12-year Air Force vet. Cloud Security Assessor. GRC engineer who codes. Neurodivergent thinker. Obsessed with making compliance less painful for everyone.
I'm not your typical GRC person who lives in spreadsheets. I build tools to escape them. My work sits at the intersection of compliance automation, AI, and education, with a strong belief that guardrails aren't barriers; they're where creativity begins.
A custom assessment platform that leverages OSCAL (Open Security Controls Assessment Language) and MCP (Model Context Protocol) to modernize how we conduct security assessments.
Why it matters: Most organizations still do assessments in Word docs and color-coded spreadsheets. This platform brings machine-readable compliance data, AI-assisted control analysis, and structured evidence collection into one place.
Stack: Python Β· OSCAL Β· MCP Β· AI-assisted workflows
Status: π‘ In active development β follow along or contribute!
"I want to show that GRC practitioners can build the tools that change their own field."
| Project | What It Does | Stack |
|---|---|---|
| CMMC Level 2 Gap Analyzer | Automates NIST 800-171 control tracking, gap identification, POA&M management, and PDF report generation | Python Β· Streamlit |
| OSCAL Assessment Platform (in progress) | AI-powered assessment orchestration using OSCAL + MCP | Python Β· OSCAL Β· MCP |
| Project | What It Does | Stack |
|---|---|---|
| Disabled Veteran Salary Calculator | Calculates gross salary needed to hit take-home pay targets, accounting for VA disability comp + fed/state taxes | JavaScript |
| Copeuccino File Transfer Tool | Cross-platform GUI tool for efficiently copying files to external drives | Python |
Compliance Automation β If it can be automated, it should be. I build tools that replace manual, error-prone compliance workflows with structured, repeatable processes.
AI in GRC β Not AI replacing GRC practitioners, but AI amplifying what they can accomplish. I'm experimenting with how LLMs + OSCAL can change assessment workflows.
Education & Mentorship β I joined the Air Force wanting to be a teacher. That never left me. I'm building content for people breaking into GRC and for veterans in the field who know there's a better way to do things.
Neurodivergent Perspectives β My blog focuses on Compliance, AI, and Education through a neurodivergent lens. I think the way we frame problems determines whether we can see the solutions hiding in plain sight.
- βοΈ Cloud Security Assessor β Maryland Department of Information Technology
- ποΈ 12-Year U.S. Air Force Veteran β Finance, Network/System Ops, Cybersecurity
- π WGU B.S. Cybersecurity & Information Assurance β Capstone Excellence Award
- π ISO 42001 Lead Auditor Β· CySA+ Β· PenTest+ Β· Google Professional Cloud Security Engineer
Frameworks I work in: NIST 800-53 Β· NIST CSF Β· NIST RMF Β· NIST AI RMF Β· CMMC Β· IRS Pub 1075 Β· ISO 27001 Β· ISO 42001
Languages & Tools: Python Β· OSCAL
I'm available for mentoring, speaking, open-source collaboration, consulting, and freelance work. If you're working on something at the intersection of GRC, AI, or compliance education β let's talk.
- πΌ LinkedIn
- ποΈ GRC Engineer Club Profile
- π Credly Badges
"Guardrails aren't barriers β they're protective freedom. They give us a clear line of where we shouldn't be going, while giving us the freedom to operate within those boundaries."