Cloud Security Engineer | DevSecOps | GRC Automation
I build security controls as code. My work sits at the intersection of cloud engineering and compliance automation: translating NIST 800-53 controls into working infrastructure, designing DevSecOps pipelines that catch vulnerabilities before deployment, and architecting secure systems in AWS and Azure environments.
Currently a Cloud Engineer at ManTech, supporting cloud-hosted systems in complex compliance environments. CISSP | AWS Solutions Architect Associate | AWS Security Specialty (in progress)
π LinkedIn | π Blog | π Portfolio
- π³ From Docker to EKS: A Security-First Progression β Container security portfolio project building from Docker through EKS, with Trivy scanning, OpenTofu IaC, and NIST 800-53 control mapping
- π¬ Compliance-as-Code Builder Session β Developing a hands-on lab for the GRC Engineering Club covering Terraform and Checkov in an audit-ready CI/CD pipeline
- π AWS Certified Security β Specialty β Active exam prep
Cloud Engineering & Security Architecture
- AWS Security (VPC, IAM, Config, CloudTrail, GuardDuty, Security Hub)
- Infrastructure as Code (OpenTofu, Terraform, CloudFormation)
- Container Security (Docker, Kubernetes, ECR, Trivy scanning)
- CI/CD Security Integration (GitHub Actions, OIDC, security gates)
GRC & Compliance Engineering
- NIST 800-53 Control Implementation and Automation
- RMF/ATO Process (FISMA, FedRAMP)
- Vulnerability Management (Tenable/ACAS, automated remediation, POA&M)
- eMASS Authorization Workflows
- Compliance-as-Code (Checkov, policy-to-code translation)
DevSecOps
- SAST/SCA pipeline integration (Semgrep, Gitleaks, NJSScan)
- Secrets scanning and pre-commit enforcement
- DefectDojo vulnerability tracking and triage
- Python/boto3 automation and Lambda-based remediation
| Project | Stack | Description |
|---|---|---|
| From Docker to EKS: A Security-First Progression | Docker, EKS, Trivy, OpenTofu, GitHub Actions | Stage-by-stage container security build from local Docker through managed Kubernetes, with NIST 800-53 mapping at each layer |
| Container Security Scanning Pipeline | Trivy, GitHub Actions | Automated image scanning with CVE reporting and policy enforcement gates |
| Project | Stack | Description |
|---|---|---|
| Application Vulnerability Scanning Pipeline | Semgrep, Gitleaks, NJSScan, DefectDojo, GitHub Actions | Multi-tool SAST and secrets scanning pipeline with pre-commit hooks and DefectDojo integration; maps to NIST 800-53 |
| Terraform Flask Lab | OpenTofu, Flask, GitHub Actions OIDC, S3 backend | Flask on AWS EC2 via OpenTofu with OIDC-based CI/CD, remote state, and NIST 800-53 control mapping |
|
βοΈ AWS Config Auto-Remediation
|
π Azure AD + AWS SAML SSO Federation
|
|
ποΈ 3-Tier AWS VPC with Terraform
|
π Zero Trust Network Architecture
|
- OpenVAS Vulnerability Assessment β Complete vulnerability analysis workflow with remediation tracking
- Nmap Network Scanning β Automated network discovery and security posture assessment
- AWS Security Posture Checker β Python/boto3 tool combining EC2 inventory and S3 security auditing
- Azure Sentinel Live Attack Map β Real-time threat visualization and geo-mapping
- Incident Handling with Splunk β End-to-end incident response workflows
- Active Directory Penetration Testing β Full AD attack chain lab environment
- Hack the Box Walkthroughs β CTF solutions and exploitation techniques
- Penetration Testing Notes β Comprehensive offensive security reference
Cloud Platforms
Infrastructure & Automation
Security & Scanning Tools
Programming & Scripting
DevSecOps
- CISSP β Certified Information Systems Security Professional
- AWS Solutions Architect Associate
- Azure Administrator Associate (AZ-104)
- Azure Network Engineer Associate (AZ-700)
- GDSA β GIAC Defendable Security Architecture
- CompTIA Security+
- π― In progress: AWS Certified Security β Specialty
- π‘ GRC Engineering Club β Member and active participant in builder sessions
- π€ WiCyS β Active mentor in the Professional Mentorship Program
- π¬ Black Tech Network Texas β Facebook group moderator
- π Digital Defense Foundation β Cybersecurity group moderator
I'm always interested in talking through cloud security engineering, compliance automation, and DevSecOps pipeline design. Reach out any time.
"The goal is not just to pass the audit. The goal is to build systems that deserve to pass it."