Platform Engineering | DevSecOps | CISSP
Securing and
cloud infrastructure
I build and automate complex infrastructure systems from the ground up — the kind of engineer who can own a platform end-to-end, from Terraform provisioning through monitoring and incident response. This site is a working example: highly available AWS architecture, security baked into the pipeline, and observable systems. I'm drawn to mission-driven work where infrastructure enables what matters — quantum, space, AI/ML, clean energy, healthcare, education.
Live Infrastructure Metrics
Total Git Commits
Security Score
Live IaC Resources
CI/CD Runs
Project Spotlight
End-to-end platform ownership
Built and deployed via GitHub Actions
Highly Available Platform: DevSecOps Pipeline with GRC Compliance
I built this to demonstrate end-to-end platform ownership: design, provision, deploy, and observe. Terraform defines a highly available architecture (custom VPC, ALB, ASG across two AZs); GitHub Actions runs security scanning, apply, and rolling instance refresh. The ALB terminates SSL with ACM; Nginx and a Node.js stats API run in containers in private subnets. The pipeline includes Snyk, GRC compliance mapping, and CloudWatch — the kind of automated, secure, observable infrastructure I deliver for production systems.
- ✓ Terraform IaC: Custom VPC, ALB, ASG, security groups, ACM, and Route 53; instances in private subnets with IAM roles.
- ✓ Security Scanning: Trivy vulnerability scanning and PyLint policy checks integrated into deployment pipeline.
- ✓ GRC Dashboard: Interactive compliance mapping to NIST, CIS, and HIPAA frameworks with real-time scoring.
- ✓ Dynamic API: Real-time GitHub statistics via containerized Node.js API with resilience checks.
- ✓ SSL: ACM on the ALB with automatic renewal; Route 53 DNS validation. No on-instance cert management.
- ✓ GitHub Actions: Orchestrates the entire build/deploy cycle from a single `git push`.
- ✓ CloudWatch Monitoring: Centralized logging and monitoring with automated Nginx access log collection for security analysis.