About Me
Hi I am Elvie Valmores
,
I’m a Cybersecurity Engineer working in security risk and compliance at AIT Engineering, where I audit client environments against NIST 800-171 and CMMC Level 2, and build the automation that keeps those controls running between assessments.
Most compliance work is treated as documentation — a thing you produce for an assessor and then set down. I think that’s backwards. Controls that only exist in an SSP aren’t controls; they’re claims. The work I care about is the engineering underneath: turning control language into working configurations, converting recurring manual tasks into scheduled processes that produce audit-ready evidence on their own, and building programs that scale without scaling headcount. Compliance should be something you build and run, not just document.
AI governance is where that conviction gets interesting. The frameworks are arriving fast — NIST AI RMF, ISO 42001, the EU AI Act — and most of them are still being read the old way: as documents to satisfy. The harder and more useful question is what it actually means to assure an AI system’s controls, continuously, the way we’ve learned to do for cloud infrastructure. That’s the problem I’m building toward, and most of what’s on this site is me working through it in public.
What I work on
-
Compliance engineering — NIST 800-171, CMMC Level 2, SOC 2; SSPs, POA&Ms, gap assessments, and the remediation that follows
-
Security automation — continuous monitoring and evidence collection across Microsoft 365 GCC/GCC High and Azure Government, using PowerShell, Python, and KQL
-
AI governance — NIST AI RMF and ISO 42001, control assurance for AI systems, and evaluation of AI used inside the control loop itself
Credentials
-
Certifications: CompTIA Security+, CySA+, SecurityX
-
Education: B.S. Information Technology, University of Central Florida (4.0) — M.S. Cybersecurity, Georgia Tech (policy track), starting Fall 2026
Cybersecurity Engineer Intern — AIT Engineering
2025 — Present
NIST 800-171 and CMMC Level 2 assessments across a multi-tenant client base. Build compliance automation and continuous monitoring in Microsoft 365 GCC and Azure Government. Serve as the bridge between control language and cloud implementation.
M.S. Cybersecurity (Policy) — Georgia Tech
2026 — 2028
OMS Cybersecurity, policy track. Focused on AI governance, security policy, and the regulatory side of the work I do in practice.
B.S. Information Technology — University of Central Florida
2024 — 2026
4.0 GPA. Hack@UCF, Knight Hacks, AI@UCF, Google Developer Student Club, ACM.
Information Technology Intern — Logic Controls
2024 — 2025
Configured and tested point-of-sale terminals and industrial computers. Deployed OS images, firmware, and software to proprietary hardware.
Information Technology Intern — Orange County Public Schools
2023 — 2023
Mass-imaged thousands of student devices with standardized security baselines. Handled secure decommissioning and district-wide hardware auditing.