Who We Serve
Who We Serve
I work with three kinds of clients — each needing a different mix of compliance depth and AI security.
Federal Agencies & Program Offices
Federal agencies operate under demanding requirements: FISMA mandates, NIST SP 800-53 control baselines, and an authorization process that determines whether systems can operate at all. I've supported federal organizations including the Department of Justice, EOUSA, the U.S. Marshals Service, the SEC Office of Inspector General, and the FHFA on exactly this work.
What I help with
- FISMA assessment & authorization
- RMF support (eMASS, POA&M)
- Continuous monitoring
- AI system security (NIST AI RMF)
- Penetration testing
Defense Contractors
If your company handles Controlled Unclassified Information (CUI) for a federal contract, you must protect it under NIST SP 800-171 and, increasingly, demonstrate it through CMMC. Failing a CMMC assessment means losing contract eligibility.
What I help with
- NIST 800-171 gap assessment (110 controls)
- CMMC readiness
- System Security and Privacy Plan (SSPP) development
- CUI scoping & DFARS handling
- Penetration testing
Enterprises Adopting AI
Enterprises are deploying AI and LLM applications faster than security teams can evaluate them. The risks — prompt injection, jailbreaks, data leakage, unsafe outputs — are distinct from traditional security and need a rigorous, adversarial methodology.
What I help with
- Adversarial testing
- Data & prompt leakage testing
- Model safety evaluation
- NIST AI RMF alignment
- Agentic AI review
Not sure which fits?
Tell me about your environment and I'll point you to the right starting place.
Book a security assessment