La Shauna E. Nichols, MS-IT
Engineering Leadership | Application Security | Cloud Security | Risk Management | SOC 2 | Fractional CTO
Seasoned technology executive with 15+ years building secure, compliant, and scalable SaaS platforms. Now focused on Security & Risk Strategy, Risk management, and Embedding security into product and infrastructure from the ground up.
Previously Head of Engineering at Scratch and Lead Fullstack Engineer at FabricFeed.io. I build secure, scalable systems and guide teams toward security-first engineering practices.
Professional Biography
La Shauna E. Nichols is a cybersecurity and software engineering leader with nearly two decades of experience designing, building, and securing enterprise-scale applications. She holds graduate degrees in Information Technology Management and Computer Science with a concentration in Cybersecurity.
As a hands-on technical executive, she has led SOC 2 Type II readiness programs, architected secure multi-cloud environments (AWS & GCP), and embedded application security into engineering workflows using frameworks like ISO 27001, NIST, and CIS Controls.
Previously Head of Infrastructure and Backend Engineering at Scratch—the world’s largest learn-to-code platform—she helped scale secure, resilient systems serving over 120 million users. She later served as CTO at WhoseYourLandlord (WYL), where she drove a security-by-design transformation across product and infrastructure.
Today, she works as a Fractional CTO and Security Engineering Consultant, guiding startups and growth-stage companies through cloud security maturity, AppSec program development, and compliance readiness. She’s also a passionate advocate for equitable access to STEM education through her work with Calculated Genius and other nonprofit initiatives.
- •Cloud Security (AWS/GCP)
- •SOC 2 & ISO 27001
- •AppSec Program Design
- •Fractional CTO Advisory
- •Secure SaaS Architecture
- •STEM Equity Advocacy
Application Development & Data Handling
FabricFeed.io
Textile Management Web Application & Dashboard
- ✓Built a responsive React/Next.js frontend with real-time inventory tracking.
- ✓Designed RESTful APIs in Node.js with PostgreSQL for fabric lifecycle management.
- ✓Implemented role-based access control and audit logging for enterprise clients.
QuizQueue.io
AI-Powered SaaS Quiz Generator
- ✓Integrated LLMs (OpenAI, Bedrock) to generate curriculum-aligned quizzes from prompts.
- ✓Architected scalable backend with serverless AWS Lambda and DynamoDB.
- ✓Deployed CI/CD pipeline with GitHub Actions and automated testing suite.
WYL.co
Local Discovery Platform
- ✓Developed proximity-based search using geohashing and Google Places API.
- ✓Optimized frontend performance with React.memo and dynamic data fetching.
- ✓Enhanced SEO with Next.js SSR and structured metadata for local business listings.
Sred.io
Developer Portfolio Aggregator
- ✓Built GitHub repository listing feature with OAuth, rate-limit handling, and caching.
- ✓Created clean, filterable UI to showcase developer projects by language and stars.
- ✓Used Vercel Edge Functions for low-latency API responses.
Cortexia.ai
AI Health Advisory SaaS Platform
- ✓Engineered secure agent workflows handling PHI-compliant data pipelines.
- ✓Integrated HIPAA-aligned auth (Okta) and end-to-end encryption for user sessions.
- ✓Designed audit-ready data retention and logging architecture for SOC 2 compliance.
Cybersecurity & Compliance Leadership
SOC 2 Type II Readiness
Cortexia.ai (Healthcare SaaS) • 2023–2024
- •Led complete SOC 2 Type II program (risk assessments, CC1–CC6 control mapping, evidence collection)
- •Authored security policies: Access Control, Incident Response, Data Retention, Vendor Risk
- •Implemented continuous monitoring via Datadog & Splunk SIEM with alerting on anomalous activity
- •Trained engineering team on audit responsibilities and secure development practices
Cloud Security Posture (AWS & GCP)
Kaskara, Scratch, WYL • Multi-account environments
- •Designed VPCs with private/public subnets, NAT gateways, and hardened security groups
- •Enforced least-privilege IAM roles and SSO integration (Okta)
- •Configured encryption-at-rest (KMS) and in-transit (TLS 1.3, WAF, Cloudflare)
- •Automated compliance checks using AWS Config and GCP Security Command Center
Threat Detection & Vulnerability Management
Tools: Burp Suite, Nmap, Metasploit, Wireshark, Nikto, SQLMap
- •Conducted internal penetration tests and DAST/SAST scans on web applications
- •Identified and remediated OWASP Top 10 risks (e.g., XSS, IDOR, misconfigured CORS)
- •Integrated vulnerability scanning into CI/CD pipelines (GitHub Actions)
- •Analyzed network traffic for anomalies using Wireshark and Zeek logs
ISO 27001 Alignment & Risk Strategy
WYL, Kaskara • Focus: Data governance & third-party risk
- •Performed gap analysis against ISO 27001 Annex A controls
- •Implemented data classification and PII handling procedures
- •Evaluated vendor security questionnaires (CAIQ, SIG Lite) and managed risk acceptance
- •Documented incident response playbooks and conducted tabletop exercises
Cybersecurity
- Threat Detection & Response
- Security Policy & Compliance
- Vulnerability Management
Strategy (Enterprise & Startup)
- Technical Roadmap & Architecture Alignment
- Platform Scalability & Tech Debt Strategy
- Cloud Migration & Cost Optimization Strategy
Frontend Development
- Modern React Architectures
- Performance Optimization
- Responsive & Interactive UIs
Backend Development
- API Design & Development
- Database Architecture
- Real-time Systems
DevOps & Cloud
- AWS Infrastructure
- CI/CD Pipelines
- Scalable Architecture
Most Recent Projects
Streamlined Textile Inventory System for Medium to Large-Scale Operations - 2/2025
A high-performance inventory and shipmemt system with the ability of 100K+ daily transactions with real-time inventory and AI-powered recommendations.
Frontend Architecture
- • Next.js Server Components
- • Real-time Activity Reporting
- • Custom Data Tables & Search
- • Results Calculations Algorithm
Backend Systems
- • AWS VPC setup + Load Balancer
- • ECR with ECS Deployment to Fargate
- • Kafka Event Streaming
- • AWS S3 File Storage Integration
Key Achievements
- • 99.99% Uptime with Blue-Green Deployment
- • 300ms Average API Response Time
- • 45% Reduction in Infrastructure Costs
Project (Video)AI Powered Academic Study Platform & GeneratorSystem - 11/2024
A scalable quiz generation platform for both students and educators using the power of LLM's and ML to take any notes document, syllabus or web page and generate a quiz. Educators can gauge profficiency and students can prep for finals.
Frontend Features
- • Public Version using Llama
- • Interactive Dashboard (Sudent/Teacher)
- • Customize & Store Quizes
- • Teacher Dashboard & Reporting
Backend Pipeline
- • Apache Kafka Streams
- • AWS EC2
- • Python Data Processing
- • Redis Time Series
Performance Metrics
- • Average 5 sec Processing
- • Sub-second Query Response
Cost Optimization - 08/2024
Enterprise level cost optimization strategy implementing service level changes into AWS driving a nearly $60,000 a month cost reduction. This project involved reducing infrastructure and scaling down using traffic mitigation and rate logging and limit utilization of AWS services to optimize costs.
Frontend Features
- • Complete Infrastructure Analysis
- • Service Level Review
- • Redesign & Implementation
- • API Changes/Load Balancing
- • Support Downgrades
- • ISO 27001 Modifications
- • Fullstack code changes
Performance Metrics
- • Moderatizzed traffic and saved resources
- • Data Cleanup Implemented
