π Maryland | π Security & Compliance Engineer | π€ AI-Powered DevSecOps Builder
Building AI-powered tools that bridge the gap between developers and federal compliance β turning weeks of security documentation into hours.
- π― ThreatCanvas β AI-powered STRIDE threat modeling with interactive attack surface visualization; describe your architecture in plain English β get risk-ranked findings, kill chain mapping, and mitigation recommendations powered by GitHub Copilot SDK
- π OSCALFlow β GitHub CLI extension that automates OSCAL compliance documentation; generate FedRAMP-ready SSPs from your codebase in seconds
- π€ D.A.V.E β AI-powered compliance automation engine using Google Gemini; analyzes evidence artifacts, maps controls to NIST 800-53, and generates valid OSCAL artifacts
- π‘οΈ copilot-cli-security β AI-powered security analysis extension for GitHub Copilot CLI; identifies vulnerabilities in code changes and scans dependencies β 2
- π₯οΈ SYSAdmin-CoPilot β Agent-native infrastructure management control plane where GitHub Copilot SDK orchestrates real system operations through secure tool gateways β 15
- π nist-rag-agent β Conversational RAG agent for NIST cybersecurity guidance, powered by 530K+ training examples from 596 NIST publications with LangChain & FAISS
- π§ COMPASS β Compliance Mapping and Policy Assessment Speech System; a FedRAMP voice agent powered by Gemini 2.5 Pro Live API β describe your architecture out loud β real-time NIST SP 800-53 control mapping, gap analysis, and OSCAL document generation
- π€ B.O.B.B.I.E β Bedrock-Orchestrated Baseline & Behavior Intelligence Engine; hierarchical multi-agent NIST SP 800-53 Rev 5 compliance assessment powered by AWS Bedrock (Amazon Nova) with evidence-driven findings, AI-augmented risk narratives, and OSCAL output
- π oscal-content β NIST SP 800-53 content and other OSCAL content examples (fork of usnistgov/oscal-content)
- π¬ LibreChat β Enhanced ChatGPT Clone with Agents, MCP, and multi-model support (fork of danny-avila/LibreChat)
- 𧩠vscode-copilot-chat β Copilot Chat extension for VS Code (fork of microsoft/vscode-copilot-chat)
- Automating compliance β Turning NIST 800-53, OSCAL, and FedRAMP requirements into developer-friendly tooling
- AI + Security β Leveraging GitHub Copilot, LLMs, and RAG pipelines to bridge the gap between security policy and code
- Open-source DevSecOps β Making federal-grade security accessible to everyone through CLI tools and automation
- π’ Started RFC discussion with NIST on a new OSCAL model for Reference Taxonomy for Classification Schemes
- π Built OSCALFlow for the GitHub + MCP Hackathon β a native CLI that generates valid OSCAL 1.2.0 JSON
- π OSCALFlow detects 50+ control implementations across 8 languages with AI-powered validation via Copilot CLI
"Compliance shouldn't be a barrier to shipping β it should be automated into your workflow." I build tools that turn security requirements into code, so developers can focus on building and security teams can focus on strategy.
Random Facts
- Obsessed with turning compliance jargon into developer-friendly language
- Believe every federal system deserves automated security documentation
- Maryland-based, building for the federal tech ecosystem
- Powered by curiosity and too much coffee β