Open-source GRC toolkit from the GRC Engineering Club. Claude Code plugins for evidence collection, SCF crosswalks, multi-framework gap reports, OSCAL workflows.

Security architecture patterns and NIST 800-53 controls from opensecurityarchitecture.org

Unified NIST + OWASP security framework MCP server — 36 tools, 3439+ records, live NVD/KEV, PDF reading, STRIDE threat modeling, compliance mapping

Centralized STIG & NIST 800-53 compliance knowledge, playbooks, and secure code templates for federal systems development.

Compliance-as-Code lab using AWS Config, EventBridge, and Lambda auto-remediation with CloudFormation.

ALX System Engineering & DevOps portfolio with cybersecurity enhancements. Bash automation for log analysis, system hardening, incident response, zero-trust SSH, compliance auditing (CIS/NIST), threat hunting, and DevSecOps pipelines. Proven SOC analyst toolkit – built on Ubuntu 20.04.

IAM Authentication Audit Tracker is a Terraform-based AWS security lab that detects IAM login anomalies using CloudTrail, CloudWatch, SNS, and Athena. It integrates tfsec scans through GitHub Actions and demonstrates alerting, audit log analysis, and compliance mapping to NIST 800-53 (AU-6, AC-7) and ISO 27001 A.12.4 using secure IaC

Lightweight Python CLI tool that scans AWS IAM policy JSON files for overly permissive statements and maps findings to CJIS v6.0, FedRAMP, and NIST 800-53 compliance controls.

Fledge: hardened macOS platform for autonomous AI agents. Security-first n8n orchestration from hello world to production.

A browser-based Microsoft Defender for Endpoint audit tracker for MSSP security engineers, mapping ~270 tasks across multiple frameworks including — NIST CSF 2.0, Cyber Essentials, SOC 2, and NIST 800-53. Features per-task status, notes, live progress metrics, framework switching, dark/light mode, and CSV, HTML, and JSON export.

AWS Organization baseline configuration

Security-focused agent skills for service mesh analysis, compliance reporting, and remediation

NIST SP 800-171 controls matrix with all 110 requirements mapped to NIST 800-53, CMMC 2.0, CIS Controls, and ISO 27001.

Automated compliance as code for hybrid cloud hardening. NIST Hardening Suite converts NIST 800-53 controls into executable, auditable Ansible workflows that reduce drift and support SOC 2 and DORA evidence mapping.

A structured cyber risk management plan modeled on NIST guidance. Includes threat identification, impact assessment, control mapping, and mitigation strategies.

IAM Authentication Audit Tracker is a Terraform-based AWS security lab that detects IAM login anomalies using CloudTrail, CloudWatch, SNS, and Athena. It integrates tfsec scans through GitHub Actions and demonstrates alerting, audit log analysis, and compliance mapping to NIST 800-53 (AU-6, AC-7) and ISO 27001 A.12.4 using secure IaC

Automated AWS compliance guardrails using Service Control Policies and CloudFormation. Controls enforce audit log protection, encryption at rest, boundary protection, and least functionality, mapped to CJIS Security Policy v6.0, FedRAMP High baseline, and NIST 800-53 Rev. 5.

Terraform provider for Technitium DNS Server with STIG-hardened defaults and CNSSI 1253 compliance support

Production security infrastructure with Wazuh SIEM, defense-in-depth architecture, and NIST 800-53 mapping across 20+ self-hosted services