Zachary Ross · Security-Focused Infrastructure Engineer
Frederick, MD · DC Metro · Remote  ·  Defense Industrial Base · Est. 2009

One operator.
Every layer of the stack.

From the fiber in the wall to the model on the GPU — one accountable person across the span. CMMC Level 2 · GCC High · SIEM & DFIR, documented like evidence.

Commercial engagements — assessments, managed infrastructure, CMMC programs — run through DATAROSS.
0-nodeencrypted WireGuard mesh, operated 24/7
0NIST SP 800-171 controls mapped & deployed
0+Windows endpoints instrumented (Sysmon + NXLog)
0 yrson the record — 2009 to present
The operator stack

Seven layers. One engineer.

Tap a layer. The green signal riding the rail is the point — one request, fiber to model, one pair of hands.

Schedule of Capabilities · Detail A

Six disciplines. Each one hands-on.

Flip any card for the proof.

NIST SP 800-171CMMC Level 2hover / tap → the proof
THE PROOF

Control mapping across all 110 requirements, SSP and POA&M development, technical control deployment, and SIEM-driven evidence collection.

Microsoft 365GCC High Administrationhover / tap → the proof
THE PROOF

Tenant administration in the U.S. sovereign cloud — Exchange Online, identity, retention and compliance configuration supporting CUI handling.

100GbE · 802.1XNetwork Architecturehover / tap → the proof
THE PROOF

Spine-leaf cores, MLAG/VLT distribution, dual-WAN HA edge, RADIUS-backed port authentication — and the physical plant beneath it.

Proxmox · CephVirtualization & Storagehover / tap → the proof
THE PROOF

VMware-exit migrations onto Proxmox VE with Ceph clustering — licensing spend cut ~60% while sustaining 99.9% availability.

SIEM · DFIRSecurity Operationshover / tap → the proof
THE PROOF

Graylog SIEM engineering, Sysmon + NXLog fleet telemetry, and digital forensics with full chain-of-custody when it matters.

vLLM · GPUSelf-Hosted AIhover / tap → the proof
THE PROOF

Local inference infrastructure — GPU passthrough on Proxmox, vLLM model serving, multi-model orchestration. Your data stays home.

Cause → effect

Five vendors — or one signature.

Five contracts — or one signature. Flip it.

Cabling co. "not our layer" Network VAR "check with the MSP" General MSP "opening a ticket" Compliance firm "send us screenshots" AI vendor "your data, our cloud" FOUR HANDOFFS · FIVE INVOICES · ZERO SINGLE OWNERS ONE OPERATOR fiber · network · identity · compute · secops · compliance · AI L1 ── L2/L3 ── IDENTITY ── COMPUTE ── DETECT ── GOVERN ── MODEL ONE SIGNATURE · ONE TIMELINE · ONE ACCOUNTABLE ANSWER EVERY HANDOFF REMOVED IS A FAILURE MODE REMOVED
“Who owns the outage?”Five vendors, five tickets, five versions of the story.
“How long to trace a change?”As long as the longest email chain.
Technologies · Detail T

Run hands-on. Not subcontracted.

Operated directly, in production — no aspirational logos.

Proxmox VEProxmox VE
WireGuardWireGuard
GraylogGraylog
WazuhWazuh
SonicWallSonicWall
DellDell
MongoDBMongoDB
OpenVPNOpenVPN
KeycloakKeycloak
VaultwardenVaultwarden
AnsibleAnsible
DockerDocker
NginxNginx
Fail2banFail2ban
iptablesiptables
Let's EncryptLet's Encrypt
Pi-holePi-hole
Uptime KumaUptime Kuma
CloudflareCloudflare
Microsoft 365Microsoft 365
CMMC
Level 2
NIST
800-171
LLM
Local models
Revision History · Detail B

A career recorded like drawings: 2009 → present.

Select a node. Pulsing markers are active revisions.

General Notes — SMART-E · Detail C

The framework applied to every environment.

Six standing rules, with the CIA triad as the basis of design.

SN1
Strengthen · Speak · Sustain

MFA everywhere, documentation as a deliverable, open reporting and continuous reinforcement.

MN2
Monitor · Mindset · Mitigate

Centralized SIEM logging with real-time alerting, zero-trust assumptions, tested backups and rehearsed response.

AN3
Assess · Audit · Assure

Risk and supply-chain assessment, controls validated against the standard, demonstrable integrity.

RN4
Risk · Review · Reevaluate

Identify threats, measure business impact, adjust as the intelligence changes.

TN5
Timely Patch · Tightly Secure · Trim Privileges

Rapid patching across OS, app, and firmware; encryption in transit and at rest; least privilege, reviewed.

EN6
Ethics · Education · Evolution

Privacy honored, teams trained, controls that evolve with the threat instead of aging in a binder.

Mutual care

Serving clients and colleagues well serves a purpose larger than the invoice.

Matthew 25:40
The golden rule

Every client and teammate is treated the way I'd want to be — in pricing, honesty, and follow-through.

Luke 6:31
Honest counsel

Sometimes the right answer is “change nothing.” You'll hear what you need to, not what closes the deal.

Proverbs 27:6
Your interests first

Recommendations serve your outcome, even at less revenue. Trust outlasts any transaction.

Philippians 2:3-4
Issued for Engagement · Detail E

Contact & routing.

Direct line below.

Commercial engagements — assessments, managed infrastructure, CMMC programs — run through DATAROSS: engagement models, documented outcomes, the open-source catalog, and the live operational infrastructure.

dataross.com ↗
TITLE BLOCK — PROFESSIONAL RECORD
ProjectZachary Ross — Professional Record
Dwg No.ZR-AB-2026
Rev5 · As-Built
SupersedesRev 4
DrawnZ. Ross
Date2026-07
Sheet1 of 1 · NTS
v5 · Jul 2026