Cyber Risk Guy

Project Portfolio

From cutting-edge AI applications to compliance to enterprise security program development, here are some of the projects I've worked on in the past few years.

Vendable.ai logo

Vendable.ai

AI-Powered Work Platform

Featured
vendable.ai
2025

AI Application Development

AI is changing the way we work. Human workers and AI agents will work together to get things done. Humans must adapt to use AI technilogies to be competitive, and the jobs they seek will require AI skills. Building an AI application to automate job workflows, including searching, applications, and communications.

Technologies

AI Application Development AI agents +4 more

Business Outcome

This project is currently in development. Development of a hybrid AI application that uses AI agents to automate job workflows, including searching, applications, and communications.

Cyber Risk Guy logo

Cyber Risk Guy

Cybersecurity Education

Featured
cyberriskguy.com
2025

Cybersecurity Education Platform

Developing comprehensive cybersecurity education platform featuring interactive courses, resources, news and trends, and real-world security scenarios in plain English. Platform provides structured learning paths for security professionals, compliance guides, and practical implementation resources for organizations of all sizes.

Technologies

Astro Supabase MongoDB +7 more

Business Outcome

The cybersecurity education platform that democratizes security knowledge and helps organizations build effective security programs.

Perfect Rentals logo

Perfect Rentals

Real Estate Investment

Featured
perfect.rentals
2024

Security Program Development

Comprehensive cybersecurity program based on NIST Cybersecurity Framework 2.0 for real estate investment technology platform. AI application development to automate sales lead generation.

Technologies

NIST CSF 2.0 Security Program Development AI +7 more

Business Outcome

Established modern cybersecurity programs that protected sensitive real estate and financial data. Supporting growth and investor confidence. Application launched in 2024.

World's Largest Cloud Hyperscaler

Government Cloud Services

Featured
2022

FedRAMP OSCAL Conversion Tools

Led development team building industry-first FedRAMP documentation package (SSP, SAP, & SAR) conversion tools to OSCAL (Open Security Controls Assessment Language) format for government compliance requirements. Pioneered automated compliance documentation transformation for cloud service providers seeking federal authorization.

Technologies

FedRAMP OSCAL Department of Defense +3 more

Business Outcome

Delivered industry-first OSCAL conversion capability. Streamlined client's federal compliance processes. Enabled client to bid JWCC contracts worth $9B across 3 vendors.

Leading FedRAMP Third-Party Assessment Organization

Federal Government | Cloud Service Providers

2023

Application Pilot

Led a team that built an application to automate FedRAMP and Department of Defense Cloud Service Provider assessments. Ran several pilots through the application. Trained the assessment team on the use and extensibility of the application.

Technologies

FedRAMP High FedRAMP Moderate Department of Defense +4 more

Business Outcome

This application cut FedRAMP compliance assessment project time by 50%, automated report generation, improved report quality, and reduced burden on senior consultants by enabling junior consultants to choose from self-service options. Application launched in 2023.

Thermal Management Solutions Defense Contractor

Defense Contractor

2021

Controls Assessment

Conducted comprehensive CMMC and NIST 800-171 controls assessment for defense contractor specializing in thermal management solutions. Evaluated current security posture and provided roadmap for achieving required compliance levels for Department of Defense contracts.

Technologies

CMMC DFARS NIST 800-171 +4 more

Business Outcome

Enabled continued eligibility for DoD contracts by identifying and addressing critical security gaps, resulting in successful compliance certification.

Major Health Insurance Provider

Health Insurance

2021

Risk and Controls Assessment

HIPAA risk and security controls assessment for major health insurance provider. Evaluated existing security measures protecting member health information and developed strategic roadmap for enhanced compliance and risk reduction.

Technologies

HIPAA Risk Assessment Controls Assessment +3 more

Business Outcome

Strengthened HIPAA compliance posture and implemented advanced security controls that reduced data breach risk while improving operational efficiency.

Data Center and Cloud Services Provider

Data Centers & Cloud Services

2020

Security Program Development, Fractional CISO

Fractional Chief Information Security Officer (vCISO) for leading data center and cloud services provider. Developed comprehensive security program aligned with SOC 2 Type II requirements, including security policies, incident response procedures, and continuous monitoring capabilities.

Technologies

SOC 2 Type II vCISO Services Security Program Development +3 more

Business Outcome

Successfully achieved SOC 2 Type II certification and established mature security operations program that enhanced customer trust and enabled business growth.

World's Largest Mountain Resort Company

Travel & Tourism

2019

Policy Development

Developed comprehensive cybersecurity policies and procedures aligned with ISO 27001/27002 standards for major mountain resort company. Created risk-based security framework covering data protection, incident response, and operational security across multiple resort locations.

Technologies

ISO 27001 ISO 27002 Policy Development +3 more

Business Outcome

Established enterprise-wide security governance framework that improved compliance posture and reduced security incidents across all resort properties.

Healthcare Technology Startup

healthcare security

2019

Policy & Procedure Development

Designed and implemented HITRUST-compliant security policies and procedures for healthcare technology startup in preparation for HITRUST certification. Conducted training for leadership and staff in policies, procedures and the stringent repeatability of artifacts.

Technologies

HITRUST Healthcare Compliance Policy Development +3 more

Business Outcome

Successfully achieved HITRUST certification and established robust healthcare security compliance program that enabled business growth in regulated markets.

Colorado Local Government

Local Government

2019

HIPAA Risk Assessment

Conducted comprehensive HIPAA risk assessment for local government healthcare operations. Evaluated security controls across multiple departments handling protected health information and developed remediation roadmap to ensure regulatory compliance.

Technologies

HIPAA Risk Assessment Healthcare Security +3 more

Business Outcome

Identified and addressed critical HIPAA compliance gaps, reducing regulatory risk exposure and establishing ongoing compliance monitoring program.

Global Hotel and Resort Chain

Travel & Tourism

2019

M&A Risk Assessment

Cybersecurity risk assessment of an acquisition target for a global hotel and resort chain. Evaluated travel technology company's private-label booking engine solutions, security architecture, and compliance posture to inform M&A decision-making and post-acquisition security integration planning.

Technologies

NIST CSF M&A Due Diligence Travel Technology Security +3 more

Business Outcome

Provided critical security intelligence that informed acquisition decision and established post-merger security integration roadmap, ensuring seamless technology consolidation.

Global Private Equity Firm

Financial Services

2018

Vendor Risk Assessments

Assisted in the development and operation of a comprehensive third-party vendor risk assessment program for global private equity firm. Developed standardized assessment methodologies and conducted security evaluations of critical business partners to ensure appropriate risk management across the investment portfolio.

Technologies

Third-party Risk Management Vendor Assessments Risk Analytics +3 more

Business Outcome

Established enterprise vendor risk management program that reduced third-party security incidents and improved due diligence processes for new partnerships.

Global Research and Advisory Company

Information Services & Research

2018

Privacy Assessment

Conducted comprehensive GDPR privacy assessment for global research and advisory company. Evaluated data processing activities, cross-border data transfers, and privacy controls to ensure compliance with European data protection regulations.

Technologies

GDPR Privacy Assessment Data Protection +3 more

Business Outcome

Established GDPR compliance framework that enabled continued operations in European markets while minimizing privacy-related business risks.

Digital Publishing Platform

Digital Publishing & Software

2018

Privacy Assessment

Privacy risk and impact assessment (GDPR) for digital publishing platform serving religious communities. Analyzed user data collection practices, consent mechanisms, and data subject rights implementation across multiple software products.

Technologies

GDPR Privacy Impact Assessment Consent Management +3 more

Business Outcome

Implemented comprehensive privacy program that ensured GDPR compliance while maintaining user experience and supporting international user base growth.

Iconic Streetwear Brand

Fashion & Retail

2017

Security Program Development

Developed and implemented comprehensive cybersecurity program based on CIS Critical Security Controls (CSC Top 20) for iconic streetwear brand. Addressed unique security challenges in fashion retail including brand protection, intellectual property security, and supply chain risk management.

Technologies

CIS Controls CSC Top 20 Security Program Development +7 more

Business Outcome

Built enterprise security foundation that protected brand integrity and intellectual property while supporting rapid business growth and global expansion.

Major Research University

Higher Education

2017

NIST 800-171, DFARS, CMMC Assessment

Conducted comprehensive risk and controls assessment covering NIST 800-171/172, DFARS, CMMC, and FINRA requirements for major research university. Evaluated security controls protecting controlled unclassified information (CUI) and research data across academic departments and research facilities.

Technologies

NIST 800-171 NIST 800-172 DFARS +6 more

Business Outcome

Enabled the institution to maintain federal research funding eligibility by achieving compliance with defense contracting and research security requirements.

NIH/NIAID/DMID & Leidos

Government Healthcare Research

2015

Application Security

Led comprehensive security refactoring of Human Subject Research Oversight & Accountability Database (HSROAD) application. Managed security hardening, FISMA compliance documentation, vulnerability remediation, and AWS cloud migration for critical government research system.

Technologies

FISMA Web Application Security SSP Development +6 more

Business Outcome

Successfully modernized and secured critical research oversight system, achieving FISMA compliance and enabling secure cloud operations for sensitive human subject research data.

NIH/NIAID/DMID & Leidos

Government Healthcare Research

2015

Application Security

Directed security refactoring and hardening of Clinical Agents Repository Inventory Management (CARIM) application. Developed comprehensive System Security Plan, conducted vulnerability assessments, implemented security controls, and managed AWS migration for critical clinical inventory system.

Technologies

FISMA Web Application Security SSP Development +6 more

Business Outcome

Transformed legacy clinical inventory system into secure, cloud-based solution meeting federal security standards and enabling efficient management of critical research materials.

Ready to Transform Your Security Program?

Let's discuss how these proven strategies can be adapted for your organization. Schedule a consultation to explore your specific cybersecurity challenges.

Schedule Consultation