> jn0xa

I've spent the last decade doing penetration testing, red teaming, and building offensive security programs from the ground up. These days I lead teams and own the strategy, but I stay close to the technical work because that's what makes the leadership credible. I care a lot about developing the people on my teams and creating an environment where strong practitioners actually want to stay. Right now I'm thinking hard about where Agentic AI fits into offensive security and what it changes for defenders.

1. Manager, Threat Team

   07/2022 to Present
   Tevora Business Solutions, Inc, Fairfax, VA
   • - Manage a team of 5 and a rotating bench of 2-3 interns per cycle, handling everything from pre-sales and enagement delivery to career development.
   • - Act as a direct advisor to client CISOs and security leadership, turning complex findings into clear remediation roadmaps that fit their risk tolerance and business context.
   • - 2x President's Club Award winner for consistently exceeding revenue goals; team is currently past $9.2M annually.
   • - Built out an Agentic AI testing practice using Claude Code, Gemini-CLI, and Shannon AI that has caught logic flaws and zero-days that both manual review and traditional scanners missed.
   • - Served as technical lead for the firm's FedRAMP 3PAO certification and ran cloud penetration tests for CSPs working toward FedRAMP Authorization.
   • - Kept team turnover near zero by building individual development paths; several engineers have gone on to earn OSWE and other advanced certifications.

2. Information Security Consultant

   03/2020 to 07/2022
   Tevora Business Solutions, Inc, Fairfax, VA
   • - Ran penetration tests and vulnerability assessments across network, web application, and cloud environments for clients in regulated industries.
   • - Covered internal and external testing as well as PCI-DSS scoped assessments.
   • - Wrote executive and technical reports that gave clients a clear picture of risk and a concrete path to fix it.

3. Cyber Security Engineer

   01/2016 to 03/2020
   State Corporation Commission, Richmond, VA
   • - Rebuilt the Vulnerability Management program to focus on validated, known-exploitable findings first, using Rapid7 InsightVM and AppSpider Enterprise to track and report risk to leadership.
   • - Led security for the Office 365/ADFS cloud migration, covering Exchange Online, Office Online, and SharePoint Online.
   • - Wrote Windows and Windows Server hardening standards based on DoD STIGs.
   • - Attended Black Hat 2017 and 2019 for hands-on training in red team techniques and cloud exploitation.

4. Systems Analyst II, Risk and Security

   06/2013 to 01/2016
   Virginia Premier Health Plan, Inc., Richmond, VA
   • - Helped stand up a security and risk program that was early-stage, writing SOPs and putting basic controls in place.
   • - Built a monthly patch management process for servers and launched a Security Awareness program with annual training, monthly newsletters, and quarterly contests.
   • - Deployed a SIEM to consolidate event logging and cut incident response time.