Identity Governance · IGA Lifecycle Automation · Compliance Evidence · AWS Security
I design and automate IGA lifecycle systems, cloud IAM controls, and compliance evidence pipelines. Now extending identity governance into non-human and AI-agent identities, the fastest-growing gap in enterprise IAM.
Five projects across the identity and cloud security stack: IGA lifecycle automation, GRC engineering, identity threat detection, Zero Trust, and multi-account architecture, with real outcomes against live environments.
An end-to-end Identity Governance and Administration build: HR-sourced joiner, mover, and leaver lifecycle on midPoint and 389 Directory Server, with reconciliation, non-human identity disposition, and a Python evidence validator that proves the directory matches the source of truth.
An engineering-driven approach to Governance, Risk, and Compliance on AWS. This framework interrogates AWS APIs directly — producing structured evidence, risk-scored findings, and audit-ready reporting across six major compliance frameworks simultaneously.
An event-driven detection pipeline that surfaces high-signal IAM anomalies in near real-time. Built with a QA engineer's approach to signal quality — systematic false positive tuning distinguishes legitimate activity from genuine risk.
A three-stack AWS serverless application built on Zero Trust design principles — every request authenticated, every resource encrypted, every action logged. Demonstrates the IAM and data protection controls validated by the GRC Engineering framework, deployed as production-ready infrastructure as code.
A security-first AWS reference architecture for retail workloads — demonstrating architect-level thinking across trust boundary separation, multi-account org design, and layered security controls. Grounded in real retail business context: customer identity, order workflows, payment-adjacent services, and prod/non-prod isolation.
Every project answers one question in a complete cloud security program. Together they form an integrated narrative — from identity through architecture, detection, response, and governance.
Every repo answers one question in the security program. Together they form a complete cloud security governance narrative.
16 automated controls, risk scoring, framework mapping, immutable evidence vault. The anchor of the portfolio.
Event-driven pipeline targeting unauthorized AssumeRole activity. Production-grade false positive tuning. MITRE ATT&CK mapped.
Multi-account org design with trust boundary separation, centralized logging, layered ingress, and prod/non-prod isolation. Grounded in Genesco retail domain — customer identity, order workflows, payment-adjacent services.
Cognito JWT auth with DynamoDB access scoped to authenticated sub claim. BOLA/IDOR prevention, split Lambda execution roles, KMS encryption, CDK IaC.
Discovers and scores non-human identities across an AWS account (IAM roles, access keys, secrets), mapping findings to the OWASP NHI Top 10 and NIST 800-53. Includes OIDC-federated workload identity and extends toward AI-agent identity governance.
Security Hub → Step Functions response workflows. Automated containment with approval gates. IR runbooks as code.
Config custom rules, SCPs, Checkov pre-commit hooks, OPA Terraform validation. Compliance shifted left.
Compliance score, risk register, framework heatmap. Ingests GRC framework output. Designed for CISO and audit committee audiences.
I am a cloud security professional transitioning from QA Automation Engineering and Linux Systems Administration into identity governance and cloud security.
My QA background gives me something most cloud security engineers don't have: I understand how to build systems that prove they work, not just claim they do. Test cases became detection rules. Root cause analysis became alert triage. Regression tracking became detection coverage mapping.
"I can design, secure, govern, detect, respond to, and automate compliance for AWS environments — and explain why each layer matters to the business."
Before cloud security, I spent years in security-critical retail infrastructure — automated testing of authentication flows, RBAC enforcement, payment processing, and multi-tenant data integrity across 1,000+ retail locations. That's where I learned how systems fail from the inside out.
Now I apply that discipline to identity governance: building the IGA lifecycle systems, access controls, and evidence pipelines that make identity and compliance measurable and repeatable at scale. Based in Nashville, TN. Open to remote and hybrid roles.
Open to Identity Governance (IGA) Engineer, IAM Engineer, Cloud Security Engineer, and GRC Engineering roles. Nashville, TN — remote and hybrid considered.