📍 Maryland | 🔒 Security & Compliance Engineer | 🤖 AI-Powered DevSecOps Builder
Building AI-powered tools that bridge the gap between developers and federal compliance — turning weeks of security documentation into hours.
The mobile guide for NIST cybersecurity publications related to OSCAL, built for compliance engineers, security practitioners, and builders working in NIST and FedRAMP environments. OSCAL Pocket Guide helps you quickly navigate the source documents, guidance, and reference material that inform OSCAL-based work from anywhere.
- 📱 OSCAL Pocket Guide — Flagship mobile app for exploring NIST cybersecurity documents related to OSCAL on the go; available on App Store and Google Play
- 🎯 ThreatCanvas — AI-powered STRIDE threat modeling with interactive attack surface visualization; describe your architecture in plain English → get risk-ranked findings, kill chain mapping, and mitigation recommendations powered by GitHub Copilot SDK
- 🔄 OSCALFlow — GitHub CLI extension that automates OSCAL compliance documentation; generate FedRAMP-ready SSPs from your codebase in seconds
- 🤖 D.A.V.E — AI-powered compliance automation engine using Google Gemini; analyzes evidence artifacts, maps controls to NIST 800-53, and generates valid OSCAL artifacts
- 🛡️ copilot-cli-security — AI-powered security analysis extension for GitHub Copilot CLI; identifies vulnerabilities in code changes and scans dependencies ⭐ 2
- 🖥️ SYSAdmin-CoPilot — Agent-native infrastructure management control plane where GitHub Copilot SDK orchestrates real system operations through secure tool gateways ⭐ 15
- 📚 nist-rag-agent — Conversational RAG agent for NIST cybersecurity guidance, powered by 530K+ training examples from 596 NIST publications with LangChain & FAISS
- 🧭 COMPASS — Compliance Mapping and Policy Assessment Speech System; a FedRAMP voice agent powered by Gemini 2.5 Pro Live API — describe your architecture out loud → real-time NIST SP 800-53 control mapping, gap analysis, and OSCAL document generation
- 🤖 B.O.B.B.I.E — Bedrock-Orchestrated Baseline & Behavior Intelligence Engine; hierarchical multi-agent NIST SP 800-53 Rev 5 compliance assessment powered by AWS Bedrock (Amazon Nova) with evidence-driven findings, AI-augmented risk narratives, and OSCAL output
- 📄 oscal-content — NIST SP 800-53 content and other OSCAL content examples (fork of usnistgov/oscal-content)
- 💬 LibreChat — Enhanced ChatGPT Clone with Agents, MCP, and multi-model support (fork of danny-avila/LibreChat)
- 🧩 vscode-copilot-chat — Copilot Chat extension for VS Code (fork of microsoft/vscode-copilot-chat)
- Automating compliance — Turning NIST 800-53, OSCAL, and FedRAMP requirements into developer-friendly tooling
- AI + Security — Leveraging GitHub Copilot, LLMs, and RAG pipelines to bridge the gap between security policy and code
- Open-source DevSecOps — Making federal-grade security accessible to everyone through CLI tools and automation
- 📢 Started RFC discussion with NIST on a new OSCAL model for Reference Taxonomy for Classification Schemes
- 🏅 Built OSCALFlow for the GitHub + MCP Hackathon — a native CLI that generates valid OSCAL 1.2.0 JSON
- 🔍 OSCALFlow detects 50+ control implementations across 8 languages with AI-powered validation via Copilot CLI
"Compliance shouldn't be a barrier to shipping — it should be automated into your workflow." I build tools that turn security requirements into code, so developers can focus on building and security teams can focus on strategy.
Random Facts
- Obsessed with turning compliance jargon into developer-friendly language
- Believe every federal system deserves automated security documentation
- Maryland-based, building for the federal tech ecosystem
- Powered by curiosity and too much coffee ☕