I am experienced in cybersecurity, automation, governance, and AI assurance. My background includes GRC engineering, cloud and infrastructure support, security research, and workflow automation across enterprise and academic environments. Over time, I found myself drawn less to security as a checklist exercise and more to the harder question underneath it: whether a system can still protect people when it is deployed in real conditions, connected to real data, and used by people who do not behave predictably.
My work is grounded in the idea that security has to hold under operational constraints. It is not enough to write a requirement or map a control. The process has to be repeatable, the evidence has to be maintainable, and the secure workflow has to be easier to sustain than the insecure one.
I have worked on control mapping, evidence workflows, risk reporting, security documentation, and research tied to frameworks such as ISO 27001, ISO 27017, NIST CSF, NIST SP 800-53, HIPAA, HITECH, and HITRUST. I am especially interested in the gap between governance expectations and what systems actually do in practice.
I use Python, PowerShell, Bash, and related tools to automate repetitive work, standardize troubleshooting, reduce manual administration, and improve operational reliability. My experience includes Azure environments, Cisco infrastructure, endpoint support, and scripting for repeatable IT workflows.
My research interests focus on AI security, model governance, and assurance methods that translate policy expectations into testable technical requirements. I am interested in questions around data handling, logging, retention, redress, access boundaries, and how organizations can produce evidence that an AI system is operating within defined controls.
- Python
- PowerShell
- Bash
- Azure
- Cisco
- Power BI
- Power Apps
- RSA Archer
- Vue
- TypeScript
- CSS
- Security frameworks and compliance workflows
- Risk reporting and technical documentation
- Cloud and infrastructure support
- Automation for operational security and reliability
In my academic work, I have treated standards and policy as testable claims rather than paperwork. I have reviewed disaster recovery and continuity planning against ISO 22301 and NIST guidance, analyzed ePHI breach conditions through HIPAA, HITECH, HITRUST CSF, and NIST controls, and studied how technical gaps map back to policy intent. That work pushed me toward a larger question that still drives me now: how to build assurance methods that show whether a system is actually behaving within its stated security and governance boundaries.
That is the direction behind this portfolio. Some repositories are infrastructure or automation projects. Others reflect security analysis, governance thinking, and applied research interests. Together, they represent the way I approach technology: not just how to make systems work, but how to make them accountable, resilient, and easier to trust.
Projects in this area focus on scripting, workflow improvement, security tooling, and reducing operational friction through automation.
These projects reflect work tied to system administration, hybrid environments, endpoint support, and repeatable technical operations.
These projects focus on dashboards, reporting workflows, and turning technical or operational data into something actionable.
These projects reflect my longer-term interest in cybersecurity research, AI assurance, policy translation, and security decisions that can be defended with evidence.
I built this portfolio to document the kind of work I want to keep doing: work that connects technical implementation, governance, and security outcomes in a way that remains useful outside the lab. I am most interested in projects that require both technical detail and operational judgment, especially where the challenge is not just building a system, but proving that it can be trusted.