root@rootreap3r_
$ whoami --verbose [ok] target identified

RootReap3r.

Security Engineer — 10+ years across nuclear C2, SAP/TEMPEST, and federal cloud environments, now focused on LLM red-teaming and AI misuse detection: MITRE ATT&CK-mapped attack engines, RAG/MCP exploitation research, and Python-driven detection tooling
TS/SCI Active Clearance 10+ yrs DoD & AI Security M.S. AI Candidate — Georgia Tech
scope of work

Focus areas

ADVERSARIAL

Nation-state TTP attack engine

Built a red team engine auto-generating live attack scenarios from nation-state TTPs via MITRE ATT&CK/ATLAS, compressing adversary emulation cycles from weeks to hours.

PROTOCOL

RAG & MCP exploitation research

Red-teamed multi-modal RAG pipelines and MCP exploitation chains on nuclear-classified infrastructure; hardened findings into enforceable governance controls.

RESEARCH

TS/SAP vulnerability discovery

Surfaced previously unknown TS/SAP vulnerabilities through adversarial analysis beyond automated tooling, converting findings into IR tabletop scenarios to close gaps before nation-state exploitation.

GOVERNANCE

NC3 / nuclear ATO authorship

Authored ATO packages (~2,500 controls, SCTMs, SSPs) as Lead ISSO for Sentinel and Nuclear Command & Control programs. Performed 2,730 adversary-informed Security Impact Assessments, correlating 524 ACAS scans and 476 audits.

track record

Experience

Oct 2022 — Present

Senior Cybersecurity Engineer · Accenture Federal Services

Built a red team engine auto-generating live attack scenarios from nation-state TTPs via MITRE ATT&CK/ATLAS, compressing adversary emulation cycles from weeks to hours. Red-teamed multi-modal RAG pipelines and MCP exploitation chains on nuclear-classified infrastructure. Performed 2,730 adversary-informed Security Impact Assessments across unclassified/Secret/TS-SAP environments, correlating 524 ACAS scans and 476 audits. Authored ATO packages (~2,500 controls, SCTMs, SSPs) as Lead ISSO for Sentinel and Nuclear Command & Control programs.

Oct 2020 — Oct 2022

Security Program Manager · DS&S

Directed personnel, physical, information, cyber, and operations security programs from the ground up across SCIF/vault operations and classified courier. Owned security for $43M SAP/TEMPEST facilities safeguarding 2,350+ AFNWC personnel and Restricted Data nuclear weapon design assets, with zero attributable incidents.

Mar 2019 — Oct 2020

Cybersecurity Automation Lead · Sebastian Tech Solutions (DISA)

Built SOAR automation and scripting for triage, remediation, and access provisioning across DISA — White House, Pentagon, 7th Fleet.

Apr 2018 — Mar 2019

Cybersecurity Incident Response Lead · Netflix

Investigated 900+ compromised accounts and dismantled credential-stuffing campaigns via IP correlation and behavioral fingerprinting, converted into SIEM detection signatures.

Mar 2015 — Jun 2018

Cybersecurity Incident Response Lead · Results Company

Conducted root-cause analysis and dwell-time elimination across firmware, OS, application, Windows, Linux, and network layers.

builds

Projects

PHANTOM

AI-Powered Active Defense & Threat-Hunting Platform

Multi-source detection engine (Windows Event Logs, Sysmon, Linux auditd, PCAP/Zeek) with 20 behavioral signatures (Cobalt Strike, Sliver, Metasploit, Mimikatz, BloodHound) and ML-based jittered-beacon detection via inter-arrival timing analysis. Passive attacker-attribution pipeline (IP/ASN/JA3 fingerprinting, AbuseIPDB/ThreatFox/VirusTotal/Shodan cross-referencing) with kill-chain reconstruction and automated STIX 2.1/IOC reporting for FBI/CISA submission.

recon-sweep

LLM Safety-Evaluation Harness

Falsifiable LLM safety-evaluation harness — canary-based extraction/PII/injection detection gates scored via LLM-judge quorum (precision/recall/F1) against a labeled dataset, with a recon agent hard-blocked outside an authorization allowlist even under prompt injection.

AI Sentinel

Claude-Powered Host Security Analysis

PowerShell-to-Claude pipeline for five-phase host analysis: LOLBin/fileless malware detection, MITRE ATT&CK TTP mapping, persistence/beacon analysis, executive threat reporting.

background

Education & Awards

Est. May 2028

M.S. Artificial Intelligence · Georgia Institute of Technology

In progress (part-time). Research: adversarial robustness and red-teaming of LLM agentic systems.

Completed

B.A.S. Cyber Operations / Defense & Forensics · University of Arizona

NSA Center of Academic Excellence in Cyber Operations; malware reverse engineering, digital forensics.

Awards

Security Team of the Year · Air Force Nuclear Weapons Center

Also: Minuteman III Personnel Award, ICBM Personnel Award.

stack

Tooling & frameworks

MITRE ATLAS / ATT&CK NIST 800-53 Rev. 4 Metasploit Cobalt Strike / Sliver Mimikatz / BloodHound Python PowerShell Sysmon / Zeek / auditd STIX 2.1 Federal Cloud (Azure/AWS/GCP) ACAS SOAR

certs  SecAI+ (Beta Cohort) · Azure AI Fundamentals · SecurityX (CASP+) · PenTest+ · PNPT · PWPE (Early Cohort, <100 holders worldwide) · eCPPTv3

in progress  OSAI+ (OffSec Offensive AI Red Teamer) · COAE (HTB AI Red Teaming)

reach out

Contact

$ cat contact.txt