>
- pgp: <https://millsymills.com/pgp.asc> (fingerprint `0BD8 E33B E4A6 372D B679  E77D 60AA A2D2 D8A2 DC66`, expires 2030-04-21)
- github: <https://github.com/millsmillsymills>