La Shauna E. Nichols

About Me

CTO | Software & App Architect | Technical Instructor

La Shauna E. Nichols is a cybersecurity and software engineering leader with nearly two decades of experience designing, building and securing enterprise-scale applications. She holds graduate degrees in Information Technology Management and Computer Science with a concentration in Cybersecurity.

As a hands-on technical executive, she has led SOC 2 Type II readiness programs, architected secure multi-cloud environments (AWS & GCP) and embedded application security into engineering workflows using frameworks like ISO 27001, NIST and CIS Controls.

Previously Head of Infrastructure and Backend Engineering at Scratch, the world's largest learn-to-code platform, she helped scale secure, resilient systems serving over 120 million users. She later served as CTO at WhoseYourLandlord (WYL), where she drove a security-by-design transformation across product and infrastructure.

Today, she works as a Fractional CTO and Security Engineering Consultant, guiding startups and growth-stage companies through cloud security maturity, AppSec program development and compliance readiness. She's also a passionate advocate for equitable access to STEM education through her work with Calculated Genius and other nonprofit initiatives.

Career Timeline

SchoolOpsAI

2024 – Present

Fractional CTO

  • Leading technical strategy and architecture for an AI-powered education platform
  • Establishing security-first engineering practices and cloud infrastructure
  • Guiding product roadmap and technical hiring decisions

Hokali

2023 – Present

Lead Software Engineer & Technical Instructor

  • Leading full-stack development of an outdoor activities booking platform
  • Mentoring junior engineers and teaching coding fundamentals
  • Building scalable booking and payment systems with React and Node.js

WhoseYourLandlord (WYL)

2022 – 2023

CTO

  • Drove security-by-design transformation across product and infrastructure
  • Led ISO 27001 alignment and implemented data governance procedures
  • Managed engineering team and established CI/CD best practices

Larmarka

2021 – 2022

Senior Software Engineer

  • Architected microservices for an e-commerce marketplace platform
  • Implemented real-time inventory management with event-driven architecture
  • Optimized database queries resulting in significant performance improvements

Scratch (MIT Media Lab)

2019 – 2021

Head of Infrastructure & Backend Engineering

  • Scaled secure, resilient systems serving over 120 million users
  • Led cloud infrastructure modernization on AWS
  • Implemented security monitoring and incident response processes

McKesson Corporation

2016 – 2019

Software Engineer

  • Developed healthcare supply chain management applications
  • Built HIPAA-compliant data processing pipelines
  • Contributed to enterprise-scale Java and Spring Boot microservices

Urban Technology Project

2014 – 2016

Lead Developer & Instructor

  • Led development of community-focused technology solutions
  • Taught programming fundamentals to underserved youth
  • Built web applications for nonprofit community partners

University of the Pacific

2012 – 2014

IT Systems Administrator

  • Managed campus network infrastructure and security
  • Supported faculty and staff with technology integration
  • Maintained server environments and backup systems

TutorWorks

2010 – 2012

Lead Developer

  • Built an early-stage edtech tutoring platform
  • Designed user-facing features for student-tutor matching
  • Managed full product lifecycle from concept to deployment

Cybersecurity Experience

SOC 2 Type II Readiness

Cortexia.ai (Healthcare SaaS) · 2023–2024

  • Led complete SOC 2 Type II program (risk assessments, CC1–CC6 control mapping, evidence collection)
  • Authored security policies: Access Control, Incident Response, Data Retention, Vendor Risk
  • Implemented continuous monitoring via Datadog & Splunk SIEM with alerting on anomalous activity
  • Trained engineering team on audit responsibilities and secure development practices

Cloud Security Posture (AWS & GCP)

Kaskara, Scratch, WYL · Multi-account environments

  • Designed VPCs with private/public subnets, NAT gateways and hardened security groups
  • Enforced least-privilege IAM roles and SSO integration (Okta)
  • Configured encryption-at-rest (KMS) and in-transit (TLS 1.3, WAF, Cloudflare)
  • Automated compliance checks using AWS Config and GCP Security Command Center

Threat Detection & Vulnerability Management

Tools: Burp Suite, Nmap, Metasploit, Wireshark, Nikto, SQLMap

  • Conducted internal penetration tests and DAST/SAST scans on web applications
  • Identified and remediated OWASP Top 10 risks (e.g., XSS, IDOR, misconfigured CORS)
  • Integrated vulnerability scanning into CI/CD pipelines (GitHub Actions)
  • Analyzed network traffic for anomalies using Wireshark and Zeek logs

ISO 27001 Alignment & Risk Strategy

WYL, Kaskara · Focus: Data governance & third-party risk

  • Performed gap analysis against ISO 27001 Annex A controls
  • Implemented data classification and PII handling procedures
  • Evaluated vendor security questionnaires (CAIQ, SIG Lite) and managed risk acceptance
  • Documented incident response playbooks and conducted tabletop exercises

Education & Certifications

Master of Science in Computer Science

Concentration: Cybersecurity

Colorado Technical University · Expected 6/2026

Master of Science in Information Technology Management

Colorado Technical University · Completed