Available for Opportunities

Joshua
Medas

IT Auditor  ·  Risk Management Specialist  ·  Cloud Compliance Expert

Queens, NY  ·  Open to Remote
Get In Touch View My Work
$2.6M+
Recoveries & Cost Avoidance
25K+
Article Views on Medium
4
Industry Certifications
10+
Compliance Frameworks
// about me

Who I Am

I'm an Audit Supervisor and compliance professional with a strong background in fraud investigation, cybersecurity training, internal controls, and risk-based auditing. My experience includes financial, operational, and IT-focused audit work, with expertise in security assessments, regulatory compliance, and control frameworks such as NIST, ITGCs, GAGAS, and IIA standards.

My approach is centered on making risk, security, and compliance practical and actionable. I believe strong governance and internal controls should support better decisions, strengthen accountability, and help organizations operate with greater confidence. Throughout my career, I've led audits, developed recommendations adopted by management, tracked corrective actions through closure, and contributed to measurable outcomes including $2.6 million in recoveries and cost avoidance.

I'm continuing to deepen my cloud and cybersecurity focus through hands-on training and practical projects, including my AWS honeypot capstone. That combination of audit leadership, compliance expertise, and growing cloud security experience allows me to bring both oversight and technical perspective to modern risk and governance challenges.

🛡️
Compliance & GRC
Deep expertise in NIST, SOC 2, ISO 27001, FedRAMP, HIPAA, GDPR, PCI DSS, and more across financial and IT environments.
☁️
Cloud Security
Hands-on experience with AWS security tooling including GuardDuty, Security Hub, CloudTrail, and Config for threat detection and compliance.
📊
Audit Leadership
Led financial, operational, and IT audits resulting in $2.6M+ in recoveries and cost avoidance. Expert in GAGAS and IIA standards.
// expertise

Skills & Technologies

A broad toolkit spanning compliance frameworks, security tooling, and technical scripting.

🔒
Security & Compliance
SOC 2 Type II ISO 27001 NIST CSF NIST 800-53 NIST 800-171r3 NIST 800-124r2 PCI DSS HIPAA FedRAMP GDPR CCPA ITGC SOX IIA GAGAS
☁️
Cloud & Security Tools
AWS Security Hub GuardDuty CloudTrail AWS Config Systems Manager CloudFormation Terraform Prowler ScoutSuite Wiz Lacework Vanta Drata
💻
Programming & Scripting
Python Bash JavaScript Node.js SQL PowerShell
📋
GRC Frameworks
NIST RMF ISO 27001/27002 CIS Controls COBIT ITIL CMMC
🎯
Core Competencies
Risk Assessment Security Auditing Policy Development Incident Response Threat Modeling Security Architecture Review Vendor Risk Management Grant Management Internal Controls Single Audit Financial Audit Operational Audit
// credentials

Certifications

Validated expertise across cloud security, networking, and systems.

☁️
Certified Cloud Security Knowledge
CCSK · CSA
🔐
CompTIA Security+
CompTIA
🌐
CompTIA Network+
CompTIA
🐧
CompTIA Linux+
CompTIA
// portfolio

Featured Projects

Hands-on cloud security and compliance work demonstrating real-world threat analysis.

01
Cloud Security Threat Analysis

AWS Honeypot Capstone: Brute Force Attack Analysis

Built an AWS-based honeypot to lure attackers and study brute force attack behavior for cyber defense analysis. Over a 24-hour period, the project observed real attack activity across multiple protocols, identified key attack sources and patterns, and used VMware-based malware analysis to examine commands associated with privilege escalation.

AWS EC2 Debian 10 T-Pot Docker Cowrie Adbhoney Elasticsearch Logstash Kibana SpiderFoot VirusTotal Cisco Talos AbuseIPDB Cuckoo Sandbox

Key Achievements

  • Deployed a cloud-based honeypot lab on AWS EC2 using Debian 10 and T-Pot
  • Captured 5,698 real-world attacks from 58 unique source IPs in roughly 24 hours
  • Analyzed 45,256 username attempts and 45,256 password attempts to identify brute-force patterns
  • Monitored SSH, Telnet, and ADB attack activity using Cowrie and Adbhoney
  • Used ELK stack and SpiderFoot to collect, visualize, and investigate attack data
  • Investigated malicious IPs and malware behavior with VirusTotal, Cisco Talos, AbuseIPDB, and Cuckoo Sandbox
Read Full Writeup
// thought leadership

Content & Presentations

🎤 Talks & Presentations
Mobile Device Management Audit
Internal Presentation / DOC
✍️ Articles & Blog Posts
AWS Honeypot Capstone: Brute Force Attack Analysis 📈 25K+ views
Published on Medium
// let's connect

Get In Touch

Open to opportunities in IT audit, GRC, and cloud compliance. Let's discuss how I can bring practical risk and security expertise to your organization.

joshua.medas@gmail.com LinkedIn Profile GitHub Medium

Prefer LinkedIn or email for initial outreach.