🔐 Compliance, Privacy & Security

I architect solutions that meet rigorous standards like FedRAMP, HIPAA, NIST, PCI, and ISO while enabling innovation across defense, healthcare, fintech, and AI systems.

🔒 Regulatory Frameworks & Standards

  • FedRAMP & NIST: Designed cloud platforms meeting FedRAMP High and NIST 800-53/171 for defense clients
  • HIPAA/HITRUST: Built compliant healthcare platforms (WiTT, CareBORN) handling EHR/FHIR data
  • PCI-DSS: Secured fintech applications with Stripe integrations and donor management
  • AI Compliance: Developed TrussController middleware for LLM PII redaction and audit logging
  • Global Standards: Implemented GDPR, ISO 27001/9001, and UK Cyber Essentials

🛡 Secure-by-Design Engineering

  • Zero-Trust Architectures: For DoD systems and healthcare AI platforms
  • LLM Security: Built PII redaction and audit trails for insurance claims automation (Trussed.AI)
  • Insider Threat: Predictive monitoring for defense and financial systems
  • Access Control: RBAC with attribute-based policies for multi-tenant SaaS
  • Audit Systems: End-to-end logging meeting HIPAA 6-year retention requirements

⚙️ DevSecOps & Cloud Compliance

  • AI Pipeline Security: Containerized LLM deployments with vulnerability scanning
  • Cloud Guardrails: AWS GuardDuty, CloudTrail, and custom compliance rulesets
  • Infrastructure as Code: Terraform modules enforcing NIST/FedRAMP baselines
  • Runtime Protection: Kubernetes policies for AI workloads and microservices
  • Compliance Automation: CI/CD gates for SAST/DAST in GitHub Actions

🤖 Ethical AI & Responsible Innovation

  • Auditable AI: Designed Trussed.AI's compliance layer for insurance LLMs
  • Bias Mitigation: Fairness frameworks for healthcare eligibility systems
  • RLHF Governance: Human oversight for sensitive decision-making
  • Explainability: Model interpretability in clinical support tools
  • Data Provenance: Tracking for training data in regulated domains

🔍 Selected Security Implementations

Trussed.AI Compliance Layer

  • PII redaction engine for insurance claims
  • LLM provider abstraction for compliance routing
  • Audit trails meeting PCI/HIPAA requirements

SIMS Infinity (DoD)

  • Personnel security with insider threat detection
  • CMMC 2.0-aligned access controls

Let's build secure, compliant systems that don't compromise innovation.

Contact Me