// hello, world

Nisha P. McDonnell

|

📍 US-Based · Remote

About Me

I'm a Cloud Engineer skilled in both AWS and Azure, supporting cloud infrastructure in regulated environments. My background spans network engineering, cloud security, GRC, and infrastructure automation -- with a current focus on building secure, compliant infrastructure using OpenTofu/Terraform, Python/boto3, and GitHub Actions CI/CD pipelines.

I bring a strong compliance foundation to everything I build. My background in RMF authorization, NIST 800-53, and FedRAMP shapes how I approach infrastructure as code -- security controls aren't an afterthought, they're baked into the pipeline from day one. I hold a CISSP alongside AWS and Azure certifications, and I'm currently pursuing AWS Security Specialty Certification.

I'm also passionate about giving back -- I mentor aspiring security professionals through the WiCyS Professional Mentorship Program, helping others navigate their path into cloud and cybersecurity.

Skills & Expertise

Cloud Platforms

AWS (SAA Certified) Azure (Administrator) Azure Network Engineer Regulated Cloud Environments

Infrastructure as Code

OpenTofu Terraform CloudFormation Ansible AWS CDK

Security & Compliance

NIST 800-53 FedRAMP RMF DISA STIGs CIS Controls POA&M Management eMASS ACAS / Nessus Zero Trust

DevSecOps & CI/CD

GitHub Actions Python / boto3 Bash PowerShell Git Linux / RHEL Checkov Trivy Docker

AWS Services

GuardDuty Security Hub AWS Config CloudTrail IAM SSM CloudWatch Lambda S3 VPC Inspector Macie

Networking

TCP/IP DNS VPN Routing & Switching Cisco IOS VNet / VPC Design Network Segmentation Wireshark Palo Alto Firewall

Security Operations

Splunk CrowdStrike Metasploit Nmap OpenVAS Burp Suite Kali Linux OSINT

GRC & Governance

Risk Management Framework Security Control Assessment Threat Modeling Vulnerability Management Security Architecture Incident Response

Featured Projects

AWS Security Hardening Checklist

Interactive security checklist covering 16 domains and 140+ controls aligned to NIST 800-53 and CIS AWS Foundations Benchmark. Built as a free community tool.

ReactAstroNIST 800-53CIS Benchmark
  • 16 domains including IAM, Governance, EKS, Backup, and Vulnerability Management
  • Collapsible sidebar groups with per-section progress tracking
  • Search, filter, and localStorage persistence

Compliance-as-Code Pipeline

Terraform + Checkov pipeline with GitHub Actions that enforces NIST 800-53 controls as code. Built for a GRC Engineering Club live session with a Python findings parser and security gate logic.

TerraformCheckovGitHub ActionsPythonNIST 800-53
  • Misconfigured Terraform module with automated detection and blocking
  • Python parser maps Checkov findings to NIST 800-53 control families
  • Artifact upload and security gate blocks merge on critical findings

AWS Security Posture Checker

Python/boto3 tool that audits EC2 inventory and S3 bucket configurations for common security misconfigurations and generates a structured findings report.

Pythonboto3EC2S3
  • EC2 inventory with IMDSv1 exposure and public IP detection
  • S3 audit for public access, encryption, and logging gaps
  • Structured JSON output for downstream reporting

Container Security Scanning Pipeline

GitHub Actions pipeline that integrates Trivy container image scanning into the CI/CD workflow, blocking deployments on Critical or High CVEs with structured findings output.

GitHub ActionsTrivyDockerECR
  • Automated vulnerability scanning on every pull request
  • Severity-gated deployment blocking on Critical/High findings
  • SARIF output for GitHub Security tab integration

AWS Config Auto-Remediation

Serverless auto-remediation system using AWS Config rules, EventBridge, and Lambda to detect and automatically fix common compliance violations in near real time.

AWS ConfigLambdaEventBridgePython
  • Detects and remediates world-open SSH/RDP Security Groups automatically
  • EventBridge triggers Lambda on Config rule non-compliance events
  • CloudTrail audit trail for all automated remediation actions

Certifications

CI

CISSP

Certified Information Systems Security Professional

GD

GIAC GDSA

GIAC Defensible Security Architecture

SA

AWS SAA

AWS Solutions Architect Associate

AZ

Azure Admin

Microsoft Certified: Azure Administrator Associate

NE

Azure Net Eng

Microsoft Certified: Azure Network Engineer Associate

CC

CCNA

Cisco Certified Network Associate

S+

Security+

CompTIA Security+

CS

CySA+

CompTIA Cybersecurity Analyst

CE

CEH

Certified Ethical Hacker

eJ

eJPT

eLearnSecurity Junior Penetration Tester

Get In Touch

I'm always interested in connecting with fellow cloud and security professionals, discussing new projects, or exploring opportunities in cloud security engineering and DevSecOps.

Send Email Connect on LinkedIn