Skip to content
View MiguelAngelHorta's full-sized avatar
:octocat:
:octocat:
1 follower · 0 following
  • San Francisco
  • 09:30 (UTC -07:00)
  • LinkedIn in/migz-h

Block or report MiguelAngelHorta

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
MiguelAngelHorta/README.md

Miguel Horta

Security, Compliance & Automation

miguelhorta.com · LinkedIn

About

Security GRC Engineer focused on building and scaling compliance automation programs. I design systems that leverage consolidated control frameworks, build automations for any use case, automate evidence collection, and integrate AI into security operations.

Certifications

Update badges

HashiCorp Certified: Vault Associate (002) KCNA: Kubernetes and Cloud Native Associate AWS Certified Solutions Architect – Associate AWS Certified Cloud Practitioner Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor® (CISA)

Tools

Python  JavaScript  HTML  CSS  AWS  Docker  Kubernetes  Vault  Git  NodeJS  MySQL  Jira  Postman 

Projects

  1. Security GRC Engineering
  2. Security Control Inventory (Frontend)
  3. AI-Compliance-Agent
  4. AWS Cloud Resume
  5. Security Control Inventory (Full-Stack)
  6. Risk & Control Matrix
  7. AWS Serverless Web Application
  8. Vulnerability Scanner
  9. API Data Display With Search
  10. Controls Assessment - Google Apps Script
  11. Review and Approvals - Google Apps Script

Security & GRC

Security GRC Engineering

Architecture and implementation details for building a mature enterprise GRC program — control frameworks, maturity assessments, evidence automation, and third-party risk management.

GRC Engineering

Security Control Inventory (Frontend)

Client-side security controls app with local storage using HTML, Bootstrap, JavaScript, and CSS. Live demo.

CRUD App

AI-Compliance-Agent

An AI-powered AWS compliance auditor that scans IAM, S3, and EC2, then reasons about each finding with Claude (via Amazon Bedrock tool use), mapping it to CIS v8 / NIST 800-53 / SOC 2 controls and scoring its contextual risk. A deterministic, auditable policy then routes each finding by escalating critical ones to GitHub Issues with masked identifiers, and acknowledging the rest. It runs locally as a CLI and as a hardened, scheduled CronJob on Kubernetes, exposing run metrics to Prometheus/Grafana.

image

Risk & Control Matrix

Python-based Risk & Control Matrix application with multiple views and backend endpoint routing.

RACM

Vulnerability Scanner

Python-based web vulnerability scanner with Flask server for HTTP/network traffic analysis.

Scanner

Cloud & Infrastructure

AWS Cloud Resume

Full-stack serverless resume hosted on AWS: S3 (static hosting), CloudFront (CDN), Route 53 (DNS), ACM (SSL), Lambda (Python API), DynamoDB (visitor counter). Managed with Terraform and GitHub Actions CI/CD.

Live at miguelhorta.com

Cloud Resume

AWS Serverless Web Application

CRUD web app for managing security controls — DynamoDB backend, Lambda functions, API Gateway, deployed at app.miguelhorta.com.

Serverless App

Applications

Security Control Inventory (Full-Stack)

Express-based Node.js API server for CRUD operations on security controls. Backend handles API requests with CORS and JSON body parsing middleware.

API Server

API Data Display With Search

Python script to fetch, parse, and search data from API endpoints.

API Search

Automation (Google Apps Script)

Controls Assessment

Google Apps Script automation for assessment management — consolidates responses from multiple tabs into a summary database.

Controls Assessment

Review and Approvals

Google Apps Script for review and approval workflows — approval tracking, file organization, and URL generation.

Popular repositories Loading

  1. Security-GRC-Governance-Risk-and-Compliance Security-GRC-Governance-Risk-and-Compliance Public

    Security GRC Governance Risk and Compliance

    2 1

  2. Review-and-Approval-Automation Review-and-Approval-Automation Public

    Appscript to manage access reviews in google sheets

    JavaScript 1

  3. Cisco-Packet-Tracer Cisco-Packet-Tracer Public

    Set up home lab

    1

  4. MiguelAngelHorta MiguelAngelHorta Public

    Miguel's projects.

  5. Google-Sheets-Assessment Google-Sheets-Assessment Public

    Automation used to manage an assessment in google sheets.

    JavaScript

  6. Security-Controls-Inventory Security-Controls-Inventory Public

    JavaScript