·                  
                            
ABOUT

COMPLIANCE

NIST SP 800-53

Security & privacy controls

NIST Privacy Framework

Privacy risk management

TX-RAMP

Texas risk authorization based on FedRAMP

CIS 8.1

Cybersecurity controls

NIST CSF

Cybersecurity framework

HECVAT

Higher-education vendor assessment

CAIQ

Cloud security self-assessment

ENGINEERING

PHP

Primary language

Python

Automation & tooling, scripting

Go

Services & CLI tools

C#

.NET integrations

Bash

System administration & scripting

Rust

Systems programming

TypeScript

Frontend & tooling

Legacy Applications

Keeping old code alive

INFRASTRUCTURE

AWS

30+ services, architecture to billing

Linux / Apache

Production stack

MySQL / Redis

Data & caching layer

Serverless

Lambda & event-driven workflows

CI/CD

Continuous integration & deployment

Docker

Containers & local dev

I'm the CISO and Head of Engineering at Redrock Software. We build TracCloud, a platform used by hundreds of universities. I split my time between security and engineering. On the security side, that's compliance — TX-RAMP, CAIQ, HECVAT, CMMC, NIST SP 800-53 — writing policies, mapping controls, getting through audits. On the engineering side, I write PHP, Python, Go, and C# day to day. I handle all the integrations, API work, serverless infrastructure, and AWS from architecture to billing. If TracCloud talks to another service or runs on a server, it goes through me. I've been in ed-tech for a long time and technology in general for a lot longer. I'm always interested in how others are approaching the same problems!

HIGHLIGHTS

TracCloud

I built TracCloud and run it today — a SaaS platform serving 400+ universities on Linux, Apache, PHP, MySQL, and Redis on AWS.

Compliance Program

I own the compliance program end to end: policy writing, control mapping, gap fixes, and audit prep across TX-RAMP, NIST 800-53, HECVAT, and others.

International Privacy

Wrote privacy docs covering US state laws, GDPR, Canadian, UK, Kuwaiti, and Qatari requirements, plus DPAs.

Security Training

Built and run the company's security awareness training, including phishing simulations.

Open Source Tooling

I build open source tools in Rust, Python, TypeScript, and Svelte — research agents, LLM orchestration, security scanners.

Polyglot Engineer

I write production code in PHP, Python, Go, C#, Rust, and TypeScript. I'd rather pick the right language than make one do everything.

BEYOND WORK

Eagle Scout

Earned Eagle Scout in 2007. Still involved as a Scout leader.

20 Years Teaching Martial Arts

I've taught martial arts for twenty years. It's where I learned to teach — breaking things down and meeting people where they are.

GET IN TOUCH

[email protected]
ResumeGitHubLinkedInMediumBluesky