20 years hardening enterprise infrastructure at Verizon, Fiserv, Truist, and Cisco. Now I turn security architecture into working code: zero-trust pipelines, automated compliance engines, and cloud-native defenses that run without a human in the loop.
I'm Jermaine Ragsdale — CISSP, AWS Solutions Architect, and the person who gets called when compliance meets cloud complexity. My career spans 20 years at Verizon, Fiserv, Truist, and Cisco, leading zero-trust implementations, cloud security migrations, and regulatory programs across AWS and Azure. But I don't just write blueprints — I write the code to enforce them.
Most security architects hand off to engineering. I close the loop myself: Terraform modules, Lambda pipelines, OPA policy libraries, CI/CD security gates. I believe the only security worth having is security that runs automatically and proves itself with audit logs. If it requires a human to remember, it's already broken.
Designing and implementing enterprise-grade security across multi-cloud environments with zero-trust principles and defense-in-depth strategies.
Translating regulatory requirements into automated controls and continuous monitoring for financial services and federal environments.
Automating cloud infrastructure with declarative templates, policy-as-code, and CI/CD pipelines for immutable deployments.
End-to-end development from serverless backends to responsive frontends, with emphasis on secure coding practices and clean architecture.
Implementing security monitoring, incident response workflows, and threat intelligence feeds to detect and neutralize advanced threats.
Collaborated with cross-functional teams to develop security blueprints and identify risks across enterprise systems. Assessed architecture vulnerabilities and defined security controls to strengthen Truist's cloud and infrastructure posture.
Led annual DevOps security enhancements and championed secure development lifecycle adoption across 80+ teams, achieving 90% compliance with enterprise architecture guidelines. Mentored development teams in prioritizing security hardening, reducing vulnerabilities by 70%.
Designed enterprise cloud architecture leveraging AWS Security Hub, Macie, and GuardDuty, reducing threat detection time by 50%. Ensured 100% compliance with NIST CSF, FedRAMP, and PCI-DSS, reducing cloud misconfigurations by 45%.
Guided security engineering teams in encryption strategies securing 100TB+ of sensitive data. Led enterprise-wide compliance ensuring 100% alignment with NIST, FedRAMP, ISO 27001/27002, PCI-DSS, and HIPAA standards.
Spearheaded security infrastructure efforts contributing to 99.999% uptime, securing Verizon's #1 J.D. Power ranking for reliability in 2015. Prioritized high availability and disaster recovery across video network infrastructure.
Every S3 upload path is a blind spot. Files arrive, land in buckets, and get served — with no visibility into what's actually inside them. One infected upload touches everything downstream.
Lambda triggers on every S3 PutObject event, runs the payload through a ClamAV container, then routes the result: clean files are promoted to the delivery bucket; infected files go to quarantine with full metadata logged to CloudWatch.
100% automated scanning with no manual review step. Sub-2-second scan latency. Full tamper-evident audit trail for compliance reporting. Infrastructure provisioned entirely in Terraform.
Enterprise multi-team Azure environments sprawl into flat networks. Any compromised VM can pivot laterally across every workload. Security teams lack east-west traffic visibility until after a breach.
Hub-and-spoke topology with Azure Firewall at the center. All spoke-to-spoke traffic routes through the hub for deep-packet inspection. User-Defined Routes (UDRs) and NSGs enforce segmentation. Every component provisioned with Terraform so the architecture is repeatable across environments.
Full east-west traffic inspection, blast radius contained per spoke, zero implicit trust between workloads. One Terraform apply provisions the entire topology — production-identical environments in minutes.
Infrastructure-as-Code is fast. Fast + wrong means misconfigured security groups, open S3 buckets, and missing encryption — deployed at scale before anyone notices. Manual security reviews don't scale to 80+ teams.
Open Policy Agent (OPA) sits as a gate in the CI/CD pipeline. Terraform plans are evaluated against a policy library before any apply runs. Violations block the deployment with an explicit policy failure message — no deploy, no exception, no override.
Security misconfigurations caught at commit time, not post-deploy. Policy drift eliminated. Compliance enforced automatically at the infrastructure layer — the security team reviews policy rules, not individual PRs.
Blockchain-style integrity verification using AWS Lambda, DynamoDB, and S3. Tamper detection and compliance reporting for financial services environments.
Zero-trust Azure app using Managed Identity and Key Vault — zero hardcoded secrets. Bicep IaC for fully automated, secure deployments.
GDPR/CCPA-compliant PII detection and redaction using AWS Comprehend and Lambda. Terraform-managed for data privacy at enterprise scale.
Information Systems Management
University of Southampton
CISSP — (ISC)²
SAA-C03 — Amazon Web Services
AIF-C01 — Amazon Web Services
GCLD — SANS / GIAC
ITILF — AXELOS / EXIN