Pharns Genece¶
Security Engineer | GRC, Cloud Security & Detection Engineering
I build the controls I document: cloud guardrails, endpoint hardening, and evidence pipelines. Full-stack GRC from framework mapping to implementation.
I design controls, implement detection logic, and deliver audit-ready evidence across cloud and on-prem environments.
Target roles: GRC Engineer · Cloud Security Engineer · Detection Engineering · RF/Wireless Security
USAF Veteran (service-disabled) · Security Clearance Eligible · Security+/CySA+/PenTest+/SSCP · B.S. Cybersecurity (Feb 2026)
📅 Available February 2026
Production experience¶
USOG — Enterprise Infrastructure (7 Years) Built the IT security stack for a $5.6M drone logistics company. Implemented CIS Controls v8 (IG1-IG2) mapped to NIST CSF and SOC 2. Deployed secure email, Nextcloud, remote access, and monitoring. Remediated 15,000+ vulnerabilities over multiple years. CIS v8 NIST Production
Healthcare MSP HIPAA + SOC 2 readiness assessment. Identified 12 control gaps, delivered prioritized remediation roadmap with 90-day implementation timeline. HIPAA SOC 2 Healthcare
Financial Services SMB PCI-DSS Windows 11 endpoint hardening. 47 controls mapped to CIS benchmarks, audit-ready evidence pack delivered in <48 hours. PCI-DSS CIS Endpoint
Law Firm Security Comprehensive security assessment and remediation. M365 hardening, dark web monitoring, endpoint protection deployment. Assessment M365 Remediation
USOG: Internal infrastructure I built and maintained as CEO/Sysadmin (company winding down post-exit). Client engagements via AAM Cyber.
Aerospace & Defense Recruiters — Unique AAM/UAS Credentials
I don't just study drone security — I've designed, built, and fielded operational UAV systems.
- CEO of $5.6M drone logistics company (USOG) — 7 years operational experience
- USPTO patents in UAV payload and delivery architectures
- TraceLock™ — Patent-pending RF threat detection platform (Wi-Fi/BLE/SDR/GPS/ADS-B)
- FAA Part 107 certified | HAM/GMRS licensed | career USAF veteran
Few practitioners combine drone operations, RF/SDR expertise, and cybersecurity credentials. View full AAM credentials →
Why hire me for GRC engineering¶
Most GRC professionals write policies and manage spreadsheets. I architect and deploy the technical systems that satisfy those controls — then document them with audit-ready evidence.
Endpoint Compliance¶
Delivered PCI-DSS Windows 11 hardening (BitLocker, GPO, EDR) with a complete evidence pack in <48 hours.
Compliance Automation¶
Deployed GIAP™, an intake platform (n8n, Nextcloud) with RBAC, retention policies, and 100+ framework coverage.
Evidence Pipelines¶
Built audit-grade logging systems with structured schemas and export workflows for cloud and access control data.
Detection & Response¶
Operate a Security Onion + TheHive/Cortex lab to author SIEM rules, tune alerts, and write IR playbooks.
Cloud Governance¶
Designing an AWS Control Pack with S3 default-deny, GuardDuty pipelines, and scoped IAM mapped to CIS/NIST.
AI-Assisted Workflows¶
Use LLM tools for accelerated policy drafting, control mapping, and documentation with rigorous human review.
Bottom line: I design the framework, build the architecture, and deliver audit-ready evidence.
Featured GRC projects¶
GIAP™ — GRC Integrated Automation Platform ⭐ Production GRC platform with live demo. CISO Assistant + n8n + Nextcloud + SuiteCRM. 100+ frameworks, HMAC-authenticated webhooks, end-to-end intake automation. GRC Automation Live Demo View Case Study · Try Live Demo
PCI-DSS Windows 11 Hardening Complete endpoint hardening with GPO, firewall rules, service lockdown, and evidence pack. Delivered for financial services client in <48 hours. Compliance Hardening Client Work View Case Study
AWS Cloud Control Pack S3 default-deny storage, GuardDuty findings export, scoped IAM with CIS/NIST mapping. Cloud Controls Architecture View Case Study
TraceLock™ — RF Threat Detection Patent-pending 6-domain wireless monitoring (Wi-Fi/BLE/SDR/GPS/ADS-B). Evidence-grade logging architecture and detection engineering. Detection RF/SDR Python View Project
Secure Intake Portal Nextcloud + n8n + SuiteCRM with RBAC, audit trails, and consent management. Multi-tier access controls. Infrastructure RBAC Deployed View Case Study
Agentic Infrastructure Audit — Foundational Architecture Governed two-machine AI agent environment with fixed-schema audits, drift detection, and security hardening for reproducible outputs across production sessions. Agentic AI Governance Detection View Case Study
PropTech RF Governance & Scope Control Governance-focused RF assessment of BLE and Wi-Fi activity in smart-building deployments. (PropTech = Property Technology: smart locks, IoT sensors, building automation.) Emphasizes scope discipline to prevent false positives and protect regulated work-from-home posture. GRC Privacy RF View Case Study
Results at a glance¶
7 years (2017-2024) Production infrastructure security — built enterprise stack from scratch at USOG
CIS v8 IG1-IG2 Framework implementation mapped to NIST CSF and SOC 2
15,000+ issues (2017-2024) Vulnerabilities identified and remediated across production systems over 7 years
<48 hours (Dec 2024) PCI-DSS endpoint hardening with audit-ready evidence pack for financial services client
12 active certifications Security+, CySA+, CSAP, Network+, SSCP (Assoc.), ITIL4, ISC² CC, LPI, Project+ · PenTest+ pending → View all
Career USAF veteran Mission-critical operations, security clearance eligible
Detection engineering & offensive security¶
Current capability: Active detection/IR lab with Security Onion, TheHive/Cortex, custom SIEM rules, and authored detections. TraceLock™ RF/SDR telemetry demonstrates detection engineering fundamentals across 6 wireless domains.
Growth trajectory: CySA+ and CSAP earned February 2026. PenTest+ pending. Building penetration testing portfolio through lab work and vulnerability assessments.
Why this matters: GRC engineers who understand offensive techniques write better controls. Detection experience informs what to log and monitor.
AI-augmented security engineering¶
I build AI systems, not just use them. CareerOS — the multi-agent system powering my job search — demonstrates production-grade prompt engineering, context management, and workflow orchestration.
What I've built:
- GIAP™ — Production GRC automation platform with n8n workflows, webhook pipelines, and planned MCP integration for natural language compliance queries
- TraceLock™ — Patent-pending RF threat detection with AI-assisted detection tuning and false positive reduction through pattern extraction
- CareerOS — 1,100+ line multi-agent system demonstrating production-grade prompt engineering, structured JSON schemas, and multi-model orchestration (Claude, GPT, Gemini)
Why this matters for security roles:
| Traditional Approach | AI-Augmented Approach |
|---|---|
| Manual SIEM rule authoring | LLM-assisted detection content with human validation |
| Copy-paste policy templates | Structured prompt → consistent, auditable output |
| Spreadsheet control mapping | AI-driven cross-framework mapping at scale |
| Ad-hoc documentation | Living docs generated from structured schemas |
Skills: Prompt Engineering · Multi-Agent Orchestration · Context Management · Structured Output Design · AI-Assisted Code Review · MCP Protocol
Credentials & frameworks¶
Education B.S. Cybersecurity & Information Assurance (WGU) — Feb 2026
12 Active Certifications Security+, CySA+, CSAP, Network+, A+, ITIL4, ISC² CC, SSCP (Assoc.), LPI, Project+, CSIS, CIOS
Newly Earned Feb 2026 CySA+, CSAP · PenTest+ pending
Planned Q1 2026 AWS Cloud Practitioner, ISC² CCSP
Framework experience: NIST CSF (PR.AC, PR.DS, DE.CM, RS.AN) · CIS Controls v8 · PCI-DSS v4.0 · SOC 2 · ISO 27001 (foundational)
Licenses: FAA Part 107 · HAM/GMRS · Veteran: USAF, service-disabled
What others say¶
"Pharns delivered a complete compliance package with documentation quality that rivals consultants with twice his experience. His ability to implement technical controls while maintaining audit-ready evidence is rare."
— Security stakeholder, Client engagement via AAM Cyber, LLC
Additional references available upon request.
AAM cybersecurity specialization¶
I don't just secure drones — I've designed, built, and fielded UAV systems.
Advanced Air Mobility (AAM) security requires practitioners who understand the engineering, not just the vulnerabilities. I bring hands-on experience across the full lifecycle:
| Capability | Evidence |
|---|---|
| UAV Engineering | Designed, built, and fielded operational UAV systems |
| USPTO Patents | Granted patents in UAV payload and delivery architectures |
| RF Threat Detection | TraceLock™ 6-domain correlation (Wi-Fi/BLE/SDR/GPS/ADS-B) — rogue APs, trackers, drone proximity |
| Aviation Credentials | FAA Part 107 certified drone pilot |
| SDR/Wireless | HackRF, RTL-SDR, Kismet — spectrum analysis and signal intelligence |
| Consulting | AAM Cyber, LLC — cyber-physical security services |
| Military Aviation | USAF aeromedical operations background |