Platform Engineering | DevSecOps | CISSP
Securing and
cloud infrastructure
I build and automate infrastructure systems end-to-end — Terraform provisioning, CI/CD pipelines, monitoring, and incident response. This site is a working example: a highly available AWS architecture with security integrated into the pipeline and full observability. I'm most interested in work where infrastructure directly enables the mission.
Live Infrastructure Metrics
Total Git Commits
Security Score
Live IaC Resources
CI/CD Runs
Project Spotlight
From code push to production
Built and deployed via GitHub Actions
Highly Available Platform: DevSecOps Pipeline with GRC Compliance
I built this to demonstrate end-to-end platform ownership: design, provision, deploy, and observe. Terraform defines a highly available architecture (custom VPC, ALB, ASG across two AZs); GitHub Actions runs Terraform apply and rolling instance refresh. The ALB terminates SSL with ACM; Nginx serves static pages and proxies `/api/stats` to a Node.js container in private subnets. The repo includes GRC compliance mapping and CloudWatch logging.
- ✓ Terraform IaC: Custom VPC, ALB, ASG, security groups, ACM, and Route 53; instances in private subnets with IAM roles.
- ✓ Security Scanning: Trivy vulnerability scanning and PyLint policy checks integrated into deployment pipeline.
- ✓ GRC Dashboard: Interactive compliance mapping to NIST, CIS, and HIPAA frameworks with real-time scoring.
- ✓ Dynamic API: Real-time GitHub statistics via containerized Node.js API with resilience checks.
- ✓ SSL: ACM on the ALB with automatic renewal; Route 53 DNS validation. No on-instance cert management.
- ✓ GitHub Actions: Orchestrates the entire build/deploy cycle from a single `git push`.
- ✓ CloudWatch Monitoring: Centralized logging and monitoring with automated Nginx access log collection for security analysis.