Pharns Genece¶
GRC Engineer · Cloud Security · Detection Engineering
I design, implement, and document security controls end-to-end. Not just policies and spreadsheets — the actual technical systems that satisfy auditors. Full-stack GRC: from framework mapping to cloud governance to endpoint hardening, with evidence-ready deliverables.
Targeting: GRC Engineer · Cloud Security Engineer · Detection Engineering · Security Automation
USAF Veteran (service-disabled) · Security Clearance Eligible · Security+/SSCP · B.S. Cybersecurity (Feb 2026)
Production experience¶
USOG — Enterprise Infrastructure (7 Years) Built entire IT security stack from scratch for $5.6M drone logistics company. Implemented CIS Controls v8 (IG1-IG2) mapped to NIST CSF and SOC 2. Self-hosted email, Nextcloud, remote access, security monitoring. 15,000+ vulnerabilities remediated. CIS v8 NIST Production
Healthcare MSP HIPAA + SOC 2 readiness assessment. Identified 12 control gaps, delivered prioritized remediation roadmap with 90-day implementation timeline. HIPAA SOC 2 Healthcare
Financial Services SMB PCI-DSS Windows 11 endpoint hardening. 47 controls mapped to CIS benchmarks, audit-ready evidence pack delivered in <48 hours. PCI-DSS CIS Endpoint
Law Firm Security Comprehensive security assessment and vulnerability remediation. M365 hardening, dark web monitoring, endpoint protection deployment. Assessment M365 Remediation
USOG: Internal infrastructure I built and maintained as CEO/Sysadmin. Client engagements via AAM Cyber, LLC.
Aerospace & Defense Recruiters — Unique AAM/UAS Credentials
I don't just study drone security — I've designed, built, and fielded operational UAV systems.
- CEO of $5.6M drone logistics company (USOG) — 7 years operational experience
- USPTO patents in UAV payload and delivery architectures
- TraceLock™ — Patent-pending RF threat detection platform (Wi-Fi/BLE/SDR/GPS/ADS-B)
- FAA Part 107 certified | HAM/GMRS licensed | 18-year USAF veteran
Few practitioners combine drone operations, RF/SDR expertise, and cybersecurity credentials. View full AAM credentials →
Why hire me for GRC engineering¶
I implement the controls, not just document them. Most GRC professionals write policies and manage spreadsheets. I architect and build the technical systems that satisfy those controls.
Endpoint Compliance¶
Delivered PCI-DSS Windows 11 hardening (BitLocker, GPO, EDR) with a complete evidence pack in <48 hours.
Compliance Automation¶
Deployed GIAP™, an intake platform (n8n, Nextcloud) with RBAC, retention policies, and 100+ framework coverage.
Evidence Pipelines¶
Built audit-grade logging systems with structured schemas and export workflows for cloud and access control data.
Detection & Response¶
Operate a Security Onion + TheHive/Cortex lab to author SIEM rules, tune alerts, and write IR playbooks.
Cloud Governance¶
Designing an AWS Control Pack with S3 default-deny, GuardDuty pipelines, and scoped IAM mapped to CIS/NIST.
AI-Assisted Workflows¶
Use LLM tools for accelerated policy drafting, control mapping, and documentation with rigorous human review.
Bottom line: I design the framework, build the architecture, and deliver audit-ready evidence.
Featured GRC projects¶
PCI-DSS Windows 11 Hardening Complete endpoint hardening with GPO, firewall rules, service lockdown, and evidence pack. Delivered for financial services client in <48 hours. Compliance Hardening Client Work View Case Study
GIAP™ — GRC Automation Platform CISO Assistant + n8n + Nextcloud + SuiteCRM. 100+ frameworks, automated intake workflows, evidence pipelines. GRC Automation Deployed View Case Study
AWS Cloud Control Pack S3 default-deny storage, GuardDuty findings export, scoped IAM with CIS/NIST mapping. Cloud Controls Architecture View Case Study
TraceLock™ — Detection Engineering Evidence-grade wireless monitoring with 6-domain correlation. Demonstrates logging architecture and detection rule authoring. Detection Evidence Python View Project
Secure Intake Portal Nextcloud + n8n + SuiteCRM with RBAC, audit trails, and consent management. Multi-tier access controls. Infrastructure RBAC Deployed View Case Study
Detection & IR Lab Security Onion + TheHive/Cortex. Custom SIEM rules, alert tuning, IR playbooks. SIEM Detection IR View Project
Results at a glance¶
7 years (2017-2024) Production infrastructure security — built enterprise stack from scratch at USOG
CIS v8 IG1-IG2 Framework implementation mapped to NIST CSF and SOC 2
15,000+ issues (2017-2024) Vulnerabilities identified and remediated across production systems over 7 years
<48 hours (Dec 2024) PCI-DSS endpoint hardening with audit-ready evidence pack for financial services client
10 active certifications Security+, Network+, SSCP (Assoc.), ITIL4, ISC² CC, LPI, Project+ → View all
18 years USAF Mission-critical operations, security clearance eligible
Detection engineering & offensive security¶
Current capability: Active detection/IR lab with Security Onion, TheHive/Cortex, custom SIEM rules, and authored detections. TraceLock™ RF/SDR telemetry demonstrates detection engineering fundamentals across 6 wireless domains.
Growth trajectory: CySA+ and PenTest+ scheduled January 2026. Building penetration testing portfolio through lab work and vulnerability assessments.
Why this matters: GRC engineers who understand offensive techniques write better controls. Detection experience informs what to log and monitor.
AI-augmented security engineering¶
I build AI systems, not just use them. CareerOS — the multi-agent system powering my job search — demonstrates production-grade prompt engineering, context management, and workflow orchestration.
What I've built:
- CareerOS — 1,100+ line system prompt with 36-expert advisory panel, structured JSON schemas, multi-model orchestration (Claude, GPT, Gemini)
- GIAP™ — GRC automation with n8n workflows, webhook pipelines, and planned MCP integration for natural language compliance queries
- TraceLock™ — AI-assisted detection tuning and false positive reduction through pattern extraction
Why this matters for security roles:
| Traditional Approach | AI-Augmented Approach |
|---|---|
| Manual SIEM rule authoring | LLM-assisted detection content with human validation |
| Copy-paste policy templates | Structured prompt → consistent, auditable output |
| Spreadsheet control mapping | AI-driven cross-framework mapping at scale |
| Ad-hoc documentation | Living docs generated from structured schemas |
Skills: Prompt Engineering · Multi-Agent Orchestration · Context Management · Structured Output Design · AI-Assisted Code Review · MCP Protocol
Credentials & frameworks¶
Education B.S. Cybersecurity & Information Assurance (WGU) — Feb 2026
10 Active Certifications Security+, Network+, A+, ITIL4, ISC² CC, SSCP (Assoc.), LPI, Project+, CSIS, CIOS
Scheduled Jan 2026 CySA+, PenTest+
Planned Q1 2026 AWS Cloud Practitioner, ISC² CCSP
Framework experience: NIST CSF (PR.AC, PR.DS, DE.CM, RS.AN) · CIS Controls v8 · PCI-DSS v4.0 · SOC 2 · ISO 27001 (foundational)
Licenses: FAA Part 107 · HAM/GMRS · Veteran: USAF, service-disabled
What others say¶
"Pharns delivered a complete compliance package with documentation quality that rivals consultants with twice his experience. His ability to implement technical controls while maintaining audit-ready evidence is rare."
— Security stakeholder, Client engagement via AAM Cyber, LLC
Additional references available upon request.
AAM cybersecurity specialization¶
I don't just secure drones — I've designed, built, and fielded UAV systems.
Advanced Air Mobility (AAM) security requires practitioners who understand the engineering, not just the vulnerabilities. I bring hands-on experience across the full lifecycle:
| Capability | Evidence |
|---|---|
| UAV Engineering | Designed, built, and fielded operational UAV systems |
| USPTO Patents | Granted patents in UAV payload and delivery architectures |
| RF Threat Detection | TraceLock™ 6-domain correlation (Wi-Fi/BLE/SDR/GPS/ADS-B) — rogue APs, trackers, drone proximity |
| Aviation Credentials | FAA Part 107 certified drone pilot |
| SDR/Wireless | HackRF, RTL-SDR, Kismet — spectrum analysis and signal intelligence |
| Consulting | AAM Cyber, LLC — cyber-physical security services |
| Military Aviation | USAF aeromedical operations background |