I work at the intersection of compliance engineering and public safety technology. My background spans Identity Governance and Administration (privileged access monitoring, user access reviews, RBAC analysis) in regulated financial environments and hands-on technical support in a FedRAMP High environment serving federal and state/local law enforcement agencies.
I build tools that automate audit evidence collection and compliance workflows in AWS - replacing manual checkbox processes with repeatable, scriptable, auditor-ready outputs.
Frameworks I work with: CJIS Security Policy · FedRAMP (High baseline) · NIST 800-53
Certifications: SSCP · CySA+ · PenTest+ · Security+ · Network+ · A+ · Project+ · ITIL 4 Foundations · Linux LPI Essentials
- GRC Engineering - automating audit evidence collection and compliance workflows, mapping tools to CJIS Security Policy, FedRAMP, and NIST 800-53 controls
- Identity Engineering (IAM/IGA) - streamlining access reviews and provisioning pipelines, applying AC-family control requirements to real infrastructure
- Cloud Security - building and researching AWS security tooling aligned to compliance baselines
| Category | Technologies |
|---|---|
| Cloud Platforms | AWS, Azure |
| Programming & Scripting | Python, AWS CLI, Bash, PowerShell |
| Infrastructure as Code | AWS CloudFormation, Terraform (learning) |
| IAM & IGA | Access Reviews, Privileged Access Monitoring, RBAC, Least Privilege, SSO |
| Compliance & Frameworks | CJIS Security Policy, FedRAMP (High), and NIST 800-53 |
- AWS Compliance as Code - CloudFormation templates and Service Control Policies for AWS resource deployment
- AWS Config Compliance Monitor - event driven compliance monitoring and auto-remediation for CJIS and FedRAMP High environments using AWS Config, Lambda, and SSM
- iam_audit - audits AWS IAM users for MFA compliance
- s3_audit - audits S3 buckets for security compliance
- sg_audit - audits security groups for overly permissive rules
- cloudtrail_audit - audits CloudTrail configuration for logging compliance
- evidence_logger - generates timestamped audit evidence files from compliance checks
- compliance_report - aggregates compliance data into structured reports
- policy_checker - checks AWS policies for overly permissive configurations
- secret_scanner - scans files for exposed credentials and secrets
🔄 In progress: Each tool is being updated with control mappings to NIST 800-53, FedRAMP High, and CJIS Security Policy requirements. Track progress through open issues and PRs.
- Terraform for multi-environment IaC deployments
- Open Policy Agent (OPA) and Rego for policy-as-code enforcement across cloud environments
- Automating CJIS Security Policy, FedRAMP, and NIST 800-53 control assessments in AWS
LinkedIn · Medium · HackTheBox