I just click buttonshas been my way to move forward through seemingly complex situations rather than overcomplicating them; it's my version of Dori's "just keep swimming", my HS wrestling coach's version of "just put on your pants one leg at a time" or whoever said "just put one foot in front of the other" (I think that was my drill sergeant)
- offensive AI security — red teaming LLMs, adversarial ML, AI workload attack surfaces
- Kubernetes security — hardening AI workloads in K8s, runtime security, supply chain
- infrastructure & hardware — going deeper on infra fundamentals and hardware security
- GRC engineering — compliance automation, FedRAMP tooling, OSCAL (the day job)
| Platform | Description |
|---|---|
| hackIDLE Youtube | tech/security videos, tooling walkthroughs, and demos |
| hackIDLE | obsidian-powered notes, research, and living docs |
| ethantroy.dev | personal site - projects, labs, guides, and cert reviews |
| killercoda | interactive labs and scenarios (AWS, Chainguard, Istio) |
| my medium | occasional write-ups and blogs |
- Build an AI Agent from Scratch (No Frameworks)
hackidle.com - First Shots With FujiFilm X100VI
idletroy.com - Rumble @ The Ritz II
idletroy.com
- MCP Server for OSCAL
ethantroy.dev - GRTE (GCP Red Team Expert) Review
ethantroy.dev - CRTP (Certified Red Team Professional) Review
ethantroy.dev
| Project | Description |
|---|---|
| skills | agent skills and Claude Code plugins for productivity and workflow automation |
| claude-grc-agent | GRC agent built with the Claude Agent SDK |
| nist-cybersecurity-skills | Claude Code plugin with NIST framework references (SP 800-53, 800-171, CSF 2.0) |
| wilma | AWS Bedrock security configuration checker |
| HackIDLE-NIST-Coder | fine-tuned model for NIST cybersecurity standards (530K+ examples) |
| nist-cybersecurity-training | 531k row dataset for NIST cybersecurity training |
| Open Source Security Compliance | HuggingFace collection of compliance datasets and models |
| Project | Description |
|---|---|
| obsidian-markitdown | Obsidian plugin using Microsoft's MarkItDown to convert PDFs, PPTs, and DOCX to markdown |
| hugo-linear-sync | reusable GitHub Action to sync Hugo content with Linear issues |
| Project | Description |
|---|---|
| cmvp-tui | terminal UI for searching NIST CMVP validated modules |
| kevs-tui | terminal UI for CISA Known Exploited Vulnerabilities catalog with EPSS scores |
| fedramp-tui | terminal UI for browsing FedRAMP docs data |
| Project | Description |
|---|---|
| DamnVulnerableTrustCenter | intentionally vulnerable trust center to demo security considerations |
| DamnVulnerableCryptoWallet | intentionally vulnerable crypto wallet |
Homebrew, Scoop, and Winget manifests for my security & compliance CLI tools: homebrew-sectools · scoop-sectools · winget-pkgs
| Project | Description |
|---|---|
| fedramp-docs-mcp | MCP documentation server using the official FedRAMP/docs repo |
| okta-inspector | multi-framework compliance audit tool (FedRAMP, DISA STIG, SOC 2, PCI) |
| awesome-grc-ai | curated list of AI + GRC resources: governance frameworks and compliance tools |
| awesome-grc-engineering | curated resources for GRC engineering: automation, policy as code, continuous compliance |
| vanta-go-export | Go CLI to export Vanta audit evidence organized by control with TUI |
| NIST-CMVP-API | API wrapper for NIST Cryptographic Module Validation Program |
| mesh-security | service mesh security analyzer with NIST 800-53 compliance mapping (Istio, Consul, Linkerd) |
| dynamic-cryptographic-modules-table | dynamic table for exploring NIST cryptographic modules data |
| Training | Description |
|---|---|
| istio + FedRAMP scenario lab | guided lab: walkthrough of Istio for a FedRAMP-like env |
| AWS CLI Sandbox with LocalStack | interactive AWS CLI playground - practice AWS commands safely without costs |
| Introduction to Chainguard Images | secure, minimal container images with SBOM attestation and Sigstore verification |
| Project | Description |
|---|---|
| prowler | FedRAMP 20x configurations |
| learntocloud.guide - phase 5 | cloud security fundamentals for junior cloud engineers |
| Project | Description |
|---|---|
| hackspacecon-2023 | workshop & talk slide decks from HackSpaceCon |
| nmap-GPT | AI-powered nmap wrapper for learning open port security |
| cissp-examprep-2023 | CISSP certification exam prep materials |
| Platform | Description |
|---|---|
| my gitlab | not much over there for now tbh |
| my huggingface | fine-tuning local LLMs and compliance datasets |
| my ollama profile | local LLMs and fine-tuned security models |
| my google dev profile | google dev profile |
