About

A small, senior team that builds, secures, and operates technology end to end.

Llab Technologies exists to close the gap between software engineering and security — two disciplines most teams treat as separate, but that adversaries treat as one surface. AI capabilities live inside both, where they actually belong.

16
Certifications
DoD
Background
2
Practices
1
Senior team
Leo · Founder & Principal Architect

Security · AI · Software

Founded by Leo, a Principal Architect whose career spans three chapters: a Cyber Defense Warrant Officer (MOS 255S Information Protection Technician) in the U.S. Army Reserve; Infrastructure & Security Operations Lead at a California county sheriff’s office (911 / CAD / RMS / JMS / CJIS / mobile fleet / emergency services); and Principal Architect running SOC, SOAR, Zero Trust, application security, cloud security, AI security, and agentic AI workflows for a corporate insurance carrier under NYDFS, SOC 2, and ISO 27001. Hands-on practitioner who bridges strategy and execution — translating complex problems into clear actions and measurable controls.

Practice areas
Zero Trust
Cloud Sec
Detection
Identity
AI Audits
AI Workflows
Flagship certifications
CISSP
GSLC
GDSA
GCSA
Full credentials list below ↓

Our principles

  • Senior, hands-on, always
    The people who design the work also build it. No handoffs to outside vendors.
  • Personal & confidential
    Every engagement is treated with discretion. We take on a limited number of clients per quarter.
  • Two disciplines, one team
    Software and security under one roof — with AI woven into both, because the problems don’t respect those boundaries.
  • Honest about fit
    We tell you what we'd do, what we wouldn't, and when you should hire someone else.
Background

Three chapters, one practitioner.

The work spans deep service across the military, public safety, and the corporate security architecture function. Each chapter shaped a different muscle — together they cover the surface most engagements actually run on.

U.S. Army Reserve

Cyber Defense Warrant Officer · MOS 255S Information Protection Technician
  • Plan, oversee, and execute the Department of Defense Information Network (DODIN) protection mission
  • Lead Defensive Cyberspace Operations (DCO), incident response, and digital forensics for military networks
  • Manage Information Assurance and Risk Management Framework (RMF) programs
  • Oversee Communications Security (COMSEC), Information Security (INFOSEC), and Operations Security (OPSEC) for mission-critical systems
  • Implement and enforce DOD STIGs; conduct vulnerability assessments and security audits
  • Lead NCOs and Soldiers across Garrison and Tactical cyber exercises; coordinate with joint cyber organizations

California county sheriff’s office

Infrastructure & Security Operations Lead
  • 911 Call Center and Computer-Aided Dispatch (CAD) architecture for emergency response
  • Jail Management (JMS), Records Management (RMS), and law-enforcement systems under CJIS
  • Mobile vehicle connectivity for patrol fleet; emergency services / EMS technology; AV and audio systems
  • Data center, IoT, and infrastructure for the County Emergency Operations Center, built from the ground up
  • Enterprise-scale endpoint deployment across multiple branch offices and data centers
  • Led Infrastructure Engineers and Helpdesk Technicians; major migrations (Sentinel One → CrowdStrike, Novell → AD → Azure AD, GroupWise → Exchange Online)

U.S. corporate insurance carrier

Principal Architect
  • Security architecture: Zero Trust, application security, cloud security, network architecture
  • AI security, AI workflow governance, agentic SOC and agentic application-security workflows
  • SOC leadership, SOAR engineering, network engineering across a multi-team organization
  • SIEM, SOAR, EDR, Purple Teaming with MITRE ATT&CK and Atomic Red Team
  • B2C identity-provider integration, CIAM, 802.1X network access control
  • CDN and Cloudflare implementation; data-center and cloud failover architecture; automation
  • NYDFS 23 NYCRR 500, SOC 2, ISO 27001, NIST CSF compliance; senior leadership consultation
Graduate · in progress
M.S., Information Security Engineering
SANS Technology Institute
Continuing
Applied AI
Purdue University
Undergraduate
B.S., Network & Security Operations
Western Governors University
Where we work

Cary, NC headquarters. Nationwide remote.

A single Cary-registered LLC. We serve the Triangle, Northern Virginia, and Washington DC in person where it matters — and work with clients nationwide remotely. No satellite offices, no franchise model.

Headquarters
Cary, North Carolina
Triangle: Raleigh, Cary, Durham, RTP, Chapel Hill
Service area
Northern Virginia
Fairfax, Arlington, Alexandria, Tysons, Reston
Service area
Washington DC
Federal & executive-protection corridor
Remote
Nationwide
U.S.-touching engagements; select international
Selected projects

Things shipped, by theme.

A non-exhaustive list of work delivered across the corporate security architecture function. Each phase built on the last — from core hygiene to enterprise-scale modernization.

Foundation & core security engineering

  • Standardized and deployed Palo Alto firewall logging (Common Event Log) to improve SIEM ingestion and SOC visibility.
  • Large-scale firewall policy hygiene — identified and removed ~160 unused or risky security policies.
  • Implemented global deny controls using Palo Alto Threat Intelligence to block known malicious and high-risk IP ranges.
  • Reduced external attack surface by closing inbound internet access to QA and test environments.
  • Primary security escalation for firewall, network, and identity-related incidents.
  • Hands-on engineering support across core security tooling with rapid adoption of new platforms.

Zero Trust, identity, and security-stack integration

  • Deployed Prisma Access VPN with Azure AD (Entra ID) SAML authentication to modernize remote access.
  • Designed and began implementation of ZTNA policies using Palo Alto User-ID and App-ID.
  • Identified and remediated identity duplication issues between on-prem AD and Azure AD.
  • Integrated multiple security platforms (Wiz, Veracode, Qualys, Chronicle, Obsidian, Ninja) via SSO.
  • Built an Azure Logic App to integrate Wiz IO findings into the Azure DevOps Enterprise Risk Registry.
  • Tier-3 incident support across infrastructure and security domains while progressing through the SANS graduate program.

Enterprise security architecture & network control

  • Designed and deployed Google Chronicle SIEM and SOAR, replacing legacy security monitoring platforms.
  • Integrated Chronicle with Azure, Exchange, EDR, CSPM, and network telemetry sources.
  • Designed and implemented enterprise-wide 802.1X Network Access Control to address penetration test findings.
  • Documented NAC architecture and configurations and trained engineering and support teams without formal PM support.
  • Enforced cloud-first identity standards — all new applications adopted Entra ID with SAML SSO.

Enterprise architecture, cloud modernization & enablement

  • Completed Azure network modernization architecture (vWAN/vHub) — implementation-ready design.
  • Assumed ownership of the network technology portfolio during leadership gaps and restructured work into Agile epics and features.
  • Drove enterprise-wide SD-WAN deployment to completion after a multi-year stalled rollout.
  • Designed Corelight packet-capture architecture at the switching core to enhance network detection visibility.
  • Transformed Azure API Management from open internet exposure to whitelist-based trusted access.
  • Enabled secure SaaS adoption for telephony systems, Zendesk, Snowflake, GitHub Copilot, Repos, and Codes.
  • Implemented Snowflake Private Endpoints to eliminate public data traversal.
  • Integrated Chronicle SOAR with identity, email, EDR, CSPM, and network controls; authored detection playbooks and SOPs.
  • Built infrastructure to unblock IT automation, enabling ADP-to-Active Directory synchronization and executive dashboards.
  • Supported Snyk proof-of-concept to replace Veracode and modernize application security tooling.
  • Supported zero-day response for supply-chain and package-manager compromises (e.g., npm).
  • Formed the Infrastructure Architecture Review Board to establish governance and escalation paths.
  • Authored Zero Trust journeys, IAM how-to guides, SOPs, and architectural documentation.
Credentials

Active certifications.

The certifications below are current and verifiable directly with each issuing body. Certificate numbers are available on request.

ISC2
  • CISSP — Certified Information Systems Security Professional
The vendor-neutral, gold-standard infosec credential covering security architecture, engineering, and program management.
SANS Institute · GIAC
  • GSLC — Security Leadership
  • GSTRT — Strategic Planning, Policy & Leadership
  • GDSA — Defensible Security Architecture
  • GCSA — Cloud Security Automation
  • GREM — Reverse Engineering Malware
  • GPEN — Penetration Tester
  • GCIH — Certified Incident Handler
  • GCIA — Certified Intrusion Analyst
  • GSNA — Systems and Network Auditor
  • GCWN — Certified Windows Security Administrator
  • GSEC — Security Essentials
  • SSAP — SANS Security Awareness Professional
Also: GIAC Advisory Board member — an invitation-only forum extended to GIAC-certified professionals who demonstrate exemplary exam performance.
CompTIA
  • SecurityX — advanced enterprise security architecture
  • A+ — IT support fundamentals
  • Project+ — project management

We take on a limited number of engagements.

It's how we make sure every client gets the senior attention they deserve.

Start a conversation →