📍 Maryland | 🔒 Security & Compliance Engineer | 🤖 AI-Powered DevSecOps Builder
Building AI-powered tools that bridge the gap between developers and federal compliance — turning weeks of security documentation into hours.
- 🎯 ThreatCanvas — AI-powered STRIDE threat modeling with interactive attack surface visualization; describe your architecture in plain English → get risk-ranked findings, kill chain mapping, and mitigation recommendations powered by GitHub Copilot SDK
- 🔄 OSCALFlow — GitHub CLI extension that automates OSCAL compliance documentation; generate FedRAMP-ready SSPs from your codebase in seconds
- 🤖 D.A.V.E — AI-powered compliance automation engine using Google Gemini; analyzes evidence artifacts, maps controls to NIST 800-53, and generates valid OSCAL artifacts
- 🛡️ copilot-cli-security — AI-powered security analysis extension for GitHub Copilot CLI; identifies vulnerabilities in code changes and scans dependencies ⭐ 2
- 🖥️ SYSAdmin-CoPilot — Agent-native infrastructure management control plane where GitHub Copilot SDK orchestrates real system operations through secure tool gateways ⭐ 15
- 📚 nist-rag-agent — Conversational RAG agent for NIST cybersecurity guidance, powered by 530K+ training examples from 596 NIST publications with LangChain & FAISS
- 🧭 COMPASS — Compliance Mapping and Policy Assessment Speech System; a FedRAMP voice agent powered by Gemini 2.5 Pro Live API — describe your architecture out loud → real-time NIST SP 800-53 control mapping, gap analysis, and OSCAL document generation
- 🤖 B.O.B.B.I.E — Bedrock-Orchestrated Baseline & Behavior Intelligence Engine; hierarchical multi-agent NIST SP 800-53 Rev 5 compliance assessment powered by AWS Bedrock (Amazon Nova) with evidence-driven findings, AI-augmented risk narratives, and OSCAL output
- 📄 oscal-content — NIST SP 800-53 content and other OSCAL content examples (fork of usnistgov/oscal-content)
- 💬 LibreChat — Enhanced ChatGPT Clone with Agents, MCP, and multi-model support (fork of danny-avila/LibreChat)
- 🧩 vscode-copilot-chat — Copilot Chat extension for VS Code (fork of microsoft/vscode-copilot-chat)
- Automating compliance — Turning NIST 800-53, OSCAL, and FedRAMP requirements into developer-friendly tooling
- AI + Security — Leveraging GitHub Copilot, LLMs, and RAG pipelines to bridge the gap between security policy and code
- Open-source DevSecOps — Making federal-grade security accessible to everyone through CLI tools and automation
- 📢 Started RFC discussion with NIST on a new OSCAL model for Reference Taxonomy for Classification Schemes
- 🏅 Built OSCALFlow for the GitHub + MCP Hackathon — a native CLI that generates valid OSCAL 1.2.0 JSON
- 🔍 OSCALFlow detects 50+ control implementations across 8 languages with AI-powered validation via Copilot CLI
"Compliance shouldn't be a barrier to shipping — it should be automated into your workflow." I build tools that turn security requirements into code, so developers can focus on building and security teams can focus on strategy.
Random Facts
- Obsessed with turning compliance jargon into developer-friendly language
- Believe every federal system deserves automated security documentation
- Maryland-based, building for the federal tech ecosystem
- Powered by curiosity and too much coffee ☕