Malik
Dixon
DevOps · Security · AI Engineering
Building the pipelines, platforms, and intelligent tooling that modern engineering teams depend on to ship fast and stay secure.
About
Malik Dixon
DevOps · DevSecOps · AI · JavaScript
I help mission-driven businesses, educators, consultants, and service-based organizations turn messy workflows into practical AI systems. My work brings structure to the chaos — identifying where AI actually fits, what to automate, and what should stay human-led. I don't believe AI should replace the human mission of a business; it should support the people doing meaningful work.
malik@malikdixon.comWhat I bring
AI workflow audits
Mapping bottlenecks and finding where AI actually fits
Practical AI systems
Prompt libraries, automations, internal assistants & SOPs
Human-led approach
AI that supports your mission instead of replacing it
Cloud & DevSecOps
AWS, Azure, DevOps and security-minded foundations
Services
Turning messy workflows into practical AI systems
I help mission-driven businesses, educators, consultants, and service-based organizations bring structure to the chaos — repetitive admin work, scattered documentation, inconsistent follow-up, and knowledge trapped in too many places.
Many organizations are curious about AI but don't know where to start. My work focuses on identifying where AI actually fits, what should be automated, what should stay human-led, and which systems will save time, improve communication, and create more consistent operations.
I don't believe AI should replace the human mission of a business. It should support the people doing meaningful work — reducing repetitive tasks, improving clarity, and making good systems easier to maintain.
How I work — three stages
AI Workflow Audit
Diagnosing your current workflows, bottlenecks, and the real opportunities — where AI actually fits, what to automate, and what should stay human-led.
AI System Build
Creating practical tools, prompt systems, automations, documentation workflows, and internal assistants that save time and create consistent operations.
Ongoing AI Support
Maintaining, improving, and expanding your systems over time so they keep working as your organization grows.
Areas I focus on
- ▹AI workflow audits
- ▹Prompt libraries & reusable AI systems
- ▹Business process automation
- ▹Documentation & SOP systems
- ▹Client intake & follow-up workflows
- ▹Education & special-education support systems
- ▹AI-assisted operations
- ▹AWS, Azure, DevOps & DevSecOps projects
The goal is to help organizations move beyond random AI tools and build systems that genuinely improve how they work — practical, safe, and sustainable.
Stack
Core Domains
Four areas. Each one sharpened through real-world systems and production pressure.
DevOps
Infrastructure automation, CI/CD pipelines, container orchestration, and cloud-native architecture.
DevSecOps
Security-first development lifecycle, vulnerability management, compliance automation, and threat modeling.
AI Tools
Building and integrating LLM-powered applications, AI agents, automation systems, and intelligent tooling.
JavaScript
Full-stack JavaScript development with modern frameworks, TypeScript, and performance-first engineering.
Projects
Selected Work
DSB Capstone Project
A Docker-based DevSecOps pipeline for a simulated fintech platform — using GitHub Actions to automate security checks from pull request all the way to staging deployment.
What it does
- ▹Runs Dockerized unit, integration, smoke, and DAST testing
- ▹Automates SAST, SCA, secrets scanning, and IaC/config scanning
- ▹Enforces PR gates, staging validation, and nightly security audits
- ▹Separates production and test images for safer deployment workflows
- ▹Builds security directly into CI/CD to support faster, safer releases
AWS Compliance Auditor
An AWS compliance auditing tool that inventories cloud resources, uses temporary credentials only, logs every API call, and exposes audit results through an API validated with Postman.
What it does
- ▹Inventories AWS resources including EC2, EBS, S3, and Lambda
- ▹Uses GitHub Actions OIDC and IAM roles instead of static AWS keys
- ▹Provisions infrastructure with Terraform
- ▹Handles AWS API throttling with retry logic, pacing, and backoff
- ▹Emits structured JSON logs for every AWS API call
- ▹Stores compliance findings for review and reporting
- ▹Provides API endpoints for triggering audits and retrieving results
Problems solved
- ✦Security Hub AccessDeniedException
- ✦S3 public access permission issues
- ✦DynamoDB GSI permission errors
- ✦AWS Describe* actions requiring Resource: "*"
- ✦OIDC and IAM bootstrapping for Terraform CI/CD
Project Sentinel: Self-Healing Cloud Security Automation
A cloud-native security automation system that detects events, responds with serverless remediation, and provides visibility through logging, alerts, and dashboards.
What it does
- ▹Detects security events using event-driven AWS monitoring
- ▹Responds automatically with serverless remediation workflows
- ▹Uses CloudTrail, EventBridge, Lambda, and CloudWatch for visibility and response
- ▹Applies governance through Infrastructure as Code and Policy as Code
- ▹Uses GitHub Actions to validate Terraform, scan for misconfigurations, and enforce checks before deployment
Security is strongest when detection, remediation, observability, and governance work as one connected system. Detection without remediation creates noise. Remediation without observability creates blind spots. Governance without automation does not scale.
More projects being documented. Check back soon.
Discuss a Project