I'm a cloud security engineer building production-grade tooling on AWS. My focus is the intersection of cloud security, AI automation, and compliance engineering β turning noisy security findings into structured, actionable outputs including full RMF compliance packages.
- π Shipped a 3-feature AWS security platform: AI SOC Triage, ATO Assist Mode, and a full NIST RMF Workspace with live artifact generation
- π The RMF Workspace walks through all 7 NIST RMF steps and auto-generates the SSP, SAR, Risk Assessment, POA&M, and FIPS 199 categorization from live Security Hub findings
- β‘ Everything I build is infrastructure-as-code first (AWS CDK), no manual console changes
- π§ Design-first workflow: architecture is thought through before a line of code is written, and I own every decision
Cloud & Security
Languages & Frameworks
DevSecOps
Compliance
AI-powered AWS security platform β Triage, ATO Assist, and NIST RMF Workspace
A fully deployed, 3-feature security platform built on AWS:
SOC Triage Agent β ingests Security Hub findings, routes them through an AI triage workflow using Bedrock AgentCore, and executes approved Tier 1 remediation actions with human-in-the-loop approval via a React/Cognito frontend.
ATO Assist Mode β pulls NIST 800-53 findings from Security Hub grouped by control family, uses Bedrock to draft control implementation statements, and auto-generates POA&M entries from failed findings.
NIST RMF Workspace β a full 7-step RMF workflow dashboard. Covers system categorization (FIPS 199), control selection, implementation tracking, security assessment, authorization package generation, and continuous monitoring. Auto-generates the SSP, Security Assessment Report, and Risk Assessment from live Security Hub data. Every artifact has a Regenerate button so documents always reflect current environment state.
AWS Bedrock AgentCore CDK Lambda DynamoDB Streams Security Hub React/Vite TypeScript Cognito S3
Account-level AWS security control coverage auditing
Produces auditable JSON and Markdown reports showing exactly which AWS security controls are active vs. missing. Designed for compliance engineers who need clean evidence artifacts with no dashboard noise.
Python AWS Security Hub NIST 800-53 Markdown Reports
| Status | Project | Description |
|---|---|---|
| π¨ In Progress | CI/CD Security Gate | Pre-deploy IaC scanning with Checkov/tfsec in GitHub Actions |
| π Planned | Greenfield AWS Setup Guide | Blog post on secure account bootstrapping from scratch |
| π Planned | IAM Policy Analyzer | Detect overpermissioned policies before they reach production |
| π Planned | Infrastructure Drift Detector | Alert on live AWS config deviating from CDK-defined state |