I work at the intersection of compliance engineering and public safety technology. My background spans Identity Governance and Administration (privileged access monitoring, user access reviews, RBAC analysis) in regulated financial environments and hands-on technical support in a FedRAMP High environment serving federal and state/local law enforcement agencies.
I build tools that automate audit evidence collection and compliance workflows in AWS — replacing manual checkbox processes with repeatable, scriptable, auditor-ready outputs.
Open to: GRC Engineer · Compliance Engineer · Security Analyst roles — specializing in public safety technology
Frameworks I work with: CJIS Security Policy v6.0 · FedRAMP High · NIST 800-53 Rev 5
Certifications: SSCP · CySA+ · PenTest+ · Security+ · Network+ · A+ · Project+ · ITIL 4 Foundations · Linux LPI Essentials
These repos form a compliance lifecycle — each tool handles a stage of the continuous monitoring and audit evidence pipeline:
Audit tools detect → Config monitor watches → Remediation fixes
→ Evidence logger collects → Compliance report visualizes
- GRC Engineering — automating audit evidence collection and compliance workflows, mapping tools to CJIS Security Policy, FedRAMP, and NIST 800-53 controls
- Identity Engineering (IAM/IGA) — streamlining access reviews and provisioning pipelines, applying AC-family control requirements to real infrastructure
- Cloud Security — building AWS security tooling aligned to compliance baselines
| Category | Technologies |
|---|---|
| Cloud | AWS (primary) · FedRAMP High / GovCloud context |
| Languages | Python, Bash, AWS CLI |
| Infrastructure as Code | AWS CloudFormation, Terraform (learning) |
| Policy-as-Code | OPA/Rego (learning), Checkov (learning), Conftest (learning) |
| IAM & IGA | Access Reviews, Privileged Access Monitoring, RBAC, Least Privilege, SSO |
| Compliance | CJIS Security Policy v6.0, FedRAMP High, NIST 800-53 Rev 5 |
- AWS Compliance as Code — CloudFormation templates and Service Control Policies enforcing security baselines
SC-7 · AC-3 · AU-2 - AWS Config Compliance Monitor — event-driven compliance monitoring and auto-remediation for CJIS and FedRAMP High environments using AWS Config, Lambda, and SSM
CA-7 · SI-4 · CM-3
- IAM Audit — audits AWS IAM users for MFA compliance and credential hygiene
IA-2 · AC-2 - S3 Audit — audits S3 buckets for encryption, public access, and versioning
SC-28 · AC-3 · SC-13 - Security Group Audit — audits security groups for overly permissive inbound rules
SC-7 · AC-4 - CloudTrail Audit — audits CloudTrail configuration for logging compliance
AU-2 · AU-3 · AU-12 - Evidence Logger — generates timestamped, auditor-ready evidence files from compliance checks
AU-6 · CA-2 - Compliance Report — aggregates compliance data into structured reports with pass/fail summaries
CA-7 · CA-2
- Policy Checker — scans AWS IAM policies for overly permissive configurations
AC-6 · AC-3 - Secret Scanner — scans files and repos for exposed credentials and secrets
IA-5 · SC-28
🔄 In progress: Each tool is being updated with control mappings to NIST 800-53 Rev 5, FedRAMP High, and CJIS Security Policy v6.0 requirements.
- OSCAL and IBM Compliance Trestle for machine-readable compliance artifacts (FedRAMP 20x alignment)
- Terraform for multi-environment IaC deployments
- Open Policy Agent (OPA) and Rego for policy-as-code enforcement
- CJIS Security Policy v6.0 deltas from FedRAMP High (FIPS 140-2/3, agency-managed keys, CJI-specific access controls)
LinkedIn · Medium · HackTheBox