Skip to content

PHARNS GENECE

GRC Engineer · Cloud Security · Detection Engineering · RF/SDR Security

📧 careers@pharns.com · 🌐 portfolio.pharns.com · 💼 linkedin.com/in/pharns · 📍 Remote (US/EU/International)

PROFESSIONAL SUMMARY

GRC Engineer with 7 years of production infrastructure security experience and a career of mission-critical operations (USAF). I build audit-ready control frameworks, evidence pipelines, and compliance automation—then implement the technical controls, not just document them. Unique combination of GRC discipline, cloud security, detection engineering, and RF/hardware security expertise.

Core Competencies: CIS Controls v8 · NIST CSF · PCI-DSS v4.0 · SOC 2 · HIPAA · ISO 27001 · AWS Security · SIEM/Detection Engineering · RF/SDR Security · Python Automation

PROFESSIONAL EXPERIENCE

AAM Cyber, LLC — Founder & GRC Consultant

2024 – Present · Remote

Security consulting practice delivering compliance automation and GRC engineering for SMBs across regulated industries.

  • Healthcare MSP: Conducted HIPAA + SOC 2 readiness assessment; identified 12 control gaps and delivered prioritized 90-day remediation roadmap
  • Financial Services: Delivered PCI-DSS Windows 11 endpoint hardening with 47 controls mapped to CIS benchmarks; audit-ready evidence pack in <48 hours
  • Law Firm: Comprehensive security assessment including M365 hardening, dark web monitoring deployment, and high-volume vulnerability remediation
  • Built GIAP™: Production GRC automation platform (CISO Assistant + n8n + Nextcloud) with HMAC-secured webhook integrations

USOG — CEO & Systems Administrator

2018 – 2025 · Drone Logistics & Operations

Led $5.6M revenue drone logistics company (18 employees) while serving as hands-on systems administrator. Built entire IT security infrastructure from scratch.

  • Implemented CIS Controls v8 (IG1-IG2) mapped to NIST CSF and SOC 2 trust criteria across all business systems
  • Remediated 15,000+ vulnerabilities identified through continuous scanning over multi-year infrastructure lifecycle
  • Deployed enterprise security stack: Self-hosted email, Nextcloud file storage, VPN remote access, backup systems, dark web monitoring, endpoint protection
  • Maintained audit-ready posture with documented evidence collection, access controls, and compliance configurations
  • Architected, deployed, hardened, and maintained all systems—no delegation; real-world GRC implementation at scale

United States Air Force — Aeromedical Evacuation Technician

1990 – 2007 · Military Career

Flight nurse with mission-critical operations experience in high-pressure environments.

  • Executed life-safety medical operations with strict protocols, documentation, and compliance requirements
  • Maintained security clearance throughout service (eligible for reinstatement)
  • Developed disciplined execution and audit culture applicable to cybersecurity operations
  • Service-disabled veteran status

MiraCosta College — Adjunct Educator

UAS/Drone Technology

Taught drone technology courses demonstrating technical communication skills and aviation systems expertise.

TECHNICAL SKILLS

Category Technologies & Frameworks
GRC Frameworks NIST CSF · CIS Controls v8 · PCI-DSS v4.0 · SOC 2 · HIPAA · ISO 27001 · FedRAMP (foundational)
Cloud Security AWS (IAM, S3, GuardDuty, CloudTrail, Security Hub) · Policy-as-Code · Terraform
Detection & IR Security Onion · Wazuh · TheHive/Cortex · Sigma Rules · Suricata · Zeek · Alert Tuning
Automation Python · n8n · CISO Assistant · Evidence Pipelines · Shell Scripting
RF/Wireless RTL-SDR · HackRF · Kismet · Bluetooth/BLE · Wi-Fi · ADS-B · GPS
Infrastructure Proxmox · Nextcloud · Nginx · Docker · Linux Administration

CERTIFICATIONS

Active (10)

  • CompTIA Security+ (SY0-601)
  • CompTIA Network+ (N10-008)
  • CompTIA A+ (220-1101/1102)
  • CompTIA Project+
  • ISC² Certified in Cybersecurity (CC)
  • ISC² SSCP (Associate)
  • ITIL 4 Foundation
  • LPI Linux Essentials
  • CSIS · CIOS

Scheduled (January 2026)

  • CompTIA CySA+
  • CompTIA PenTest+

Planned (Q1 2026)

  • AWS Cloud Practitioner
  • ISC² CCSP

Licenses

  • FAA Part 107 Remote Pilot
  • FCC Amateur Radio (HAM)
  • FCC GMRS

EDUCATION

Bachelor of Science, Cybersecurity & Information Assurance Western Governors University · Expected February 2026 - Capstone: TraceLock™ — Patent-pending RF threat detection system

KEY PROJECTS

TraceLock™ — RF Threat Detection Platform (Patent Pending)

Multi-domain wireless monitoring system detecting threats across Wi-Fi, Bluetooth, SDR, GPS, and ADS-B simultaneously. - Technical: 25 Python modules, 81 shell scripts, ~12,500 LOC - Architecture: 8-component sensor array with centralized processing and evidence-grade logging

GIAP™ — Governance Intake Automation Platform

End-to-end GRC automation with multi-framework support and audit-ready evidence generation. - Stack: Portal + n8n + Nextcloud + SuiteCRM + CISO Assistant - Status: Production MVP with 4 operational workflows and HMAC webhook security

Detection & IR Lab

Functional SOC environment with custom detection content and documented response procedures. - Tools: Security Onion SIEM, TheHive case management, Cortex enrichment - Output: 12 custom Sigma-style rules (~20% FP reduction), 8 IR playbooks

AgenticOS — AI Agent Orchestration (Open Source)

Deterministic AI orchestration framework with audit-grade logging and explainable routing. - Codebase: 6,361 lines Python, 72 health checks, 4 provider integrations - GitHub: github.com/Pharns/AgenticOS

ADDITIONAL INFORMATION

  • Citizenship: US Citizen
  • Clearance: Eligible (USAF veteran, service-disabled)
  • Work Authorization: No sponsorship required for US positions; visa sponsorship required for international relocation
  • Availability: February 2026
  • Work Style: Remote-first with async collaboration experience across US/EU/LatAm time zones
  • Patents: USPTO grants in UAV payload and delivery systems

References available upon request