CMMC Assessor · Cybersecurity Consultant · Navy Veteran
20+ years of cybersecurity experience spanning security operations, GRC, and enterprise security program leadership — with deep roots in the Defense Industrial Base, law firms, and small to mid-sized businesses.
Background
My background combines hands-on SecOps roots with executive-level program leadership — a combination that's genuinely rare in the GRC and compliance space. I've led organizations through concurrent CMMC Level 2, ISO 27001, and compliance readiness programs in live enterprise environments, and I hold dual CMMC credentials as both a Certified Assessor and Certified Professional.
I'm a Navy veteran — Fire Controlman rating, NATO SeaSparrow, USS Independence — and have spent my career working in and around the defense ecosystem. I understand how defense contractors think about risk, compliance pressure, and program timelines in ways that go beyond the framework. I'm based in Huntsville, Alabama, with direct flight access to Washington, DC and Dallas, TX, and available for travel nationally.
Areas of Focus
CMMC CCA credentialed with direct assessment experience. NIST SP 800-171 control validation, SSP development and review, POAM management, evidence collection, and assessment preparation across DFARS 252.204-7012 requirements.
Policy framework development, risk management, third-party risk, and security governance aligned to NIST CSF 2.0, ISO 27001, and CIS Controls. Built security programs from the ground up in complex, multi-framework environments.
Detection engineering, incident response architecture, and security stack evaluation. A SecOps background that most compliance-focused practitioners don't carry — able to evaluate your environment technically, not just documentarily.
Nearly a decade of embedded experience inside law firms. Data governance, client confidentiality risk, ABA Model Rules 1.1 and 1.6 alignment, and security program development for professional services environments.
Supporting organizations navigating NIST AI RMF requirements and shadow AI exposure. Acceptable use policy development, approved tools governance, and AI risk assessment in defense and commercial environments.
Translating security posture, compliance milestones, and risk exposure into business language for senior leadership and boards. Experienced delivering executive briefings across regulated industries including defense and legal.
Career
Joined as PDW's first Information Security hire — building the enterprise security program from the ground up at a fast-growing drone technology company operating in the defense and aerospace sector. Leading concurrent CMMC Level 2 and ISO 27001 programs as a CCA-credentialed practitioner, with full ownership of security strategy, policy development, risk management, and executive reporting across cloud and embedded systems environments.
Joined post-acquisition as Chief Security Officer — serving as the senior security leader across a national client base spanning cybersecurity and managed IT services. Led executive-level security advisory engagements with a focus on zero-trust architecture, security program development, and compliance-driven strategy. Built and maintained direct client relationships at the C-suite level across a broad and varied portfolio.
Founded SmartFirm IT as a solo operator and scaled it into a full-service cybersecurity and managed IT firm with a specialized practice serving law firms nationally. Built repeatable security programs aligned to CIS Controls and NIST frameworks, architected comprehensive security stacks for legal clients, and developed deep expertise in professional services security. Successfully exited through strategic acquisition in 2023.
Served law firm clients nationally as an embedded IT and security resource for a legal technology firm specializing in document management and billing applications. Responsible for the full technology footprint across client environments — network infrastructure, security, systems administration, and end-user support — developing deep familiarity with the operational and data governance challenges unique to law firms.
Supported network and database infrastructure at the largest law firm headquartered in Sacramento — approximately 250 staff across four offices. Progressed from helpdesk support into network and database administration through hands-on mentorship and self-directed learning.
Operated, maintained, and repaired the NATO SeaSparrow Missile System aboard a forward-deployed aircraft carrier. The FC rating combines advanced electronics, weapons systems integration, and real-time operational decision-making — building foundational discipline in precision and high-stakes troubleshooting that has carried through every technical role since.
Contact
I collaborate with C3PAOs, CMMC readiness firms, and MSSPs on assessment and consulting engagements where my credential stack and delivery experience add value. I'm also available for direct client engagements through Cyber Control Group. Reach out directly to start a conversation.