Projects & Case Studies¶
Core portfolio work with outcomes, tech stacks, and role-fit tags. Built to show implementation depth and audit-ready delivery.
Role fit: GRC Engineer · Cloud Security · Detection Engineering · Security Controls Implementation
⭐ Flagship Projects¶
These signature projects demonstrate production-grade implementation and unique technical depth.
GIAP™ — GRC Integrated Automation Platform MVP Complete Production GRC platform with live demo. CISO Assistant + n8n + Nextcloud + SuiteCRM. 100+ frameworks, HMAC webhooks, end-to-end automation. GRC Automation Live Demo Tech: Proxmox, CISO Assistant, n8n, Nextcloud, SuiteCRM, FastAPI, React Read Full Case Study · Try Live Demo Why this matters: Production platform processing real compliance workflows — not a lab project
TraceLock™ — RF Threat Detection Active Patent-pending (Nov 2025) 6-domain wireless monitoring (Wi-Fi/BLE/SDR/GPS/ADS-B). 12,500 LOC, evidence-grade logging, detection engineering. RF Detection Python Tech: Python, HackRF, RTL-SDR, SQLite, Kismet, Raspberry Pi Read Full Case Study · GitHub Why this matters: If I can build detection logic for 6 RF domains, I can build detection content for your SIEM
Featured Projects¶
Completed client work and technical implementations demonstrating GRC engineering skills.
PCI-DSS Endpoint Hardening Complete Rapid hardening (<48 hours) with 47+ controls mapped and evidence pack. Financial services client delivery. Compliance Hardening Client Work Tech: GPO, BitLocker, Windows Firewall, PowerShell Read Demonstrates: Compliance-ready endpoint builds with audit evidence
PropTech RF Governance & Scope Control Complete Governance-focused RF assessment of BLE/Wi-Fi activity in smart-building deployments. (PropTech = Property Technology: smart locks, IoT sensors, building automation.) Emphasizes scope discipline to prevent false positives for regulated work-from-home roles. GRC Privacy RF Read Demonstrates: RF governance, scope discipline, privacy-to-technical alignment
Secure Intake Portal Active Nextcloud + n8n + SuiteCRM intake with RBAC, retention, and audit trails. Compliance Intake Automation Tech: Nextcloud, n8n, SuiteCRM, LDAP Read Demonstrates: Governed intake, role-based access, logged workflows
Baseline Evidence Drop Complete Consent-first Windows evidence collector with hashes, manifest, and control mapping. GRC Evidence PowerShell Tech: PowerShell, SHA-256, JSON manifest Read Demonstrates: Agentless evidence collection with integrity verification
In Development¶
Active projects expanding cloud and detection capabilities.
Cloud Control Pack (AWS) In Progress Default-deny S3 + GuardDuty export; scoped IAM with CIS/NIST mapping. Cloud GRC AWS Tech: AWS IAM, S3, GuardDuty, CloudTrail, Terraform Read Demonstrates: Cloud guardrails, evidence pipeline, compliance mapping
Additional Projects¶
Lab environments, infrastructure work, and research supporting the portfolio.
Detection & IR Lab Active SIEM/IDS tuning, incident drills, authored detections with enrichment. Detection IR SIEM Tech: Security Onion, TheHive, Cortex, Suricata, Zeek Read
Self-Hosted Stack Hardening Active SuiteCRM, Docuseal, Nextcloud, Wiki.js with IAM, backups, patch automation. Hardening Infrastructure Linux Tech: Proxmox, Ubuntu, Nginx, Let's Encrypt, Fail2ban Read
Remote Access & Zero-WAN Active Tailscale/RustDesk remote access with no exposed WAN ports. Access Hardening Zero-Trust Tech: Tailscale, RustDesk, UFW, SSH hardening Read
Zero Trust Access Pilots Evaluated Tailscale/Twingate/Netbird evaluation for secure remote access. ZTNA IAM Access Tech: Tailscale, Twingate, Netbird, WireGuard Read
AgenticOS — AI Orchestration Active Deterministic AI agent layer with 72 health checks and audit-grade logging. AI Automation Python Tech: Python, YAML, JSON, Multi-provider LLM APIs Read
RF/UAS Security Research Ongoing SDR payloads, BLE/Sub-GHz reconnaissance, and 3D-printed sensor housings. RF Innovation Hardware Tech: HackRF, Flipper Zero, ESP32, FreeCAD Read