Governance, Risk,
and Compliance,
engineered.

// autonomous governance at machine speed

Building intelligent compliance infrastructure that replaces manual, error-prone workflows with autonomous, policy-as-code systems. OSCAL, OPA, and AI — wired together.

View projects → Read the blog Get in touch
10
Portfolio Projects
6+
Frameworks Covered
3yr
Cybersecurity Experience
10
Certifications
// 01 — Portfolio

Featured
projects

From foundational OSCAL tooling to AI-powered remediation. Enterprise-grade systems across the full complexity spectrum.

01 BEGINNER
OSCAL profile validator
CLI tool validating NIST OSCAL profiles with real-time error detection and multi-format conversion.
OSCALPythonJSON SchemaClick
02 BEGINNER
Compliance evidence crawler
AWS Lambda collecting compliance evidence from CloudTrail, Config, and Security Hub on a schedule.
AWS LambdaPythonCloudWatch EventsS3
03 BEGINNER
Risk register automation
Terraform + Lambda auto-generating risk registers from IaC with NIST 800-53 control mapping.
TerraformPythonDynamoDBNIST 800-53
04 INTERMEDIATE
Policy-as-Code engine (OPA)
Open Policy Agent ruleset enforcing AWS security compliance via custom Rego policies mapped to NIST controls.
OPA/RegoAWS APINIST 800-53Python
05 INTERMEDIATE
Control assessment dashboard
React dashboard with real-time control status, evidence tracking, and audit readiness scoring.
ReactAWS API GatewayDynamoDBLambda
06 INTERMEDIATE
Compliance-to-policy pipeline
CI/CD pipeline converting OSCAL profiles into executable OPA/Rego policies via GitHub Actions.
GitHub ActionsOSCALOPA/RegoPython
See all 10 projects →
// 02 — Latest writing

From the
blog

Technical writing on GRC engineering, automation, and building compliant cloud infrastructure.

APR 23, 2026 · 3 min read
Hello, GRC engineering
Why I'm starting this blog, what it will cover, and the kind of compliance work I think more teams should be doing.
Read post ↗