A modern, extensible framework for defining and enforcing security policies across your digital infrastructure.

A platform to automate and orchestrate security rules for governance, risk and compliance, and continuous assurance.

Create a domain specific (GRC) agent with the Claude Agent SDK

MCP Documentation Server Using the Official FedRAMP/docs Repo

A Rust-based diagramming-as-code API that allows you to turn your .tfstate file into details architecture boundary diagrams.

Simple CLI script to assist GRC analysts with risk ranking vendors.

Compliance-as-Code lab using AWS Config, EventBridge, and Lambda auto-remediation with CloudFormation.

GovSCH is an Open-Source Schema for Authoring Cybersecurity & AI Governance Documents

Lightweight Python CLI tool that scans AWS IAM policy JSON files for overly permissive statements and maps findings to CJIS v6.0, FedRAMP, and NIST 800-53 compliance controls.

An end-to-end Compliance-as-Code pipeline built with Terraform, AWS Config, and Python. Automates compliance checks, Slack reporting, and audit evidence collection.

Cloud security policy-as-code with AWS Config, Lambda remediation, and Terraform.

Automated AWS compliance guardrails using Service Control Policies and CloudFormation. Controls enforce audit log protection, encryption at rest, boundary protection, and least functionality, mapped to CJIS Security Policy v6.0, FedRAMP High baseline, and NIST 800-53 Rev. 5.

Simulated multi-region AWS lab for RPO/RTO validation and disaster recovery control mapping.

Simulated 6-week HIPAA GRC assessment engagement for a small private healthcare clinic. Structured, client-grade governance and risk documentation aligned to HIPAA and NIST CSF.

simple go tool for exporting evidence from Vanta

SecAI-Nexus is a free, centralized dashboard that delivers real-time cyber threat intelligence — giving security and GRC professionals instant visibility into emerging attack vectors, AI-driven risks, and the latest cybersecurity trends — all without subscriptions or complex setup.

Declarative Infrastructure-as-Code (IaC) managing hardened systems. Features atomic rollbacks, SBOM generation for supply chain security, and reproducible development environments.

Network security design & implementation — VLAN · pfSense · STRIDE · SOC IR playbook · ISO 27001 · NIST CSF · Master School Institute of Technology (MSIT)

Event-driven compliance monitoring and auto-remediation using AWS Config, EventBridge, Lambda, and SSM. Maps to NIST 800-53, FedRAMP High, and CJIS v6.0 controls.