Certified ISO 27001 & ISO/IEC 42001 Lead Auditor with 8+ years enterprise experience, building automated compliance solutions for AWS environments. Expertise in AI governance, information security, SOC 2, and NIST frameworks with 10 production security automation projects.
I'm a certified ISO 27001 & ISO/IEC 42001 Lead Auditor and GRC professional transitioning from 8+ years in B2B technology sales to cloud security and compliance. I combine an auditor's mindset with hands-on AWS security automation expertise and proven business acumen.
My Certifications Set Me Apart: As an ISO 27001 Lead Auditor and ISO/IEC 42001 Lead Auditor (AI Management Systems - the world's first international AI governance standard), I bring deep knowledge of information security management systems, AI governance, and audit processes. Combined with CompTIA Security+ and AWS Certified Cloud Practitioner, I understand both the compliance frameworks organizations must meet and the technical controls needed to implement them in AWS environments.
From ByteChek to Building: My passion for GRC was ignited at ByteChek, where I sold compliance automation solutions and worked directly with security teams implementing SOC 2, ISO 27001, and NIST frameworks. I saw firsthand how organizations struggle to bridge the gap between audit requirements and technical implementation, so I decided to become the bridge.
Technical Expertise: I've built 10 production-ready AWS security automation tools using Python and AWS services, demonstrating practical experience with IAM policy analysis, Security Hub integration, compliance monitoring, and automated remediation. Each project translates security controls into measurable, automated solutions.
Business Value: With 8+ years leading enterprise accounts and consistently exceeding sales targets by 30%, I excel at stakeholder communication, translating technical concepts for executives, and aligning security initiatives with business objectives. I don't just implement controls, I ensure they drive business value.
Validated expertise in security, compliance, and cloud technologies
International Register of Certificated Auditors (IRCA)
Certified to conduct comprehensive information security management system (ISMS) audits. Deep expertise in ISO 27001 controls, audit processes, and compliance frameworks.
CompTIA
Industry-standard certification validating foundational cybersecurity skills including threat analysis, risk management, cryptography, and security operations.
Mastermind Assurance
Certified to audit AI Management Systems (AIMS) under the world's first international standard for AI governance. Expertise in AI risk management, responsible AI practices, ethical AI implementation, and regulatory compliance for AI systems.
Amazon Web Services (AWS)
Foundational AWS certification demonstrating understanding of cloud concepts, AWS services, security, architecture, and pricing models.
AWS Security Automation & GRC Tools
Enterprise-scale Lambda function aggregating Security Hub findings across AWS accounts with Excel reporting. Processed 446+ findings.
View on GitHubAdvanced IAM policy analyzer detecting 5 types of least-privilege violations with severity-based findings and actionable recommendations.
View on GitHubServerless pipeline generating professional compliance reports from Security Hub findings with CloudFormation deployment.
View on GitHubEnterprise-scale Lambda function aggregating Security Hub findings across AWS accounts with Excel reporting. Processed 446+ findings.
View on GitHubServerless pipeline generating professional compliance reports from Security Hub findings with CloudFormation deployment.
View on GitHubAutomatically enables versioning on non-compliant S3 buckets with dry-run safety mode for secure operations.
View on GitHubDetects overly permissive IAM policies with full admin access patterns and generates detailed CSV reports.
View on GitHubAdvanced IAM policy analyzer detecting 5 types of least-privilege violations with severity-based findings and actionable recommendations.
View on GitHubIdentifies and removes unattached EBS volumes for cost optimization and security improvement.
View on GitHubEvent-driven security monitoring with AWS SNS email alerts for IAM policy violations.
View on GitHubAudits S3 buckets for versioning and public access compliance with detailed reporting.
View on GitHubIdentifies IAM users without MFA enabled to enforce security best practices.
View on GitHubDetects risky security group rules exposing sensitive ports to the internet.
View on GitHubMeasurable impact through security automation and compliance engineering
Reduced audit preparation time from 40 hours to 2 hours per quarter through automated Security Hub reporting and Excel pipeline
Achieved 100% S3 bucket compliance across multi-account AWS environment within 24 hours of deployment using automated remediation
Identified and eliminated $2,400 in monthly costs through automated detection and cleanup of unattached EBS volumes
Discovered 47 high-risk IAM policies in production environment, reducing privilege escalation attack surface by 60%
Aggregated and analyzed 446+ Security Hub findings across 10+ AWS accounts with centralized reporting and prioritization
Built and deployed 10+ production-ready AWS security automation tools using Python, boto3, Lambda, and CloudFormation
Download my complete professional resume
Comprehensive resume highlighting 10+ AWS security automation projects, ISO 27001 Lead Auditor certification, and 8+ years of enterprise experience. Includes detailed project accomplishments, technical skills, and certifications.
Last Updated: October 2025
Let's connect and discuss cloud security and GRC opportunities!
San Diego, CA, USA