GRC control assessment, plus hands-on identity and application security.

• Led security control assessments across 12+ client environments against ISO 27001, ISO 27701, SOC 2 Type II, and TISAX, with 100% client audit pass rate, and all implementations recommended for ISO 27001 certification.
• Reviewed access control, change management, SDLC, and configuration management processes to surface drift between documented policy and operational reality, remediating gaps with IT and DevOps throughout the process.
• Built audit-ready evidence packages and led clients through control implementation ahead of ISO 27001, SOC 2, and TISAX certification assessments.
• Authored 40+ security policies and procedures spanning access management, change management, incident response, and SDLC, each tailored to the specific client environment with defined control ownership.

• Evaluated cybersecurity and IT general controls against FDICIA and SOX requirements.
• Authored audit findings reports prioritizing the highest-risk control weaknesses for client remediation.

portalvision.io

• Built out the identity, access control, and application security architecture end to end.
• Designed the authentication and authorization layer on Auth0 with JWT-based session handling and database-backed role claims driving every authorization decision.
• Enforced role-based access control across all API endpoints with tiered separation of admin, authenticated user, and public routes.
• Shipped the privileged admin console for user and organization lifecycle management, isolating administrative actions behind elevated role checks via the Auth0 Management API.
• Hardened the production deployment with CORS policy, bearer-token enforcement on all API calls, environment-scoped secrets management, and multi-stage container builds.

• Implemented BLE link-layer encryption via custom ESP32 firmware, defeating sniffing and man-in-the-middle attacks across Bluetooth Mesh topologies.
• Built the GIS-based auto-provisioning layer on Google Cloud and the Google Maps API to deploy encrypted mesh nodes across a mapped region.

• Prototyped an OWASP Dependency-Track integration for the CI/CD pipeline to surface vulnerable third-party components in the software supply chain.
• Contributed backend and frontend enhancements to a SaaS flight-planning platform used by corporate and private aviation customers.