Hire the Best Application Security Freelancers in Virginia

Accomplished and resourceful professional with 25+ years of experience directing security assessment and authorization processes and ensuring continuous monitoring to improve organizational security posture. PMP Certified by PMI. CISSP certified by ISC2. CISA certified by ISACA. BS in Information Technology. Known for communicating effectively with IT system project staff and ensuring compliance with federal customer regulations to secure systems in diverse customer environments. Excel at navigating complex regulatory landscapes, delivering impactful solutions for critical information systems, and resolving potential issues to minimize risks and drive overall efficiency and security. Engineering background with expertise in Information Security, Cybersecurity, Compliance Management, Physical Security, Cloud Assessments, Zero Trust Architecture, System Auditing, Pen Testing, NIST CSF & RMF 800-53, and Cybersecurity Frameworks including CMMC, ISO 27001 & 27002. Great trainer and corporate speaker. Fluent in English and Spanish; understands French and Portuguese. MANPOWERGROUP AT INTERNATIONAL MONETARY FUND (IMF) | Washington, DC | CYBERSECURITY COMPLIANCE MANAGER Identified and mitigated application risks by conducting thorough risk assessments and collaborating with stakeholders throughout the lifecycle development process. Maintained internal audit control compliance by executing required changes in organizational processes. Coordinated annual ISO 27001 certification effort.  Improved tracking of non-compliance and vulnerability remediation status through efficient oversight of the integrated GRC tool (Archer) and application/infrastructure scanning tools (Qualys).  Oversaw and managed the NIST & ISO 27001 assessment programs, including development of policies, processes, and schedule/timelines for execution.  Ensured alignment between Department of Information Technology priority initiatives and Fund wide Cybersecurity Initiatives.  Ensured alignment between contractor and Fund staff time sheets, completed work, and deliverables required as defined in both issued work orders and project plans.  Orchestrated training sessions within IT divisions by cooperating with staff members and managers to address information security non-compliance issues.  Provided technical briefings to senior leadership as requested.  Lead teams of technical resources to prioritize the Fund wide security assessments and delivery of additional high-quality IT solutions that met business needs.  Researched and recommended innovative, secure, and automated solutions to improve the risk management processes.  Developed and updated project charters, scope statements, and scope management to align work efforts to organizational goals and objectives.  Developed transition activities and rollout schedules during both pre- and post-implementation.  Managed work activities to ensure conformity to the project scope, timelines, and budgets.  Monitored performance and quality measures/metrics and provided tracking and periodic reporting on these measures/metrics; also created lessons learned and after actions reviews.  Identified, tracked, managed, and reduced the impact of risks and issues.  Managed vendor relationships to ensure high levels of quality deliverables and performance.  Met legal, regulatory, and policy mandates. AT&T CONSULTING SERVICES | Oakton, VA | PRINCIPAL - TECHNOLOGY SECURITY, CONSULTANT Steered security management activities and initiated assessments for ISO 27001, FISMA/NIST SP 800-53, and FTC, focusing on large retailers and medical product manufacturers in both U.S. and Latin American regions, including Brazil, Colombia, and Mexico. Reinforced security measures by designing and operationalizing the audit process for Network Access Control Security within the AT&T Network.  Showcased expertise as a Local and International PCI QSA Auditor to deliver valuable insights and guidance and fulfill the requirements of international retail clients.  Devised Security Architecture plans for multiple clients and delivered a comprehensive Risk Assessment perspective by analyzing current and planned states of Cloud Services, Cloud Auditing, and Cloud Security.  Developed and applied a Managed Public Key Infrastructure (MPKI) for the Nuclear Regulatory Commission in Rockville, MD, utilizing the Sun Identity Manager (IDM) for internal staff and trusted partners.  Gathered and compiled relevant data to guarantee the timely completion of all documentation requirements for Certification and Accreditation. SECURITY CONTROL ASSESSOR REPRESENTATIVE (SCAR) Trained and mentored a team of Security Control Assessor Representatives (SCAR) within the Assessment and Authorization (A&A) branch for the joint service providers (JSP) of the Department of Defense (DoD).

I am a mid level to senior cybersecurity professional with 7+ years of hands-on experience delivering penetration testing, vulnerability assessments, risk analysis, and compliance-driven security programs for commercial, enterprise, and government environments. I help organizations find real security gaps, reduce risk, and meet regulatory requirements—without unnecessary complexity or vendor lock-in. Team Gala_Layo's background spans offensive security (Red Team), defensive controls, cloud security, identity & access management, and governance frameworks including NIST, ISO 27001, HIPAA, PCI-DSS, FedRAMP, and CMMC etc...I specialize in translating technical findings into executive-ready risk insights that drive action. I am the President and Technical Lead at Gala_Layo, a cybersecurity firm trusted by federal agencies, regulated industries, and high-risk organizations. What I Do Best ============ Penetration Testing & Ethical Hacking --------------------------------------------- * Network, web application, API, wireless, and cloud penetration testing * OWASP Top 10, SANS Top 25, manual exploitation & validation * Tooling: Metasploit, Burp Suite Pro, Nessus, Nmap, OpenVAS, Aircrack-ng, Wireshark * Actionable reports with proof-of-concept, risk scoring, and remediation guidance Vulnerability & Risk Assessments --------------------------------------- * NIST-aligned security risk assessments * Vulnerability scanning & continuous risk scoring * Risk registers, POA&M development, and control gap analysis * STIGS Tools: Tenable.sc, Qualys, Rapid7, ServiceNow GRC, RegScale Cloud & Identity Security ------------------------------ * AWS & Azure security posture reviews * IAM, MFA, SSO, and privileged access reviews * WAF and cloud security configuration audits Tools: Okta, Azure AD (Entra ID), Auth0, CyberArk Governance, Risk & Compliance (GRC) ---------------------------------------------- * NIST RMF, NIST CSF 2.0, ISO 27001, HIPAA, PCI-DSS * FedRAMP, CMMC, FFIEC, GSA compliance support * Policy, SOP, and incident response plan authoring * Change Control Advisory Board (CAB) experience AI & Emerging Technology Security ------------------------------------------- * Secure-by-Design and MLSecOps advisory * AI risk assessments & Responsible AI impact analysis * Prompt injection & LLM threat modeling * Integration of AI into security workflows safely and responsibly Industries Served --------------------- * Government & Federal Contractors * Healthcare & Life Sciences * Financial Services * Cloud & SaaS * Critical Infrastructure * Small & Mid-Sized Businesses (SMBs) Tools & Technologies ------------------------- * Operating Systems: Kali Linux, Ubuntu, Windows, macOS * Languages: Python, JavaScript, Shell * Security Tools: Nessus, Burp Suite, Metasploit, Rapid7, Qualys, Splunk * Cloud: AWS, Azure * Dev & Code: GitLab, VS Code, Snyk, SonarQube * Virtualization: VMware, VirtualBox Certifications & Education ------------------------------- * Certified Ethical Hacker (CEH) * CompTIA Security+ Security Clearance ------------------------ * Top Secret Education ------------ * M.S. Information & Communications Technology – Information Systems Security University of Denver (GPA 4.0, magna cum laude) Why Clients Hire Me ------------------------ ✔ Real-world offensive & defensive experience ✔ Clear, business-focused reporting (not scanner noise) ✔ Deep federal & regulatory knowledge ✔ Ability to explain complex risks to non-technical stakeholders ✔ Trusted advisor—not just a tool operator Typical Projects ------------------- * Penetration Testing & Red Team Engagements * Vulnerability Assessments & Risk Registers * NIST / ISO / HIPAA Readiness Assessments * Cloud Security Reviews (AWS / Azure) * Incident Response Planning & Tabletop Exercises * AI & Emerging Tech Risk Assessments

I am a Cybersecurity professional with over 10 years of experience in the field working in various positions for multiple Fortune 500 companies, government entities, and large IT Firms. Positions held include: Cybersecurity consultant & Penetration Tester, Senior Cybersecurity Engineer, Information Security Analyst, Mobile Security Analyst, and Systems Engineer. I am a PCI-DSS QSA, or Qualified Security Assessor, CMMC expert, HIPAA Expert, NIST CSF Expert, and Cybersecurity SME. I am skilled in the following: *Network Penetration Testing *Web Application Penetration Testing *Ethical hacking *Network security *Cybersecurity Policy Creation *HIPAA Compliance & HIPAA Consulting *PCI-DSS Compliance *GDPR compliance *NIST 800 Series Documentation *Network monitoring *Secure architecture design *Security policy creation & revision *Risk assessment *Information assurance *Digital forensics *Windows and Linux Administration You also need someone who has the technical and non-technical skills required to protect your company. Here is a testimonial from a recent Upwork client that I helped build an entire IT Security Plan and helped them with their HIPAA compliance: "Anthony did fantastic work on designing our IT Security Plan, and we look forward to working with him again in the future. We highly recommend him as he was easy to work with, and completed his work on time and within the budget assigned!" -Peter Campbell So if you are ready to secure your network, conduct a Penetration test, build a cybersecurity plan, or do anything else cybersecurity related, please do not hesitate to reach out to me! Thanks for reading this far and I am looking forward to working with you.