About Skills Experience Projects Consulting Contact
CISSP · AWS SAA · Cloud Security Builder

Don't just design
security — build it.

20 years hardening enterprise infrastructure at Verizon, Fiserv, Truist, and Cisco. Now I turn security architecture into working code: zero-trust pipelines, automated compliance engines, and cloud-native defenses that run without a human in the loop.

See the Work → Get in Touch
Jermaine Ragsdale
About Me

Enterprise Security Architect
Who Ships.

I am Jermaine Ragsdale — CISSP, AWS Solutions Architect, and the person who gets called when compliance meets cloud complexity. My career spans 20 years at Verizon, Fiserv, Truist, and Cisco, leading zero-trust implementations, cloud security migrations, and regulatory programs across AWS and Azure. I don't just write blueprints — I write the code to enforce them.

Most security architects hand off to engineering. I close the loop myself: Terraform modules, Lambda pipelines, OPA policy libraries, CI/CD security gates. I believe the only security worth having is security that runs automatically and proves itself with audit logs. If it requires a human to remember, it's already broken.

0
Years Experience
0
Certifications
0
Fortune 500 Orgs
Expertise

Skills & Technologies

Cloud Security Architecture

Designing and implementing enterprise-grade security across multi-cloud environments with zero-trust principles and defense-in-depth strategies.

AWS Azure Zero Trust IAM

Compliance & Governance

Translating regulatory requirements into automated controls and continuous monitoring for financial services and federal environments.

SOX PCI-DSS FedRAMP NIST 800-207 HIPAA ISO 27001

Infrastructure as Code

Automating cloud infrastructure with declarative templates, policy-as-code, and CI/CD pipelines for immutable deployments.

Terraform Bicep CloudFormation GitHub Actions

Full-Stack Development

End-to-end development from serverless backends to responsive frontends, with emphasis on secure coding practices and clean architecture.

Python JavaScript React REST APIs

Threat Detection & SIEM

Implementing security monitoring, incident response workflows, and threat intelligence feeds to detect and neutralize advanced threats.

Splunk Sentinel GuardDuty MITRE ATT&CK

AI & Large Language Models

Applying LLMs to real security problems: automated log analysis, IaC review pipelines, and local on-premise deployment for regulated environments where data cannot leave the network.

Claude ChatGPT Gemini LM Studio Amazon Bedrock Azure OpenAI
Career

Professional Experience

11/2025 — 03/2026

Senior Cybersecurity Architect

Truist Bank via Pride One Global · Atlanta, GA

Collaborated with cross-functional teams to develop security blueprints and identify risks across enterprise systems. Assessed architecture vulnerabilities and defined security controls to strengthen Truist's cloud and infrastructure posture.

05/2023 — 11/2024

Security Research Engineer

Cisco · Atlanta, GA

Led annual DevOps security enhancements and championed secure development lifecycle adoption across 80+ teams, achieving 90% compliance with enterprise architecture guidelines. Mentored development teams in prioritizing security hardening, reducing vulnerabilities by 70%.

10/2020 — 05/2023

Senior Cloud Security Engineer

Truist Bank · Marietta, GA

Designed enterprise cloud architecture leveraging AWS Security Hub, Macie, and GuardDuty, reducing threat detection time by 50%. Ensured 100% compliance with NIST CSF, FedRAMP, and PCI-DSS, reducing cloud misconfigurations by 45%.

07/2019 — 10/2020

Senior Security Engineer II

Fiserv · Marietta, GA

Guided security engineering teams in encryption strategies securing 100TB+ of sensitive data. Led enterprise-wide compliance ensuring 100% alignment with NIST, FedRAMP, ISO 27001/27002, PCI-DSS, and HIPAA standards.

02/2005 — 07/2019

Network Security Engineer

Verizon Communications · Richmond, VA

Spearheaded security infrastructure efforts contributing to 99.999% uptime, securing Verizon's #1 J.D. Power ranking for reliability in 2015. Prioritized high availability and disaster recovery across video network infrastructure.

Work

Case Studies

AWS · Security · Serverless

Secure File Upload with Malware Scanning

Challenge

Every S3 upload path is a blind spot. Files arrive, land in buckets, and get served — with no visibility into what's actually inside them. One infected upload touches everything downstream.

Approach

Lambda triggers on every S3 PutObject event, runs the payload through a ClamAV container, then routes the result: clean files are promoted to the delivery bucket; infected files go to quarantine with full metadata logged to CloudWatch.

✓ Outcome

100% automated scanning with no manual review step. Sub-2-second scan latency. Full tamper-evident audit trail for compliance reporting. Infrastructure provisioned entirely in Terraform.

100%
Files Scanned
<2s
Scan Latency
0
Manual Reviews
AWS Lambda S3 ClamAV Terraform CloudWatch
GitHub →
S3 UPLOAD PutObject Event λ LAMBDA Orchestration Layer CLAMAV SCAN Signature Analysis ✓ CLEAN Promote ✕ INFECTED Quarantine ── FULL AUDIT TRAIL ──
Azure · Network Security · IaC

Secure Hub-and-Spoke Network Architecture

Challenge

Enterprise multi-team Azure environments sprawl into flat networks. Any compromised VM can pivot laterally across every workload. Security teams lack east-west traffic visibility until after a breach.

Approach

Hub-and-spoke topology with Azure Firewall at the center. All spoke-to-spoke traffic routes through the hub for deep-packet inspection. User-Defined Routes (UDRs) and NSGs enforce segmentation. Every component provisioned with Terraform so the architecture is repeatable across environments.

✓ Outcome

Full east-west traffic inspection, blast radius contained per spoke, zero implicit trust between workloads. One Terraform apply provisions the entire topology — production-identical environments in minutes.

100%
Traffic Inspected
3
Isolated Spokes
IaC
Fully Automated
Azure Firewall VNet Peering UDR NSG Terraform
GitHub →
AZURE FIREWALL HUB MGMT SPOKE 10.0.1.0/24 PROD SPOKE 10.0.2.0/24 DEV SPOKE 10.0.3.0/24 ALL TRAFFIC INSPECTED AT HUB
DevSecOps · Policy-as-Code · Compliance

IaC Policy Enforcement Pipeline

Challenge

Infrastructure-as-Code is fast. Fast + wrong means misconfigured security groups, open S3 buckets, and missing encryption — deployed at scale before anyone notices. Manual security reviews don't scale to 80+ teams.

Approach

Open Policy Agent (OPA) sits as a gate in the CI/CD pipeline. Terraform plans are evaluated against a policy library before any apply runs. Violations block the deployment with an explicit policy failure message — no deploy, no exception, no override.

✓ Outcome

Security misconfigurations caught at commit time, not post-deploy. Policy drift eliminated. Compliance enforced automatically at the infrastructure layer — the security team reviews policy rules, not individual PRs.

0
Policy Bypasses
CI/CD
Gate Enforced
Auto
Compliance
OPA / Rego Terraform CI/CD Policy-as-Code NIST CSF
GitHub →
git push Developer Commit TERRAFORM Plan + Diff OPA POLICY GATE Rego Policy Evaluation ✓ DEPLOY Policy Pass ✗ BLOCK Policy Fail ── SHIFT LEFT SECURITY ──
More Projects
AUDIT
AWS · Compliance

Immutable Financial Audit Trail

Blockchain-style integrity verification using AWS Lambda, DynamoDB, and S3. Tamper detection and compliance reporting for financial services environments.

AWS DynamoDB Lambda Terraform
GitHub →
ZT
Azure · Zero Trust

Secretless Zero-Trust Application

Zero-trust Azure app using Managed Identity and Key Vault — zero hardcoded secrets. Bicep IaC for fully automated, secure deployments.

Azure Key Vault Bicep Zero Trust
GitHub →
PII
AWS · Data Privacy

Automated PII Detection & Redaction

GDPR/CCPA-compliant PII detection and redaction using AWS Comprehend and Lambda. Terraform-managed for data privacy at enterprise scale.

AWS Comprehend Lambda GDPR Terraform
GitHub →
AI & Machine Learning
LLM
Python · LM Studio · Air-Gap Ready

Local LLM Security Copilot

AI-powered log analysis, CVE explanation, and config review running entirely on-premise via LM Studio. No API keys. No data leaves the network — built for regulated and air-gapped environments.

LM Studio Python Mistral / Llama 3 Zero Telemetry
GitHub →
IaC
Python · Multi-LLM · CI/CD

AI IaC Security Reviewer

AI-powered Terraform and Bicep security review with CI/CD pipeline integration. Catches open security groups, public buckets, hardcoded secrets, and overpermissioned IAM before they reach the cloud. Supports local LLM, OpenAI, and Anthropic.

Claude ChatGPT LM Studio Terraform CI/CD
GitHub →
IMG
AWS · Bedrock · Serverless

S3 AI Image Tagger

Serverless pipeline that auto-generates captions and tags for images uploaded to S3 using Amazon Bedrock's Claude vision model. Metadata stored as JSON and applied as S3 object tags for searchability.

Amazon Bedrock Claude Vision Lambda Terraform
GitHub →
Credentials

Education & Certifications

Education

Bachelor of Science

Information Systems Management

University of Southampton

Certifications

Certified Information Systems Security Professional

CISSP — (ISC)²

AWS Solutions Architect Associate

SAA-C03 — Amazon Web Services

AWS Certified AI Practitioner

AIF-C01 — Amazon Web Services

GIAC Cloud Security Essentials

GCLD — SANS / GIAC

ITIL V3 Foundation

ITILF — AXELOS / EXIN
View all badges on Credly →
Open for Business

Consulting Services

Available for contract engagements, fractional CISO work, and project-based consulting across AI integration, cloud security architecture, and cybersecurity programs. I bring enterprise-level depth with a builder's ability to deliver working solutions — not just recommendations.

Cloud Security Architecture

Design and implementation of enterprise-grade cloud security postures across AWS and Azure. From zero-trust network design to automated compliance pipelines — built to pass audits and survive real attacks.

  • Zero-trust architecture design (AWS, Azure)
  • Cloud security assessments & gap analysis
  • Hub-and-spoke network topology with Firewall
  • IaC security reviews (Terraform, Bicep)
  • Compliance automation: NIST, PCI-DSS, FedRAMP
Start a conversation →

AI Integration & Strategy

Practical AI implementation for teams that need to move beyond the demo stage. I help organizations evaluate LLM options, build secure AI pipelines, and deploy models in environments where data privacy is non-negotiable.

  • LLM selection & evaluation (Claude, GPT-4, Gemini)
  • Local AI deployment for regulated environments
  • AI-powered security tooling & automation
  • AWS Bedrock & Azure OpenAI integration
  • AI risk assessment & governance frameworks
Start a conversation →

Cybersecurity Consulting

End-to-end cybersecurity program development for organizations that need more than a checklist. From initial risk assessment to board-ready reporting, with hands-on implementation across DevSecOps, SIEM, and incident response.

  • Security program development & roadmapping
  • DevSecOps pipeline security integration
  • Threat modeling & risk assessments
  • SIEM implementation (Splunk, Microsoft Sentinel)
  • Fractional CISO & advisory engagements
Start a conversation →

Engagements typically range from focused 2–4 week assessments to multi-month program builds. Remote-first with availability for on-site in the Atlanta metro area. Reach out with a brief description of your challenge and I'll respond within one business day.

Connect

Get in Touch

Email

jermaine.ragsdale@gmail.com

LinkedIn

linkedin.com/in/jermaine-ragsdale-cissp

GitHub

github.com/jmragsdale

Location

Marietta, GA — Available Remote