• Conduct interviews with SMEs (e.g., co-founder with deep technical expertise). • Research and distill complex cybersecurity threats and patterns. • Write a foundational asset covering: 2–3 real-world case studies of organizational breaches (e.g., sophisticated fintech and crypto compromises). • A diagnostic framework to understand vulnerabilities. • A methodology or solution-based model applicable to clients. • Deliver a high-quality, technically sound report for use in sales enablement and positioning. • Ensure relevance to both fintech and crypto audiences without alienating either.

• Perform security hardening for client’s cloud environment • Implement necessary security measures for AI operations such as Data encryption in transit and at rest, Access control and identity management • Adhere to risk management principles in NIST AI Risk Management Framework and agency policy • Operate within FedRAMP(moderate) authorized services appropriate for the agency’s data • Comply with FISMA, implement controls aligned to NIST SP 800-53, adopt Zero Trust patterns (NIST SP 800-207), and ensure audit logging and continuous monitoring • Implement Zero Trust principles, least privilege, and role/persona-based access-controlled workspaces • Support Section 508 accessibility for user interfaces and documentation • Support clients ATO requirements • Provide an annual risk assessment on how security controls are being followed • Review and document the external systems security assessment report in the above-mentioned risk assessment on an annual basis

• Support planning, assessment, and implementation of Zero Trust principles across classified environments • Evaluate identity, device, network, application, and data protection controls • Assess Zero Trust maturity against DoD Zero Trust reference architectures • Provide recommendations to reduce implicit trust and strengthen access control enforcement • Oversee SIEM and SOAR operations for classified networks • Analyze security logs, alerts, and correlated events to identify threats and anomalous behavior • Perform traffic pattern analysis to detect lateral movement, unauthorized activity, and data exfiltration risks • Support incident response investigations and forensic analysis • Oversee vulnerability management and advanced vulnerability analysis efforts • Assess mission risk across enterprise, tactical, and mission networks • Ensure the security posture of complex, interconnected classified systems • Configure and manage AWS Security toolsets (CloudTrail, GuardDuty, Inspector, Security Hub) • Provide technical leadership and guidance to engineering, operations, and compliance teams • Mentor junior and mid-level cybersecurity personnel • Support cybersecurity strategy development and continuous process improvement • Stay current with emerging threats, adversary TTPs, and evolving DoD cybersecurity guidance

• Support and maintain development, maintenance, and oversight of RMF packages for classified C5ISR and IIR systems • Coordinate with Government System Owners, ISSOs, ISSEs, and Authorizing Officials to collect evidence, validate control implementation and maintain package accuracy. • Execute RMF support activities for ATO/IATT and continuous monitoring across multiple systems/enclaves, including documentation updates driven by engineering and operational changes. • Document and track POA&M items, support risk-based prioritization, and provide remediation status reporting through closure. • Validate documentation alignment with system architecture, interconnections, control inheritance, and mission dependencies. • Ensure systems comply with Department of War/DoD, and federal cybersecurity requirements • Support internal and external audits, inspections, and cybersecurity assessments • Monitor changes to cybersecurity policy and support implementation across supported systems • Provide compliance status, risk analysis, and authorization reporting to government leadership • Author, maintain, and approve cybersecurity SOPs, plans, and technical documentation • Standardized documentation practices across supported systems and teams • Ensure documentation supports audits, inspections, and operational continuity • Support cybersecurity risk management for C5ISR and IIR systems • Assess security impacts across enterprise, tactical, and mission networks • Support interconnected and cross-domain system authorization efforts