Results-driven Information Security professional with 16 years of experience in cybersecurity frameworks, including RMF, NIST SP 800-53/800-171/800-218, DevSecOps, Cloud Security, Security Compliance, Generative AI, and Vulnerability Management. Holds certifications aligned with DoD 8570 IAT/IAM Level III and IASAE Level II. Skilled in identifying vulnerabilities, recommending mitigation, and implementing enterprise-grade security solutions to protect digital assets. Tracks effective communication of cybersecurity risks to stakeholders, promoting security awareness and collaboration.
| Certification | Link |
|---|---|
| π‘οΈ CISM | View |
| π‘οΈ CISA | View |
| π‘οΈ CRISC | View |
| π CASP+ | View |
| π Security+ | View |
| βοΈ AWS Security Speciality | View |
| βοΈ AWS Solutions Architect Associate | View |
| βοΈ AWS Developer Associate | View |
| βοΈ Azure Security Engineer | View |
-
Delivered a full-scope assessment of an AWS environment using NIST 800-53 and CJIS/IRS Pub 1075 frameworks. Includes checklist, findings report, and remediation roadmap. All client information redacted for privacy.
Cloud Security Assessment Checklist & Report -
Automates the detection and deactivation of inactive IAM users based on NIST guidance.
AWS Lambda GRC Automation β NIST AC-2(3) Compliance -
Automates the review and classification of high/critical vulnerabilities from Tenable scans.
Nessus Vulnerability Scan Analysis -
Demonstrates Determine-If style assessments using real-world artifacts.
FedRAMP Security Control Testing (AC-11) -
Secures DevOps pipelines by integrating static code analysis into builds.
SonarQube Integration in Jenkins CICD
-
Pharmaceutical Supply Chain dApp
A full-stack blockchain application that tracks pharmaceutical batches across the supply chain to ensure transparency, product authenticity, and regulatory compliance. Built with Solidity, React, and PostgreSQL. -
Event Ticketing dApp
A decentralized event ticketing platform for creating, purchasing, and managing tickets on Ethereum. 77 tests, 100% line coverage, SWC Registry compliant. Built with Solidity, Foundry, React, and ethers.js v6. -
Security Audit Portfolio
A curated collection of smart contract audit reports, vulnerability findings, and mitigation strategies. Showcases hands-on security analysis across various Web3 projects, including manual reviews, PoCs, and remediation best practices.
Exploring smart contract auditing, secure dApp architecture, and decentralized risk scoring systems.
- π§ stefan@stefanjames.io
- πΌ LinkedIn
- π Website
"Security is not a feature. Itβs a commitment."