About Me

Hi I am Elvie Valmores :wave:,
I’m a Cybersecurity Engineer working in security risk and compliance at AIT Engineering, where I audit client environments against NIST 800-171 and CMMC Level 2, and build the automation that keeps those controls running between assessments.

Most compliance work is treated as documentation — a thing you produce for an assessor and then set down. I think that’s backwards. Controls that only exist in an SSP aren’t controls; they’re claims. The work I care about is the engineering underneath: turning control language into working configurations, converting recurring manual tasks into scheduled processes that produce audit-ready evidence on their own, and building programs that scale without scaling headcount. Compliance should be something you build and run, not just document.

AI governance is where that conviction gets interesting. The frameworks are arriving fast — NIST AI RMF, ISO 42001, the EU AI Act — and most of them are still being read the old way: as documents to satisfy. The harder and more useful question is what it actually means to assure an AI system’s controls, continuously, the way we’ve learned to do for cloud infrastructure. That’s the problem I’m building toward, and most of what’s on this site is me working through it in public.

What I work on

Credentials

Cybersecurity Engineer Intern — AIT Engineering

2025 — Present

NIST 800-171 and CMMC Level 2 assessments across a multi-tenant client base. Build compliance automation and continuous monitoring in Microsoft 365 GCC and Azure Government. Serve as the bridge between control language and cloud implementation.

M.S. Cybersecurity (Policy) — Georgia Tech

2026 — 2028

OMS Cybersecurity, policy track. Focused on AI governance, security policy, and the regulatory side of the work I do in practice.

B.S. Information Technology — University of Central Florida

2024 — 2026

4.0 GPA. Hack@UCF, Knight Hacks, AI@UCF, Google Developer Student Club, ACM.

Information Technology Intern — Logic Controls

2024 — 2025

Configured and tested point-of-sale terminals and industrial computers. Deployed OS images, firmware, and software to proprietary hardware.

Information Technology Intern — Orange County Public Schools

2023 — 2023

Mass-imaged thousands of student devices with standardized security baselines. Handled secure decommissioning and district-wide hardware auditing.