Open to opportunities

Noah Frost

Former Police Constable → DevSecOps Engineer. I bring incident response instincts, compliance experience, and the ability to explain security decisions to people who aren't engineers.

View Projects Resume GitHub

About

From Incident Response to Infrastructure

18 months as a Police Constable in the Metropolitan Police taught me skills that don't appear on technical assessments: translating complex requirements for non-expert audiences, making decisions under pressure with incomplete information, and working within compliance frameworks where documentation actually matters.

I carried that into DevSecOps through intensive training at Cyber Agoge, led by a Global CISO with experience at KPMG, BAE Systems, and UK Government. Then 8 months of building — using Claude and ChatGPT to accelerate learning, but implementing and testing everything hands-on across 15 production-grade projects.

The combination is unusual: an LLM in Criminal Justice from Northumbria plus AWS, Terraform, and Kubernetes certifications. Security automation plus the instinct to document everything like it might end up in court. Technical depth plus the ability to explain why a deployment is blocked without making enemies.

Projects Built

Months Learning

Certifications

Cloud Platforms

Featured Work

Selected Projects

Six projects demonstrating core DevSecOps capabilities — security-integrated pipelines, policy automation, and AI-assisted operations.

DevSecOps Pipeline architecture showing four-stage CI/CD with security scanning and Splunk SIEM integration

End-to-End DevSecOps Pipeline with SIEM Integration

Production-grade security automation across the entire software delivery lifecycle with threat detection streamed to Splunk.

Challenge: Security scanning typically happens too late — after deployment, after the vulnerability is already live. And when threats are detected at runtime, findings sit in separate consoles.
Solution: Four-stage pipeline with Semgrep SAST, Trivy SCA, Gitleaks secrets detection, and Checkov IaC scanning. Security gates block non-compliant code. GuardDuty findings and CloudWatch logs stream via Lambda to Splunk Cloud. Hardened Kubernetes manifests: non-root containers, read-only filesystem, all capabilities dropped.
Outcome: Shift-left security with runtime visibility — vulnerabilities caught at commit, threats detected in production visible in SIEM.

Amazon EKS Terraform GitHub Actions Semgrep Trivy Checkov GuardDuty Splunk

View on GitHub

Dual-layer policy enforcement with Sentinel and OPA Gatekeeper

AI/ML Governance with Policy-as-Code

Dual-layer policy enforcement preventing non-compliant infrastructure and untracked ML models reaching production.

Challenge: Teams deploy workloads without guardrails. Expensive GPU instances provisioned without approval, ML models deployed without version tracking, compliance violations discovered during audits.
Solution: Sentinel policies for HCP Terraform block GPU instance provisioning and enforce AI resource tagging pre-apply. OPA Gatekeeper admission webhooks require ML tracking labels and model registry URLs on Kubernetes deployments. Controls mapped to EU AI Act compliance requirements.
Outcome: Governance enforcement shifted from audit findings to deployment gates. Nothing provisions or deploys without passing policy checks.

Sentinel OPA Gatekeeper HCP Terraform Amazon EKS Kubernetes

View on GitHub

AI-powered security operations with GuardDuty integration and automated EC2 isolation

MCP Security Incident Response System

AI-powered security operations enabling natural language investigation and automated containment of AWS threats.

Challenge: When GuardDuty detects a threat, the clock starts. Manual response means navigating AWS console, understanding findings, deciding on containment — plenty of time for lateral movement.
Solution: Two parallel workflows: automated containment path triggers Lambda via EventBridge to isolate compromised EC2 instances via security group swap. MCP server exposes five tools to Claude Desktop for investigation — findings list, deep-dive analysis, incident reports, isolation status, and restoration.
Outcome: Automated containment at machine speed. Natural language investigation without console context-switching. Slack notifications for real-time visibility.

MCP AWS GuardDuty EventBridge Lambda Slack Node.js

View on GitHub

Kubernetes cluster health monitoring with MCP, ArgoCD, and full security scanning pipeline

MCP Kubernetes Health Monitor

Natural language querying of Kubernetes cluster health with GitOps automation and full DevSecOps pipeline.

Challenge: Platform teams need cluster visibility without constant context-switching between kubectl, dashboards, and alerting systems. Security scanning needs to catch issues before they reach the cluster.
Solution: EKS cluster with ArgoCD automated sync and self-healing, Prometheus and Grafana observability. Checkov, Semgrep, Gitleaks, and Trivy integrated into GitHub Actions. MCP server exposes cluster health tools: unhealthy pods, resource usage, comprehensive health reports.
Outcome: Natural language cluster operations. Security scanning on every pull request with automated gating. GitOps ensuring cluster matches Git.

MCP Amazon EKS ArgoCD Prometheus Grafana Checkov Trivy

View on GitHub

STRIDE threat modeling for HIPAA-compliant healthcare platform

Healthcare Threat Model: STRIDE Analysis

Comprehensive security threat model for HIPAA-compliant healthcare platform handling PHI and PII.

Challenge: Healthcare applications handle sensitive data but security assessments often happen too late — after architecture decisions are locked in. Abstract recommendations don't translate to developer action.
Solution: Applied STRIDE methodology to identify 15 prioritised threats across authentication, data protection, API security, and infrastructure. Mapped threats to MITRE ATT&CK framework and HIPAA Security Rule requirements (§164.308–312).
Outcome: Remediation guidance with working code examples bridging security architects and developers. Eight high-risk threats with immediate remediation, seven medium-risk for 30-day planning.

STRIDE MITRE ATT&CK HIPAA Threat Modeling Risk Assessment

View on GitHub

AI-native infrastructure security with Checkov integration and automated remediation

MCP-Powered IaC Security Remediation

AI-native infrastructure security connecting Claude Desktop directly to Checkov scan results for conversational analysis.

Challenge: Security scanners find problems but don't fix them. Engineers waste time researching remediation for each finding, context-switching between scan results and documentation.
Solution: MCP server with tools for scan analysis, remediation generation, security reports, and source code retrieval. Remediation engine with pre-built fixes for 20+ common AWS security checks covering S3, RDS, EC2, IAM, VPC. GitHub Actions artifacts for historical retrieval.
Outcome: Conversational security analysis. Ask about findings, get remediation code. Audit trail through GitHub Actions artifacts.

MCP Checkov GitHub Actions Terraform Node.js

View on GitHub

All Work

Complete Project Archive

15 projects built in 8 months. Each repository includes documentation, architecture decisions, and working code.

Multi-Cloud Infrastructure Orchestration

Unified deployment pipeline provisioning identical web infrastructure across AWS, Azure, and GCP from single GitHub Actions workflow. Terraform with provider-specific state backends, Ansible for OS-adaptive configuration, Datadog for unified monitoring.

Terraform Ansible Datadog

Noah Frost

From Incident Response to Infrastructure

Selected Projects