20 years hardening enterprise infrastructure at Verizon, Fiserv, Truist, and Cisco. Now I turn security architecture into working code: zero-trust pipelines, automated compliance engines, and cloud-native defenses that run without a human in the loop.
Open to senior security architecture roles — full-time or contract / fractional. Remote-first, with on-site availability in the Atlanta metro.
I am Jermaine Ragsdale — CISSP, AWS Solutions Architect, and the person who gets called when compliance meets cloud complexity. My career spans 20 years at Verizon, Fiserv, Truist, and Cisco, leading zero-trust implementations, cloud security migrations, and regulatory programs across AWS and Azure. I don't just write blueprints — I write the code to enforce them.
Most security architects hand off to engineering. I close the loop myself: Terraform modules, Lambda pipelines, OPA policy libraries, CI/CD security gates. I believe the only security worth having is security that runs automatically and proves itself with audit logs. If it requires a human to remember, it's already broken.
Designing and implementing enterprise-grade security across multi-cloud environments with zero-trust principles and defense-in-depth strategies.
Translating regulatory requirements into automated controls and continuous monitoring for financial services and federal environments.
Automating cloud infrastructure with declarative templates, policy-as-code, and CI/CD pipelines for immutable deployments.
End-to-end development from serverless backends to responsive frontends, with emphasis on secure coding practices and clean architecture.
Implementing security monitoring, incident response workflows, and threat intelligence feeds to detect and neutralize advanced threats.
Applying LLMs to real security problems: automated log analysis, IaC review pipelines, and local on-premise deployment for regulated environments where data cannot leave the network.
Collaborated with cross-functional teams to develop security blueprints and identify risks across enterprise systems. Assessed architecture vulnerabilities and defined security controls to strengthen Truist's cloud and infrastructure posture.
Between roles, I invested the time in hands-on building rather than waiting. Designed and shipped the security automation and AI tooling featured in my case studies — an on-prem LLM security copilot, a multi-LLM IaC security reviewer, and serverless scanning pipelines — while sharpening cloud and AI credentials (AWS AI Practitioner).
Led annual DevOps security enhancements and championed secure development lifecycle adoption across 80+ teams, achieving 90% compliance with enterprise architecture guidelines. Mentored development teams in prioritizing security hardening, reducing vulnerabilities by 70%.
Designed enterprise cloud architecture leveraging AWS Security Hub, Macie, and GuardDuty, reducing threat detection time by 50%. Ensured 100% compliance with NIST CSF, FedRAMP, and PCI-DSS, reducing cloud misconfigurations by 45%.
Guided security engineering teams in encryption strategies securing 100TB+ of sensitive data. Led enterprise-wide compliance ensuring 100% alignment with NIST, FedRAMP, ISO 27001/27002, PCI-DSS, and HIPAA standards.
Spearheaded security infrastructure efforts contributing to 99.999% uptime, securing Verizon's #1 J.D. Power ranking for reliability in 2015. Prioritized high availability and disaster recovery across video network infrastructure.
Every S3 upload path is a blind spot. Files arrive, land in buckets, and get served — with no visibility into what's actually inside them. One infected upload touches everything downstream.
Lambda triggers on every S3 PutObject event, runs the payload through a ClamAV container, then routes the result: clean files are promoted to the delivery bucket; infected files go to quarantine with full metadata logged to CloudWatch.
100% automated scanning with no manual review step. Sub-2-second scan latency. Full tamper-evident audit trail for compliance reporting. Infrastructure provisioned entirely in Terraform.
Enterprise multi-team Azure environments sprawl into flat networks. Any compromised VM can pivot laterally across every workload. Security teams lack east-west traffic visibility until after a breach.
Hub-and-spoke topology with Azure Firewall at the center. All spoke-to-spoke traffic routes through the hub for deep-packet inspection. User-Defined Routes (UDRs) and NSGs enforce segmentation. Every component provisioned with Terraform so the architecture is repeatable across environments.
Full east-west traffic inspection, blast radius contained per spoke, zero implicit trust between workloads. One Terraform apply provisions the entire topology — production-identical environments in minutes.
Infrastructure-as-Code is fast. Fast + wrong means misconfigured security groups, open S3 buckets, and missing encryption — deployed at scale before anyone notices. Manual security reviews don't scale to 80+ teams.
Open Policy Agent (OPA) sits as a gate in the CI/CD pipeline. Terraform plans are evaluated against a policy library before any apply runs. Violations block the deployment with an explicit policy failure message — no deploy, no exception, no override.
Security misconfigurations caught at commit time, not post-deploy. Policy drift eliminated. Compliance enforced automatically at the infrastructure layer — the security team reviews policy rules, not individual PRs.
Security teams in regulated environments — banking, defense, healthcare — can't send logs, configs, or vulnerability data to cloud AI services. But manual analysis of security events doesn't scale, and analysts burn hours on repetitive triage.
A Python-based security copilot powered by locally-hosted LLMs (Mistral, Llama 3) via LM Studio. Log analysis, CVE explanation, and configuration review all happen on-premise with zero network egress. No API keys, no telemetry, no cloud dependency.
Full AI-assisted security analysis with zero data leaving the network. Three analysis modes — log triage, CVE lookup, and config audit — running at analyst speed. Drop-in deployment for air-gapped environments.
Static IaC scanners catch known patterns but miss subtle misconfigurations — overly permissive wildcards, implicit public access, missing encryption defaults. Security teams can't manually review every Terraform PR across dozens of engineering teams.
A multi-LLM review pipeline that evaluates Terraform and Bicep files against security best practices. Supports Claude, GPT-4, and local models via LM Studio. Integrates as a CI/CD gate — code gets AI-reviewed before it merges, not after it deploys.
LLM-powered security review at PR velocity. Catches semantic misconfigurations that rule-based scanners miss — with explanations, not just flags. Air-gapped mode available via LM Studio for regulated environments.
Organizations with large S3 image libraries have no searchability. Files are named arbitrarily and lack metadata. Finding a specific image means scrolling through hundreds of objects — manual tagging at scale is impractical.
An event-driven Lambda pipeline triggered on every S3 upload. Images are sent to Amazon Bedrock's Claude Vision model for captioning and semantic tag generation. Results are written back as S3 object tags and stored as JSON sidecar files for indexing.
Fully automated image cataloging with zero manual input. Every uploaded image gets AI-generated captions and tags within seconds, making the entire S3 library searchable by content. Infrastructure provisioned entirely in Terraform.
Information Systems Management
University of Southampton
CISSP — (ISC)²
SAA-C03 — Amazon Web Services
AIF-C01 — Amazon Web Services
GCLD — SANS / GIAC
ITILF — AXELOS / EXIN
I help organizations secure their cloud infrastructure and navigate federal compliance — with the same hands-on depth I've applied at Cisco, Truist, Fiserv, and Verizon. Not just recommendations. Working architecture, real controls, and documentation that satisfies auditors.
End-to-end guidance through the FedRAMP authorization process. I assess your current posture against NIST 800-53, identify gaps, design remediation plans, and prepare your SSP and supporting documentation for the 3PAO assessment.
Security architecture design and review across AWS, Azure, and GCP. From network segmentation and IAM policy design to encryption strategies and logging pipelines — security built into the cloud foundation, not bolted on after.
Whether you're preparing for SOC 2, ISO 27001, PCI-DSS, or HIPAA, I build the technical controls and evidence collection processes that satisfy auditors — real security posture, not checkbox compliance.
A 30-minute call to understand your environment, compliance targets, and timeline. I'll tell you upfront if I'm the right fit.
A thorough review of your architecture, policies, and controls against your target framework. You get a prioritized roadmap — not a shelf report.
Hands-on work designing and implementing controls, configurations, and documentation. I work alongside your engineering team, not in a silo.
Pre-audit testing and evidence prep so your team walks into the assessment confident. Plus internal runbooks for independent maintenance.
Ongoing access for architecture reviews, compliance questions, and strategic security decisions. Ideal for startups building their security posture.
Dedicated support for a specific initiative — FedRAMP authorization, cloud migration security, or compliance audit prep from start to finish.
Senior security leadership without the full-time cost. Board-level reporting, vendor risk management, incident response planning, and security program strategy.
Engagements are remote-first with on-site availability in the Atlanta metro. Reach out with a brief description of your challenge and I'll respond within one business day.