Zachary Ross · Security-Focused Infrastructure Engineer
Frederick, MD · DC Metro · Remote  ·  Defense Industrial Base · Est. 2009

One operator.
Every layer of the stack.

The fiber in the wall.The 100GbE fabric.The identity perimeter.The compute platform.The SIEM that sees it.The 110 controls.The models on the GPU.

From the fiber in the wall to the model on the GPU — one accountable person across the span. CMMC Level 2 · GCC High · SIEM & DFIR, documented like evidence.

Commercial engagements — assessments, managed infrastructure, CMMC programs — run through DATAROSS.
0-nodeencrypted WireGuard mesh, operated 24/7
0NIST SP 800-171 controls mapped & deployed
0+Windows endpoints instrumented (Sysmon + NXLog)
0 yrson the record — 2009 to present
The operator stack

Seven layers. One engineer.

Tap a layer. The green signal riding the rail is the point — one request, fiber to model, one pair of hands.

Schedule of Capabilities · Detail A

Six disciplines. Each one hands-on.

Flip any card for the proof.

NIST SP 800-171CMMC Level 2hover / tap → the proof
THE PROOF

Control mapping across all 110 requirements, SSP and POA&M development, technical control deployment, and SIEM-driven evidence collection.

Microsoft 365GCC High Administrationhover / tap → the proof
THE PROOF

Tenant administration in the U.S. sovereign cloud — Exchange Online, identity, retention and compliance configuration supporting CUI handling.

100GbE · 802.1XNetwork Architecturehover / tap → the proof
THE PROOF

Spine-leaf cores, MLAG/VLT distribution, dual-WAN HA edge, RADIUS-backed port authentication — and the physical plant beneath it.

Proxmox · CephVirtualization & Storagehover / tap → the proof
THE PROOF

VMware-exit migrations onto Proxmox VE with Ceph clustering — licensing spend cut ~60% while sustaining 99.9% availability.

SIEM · DFIRSecurity Operationshover / tap → the proof
THE PROOF

Graylog SIEM engineering, Sysmon + NXLog fleet telemetry, and digital forensics with full chain-of-custody when it matters.

vLLM · GPUSelf-Hosted AIhover / tap → the proof
THE PROOF

Local inference infrastructure — GPU passthrough on Proxmox, vLLM model serving, multi-model orchestration. Your data stays home.

Cause → effect

Five vendors — or one signature.

Five contracts — or one signature. Flip it.

Cabling co. "not our layer" Network VAR "check with the MSP" General MSP "opening a ticket" Compliance firm "send us screenshots" AI vendor "your data, our cloud" FOUR HANDOFFS · FIVE INVOICES · ZERO SINGLE OWNERS ONE OPERATOR fiber · network · identity · compute · secops · compliance · AI L1 ── L2/L3 ── IDENTITY ── COMPUTE ── DETECT ── GOVERN ── MODEL ONE SIGNATURE · ONE TIMELINE · ONE ACCOUNTABLE ANSWER EVERY HANDOFF REMOVED IS A FAILURE MODE REMOVED
“Who owns the outage?”Five vendors, five tickets, five versions of the story.
“How long to trace a change?”As long as the longest email chain.
Technologies · Detail T

Run hands-on. Not subcontracted.

Operated directly, in production — no aspirational logos.

Proxmox VEProxmox VE
WireGuardWireGuard
GraylogGraylog
WazuhWazuh
SonicWallSonicWall
DellDell
MongoDBMongoDB
OpenVPNOpenVPN
KeycloakKeycloak
VaultwardenVaultwarden
AnsibleAnsible
DockerDocker
NginxNginx
Fail2banFail2ban
iptablesiptables
Let's EncryptLet's Encrypt
Pi-holePi-hole
Uptime KumaUptime Kuma
CloudflareCloudflare
Microsoft 365Microsoft 365
CMMC
Level 2
NIST
800-171
LLM
Local models
Revision History · Detail B

A career recorded like drawings: 2009 → present.

Select a node. Pulsing markers are active revisions.

General Notes — SMART-E · Detail C

The framework applied to every environment.

Six standing rules, with the CIA triad as the basis of design.

SN1
Strengthen · Speak · Sustain

MFA everywhere, documentation as a deliverable, open reporting and continuous reinforcement.

MN2
Monitor · Mindset · Mitigate

Centralized SIEM logging with real-time alerting, zero-trust assumptions, tested backups and rehearsed response.

AN3
Assess · Audit · Assure

Risk and supply-chain assessment, controls validated against the standard, demonstrable integrity.

RN4
Risk · Review · Reevaluate

Identify threats, measure business impact, adjust as the intelligence changes.

TN5
Timely Patch · Tightly Secure · Trim Privileges

Rapid patching across OS, app, and firmware; encryption in transit and at rest; least privilege, reviewed.

EN6
Ethics · Education · Evolution

Privacy honored, teams trained, controls that evolve with the threat instead of aging in a binder.

Mutual care

Serving clients and colleagues well serves a purpose larger than the invoice.

Matthew 25:40
The golden rule

Every client and teammate is treated the way I'd want to be — in pricing, honesty, and follow-through.

Luke 6:31
Honest counsel

Sometimes the right answer is “change nothing.” You'll hear what you need to, not what closes the deal.

Proverbs 27:6
Your interests first

Recommendations serve your outcome, even at less revenue. Trust outlasts any transaction.

Philippians 2:3-4
Issued for Engagement · Detail E

Contact & routing.

Direct line below.

Commercial engagements — assessments, managed infrastructure, CMMC programs — run through DATAROSS: engagement models, documented outcomes, the open-source catalog, and the live operational infrastructure.

dataross.com ↗
TITLE BLOCK — PROFESSIONAL RECORD
ProjectZachary Ross — Professional Record
Dwg No.ZR-AB-2026
Rev6 · As-Built
SupersedesRev 5
DrawnZ. Ross
Date2026-07
Sheet1 of 1 · NTS
v6 · Jul 2026