GRC Analyst | Cloud Compliance & Automation
Open to GRC, cloud compliance, and security compliance roles
I'm a GRC and cloud compliance specialist with nine years across internal audit, consulting, and enterprise information security. I know the manual side of compliance, including walkthroughs, evidence collection, remediation tracking, and audit readiness, because I've done it at scale in fintech and enterprise environments.
Today I bring that foundation to roles where governance, risk, and compliance meet modern infrastructure. I evaluate controls against NIST, SOC 2, ISO 27001, SOX, and PCI requirements, partner with engineering and security teams on findings, and build automation with AWS, Python, Terraform, and OPA that turns recurring control checks into repeatable workflows instead of annual fire drills.
I publish hands-on compliance labs on GitHub, teach what I'm actively learning on my YouTube channel, and was a guest speaker for a graduate Network Security & AI course at California Science and Technology University.
For me this isn't just a job title. Cybersecurity is how I move through the world by respecting people's data, earning trust, and treating privacy as something worth protecting in every part of life, not just at work.
An end-to-end compliance pipeline that runs policy checks on every Terraform change. Non-compliant configs fail the build so they never deploy. Uses short-lived AWS credentials (not long-lived keys) and policy-as-code so preventive controls live in the pipeline and not in a spreadsheet.
Frameworks: SOC 2 · NIST 800-53 · ISO 27001
Evidence produced: Failed/passed policy gate logs, Terraform plan output, CI run history for change-management audits.
An automated compliance scanner that checks 3 IAM controls that auditors ask for first: password policy strength, MFA enforcement, and root account activity. It produces audit-ready JSON and CSV evidence mapped to frameworks, so you spend less time formatting evidence and more time on remediation.
Frameworks: SOC 2 · NIST 800-53 · ISO 27001
Evidence produced: Timestamped JSON + CSV reports with per-control pass/fail and finding details.
The capstone project remediates a non-compliant healthcare API across four layers: Terraform baseline fixes, OPA Rego policy gates, a signed-evidence CI/CD pipeline, and OSCAL component definitions. Includes a red PR that fails the gate and a green PR that passes.
Frameworks: CMMC Level 2 · NIST SP 800-171
Evidence produced: Cosign-signed evidence bundles, S3 Object Lock vault, OSCAL component/profile artifacts, PR gate pass/fail history.
Open to GRC, cloud compliance, and security compliance roles. Connect on LinkedIn, GitHub or YouTube.
"Just watched the chatbot video and LOVED it!! I loved the way you explained what was happening in each section of the code. Very easy to follow. Legit!!"
— James T."I like how you made the tutorials short and easy to follow. You have a new subscriber! :-)"
— Demetria Z."Thanks for posting the RAG video, awesome, easy to understand, well-scoped and easy to follow."
— Jonathan P."This is awesome! I just watched four of your videos and it's exactly what everyone needs - at least I do. They're concise, with no rambling and clearly explain with code how to setup and run chatbots. All videos are just the right length for the average attention span, around 3.5 minutes. This is great stuff."
— Dan W."Congratulations on your YouTube channel launch. You have a great voice for tutorials."
— Erick A.