Projects
All Projects
19 projects spanning AI systems, compliance automation, and cloud infrastructure — newest first.
Featured (8)
AI-Driven Issue Tracking & Analytics Pipeline
An 8-part AI pipeline that maps FedRAMP 20x controls to a client's technology stack, identifies compliance gaps against live Vanta test data, generates remediation plans, and uploads a fully structured Epic → Task → Sub-task hierarchy to Jira.
- →Processed 3 control families (KSI: 56 controls, ADS: 20 controls, CCM: 3 controls) through the full pipeline end-to-end
- →Generated 582 Jira tickets (Epics + Tasks + Sub-tasks) across all families with proper hierarchy and audit-ready descriptions
- →Reduced the control-to-ticket lifecycle from weeks of manual analysis to a single pipeline run per family
- →Every AI call logged with prompt sent and response received — full audit trail for compliance review
System Architecture & Design
A high-level architecture diagram of the compliance automation platform, illustrating the orchestration layer, dependency injection, strategy-based backend execution, logic pipelines, adapter protocols, and external provider integrations.
- →Established clear separation between orchestration, logic, and infrastructure layers
- →Enabled 15+ compliance workflows to share pipelines, services, and configuration
- →Decoupled external provider integrations through adapter protocols and lazy initialization
Cloud Data Normalization Pipeline
A data pipeline that transforms raw cloud inventory exports and Tenable scan data into a FedRAMP Appendix M submission-ready workbook.
- →Eliminated manual reconciliation across many asset categories
- →Produced submission-ready Appendix M workbooks directly from exported data
- →Created a repeatable workflow for a tedious compliance reporting task
Jira MCP Server for AI Agent Workflows
An MCP server that exposes Jira operations as AI-callable tools, allowing LLM clients to search, create, update, transition, and comment on issues.
- →Enabled AI agents to interact directly with Jira instead of relying on copy-paste handoffs
- →Connected analysis workflows to actionable remediation tracking
- →Demonstrated practical use of emerging MCP-based agent tooling
Vanta Compliance Gap Analyzer
Integrated with Vanta's GraphQL API to fetch, paginate, categorize, and structure compliance test failures into a clean dataset for remediation planning.
- →Converted a paginated, unstructured API feed into a single clean, categorized dataset
- →Eliminated the manual UI-scraping approach to identifying open compliance gaps
- →Produced an analysis-ready artifact that downstream pipelines and reporting tools consume
Production RAG Infrastructure on AWS
A reusable retrieval layer built on AWS OpenSearch and Amazon Bedrock embeddings that grounds multiple LLM pipelines in system-specific documentation.
- →Enabled grounded retrieval across multiple AI workflows
- →Centralized retrieval infrastructure for compliance and documentation pipelines
- →Improved reliability of generated outputs by attaching them to semantic search results
Prompt Engineering for Anti-Hallucination Evidence Generation
A multi-layer prompt and validation architecture that prevents LLM hallucinations in compliance evidence generation through structured inputs, hard constraint gates, and a 4-phase validation pipeline.
- →Eliminated AWS service name leakage into abstract classification outputs via hard-coded regex blocklist
- →Reduced misclassification of process-only controls through deterministic escape hatches that bypass the LLM entirely
- →Established a gold-set validation framework with 10 analyst-authored test cases and 8 codified divergence categories
Multi-Pipeline LLM Automation Platform
An AI-powered platform that automates major parts of the FedRAMP documentation and evidence workflow, including control-to-service mapping, evidence narrative generation, AWS CLI evidence commands, appendix planning, and inventory reporting.
- →Reduced manual compliance authoring and evidence-prep effort from days or weeks to repeatable batch workflows
- →Automated generation for hundreds of NIST 800-53 control parts
- →Created reusable outputs that feed multiple downstream compliance documents and audit workflows
Archive (11)
AI-Driven NIST 800-53 Component Mapping Engine
Mapped control parts to implementing cloud services using a multi-stage LLM workflow with extraction and triage passes.
AI-Powered AWS Audit Evidence Command Generator
Generated and validated read-only AWS CLI commands for gathering evidence against NIST 800-53 control parts.
Google Docs Feedback Loop System
Closed-loop refinement system that polled Google Doc comments via the Docs API, classified comment relevance with GPT, generated refined replacements, and validated rewrites through a verification pass before applying batchUpdate edits — turning client review into automated revisions.
FedRAMP Privacy Plan Generator
Generated FedRAMP Privacy Plan deliverables across NIST 800-53 Rev5 Privacy baseline by flattening nested compliance domains into tabular DataFrames with index-based JSON enrichment (O(1) lookups by control ID) for moderate-baseline cross-references.
Supply Chain Risk Management (SCRM) Plan Generator
Two-phase SCRM Plan generator using a dedicated OpenAI Assistant per domain, with hard-constraint prompts ("Do NOT add, delete, reorder…") and vector-store-scoped retrieval grounding for FedRAMP Rev5 supply-chain controls.
Incident Response Plan (IRP) Assistant
Three-phase IRP generator built on OpenAI Assistants — strict placeholder-only fill, extractive QA with explicit "Not found in the provided content" fallback, and a copy-edit-only second phase enforcing no content changes.
Multi-Pass Compliance Document Generator
Four-pass compliance document refinement pipeline (draft → file-search refine → RF Score 1-5 rubric rewrite → merge with existing procedures), with checkpoint/resume, prompt redaction, and per-control-part state persistence between runs.
NIST Component Mapping Engine (Rev.4)
First-generation per-control-part component mapper using OpenAI Assistants with Vector Stores (file_search + code_interpreter), with a relaxed-fallback prompt variant and a rolled-up summary pass to feed downstream document generation.
NIST 800-53 Audit Question Generator
LLM-powered audit-question synthesis using a two-pass generator-critic loop (synthesize → refine) over NIST 800-53 control objectives, producing structured assessment questions for compliance reviewers.
NIST 800-53 SSP Baseline Splitter
Split NIST 800-53 Rev5 baselines into low/moderate/high JSON artifacts and parsed objectives (a., b., (a), (b)) into structured parts using regex-driven custom sort keys that preserved enhancement and part hierarchy (AC-2, AC-2(1), AC-2(1)(a)).
JupiterOne Bulk Ingest & Query Pipeline
Built a Python service over JupiterOne's GraphQL API with cursor pagination (limit=5000), a one-to-four query dispatcher, and the bulk persister synchronization-job lifecycle (create → upload → delete → finalize) for moving security-graph data at scale.