Hire the Best Information Security Audit Freelancers
in the United States

Stop relying on automated scans. I find the vulnerabilities they miss. I’m a senior penetration tester and vulnerability researcher with deep experience across enterprise networks, web apps / APIs and cloud platforms. Most testers just run automated tools and hand you a generic report. I simulate how an attacker actually thinks, perform thorough testing, and deliver professional, tailored reporting suitable not just for your own remediation efforts but also for audit / compliance. Benefits of manual testing: - Chaining multiple low/medium findings to show more significant impact - Breaking multi-tenant isolation - Bypassing auth controls (JWT, OAuth, misconfigurations) - Identifying cost-amplification / abuse vectors (e.g., billing attacks in serverless environments) - ZERO false positives (and wasted time trying to remediate non-issues) - REAL severity scoring (not just CVSS or ratings with no connection to actual impact/risk for your systems and data) What I Deliver - Manual, attacker-style testing (not just scans) - Clear, prioritized findings with real business impact - Proof-of-concept exploits where it matters - Practical remediation guidance your devs can use immediately - Optional retesting to verify fixes Common Engagements - SaaS / multi-tenant application security testing - API and authentication testing (JWT, OAuth, session flaws) - Cloud security reviews (GCP, AWS, Azure, O365) - DevOps security reviews (Gitlab/hub, BitBucket, etc.) - Pre-SOC2 / investor readiness assessments - High-intensity black-box pentests Why Clients Hire Me - I go beyond the scan—I find what others miss - I understand both offense and architecture - I communicate clearly with both engineers and leadership - I’ve worked on MANY real-world, high-impact systems I also help organizations: - Investigate breaches - Contain active threats - Recover compromised systems (Note: I do not assist with social media account recovery.)

Organizations don't fail because they lack technology. They fail because security weaknesses remain undiscovered until attackers exploit them. 𝑨𝒓𝒆 𝒚𝒐𝒖 𝒍𝒐𝒐𝒌𝒊𝒏𝒈 𝒇𝒐𝒓 𝒂 𝒄𝒚𝒃𝒆𝒓𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝒑𝒓𝒐𝒇𝒆𝒔𝒔𝒊𝒐𝒏𝒂𝒍 𝒘𝒉𝒐 𝒄𝒂𝒏 𝒊𝒅𝒆𝒏𝒕𝒊𝒇𝒚 𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝒓𝒊𝒔𝒌𝒔, 𝒔𝒕𝒓𝒆𝒏𝒈𝒕𝒉𝒆𝒏 𝒚𝒐𝒖𝒓 𝒊𝒏𝒇𝒓𝒂𝒔𝒕𝒓𝒖𝒄𝒕𝒖𝒓𝒆, 𝒊𝒎𝒑𝒓𝒐𝒗𝒆 𝒄𝒐𝒎𝒑𝒍𝒊𝒂𝒏𝒄𝒆 𝒑𝒐𝒔𝒕𝒖𝒓𝒆, 𝒂𝒏𝒅 𝒔𝒆𝒄𝒖𝒓𝒆 𝒚𝒐𝒖𝒓 𝒄𝒍𝒐𝒖𝒅 𝒆𝒏𝒗𝒊𝒓𝒐𝒏𝒎𝒆𝒏𝒕𝒔 𝒃𝒆𝒇𝒐𝒓𝒆 𝒂𝒕𝒕𝒂𝒄𝒌𝒆𝒓𝒔 𝒇𝒊𝒏𝒅 𝒗𝒖𝒍𝒏𝒆𝒓𝒂𝒃𝒊𝒍𝒊𝒕𝒊𝒆𝒔? I help startups, enterprises, and government organizations build secure, compliant, and resilient environments. 𝑾𝒊𝒕𝒉 15+ 𝒚𝒆𝒂𝒓𝒔 𝒐𝒇 𝒉𝒂𝒏𝒅𝒔-𝒐𝒏 𝒆𝒙𝒑𝒆𝒓𝒊𝒆𝒏𝒄𝒆 𝒊𝒏 𝒄𝒚𝒃𝒆𝒓𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚, 𝒊𝒏𝒇𝒐𝒓𝒎𝒂𝒕𝒊𝒐𝒏 𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚, 𝒔𝒚𝒔𝒕𝒆𝒎 𝒂𝒅𝒎𝒊𝒏𝒊𝒔𝒕𝒓𝒂𝒕𝒊𝒐𝒏, 𝒄𝒍𝒐𝒖𝒅 𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚, 𝒄𝒐𝒎𝒑𝒍𝒊𝒂𝒏𝒄𝒆, 𝒂𝒏𝒅 𝑫𝒆𝒗𝑺𝒆𝒄𝑶𝒑𝒔, 𝑰 𝒅𝒆𝒍𝒊𝒗𝒆𝒓 𝒑𝒓𝒂𝒄𝒕𝒊𝒄𝒂𝒍 𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝒔𝒐𝒍𝒖𝒕𝒊𝒐𝒏𝒔 𝒕𝒉𝒂𝒕 𝒓𝒆𝒅𝒖𝒄𝒆 𝒓𝒊𝒔𝒌 𝒂𝒏𝒅 𝒔𝒖𝒑𝒑𝒐𝒓𝒕 𝒃𝒖𝒔𝒊𝒏𝒆𝒔𝒔 𝒈𝒓𝒐𝒘𝒕𝒉. I do not provide generic recommendations or automated scan reports. I deliver actionable security insights, practical remediation strategies, and measurable improvements that directly support business objectives. 𝐖𝐡𝐞𝐧 𝐜𝐥𝐢𝐞𝐧𝐭𝐬 𝐞𝐧𝐠𝐚𝐠𝐞 𝐦𝐞, 𝐭𝐡𝐞𝐲 𝐠𝐚𝐢𝐧 𝐚 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐩𝐚𝐫𝐭𝐧𝐞𝐫 𝐜𝐚𝐩𝐚𝐛𝐥𝐞 𝐨𝐟 𝐮𝐧𝐝𝐞𝐫𝐬𝐭𝐚𝐧𝐝𝐢𝐧𝐠 𝐛𝐨𝐭𝐡 𝐭𝐞𝐜𝐡𝐧𝐢𝐜𝐚𝐥 𝐜𝐡𝐚𝐥𝐥𝐞𝐧𝐠𝐞𝐬 𝐚𝐧𝐝 𝐛𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐫𝐞𝐪𝐮𝐢𝐫𝐞𝐦𝐞𝐧𝐭𝐬. 💼 𝐄𝐱𝐩𝐞𝐫𝐭𝐢𝐬𝐞: ✔ Penetration Testing (Web, API, Network, Cloud) ✔ Vulnerability Assessment & Risk Management ✔ ISO 27001, SOC 2, NIST & Security Compliance ✔ Cloud Security (AWS & Azure) ✔ DevSecOps & CI/CD Security ✔ Identity & Access Management (IAM) ✔ Windows & Linux System Administration ✔ Security Architecture & Infrastructure Hardening ✔ SIEM, Security Monitoring & Incident Response 🛠️ 𝐖𝐡𝐚𝐭 𝐈 𝐃𝐞𝐥𝐢𝐯𝐞𝐫 🔹 Comprehensive Security Assessments 🔹 Actionable Remediation Recommendations 🔹 Compliance Gap Analysis & Readiness Support 🔹 Cloud & Infrastructure Security Reviews 🔹 Secure DevOps Implementation 🔹 Security Policies, Standards & Procedures 🔹 Risk Reduction & Security Improvement Strategies ⭐ 𝐖𝐡𝐲 𝐖𝐨𝐫𝐤 𝐖𝐢𝐭𝐡 𝐌𝐞? ✔ 15+ Years of Proven Cybersecurity Experience ✔ Expertise Across Security, Compliance, Infrastructure, and Cloud ✔ Business-Focused Security Solutions ✔ Strong Technical and Strategic Leadership ✔ Deep Understanding of Modern Threat Landscapes ✔ Clear Communication and Executive-Level Reporting ✔ Trusted Advisor for Long-Term Security Initiatives ✔ Hands-On Experience with Complex Security Environments Cybersecurity is no longer optional. A single vulnerability, misconfiguration, or compliance failure can lead to financial loss, operational disruption, regulatory penalties, and reputational damage. 𝑰 𝒅𝒐𝒏'𝒕 𝒋𝒖𝒔𝒕 𝒊𝒅𝒆𝒏𝒕𝒊𝒇𝒚 𝒗𝒖𝒍𝒏𝒆𝒓𝒂𝒃𝒊𝒍𝒊𝒕𝒊𝒆𝒔, 𝑰 𝒉𝒆𝒍𝒑 𝒐𝒓𝒈𝒂𝒏𝒊𝒛𝒂𝒕𝒊𝒐𝒏𝒔 𝒆𝒍𝒊𝒎𝒊𝒏𝒂𝒕𝒆 𝒓𝒊𝒔𝒌𝒔, 𝒔𝒕𝒓𝒆𝒏𝒈𝒕𝒉𝒆𝒏 𝒅𝒆𝒇𝒆𝒏𝒔𝒆𝒔, 𝒂𝒏𝒅 𝒃𝒖𝒊𝒍𝒅 𝒔𝒆𝒄𝒖𝒓𝒊𝒕𝒚 𝒑𝒓𝒐𝒈𝒓𝒂𝒎𝒔 𝒕𝒉𝒂𝒕 𝒔𝒖𝒑𝒑𝒐𝒓𝒕 𝒃𝒖𝒔𝒊𝒏𝒆𝒔𝒔 𝒈𝒓𝒐𝒘𝒕𝒉. 𝐈𝐟 𝐲𝐨𝐮'𝐫𝐞 𝐥𝐨𝐨𝐤𝐢𝐧𝐠 𝐟𝐨𝐫 𝐚 𝐜𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐩𝐫𝐨𝐟𝐞𝐬𝐬𝐢𝐨𝐧𝐚𝐥 𝐰𝐡𝐨 𝐜𝐨𝐦𝐛𝐢𝐧𝐞𝐬 𝐝𝐞𝐞𝐩 𝐭𝐞𝐜𝐡𝐧𝐢𝐜𝐚𝐥 𝐞𝐱𝐩𝐞𝐫𝐭𝐢𝐬𝐞 with a business-focused approach, let's discuss how I can help secure your environment. Connect with me today! 🌐 #CyberSecurity #InformationSecurity #Pentest #Compliance # DevOps #System Administration #IAM #GRC #CloudSecurity #SecurityOps #NIST #GuardianOfYourData #Cybersecurity #EthicalHacking #InformationSecurity

Is your website, network, cloud, or business system truly secure or only “working fine” until an attacker finds the weak point? I help businesses identify vulnerabilities, reduce cyber risk, and strengthen security with clear testing, reporting, and remediation guidance. I am a Certified Cybersecurity Consultant with hands-on experience in Vulnerability Assessment & Penetration Testing, SOC/SIEM monitoring, ISO 27001 compliance, SOC 2 audit support, network security, phishing awareness, and security documentation. I work with tools and technologies including Nmap, Burp Suite, Metasploit, OpenVAS, Nessus, Wazuh SIEM/XDR, Kali Linux, Parrot OS, Palo Alto Firewall, Cisco ASA, Active Directory, ServiceNow, Saviynt, HighBond, Microsoft Office 365, GitLab CI/CD, and Kubernetes security environments. Services I can help you with: i. Vulnerability Assessment & Penetration Testing ii. Website, Web App & Network Security Testing iii. Nmap, Burp Suite, Metasploit, Nessus & OpenVAS Testing iv. SOC/SIEM Setup, Monitoring & Wazuh Deployment v. ISO 27001 Policies, Procedures & Security Controls vi. SOC 2 Audit Support & Compliance Documentation vii. Phishing Awareness Campaigns & Security Training viii. Firewall, VPN & Network Security Review ix. Active Directory & Access Rights Review x. Security Incident Documentation & Remediation Guidance xi. Cybersecurity Reports with Risk Rating & Fix Recommendations My background includes cybersecurity teaching, cyber defense lab implementation, information security documentation, Proofpoint phishing campaign setup, SOC-2 audit support, IAM access review campaigns, Kubernetes production environment exposure, Wazuh SOC deployment, and enterprise network administration. I do not just provide automated scan results. I focus on giving you clear findings, business impact, risk severity, screenshots where needed, and step-by-step remediation guidance so your team can fix the issues properly. Let’s secure your systems before vulnerabilities become real business risks.

I am a seasoned Cyber Security Practitioner with over two decades of experience. My expertise spans a wide range of compliance and security frameworks, including ISO 27001, CMMC, SOX ITGC, NIST RMF, AICPA SOC-2 Type 1 and Type 2 attestations, FedRAMP, FISMA, and HIPAA. I am adept at aiding senior management in achieving strategic cybersecurity and IT security objectives, crafting security development roadmaps, and conducting maturity assessments. Throughout my 20-year career, I have collaborated with various private sector entities, notably large financial organizations, and have also engaged with U.S. federal government civilian agencies. My role often involved leading projects to assess clients' security and compliance standards against regulatory and industry-specific frameworks. I hold a degree in Computer Science from the City University of New York, Queens College, and hold several professional certifications, including Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), ISO 27001 Lead Auditor, and Certified Chief Information Security Officer (C|CISO). I am a U.S citizen and currently reside in state of Maryland.

With over 15 years of invaluable experience in the IT industry, I bring a wealth of expertise to the table. Specifically, I have dedicated 8 years of my career to specializing in compliance standards such as HIPAA, HITECH, NERC, ISO 27001, FISMA, and ADA. My approach involves a meticulous step-by-step process that enables me to thoroughly analyze and address the unique needs of your organization. Having successfully dealt with HIPAA security breaches in the past, I am well-equipped to handle time-sensitive matters with utmost dedication. My primary goal is to ensure that my clients avoid substantial fines and penalties by promptly remedying any compliance issues. If you are in search of a comprehensive risk assessment, I am pleased to offer my services detailed below.: Security Risk Analysis o Annual Risk Assessment o Business Associate Agreement (BAA) o IT Security Documentation o IT Policy and Procedures o Report Analysis o Remediation Recommendations Website Compliance o Review website for ADA, CCPA, and GDPR compliance o HIPAA compliance is by scope only. o Security screenings o Monitoring o Backups o Remediation Strategies Network Vulnerability Assessment o Scoping o Threat Assessment o Setup & Configuration o Vulnerability Report Analysis o Remediation Recommendations Monthly Monitoring o Monthly Security Monitoring and Alerts o HIPAA compliance and alerts against malicious events o Website monitoring, compliance, monthly reports.

I help SaaS companies achieve and maintain SOC 2, ISO 27001, HIPAA, PCI DSS, and CMMC compliance and pass their audits. As the founder of Lazarus Security, I've led 100+ compliance engagements across frameworks including SOC 2 Type I/II, ISO 27001, HIPAA, PCI DSS, NIST 800-53, NIST 800-171, NIST CSF, GDPR, and CMMC. My clients are primarily B2B SaaS companies that need to get audit-ready fast without hiring a full-time security team. However I also manage complex compliance engagements for US public companies and Large Enterprises. What I deliver: - Audit readiness programs (SOC 2, ISO 27001, HIPAA, PCI DSS) from gap assessment through successful audit completion - Internal audits with zero major non-conformities (ISO 27001 clients audited 3 years running) - Full policy suites tailored to your business, not generic templates - Penetration testing (gray-box, API, and web app testing) through my in-house offensive security team - Ongoing vCISO support: risk management, vendor assessments, security awareness training, and incident response - Security questionnaire completion (HECVAT, vendor due diligence, SIG) My team and I work inside your existing tools (Drata, Vanta, Secureframe, KnowBe4, Slack) and coordinate directly with your external auditors so you can focus on building your product. Ready to get compliant? Send me a message and I'll respond within a few hours.