Overview
The featured work centers on Cypago, an enterprise Cyber GRC (Governance, Risk, and Compliance) automation platform. It helps security and compliance teams continuously monitor controls, prepare for audits, and review user access. Moreover, it supports frameworks like SOC 2, ISO 27001, HIPAA, and GDPR.
Project Context
The core challenge was clear: compliance teams needed to ask complex, nuanced questions of their organizational data. For example, a user might want every employee whose first
name starts with “A” who skipped their security training. Similarly, they might look for anyone who showed no activity in the system for over a month. In short, this
multi-condition logic drives meaningful compliance and security insights.
Technical Architecture
I designed and maintained a decision tree engine. It translated these layered conditions into executable database searches. The tree traversal stayed database-agnostic. Meanwhile,
the engine generated the query-language constructs per backend. At first, I implemented this logic as raw SQL queries against the company database. Later, I migrated it to Neo4j
graph queries and mapped the same traversal model onto a graph.
Key Achievement
I separated the agnostic tree-traversal layer from the database-specific query generation. As a result, the system supported sophisticated compliance searches. Furthermore, it
stayed flexible enough to evolve from SQL to Neo4j without rewriting the core decision logic.
