| name |
Ethan Troy |
| github |
ethanolivertroy |
| specializations |
Compliance Automation |
Cloud Security |
Security Architecture |
Offensive Security |
|
| languages |
Go |
Rust |
Python |
Bash |
Terraform |
|
| location |
Florida |
| linkedin |
https://www.linkedin.com/in/ethantroy/ |
| twitter |
@ethanolivertroy |
| bluesky |
ethantroy.com |
| blog |
https://ethantroy.dev/ |
| huggingface |
ethanolivertroy |
| frameworks |
FedRAMP |
NIST 800-53 |
NIST CSF |
SOC 2 |
CMMC |
|
| certifications |
CISSP |
CISA |
OSCP |
Security+ |
CCSK |
CEH |
AWS Solutions Architect Associate |
CRTO |
CRTL |
PNPT |
CRTP |
ISO 27001 Lead Auditor |
ISO 42001 Lead Auditor |
GCP Cloud Security Engineer |
KCNA |
|
| available_for |
open-source |
collaboration |
speaking |
|
| projects |
| name |
url |
description |
fedramp-docs-mcp |
|
MCP server for FedRAMP documentation |
|
| name |
url |
description |
claude-grc-agent-demo |
|
Domain-specific GRC agent built with the Claude Agent SDK |
|
| name |
url |
description |
nmap-GPT |
|
AI-powered Nmap scanner that provides security insights on open ports |
|
| name |
url |
description |
DamnVulnerableTrustCenter |
|
Intentionally vulnerable trust center for security awareness |
|
| name |
url |
description |
hackidle-nist-coder |
|
Fine-tuned model for NIST security and compliance coding tasks |
|
| name |
url |
description |
Open Source Security & Compliance |
|
Curated Hugging Face collection of open-source security and compliance models |
|
|
Builder at the intersection of security engineering, compliance automation, and AI. I work on tooling that makes GRC less painful — from MCP servers for FedRAMP documentation to Claude-powered compliance agents.
Currently focused on bringing software engineering practices to GRC: policy as code, continuous compliance, and AI-assisted assessments. I believe the future of GRC is programmable.
- Building open-source GRC tooling and curated resource collections
- Developing AI agents for compliance workflows using Claude Agent SDK
- Creating MCP servers for compliance documentation and OSCAL packages
- Research and development at hackIDLE
Happy to chat about GRC automation, compliance engineering, AI agents for security, or anything at the intersection of code and compliance.