Atlanta Metropolitan Area
I work at the intersection of technology, assurance, and risk, helping organizations strengthen software integrity, governance, and supply-chain accountability through evidence-based controls. My background combines three graduate degrees: * MS in Information Systems Audit * MSc in Environmental Science * MBA in Business Administration along with professional credentials including CFE, CICA, and ISC2 student credentials. This multidisciplinary foundation enables me to approach security, compliance, and governance from a systems and evidence perspective rather than treating them as isolated tooling or checklist exercises. My work focuses on software supply-chain integrity—verifying that what organizations declare about their software accurately reflects what is built, tested, released, and deployed. Areas of applied work include: * SBOM reconciliation and software composition validation * Dependency drift detection and artifact identity verification * CI/CD integrity controls aligned with regulatory objectives * Translating requirements from the EU Cyber Resilience Act (CRA), SOC 2, and ISO/IEC 27001 into enforceable technical controls * Designing machine-verifiable, audit-grade evidence rather than traditional security reporting I am particularly interested in the transition from disclosure-based compliance to evidence-based assurance, where integrity, accountability, and governance are demonstrated through verifiable technical evidence. My current work is expanding into AI governance, with a focus on making autonomous systems more transparent, accountable, and verifiable through evidence, cryptographic integrity, and governance-driven design rather than trust alone. My broader interests include software assurance, AI governance, technology risk, regulatory readiness, CI/CD security, and the evolving intersection of cybersecurity, audit, and enterprise governance.
I am building a CI-enforced SBOM reconcilation control focused on supply-chain integrity and verifiable audit evidence.
Independent security and compliance-focused consulting spanning information systems audit, software supply chain integrity, and risk analysis. Worked on: • Information systems audit concepts and control mapping (SOC 2, ISO/IEC 27001) • Software supply chain risk analysis, including SBOM accuracy and dependency integrity • CI/CD integrity validation and audit-evidence design • Translating regulatory and audit requirements (EU Cyber Resilience Act, SOC 2, ISO 27001) into practical technical controls • Independent research, tooling, and documentation for build integrity, provenance gaps, and dependency drift This period includes continuous professional development, certifications, and hands-on work building reference tools and documentation used to demonstrate verifiable audit evidence, not just policy statements. Focus areas: • Audit readiness • Evidence-based security controls • Legacy and modern software risk assessment • Build-to-deploy integrity assurance
Analytical & Control Evaluation Support Assisted in structured assessments involving literature review, survey design, data integration, and analytical validation. Focused on accuracy, traceability, and defensible outputs supporting project conclusions.