Pharns Genece¶
AI Governance Architect | NIST OLIR Trifecta Cataloged | Patent Holder & Patent-Pending
I govern AI agents so yours don't go rogue.
Runtime AI governance and governed autonomous execution — built, operating, and now cataloged in the NIST OLIR catalog with three Draft Informative References.
I build the governance systems that make AI agents trusted to operate. My runtime AI governance framework, SDOS, is cataloged in the NIST OLIR catalog as a Trifecta of Draft Informative References against AI RMF 1.0 (Reference ID 212), Cybersecurity Framework 2.0 (Reference ID 215), and SP 800-53 Rev 5.2.0 (Reference ID 217) — the first dispatch-time enforcement framework cataloged at the runtime layer across all three federal references. From patent-filed autonomous execution architecture to detection engineering, compliance automation, and RF threat detection, every project here demonstrates one principle: AI without governance isn't safe to ship.
Best fit for teams that need governed AI execution, not just policy decks.
USAF Veteran (service-disabled) · Security Clearance Eligible · Security+/CySA+/PenTest+/SSCP · B.S. Cybersecurity (completed March 2026)
Results at a glance¶
NIST OLIR Trifecta cataloged runtime AI governance framework Three Draft Informative References cataloged in May 2026: Ref 212 — AI RMF 1.0 · Ref 215 — CSF 2.0 · Ref 217 — SP 800-53 Rev 5.2.0. OLIR catalog inclusion is an informative reference, not a NIST endorsement.
7 years production security Built enterprise IT security stack from scratch at USOG — CIS v8, NIST CSF, SOC 2
15,000+ vulnerabilities remediated Identified and resolved across production systems over 7-year infrastructure tenure
<48 hours PCI-DSS endpoint hardening with audit-ready evidence pack — financial services client
14 active certifications Security+, CySA+, CSAP, PenTest+, CNSP, CNVP, Network+, SSCP (Assoc.), ITIL4, LPI, Project+ → View all
B.S. Cybersecurity (WGU, Mar 2026) CIS v8 IG1-IG2 mapped to NIST CSF and SOC 2
Career USAF veteran Mission-critical operations, service-disabled, security clearance eligible
Why I'm different¶
- I implement controls, not just map them. Framework requirements become working configurations, monitoring logic, and documented evidence — not recommendations in a report.
- I connect governance to operations. My work spans control design, technical implementation, telemetry pipelines, and audit-ready outputs. The documentation reflects what actually runs.
- I bring edge-domain depth most candidates don't have. RF/UAS security (USPTO patents, TraceLock™), governed automation systems, and real operator experience across USAF, a prior unmanned systems startup, and active consulting engagements.
Production experience¶
USOG — Enterprise Infrastructure (7 Years) Built the IT security stack for a drone logistics company. Implemented CIS Controls v8 (IG1-IG2) mapped to NIST CSF and SOC 2. Deployed secure email, Nextcloud, remote access, and monitoring. Remediated 15,000+ vulnerabilities over multiple years. CIS v8 NIST Production
Healthcare MSP HIPAA + SOC 2 readiness assessment. Identified 12 control gaps, delivered prioritized remediation roadmap with 90-day implementation timeline. HIPAA SOC 2 Healthcare
Financial Services SMB PCI-DSS Windows 11 endpoint hardening. 47 controls mapped to CIS benchmarks, audit-ready evidence pack delivered in <48 hours. PCI-DSS CIS Endpoint
Law Firm Security Comprehensive security assessment and remediation. M365 hardening, dark web monitoring, endpoint protection deployment. Assessment M365 Remediation
USOG: Internal infrastructure I built and maintained as CEO/Sysadmin (company winding down post-exit). Client engagements via AAM Cyber.
Aerospace & Defense Recruiters — Unique AAM/UAS Credentials
I don't just study drone security — I've designed, built, and fielded operational UAV systems.
- Former founder/CEO of drone logistics company (USOG) — 7 years operational experience
- USPTO patents in UAV payload and delivery architectures
- TraceLock™ — Patent-pending RF threat detection platform (Wi-Fi/BLE/SDR/GPS/ADS-B)
- FAA Part 107 certified | HAM/GMRS licensed | career USAF veteran
Few practitioners combine drone operations, RF/SDR expertise, and cybersecurity credentials. View full AAM credentials →
Why hire me for GRC engineering¶
Most GRC professionals write policies and manage spreadsheets. I architect and deploy the technical systems that satisfy those controls — then document them with audit-ready evidence.
Endpoint Compliance¶
Delivered PCI-DSS Windows 11 hardening (BitLocker, GPO, EDR) with a complete evidence pack in <48 hours.
Compliance Automation¶
Deployed GIAP™, an intake platform (n8n, Nextcloud) with RBAC, retention policies, and 100+ framework coverage.
Evidence Pipelines¶
Built audit-grade logging systems with structured schemas and export workflows for cloud and access control data.
Detection & Response¶
Operate a Security Onion + TheHive/Cortex lab to author SIEM rules, tune alerts, and write IR playbooks.
Cloud Governance¶
Designing an AWS Control Pack with S3 default-deny, GuardDuty pipelines, and scoped IAM mapped to CIS/NIST.
AI-Assisted Workflows¶
Use LLM tools for accelerated policy drafting, control mapping, and documentation with rigorous human review.
Bottom line: I design the framework, build the architecture, and deliver audit-ready evidence.
Featured GRC projects¶
GIAP™ — Governed Intake and Analysis Platform ⭐ Production GRC platform with live demo. CISO Assistant + n8n + Nextcloud + SuiteCRM. 100+ frameworks, HMAC-authenticated webhooks, end-to-end intake automation. GRC Automation Live Demo View Case Study · Try Live Demo
PCI-DSS Windows 11 Hardening Complete endpoint hardening with GPO, firewall rules, service lockdown, and evidence pack. Delivered for financial services client in <48 hours. Compliance Hardening Client Work View Case Study
AWS Cloud Control Pack S3 default-deny storage, GuardDuty findings export, scoped IAM with CIS/NIST mapping. Cloud Controls Architecture View Case Study
TraceLock™ — RF Threat Detection Patent-pending 6-domain wireless monitoring (Wi-Fi/BLE/SDR/GPS/ADS-B). Evidence-grade logging architecture and detection engineering. Detection RF/SDR Python View Project
Secure Intake Portal Nextcloud + n8n + SuiteCRM with RBAC, audit trails, and consent management. Multi-tier access controls. Infrastructure RBAC Deployed View Case Study
Agentic Infrastructure Audit — Foundational Architecture Governed two-machine AI agent environment with fixed-schema audits, drift detection, and security hardening for reproducible outputs across production sessions. Agentic AI Governance Detection View Case Study
PropTech RF Governance & Scope Control Governance-focused RF assessment of BLE and Wi-Fi activity in smart-building deployments. (PropTech = Property Technology: smart locks, IoT sensors, building automation.) Emphasizes scope discipline to prevent false positives and protect regulated work-from-home posture. GRC Privacy RF View Case Study
Detection engineering & offensive security¶
Current capability: Active detection/IR lab with Security Onion, TheHive/Cortex, custom SIEM rules, and authored detections. TraceLock™ RF/SDR telemetry demonstrates detection engineering fundamentals across 6 wireless domains.
Growth trajectory: CySA+, CSAP, and PenTest+ earned 2026. Full purple team positioning complete. Building penetration testing portfolio through lab work and vulnerability assessments.
Why this matters: GRC engineers who understand offensive techniques write better controls. Detection experience informs what to log and monitor.
AI-augmented security engineering¶
Security operations are documentation-heavy: control matrices, policy drafts, evidence collection, runbooks. I use governed automation to reduce that burden — faster delivery, same rigor.
| Outcome | How |
|---|---|
| Faster cross-framework control mapping | LLM-assisted mapping with structured prompts and human validation |
| Consistent, auditable evidence | Reproducible documentation output from structured schemas |
| Reduced manual SIEM authoring effort | LLM-assisted detection content with analyst review gate |
| Repeatable compliance delivery at scale | GIAP™ workflow automation — intake → framework → evidence |
Production systems: GIAP™ (live GRC automation platform — try the demo), TraceLock™ (RF threat detection with AI-assisted tuning and false-positive reduction), governed two-machine AI agent environment with fixed-schema audit outputs and drift detection.
Skills: Prompt Engineering · Multi-Agent Orchestration · Structured Output Design · n8n Workflow Automation · MCP Protocol · AI-Assisted Detection Tuning
Credentials & frameworks¶
Education B.S. Cybersecurity & Information Assurance (WGU) — Mar 2026
14 Active Certifications Security+, CySA+, CSAP, PenTest+, CNSP, CNVP, Network+, A+, ITIL4, SSCP (Assoc.), LPI, Project+, CSIS, CIOS
Newly Earned 2026 CySA+, CSAP, PenTest+, CNSP, CNVP
Planned Q2/Q3 2026 AWS Cloud Practitioner, ISC² CCSP
Framework experience: NIST CSF (PR.AC, PR.DS, DE.CM, RS.AN) · CIS Controls v8 · PCI-DSS v4.0 · SOC 2 · ISO 27001 (foundational)
Licenses: FAA Part 107 · HAM/GMRS · Veteran: USAF, service-disabled
What clients say¶
"Pharns delivered a complete compliance package with documentation quality that rivals consultants with twice his experience. His ability to implement technical controls while maintaining audit-ready evidence is rare."
— Compliance stakeholder, Healthcare MSP engagement, 2024 (via AAM Cyber, LLC)
Additional references available upon request.
AAM cybersecurity specialization¶
I don't just secure drones — I've designed, built, and fielded UAV systems.
Advanced Air Mobility (AAM) security requires practitioners who understand the engineering, not just the vulnerabilities. I bring hands-on experience across the full lifecycle:
| Capability | Evidence |
|---|---|
| UAV Engineering | Designed, built, and fielded operational UAV systems |
| USPTO Patents | Granted patents in UAV payload and delivery architectures |
| RF Threat Detection | TraceLock™ 6-domain correlation (Wi-Fi/BLE/SDR/GPS/ADS-B) — rogue APs, trackers, drone proximity |
| Aviation Credentials | FAA Part 107 certified drone pilot |
| SDR/Wireless | HackRF, RTL-SDR — spectrum analysis and signal intelligence |
| Consulting | AAM Cyber, LLC — cyber-physical security services |
| Military Aviation | USAF aeromedical operations background |
Frequently asked questions¶
What is runtime AI governance?¶
Runtime AI governance enforces policy on autonomous AI agent actions at the moment of execution, not at policy-document time. It classifies every agent action by risk tier, gates dispatch through governance enforcement points, and produces a tamper-evident audit trail. It is the difference between an AI compliance program that exists on paper and one that actually enforces.
How is SDOS different from AI guardrails or AI safety frameworks?¶
Guardrails and most AI safety frameworks are advisory — they recommend behavior. SDOS is enforcement-bearing — agents physically cannot execute actions the policy layer denies. The framework is cataloged in the NIST OLIR catalog as a Trifecta of Draft Informative References against AI RMF 1.0 (Reference ID 212), CSF 2.0 (Reference ID 215), and SP 800-53 Rev 5.2.0 (Reference ID 217).
What does NIST OLIR catalog inclusion mean?¶
The NIST Online Informative References Program is the federal registry of frameworks that map to NIST core standards. Three SDOS Concept Crosswalks are cataloged: SDOS-RuntimeGov-to-AI-RMF-v1.0 (Reference ID 212), SDOS-RuntimeGov-to-CSF-2.0-v1.0 (Reference ID 215), and SDOS-RuntimeGov-to-SP-800-53-Rev-5.2.0-v1.0 (Reference ID 217) — meaning any organization implementing AI RMF, CSF 2.0, or SP 800-53 has a publicly cataloged pathway to a runtime governance layer that enforces, not just advises. OLIR catalog inclusion is an informative reference, not a NIST endorsement of the framework.
Why does AI agent governance matter for regulated organizations?¶
Federal procurement, EU AI Act compliance, and NIST-aligned vendor risk programs all require demonstrable AI risk management. Most AI governance today is policy documents and post-incident reviews. Regulated organizations need controls that operate at the moment AI agents take action — not after. That is the gap SDOS closes, and the gap NIST has now listed against AI RMF 1.0.
What is the risk of deploying AI agents without runtime governance?¶
Autonomous AI agents take actions that affect data, money, infrastructure, and human safety. Without runtime enforcement, agent actions are ungoverned at the moment they occur. Audit becomes forensic — after the fact, after the loss. Runtime governance moves enforcement to the point of decision, so violations are prevented rather than investigated.