-
This is a personal project and does not represent or reflect the views, opinions, or work of my current employer, Aquia, or any previous employers.
-
The code, configurations, and resources in this repository are for educational purposes only. While they demonstrate security concepts, they should not be used directly in production environments without proper review, testing, and customization for your specific security and compliance requirements.
This GRC Portfolio Hub is my initiative to empower Governance, Risk, and Compliance professionals in showcasing their practical AWS GRC engineering implementation skills. Drawing from my 15 years of cybersecurity experience and deep expertise in GRC Engineering, I've created this repository to bridge the gap between theoretical knowledge and hands-on expertise by providing ready-to-deploy labs, comprehensive guidance, and a structured portfolio framework.
My mission is to create the industry's premier open-source resource for GRC professionals to demonstrate practical AWS GRC engineering skills through guided, hands-on experiences that directly align with employer needs and AWS best practices.
I'm AJ Yawn, a cybersecurity professional with nearly 15 years of experience specializing in GRC Engineering and compliance automation. My journey includes:
- Military Leadership: Served as a U.S. Army Officer in the Signal Corps, achieving the rank of Captain
- Consulting Excellence: At Coalfire, helped grow the compliance practice from 9 to 100+ people, advancing from junior auditor to principal consultant
- Entrepreneurial Success: Founded ByteChek, a compliance automation startup that achieved $1M+ Annual Recurring Revenue, focusing on SOC 2 and HIPAA automation
- Corporate Innovation: Served as a Partner at Armanino (Top 20 CPA firm), leading product and innovation initiatives including a audit automation tool.
- LinkedIn Learning and SANS Instrucutor: Teach courses on cloud compliance and automation at the SANS Institute and have educated over 125K learners on LinkedIn Learning including GRC courses.
- Current Role: Director of GRC Engineering at Aquia
Throughout my career, I've been driven by the mission to make compliance more efficient and accessible through automation and engineering principles. This portfolio hub represents a culmination of my experiences and lessons learned in GRC Engineering.
- Portfolio Templates: Professional templates for creating your GRC portfolio, optimized for GitHub and ready to showcase your skills to potential employers
- Hands-on Labs: Comprehensive, step-by-step labs covering core AWS security domains
- Full Code Implementations: Complete CloudFormation templates for all labs
- Advanced Challenges: Stretch goals and real-world scenarios to demonstrate advanced skills
- Learning Resources: Curated references, comparison charts, and learning paths
This repository is part of a progressive release strategy for my upcoming book GRC Engineering: Building Secure, Compliant AWS Environments. Currently, it includes:
GRC_Portfolio/
├── README.md - You are here!
├── CONTRIBUTING.md - Guidelines for contributors
├── LICENSE - Project license
├── portfolio-templates/ - Templates and examples for your GRC portfolio
├── labs/ - Hands-on AWS security labs with full code and documentation
│ └── lab-1-account-governance/ - AWS account security foundations
├── resources/ - AWS security services guide
└── config/ - Configuration files for testing and development
Coming Soon: Additional labs will be released weekly, leading up to the book launch. Each new lab will introduce additional AWS security domains and challenges. Stay tuned for:
- IAM Implementation
- Security Automation with IaC
- Security Monitoring and Incident Response
- Compliance Automation
- Data Security and Protection
- Risk Assessment and Threat Modeling
- Infrastructure and Network Protection
- Incident Response and Recovery
- Policy as Code implementation
- Advanced multi-lab integration challenges and capstone projects
Currently available:
- AWS Account Governance and Security Foundations - Learn how to establish secure AWS account configurations, implement security baselines, and monitor account-level security posture.
Each lab includes:
- Clear learning objectives mapped to AWS Well-Architected Framework
- Step-by-step implementation guides
- Complete code in CloudFormation
- Validation checklists and troubleshooting guides
- Advanced challenges to extend your learning
Following our progressive release strategy, we'll be introducing new labs regularly, covering:
- Identity and Access Management (IAM): Implementation of least privilege access controls
- Security Automation with Infrastructure as Code: Implementing security guardrails through IaC
- Security Monitoring and Incident Response: Setting up effective monitoring systems
- Compliance Automation: Streamlining regulatory compliance
- Data Security and Protection: Ensuring data confidentiality and integrity
- Risk Assessment and Threat Modeling: Methodologies for AWS environments
- Infrastructure and Network Protection: Securing AWS networking components
- Incident Response and Recovery: Creating effective incident handling procedures
- Policy as Code: Implementation of scalable policy management via CI/CD
- Advanced Capstone Projects: End-to-end implementations that combine concepts from multiple domains
- Comprehensive service guides
- Implementation best practices
- Integration examples
- Cost optimization strategies
- Service comparison matrix
- Code examples for monitoring and security
We welcome contributions from the community! Whether you're fixing a typo, enhancing a lab, or contributing a completely new challenge, your help is appreciated.
See our CONTRIBUTING.md file for guidelines on how to contribute.
This project is licensed under the MIT License - see the LICENSE file for details.
This project is inspired by the need for practical, hands-on resources for GRC professionals looking to demonstrate their technical capabilities in AWS security implementation.
If you have questions or feedback, please open an issue in this repository.
Created for the GRC community