J S.

Technology Risk & AI Governance | Software Supply Chain Integrity | Evidence-Based Assurance | SOC 2 • ISO 27001 • CI/CD Controls

Atlanta Metropolitan Area

About

I work at the intersection of technology, assurance, and risk, helping organizations strengthen software integrity, governance, and supply-chain accountability through evidence-based controls. My background combines three graduate degrees: * MS in Information Systems Audit * MSc in Environmental Science * MBA in Business Administration along with professional credentials including CFE, CICA, and ISC2 student credentials. This multidisciplinary foundation enables me to approach security, compliance, and governance from a systems and evidence perspective rather than treating them as isolated tooling or checklist exercises. My work focuses on software supply-chain integrity—verifying that what organizations declare about their software accurately reflects what is built, tested, released, and deployed. Areas of applied work include: * SBOM reconciliation and software composition validation * Dependency drift detection and artifact identity verification * CI/CD integrity controls aligned with regulatory objectives * Translating requirements from the EU Cyber Resilience Act (CRA), SOC 2, and ISO/IEC 27001 into enforceable technical controls * Designing machine-verifiable, audit-grade evidence rather than traditional security reporting I am particularly interested in the transition from disclosure-based compliance to evidence-based assurance, where integrity, accountability, and governance are demonstrated through verifiable technical evidence. My current work is expanding into AI governance, with a focus on making autonomous systems more transparent, accountable, and verifiable through evidence, cryptographic integrity, and governance-driven design rather than trust alone. My broader interests include software assurance, AI governance, technology risk, regulatory readiness, CI/CD security, and the evolving intersection of cybersecurity, audit, and enterprise governance.

Experience

  • Independent Consultant — Software Supply Chain Security & Regulatory Controls at Self-employed
    Feb 2026 - Present · 6 mos

  • Software Supply- Chain Security | Independent Project Development at Information Techology Services
    Feb 2025 - Feb 2026 · 1 yr 1 mo

    I am building a CI-enforced SBOM reconcilation control focused on supply-chain integrity and verifiable audit evidence.

  • Independent Contractor at Self-employed
    Aug 2015 - Feb 2026 · 10 yrs 7 mos

    Independent security and compliance-focused consulting spanning information systems audit, software supply chain integrity, and risk analysis. Worked on: • Information systems audit concepts and control mapping (SOC 2, ISO/IEC 27001) • Software supply chain risk analysis, including SBOM accuracy and dependency integrity • CI/CD integrity validation and audit-evidence design • Translating regulatory and audit requirements (EU Cyber Resilience Act, SOC 2, ISO 27001) into practical technical controls • Independent research, tooling, and documentation for build integrity, provenance gaps, and dependency drift This period includes continuous professional development, certifications, and hands-on work building reference tools and documentation used to demonstrate verifiable audit evidence, not just policy statements. Focus areas: • Audit readiness • Evidence-based security controls • Legacy and modern software risk assessment • Build-to-deploy integrity assurance

  • Graduate Research Assistant at Georgia State University
    Jul 2014 - Aug 2015 · 1 yr 2 mos

    Analytical & Control Evaluation Support Assisted in structured assessments involving literature review, survey design, data integration, and analytical validation. Focused on accuracy, traceability, and defensible outputs supporting project conclusions.