Noah Frost

»

Former Police Constable → DevSecOps Engineer. Building zero trust architecture, supply chain security, and AI security testing systems. Incident response instincts meet infrastructure automation.

Open to opportunities

View Projects GitHub Get in touch

Who I Am

About

20+

Projects Built

18

Months Learning

3

Certifications

3

Cloud Platforms

18 months as a Police Constable in the Metropolitan Police taught me skills that don't appear on technical assessments: translating complex requirements for non-expert audiences, making decisions under pressure with incomplete information, and working within compliance frameworks where documentation actually matters.

I carried that into DevSecOps through intensive training at Cyber Agoge, led by a Global CISO with experience at KPMG, BAE Systems, and UK Government. Then 18 months of building — using Claude and ChatGPT to accelerate learning, but implementing and testing everything hands-on across 20+ production-grade projects, an autonomous AI build system, and a self-hosted Kubernetes cluster with live observability.

The combination is unusual: an LLM in Criminal Justice from Northumbria plus AWS, Terraform, and Kubernetes certifications. Zero trust architecture plus the instinct to document everything like it might end up in court. Technical depth plus the ability to explain why a deployment is blocked without making enemies.

Projects

Infrastructure & Security

20+ projects built in 18 months. Zero trust, supply chain security, secrets management, AI security testing, and production DevSecOps pipelines. Each repository includes architecture decisions and working code.

Zero Trust Kubernetes Architecture

Zero Trust Kubernetes

Production-grade zero trust on EKS with Cilium eBPF, SPIFFE/SPIRE workload identity, mTLS, WireGuard encryption, and L7 micro-segmentation — aligned to NIST SP 800-207.

Cilium SPIFFE/SPIRE EKS

Supply Chain Security Pipeline

Supply Chain Security

End-to-end supply chain security: dual-format SBOMs via Syft, keyless signing with cosign/Sigstore, SLSA provenance attestation, Grype scanning, and 5 Kyverno ClusterPolicies in Enforce mode.

Syft cosign Kyverno

Secrets Management with Vault

Secrets Management

Vault 1.15.4 HA on EKS with Raft consensus, AWS KMS auto-unseal, 4 secrets engines (PostgreSQL, AWS IAM, PKI, Transit), and Vault Secrets Operator syncing to Kubernetes.

Vault KMS EKS

Agentic AI Security Testing

Agentic AI Security

Automated platform testing AI agents against OWASP Top 10 for LLMs (2025) and Agentic AI (2026). Plugin-style attack registry, composite scoring, dual CI/CD with 15 custom Semgrep rules.

OWASP Semgrep ECS Fargate

End-to-End DevSecOps Pipeline

DevSecOps Pipeline

Four-stage security pipeline with Semgrep, Trivy, Gitleaks, Checkov gates. EKS deployment with GuardDuty and CloudWatch streaming to Splunk Cloud via dual ingestion.

EKS GuardDuty Splunk

AI/ML Governance

AI/ML Governance

Dual-layer policy enforcement: Sentinel blocks non-compliant Terraform plans pre-apply, OPA Gatekeeper rejects ML deployments missing governance labels at Kubernetes admission. EU AI Act compliance.

Sentinel OPA EKS

Multi-Cloud Infrastructure

Multi-Cloud Orchestration

Unified deployment pipeline provisioning identical web infrastructure across AWS, Azure, and GCP from single GitHub Actions workflow. Terraform with provider-specific state backends, Ansible for OS-adaptive configuration, Datadog for unified monitoring.

Terraform Ansible Datadog

AI FinOps Platform

AI FinOps Platform

Real-time cost observability for AI/ML infrastructure. Kafka 3-broker cluster via Strimzi streams GPU utilisation and API spend events. OpenCost, Prometheus, and Grafana for anomaly detection.

Kafka Strimzi OpenCost

AI/ML Internal Developer Platform

AI/ML IDP

Self-service portal for GPU workloads with cost governance. Backstage templates with budget verification, MLflow for experiment tracking, ArgoCD for GitOps. Hybrid EKS/ECS architecture.

Backstage MLflow ArgoCD

Kubernetes Observability Stack

Kubernetes Observability

Complete logging and metrics on EKS. Fluentd DaemonSet tails container logs to Elasticsearch via Logstash. Prometheus and Grafana for metrics. Environment-specific Terraform sizing.

ELK Stack Prometheus Grafana

GitOps Pipeline with ArgoCD

GitOps ArgoCD

Production-style Kubernetes deployment where Git commits flow to running workloads automatically. ArgoCD with automated sync and self-healing. kube-prometheus-stack for metrics and dashboards.

ArgoCD Prometheus Helm

Healthcare Threat Model

Healthcare Threat Model

Comprehensive threat model for HIPAA-compliant platform. 15 prioritised threats across five trust boundaries. STRIDE methodology mapped to MITRE ATT&CK and HIPAA Security Rule.

STRIDE MITRE ATT&CK HIPAA

Serverless Application

Serverless Application

Three-tier serverless architecture. React frontend via CloudFront/S3, single-purpose Lambda functions behind API Gateway, DynamoDB with on-demand capacity. Modular Terraform with explicit dependencies.

Lambda DynamoDB React

CI/CD Pipeline Comparison

CI/CD Comparison

Side-by-side implementation deploying to shared infrastructure. Jenkins on EC2 with declarative pipeline for Flask, GitLab CI with Docker stages for Node.js. SSH-based deployment reflecting common migration patterns.

Jenkins GitLab CI Terraform

Portfolio CI/CD Pipeline

Portfolio CI/CD

This site's infrastructure. GitHub Actions deploys to S3 with CloudFront CDN on every push. Route 53 DNS, ACM SSL certificates, path-based cache invalidation. Terraform manages all AWS resources.

GitHub Actions S3 CloudFront

AI-Built

Jarvis Webapps

An autonomous AI build system running on a dedicated Mac. Jarvis takes a webapp brief and delivers a live, deployed application — hero art, animation, code, and AWS deployment — with zero manual intervention.

Built by Jarvis · Source: github.com/NFrozeCLAWDBOT · Hub: nfroze.co.uk

Nexus

Cinematic scroll-driven hub site for all 5 security webapps. Scroll-triggered animations, cinemagraph hero backgrounds, glassmorphic UI.

React Tailwind CSS AWS

GitHub Live Demo

Sentinel

Vulnerability intelligence dashboard fusing NVD, CISA KEV, and EPSS data for real-time threat prioritisation.

React NVD API AWS

GitHub Live Demo

Oracle

OWASP Top 10 for LLM Applications 2025 assessment framework with interactive risk scoring and mitigation guidance.

React OWASP AWS

GitHub Live Demo

Bastion

Dependency risk analyser with D3.js force-directed graph visualisation and CycloneDX SBOM export.

React D3.js AWS

GitHub Live Demo

Aegis

AI regulatory compliance mapping across 6 frameworks — EU AI Act, UK GDPR, ICO Guidance, NIST AI RMF, OWASP Top 10 for GenAI, and the Equality Act 2010.

React Union-Find AWS

GitHub Live Demo

Verdant

AWS security posture dashboard scanning against CIS Foundations Benchmark with automated remediation guidance.

React CIS Benchmark AWS

GitHub Live Demo

Self-Hosted

Homelab

AI Build System & Kubernetes Cluster

Phase 1: Autonomous Webapp Pipeline

An agent with its own GitHub account, AWS credentials, and deployment pipeline. Starting with Jarvis (the build system itself), then five production security webapps built and deployed with zero manual intervention. Each webapp includes full-stack implementation — hero art, component design, responsive layouts, animated interactions, production AWS deployment, domain configuration, and SSL certificates.

Phase 2: Kubernetes Cluster & AI Operations

K3s on Apple Silicon with Cloudflare Tunnel for secure external access. Production-grade security hardening: 4 namespaces (workloads, monitoring, ingress, tunnel), Pod Security Standards enforcement, 12 network policies, RBAC with least-privilege service accounts, non-root pods, read-only rootfs, and capability drops.

Complete observability stack: Prometheus for metrics collection across the cluster, Grafana with 28 custom dashboards showing cluster health, resource utilisation, and security events. Jarvis queries cluster health via kubectl to stay aware of infrastructure state and make deployment decisions based on real-time capacity.

K3s Build Log

Webapps Hub K8s Build Log Live Dashboard

Technology

Skills

Tools and platforms used across 20+ projects.

Cloud Platforms

AWS Azure GCP

Infrastructure as Code

Terraform CloudFormation Ansible Helm

Containers & Orchestration

Kubernetes Docker Amazon EKS K3s ArgoCD Kyverno

CI/CD & Automation

GitHub Actions GitLab CI Jenkins GitOps Workflows

Security Tools

Checkov Trivy Semgrep Gitleaks OPA Gatekeeper Sentinel GuardDuty Syft cosign/Sigstore Grype OWASP ZAP

Zero Trust & Identity

Cilium (eBPF) SPIFFE/SPIRE WireGuard Hubble Cloudflare Tunnel Network Policies

Secrets Management

HashiCorp Vault Vault Secrets Operator AWS KMS

Observability

Prometheus Grafana Elasticsearch Logstash Kibana Datadog Splunk OpenTelemetry

Credentials

Certifications

Industry-recognized certifications demonstrating cloud and security expertise.

AWS Cloud Practitioner badge

AWS Cloud Practitioner

Amazon Web Services

Verify on Credly →

CompTIA Security+ badge

CompTIA Security+

CompTIA

Verify on Credly →

Terraform Associate badge

Terraform Associate

HashiCorp

Verify on Credly →

Let's Talk

Open to DevSecOps, Cloud Security, Platform Engineering, and Security Engineering roles. UK-based, open to relocation and remote.

GitHub LinkedIn Resume