Zachary Ross · Security-Focused Infrastructure EngineerFrederick, MD · DC Metro · RemoteDefense Industrial Base · Est. 2009
One operator. Every layer of the stack.
From the fiber in the wall to the model on the GPU. Most engineers hold one or two
layers — the rare value is the span, and a single accountable person who carries all of it.
CMMC Level 2, Microsoft 365 GCC High, SIEM and digital forensics, documented
like evidence, because in this industry it is.
Seven layers, one engineer. The differentiator isn't any single layer — it's that the same
person who terminates the fiber also maps the controls and serves the models. Tap any layer.
A
Schedule of Capabilities
Detail A · Six Disciplines
The same span, listed flat. Each of these is run hands-on, not subcontracted.
NIST SP 800-171
CMMC Level 2
Control mapping across all 110 requirements, SSP and POA&M development, technical control deployment, and SIEM-driven evidence collection built for assessment day.
Microsoft 365
GCC High Administration
Tenant administration in the U.S. sovereign cloud — Exchange Online, identity, retention and compliance configuration supporting CUI handling requirements.
100GbE · 802.1X
Network Architecture
Spine-leaf cores, MLAG/VLT distribution, dual-WAN HA edge, RADIUS-backed port authentication — and the physical plant underneath, built by hand.
Proxmox · Ceph
Virtualization & Storage
VMware-exit migrations onto Proxmox VE with Ceph clustering. Open-source platforms that cut licensing spend ~60% without giving up HA or uptime.
SIEM · DFIR
Security Operations
Graylog SIEM engineering, Sysmon + NXLog fleet telemetry, and digital forensics with full chain-of-custody when it matters in court.
vLLM · GPU
Self-Hosted AI
Local inference infrastructure — GPU passthrough on Proxmox, vLLM model serving, multi-model orchestration. Your data stays on your hardware.
T
Technologies
Detail T · Run Hands-On
The named software behind the capabilities — each one operated directly, not subcontracted out.
Proxmox VE
WireGuard
Graylog
Wazuh
SonicWall
Dell
MongoDB
OpenVPN
Keycloak
Vaultwarden
Ansible
Docker
Nginx
Fail2ban
iptables
Let's Encrypt
Pi-hole
UptimeKuma
Cloudflare
Microsoft 365
CMMC
NIST 800-171
Local LLMs
B
Revision History
Detail B · 2009 → Present
A career recorded the way drawings are: each revision builds on the last, and
the current state carries everything beneath it. ▲ marks active revisions.
Ecurrent
2023.09 — PRESENT
Founder & Principal
DATAROSS IT · Frederick, MD
Independent MSP serving SMB and defense-adjacent clients — managed infrastructure and network build from structured cabling through firewall HA, on an open-source stack with no vendor lock-in.
Operate a 75-node encrypted WireGuard mesh with 24/7 monitoring (UptimeKuma, Graylog, Wazuh) and AI-assisted operations.
Build self-hosted AI inference infrastructure — Proxmox GPU passthrough, vLLM serving, multi-model orchestration — at 70–80% below equivalent cloud inference cost for sustained workloads.
Develop CMMC implementation tooling: a browser-based compliance workflow editor and automated evidence collection mapped to NIST SP 800-171.
MSPWireGuard MeshSelf-Hosted AICMMC Tooling
Dcurrent
2023.03 — PRESENT
Cyber Security Engineer / Analyst
Herrick Technology Laboratories · Defense R&D
Lead CMMC Level 2 (NIST SP 800-171 Rev 2) implementation — control mapping, technical control deployment, policy development, and SIEM-driven evidence collection.
Administer the Microsoft 365 GCC High tenant: Exchange Online, identity, retention and compliance configuration supporting CUI handling requirements.
Designed and operate the enterprise SIEM — Graylog 5.x on an Elasticsearch backend with MongoDB replica sets — with custom parsing and correlation rules.
Built fleet endpoint telemetry: Sysmon + NXLog, MSI-packaged, deployed to 300+ Windows 10/11 endpoints.
Architected the VMware vSphere → Proxmox VE migration with Ceph clustering; cut virtualization licensing spend ~60% while sustaining 99.9% availability.
Conduct digital forensics investigations (SANS SIFT, full chain-of-custody); findings have supported successful legal outcomes.
Support recurring independent third-party security assessments and penetration testing.
CMMC L2GCC HighSIEMDFIRInfiniBand
C
2020.06 — 2023.03
Network Design Engineer
Herrick Technology Laboratories
Rebuilt the enterprise network supporting 1,000+ devices and 300+ research users: Dell S5248F-ON 100GbE spine-leaf core, 10GbE MLAG/VLT distribution, dual-WAN edge on a SonicWall NSA 6700 HA pair.
Deployed wired 802.1X authentication — FreeRADIUS with MySQL backend and a custom web management interface.
Segmented corporate, guest, and lab wireless (Cisco WLC 9800-CL) with full Layer 2 isolation and dedicated VLANs.
Implemented Veeam Backup & Replication with an LTO-9 tape autoloader (400 TB) as the offline backup tier.
Performed the physical build: Cat6A and OM4 fiber plant, UPS power distribution, facility grounding.
Administered a Check Point firewall cluster, centralized syslog architecture, PRTG monitoring, and Citrix VDI with NetScaler load balancing.
PCI DSSCheck PointCitrix
A
2009.08 — 2014.08
IT Intern → Associate Systems Engineer
Invitrogen / Life Technologies / Thermo Fisher Scientific
Started as a high-school work-study intern — commuting by bicycle — supporting enterprise IT for biotechnology research.
Grew into systems work across the Dell PowerEdge fleet and lab instrumentation networking (PCR thermal cyclers, gel imaging, laboratory robotics), maintaining continuity through three corporate acquisitions.
OriginLab Systems3 Acquisitions
Where the record starts. Everything above was built on this.
C
General Notes — SMART-E
Detail C · Applied to Every Environment
The operating framework behind the work — six disciplines applied to every
environment under management, with the CIA triad as the basis of design.
S — Strengthen · Speak · Sustain
MFA everywhere, documentation as a deliverable, open reporting and continuous reinforcement.
M — Monitor · Mindset · Mitigate
Centralized SIEM logging with real-time alerting, zero-trust assumptions, tested backups and rehearsed response.
A — Assess · Audit · Assure
Risk and supply-chain assessment, controls validated against the standard, demonstrable integrity.
R — Risk · Review · Reevaluate
Identify threats, measure business impact, adjust as the intelligence changes.
T — Timely Patch · Tightly Secure · Trim Privileges
Rapid patching across OS, app, and firmware; encryption in transit and at rest; least privilege, reviewed.
E — Ethics · Education · Evolution
Privacy honored, teams trained, controls that evolve with the threat instead of aging in a binder.
Mutual care
Serving clients and colleagues well serves a purpose larger than the invoice.
Matthew 25:40
The golden rule
Every client and teammate is treated the way I'd want to be — in pricing, honesty, and follow-through.
Luke 6:31
Honest counsel
Sometimes the right answer is "change nothing." You'll hear what you need to, not what closes the deal.
Proverbs 27:6
Your interests first
Recommendations serve your outcome, even at less revenue. Trust outlasts any transaction.
Philippians 2:3-4
E
Issued for Engagement
Detail E · Contact & Routing
Direct line below. Commercial engagements — assessments, managed infrastructure,
CMMC programs — run through DATAROSS.
Herrick Technology Laboratories · Defense R&D