Go to Website
  • en
  • de

Michael (Jay) L.

Visiting Fellow

Poznań, Poland

Experience

Sep 2025 - Present
3 months
Poznań, Poland

CEO & Founder

MERLAN Consulting, Sp Z o.o.

  • Provides contract labor as a Lead Certified CMMC Assessor (LCCA) to CMMC third party assessment organizations (C3PAO).
  • Provides penetration testing for customers across multiple verticals including US and EU Defense Industrial Base (e.g., DFARS, CMMC, NIST 800-171, RMF, NIST 800-53, DISA IL4/5/6), US Federal Government (e.g., FedRAMP, NIST 800-53, CJIS, MARS-E), Department of Defense (e.g., RMF, NIST 800-53, FISMA, FERPA), and covered health care providers and business associates (e.g., HIPAA, HITRUST).
  • Provides cybersecurity consulting, mock assessments, tabletop exercises, and risk management consulting within multiple security frameworks (e.g., DFARS, CMMC, NIST 800-171, RMF, NIST 800-53, DISA IL4/5/6, FedRAMP, FISMA, FERPA, CJIS, MARS-E, HIPAA).
  • Experienced with customers ranging from tiny (5 people) to multinational (30,000 people), with clients’ revenues from $25M upward.
  • Provides executive-level coaching, mentoring, teaching, and written summaries as well as in-depth technical reviews of risk assessments, penetration tests, and tabletop exercises.
Jan 2025 - Present
11 months

CEO & Founder

MERLAN Consulting, LLC

  • Provides contract labor as a Lead Certified CMMC Assessor (LCCA) to CMMC third party assessment organizations (C3PAO).
  • Provides penetration testing for customers across multiple verticals including US and EU Defense Industrial Base (e.g., DFARS, CMMC, NIST 800-171, RMF, NIST 800-53, DISA IL4/5/6), US Federal Government (e.g., FedRAMP, NIST 800-53, CJIS, MARS-E), Department of Defense (e.g., RMF, NIST 800-53, FISMA, FERPA), and covered health care providers and business associates (e.g., HIPAA, HITRUST).
  • Provides cybersecurity consulting, mock assessments, tabletop exercises, and risk management consulting within multiple security frameworks (e.g., DFARS, CMMC, NIST 800-171, RMF, NIST 800-53, DISA IL4/5/6, FedRAMP, FISMA, FERPA, CJIS, MARS-E, HIPAA).
  • Experienced with customers ranging from tiny (5 people) to multinational (30,000 people), with clients’ revenues from $25M upward.
  • Provides executive-level coaching, mentoring, teaching, and written summaries as well as in-depth technical reviews of risk assessments, penetration tests, and tabletop exercises.
Oct 2022 - Dec 2024
2 years 3 months
Germantown, United States

Director of Security and Compliance

Planet Technologies, Inc.

  • Founded the security practice and succeeded the compliance practice, managing 4 direct and 10 indirect reports.
  • Designed, built, and sold a catalog of security and compliance offerings supporting multiple risk management frameworks (e.g., NIST 800-53, HIPAA, CMMC, NIST 800-171, CIS, CJIS, state frameworks).
  • Developed a full-service catalog from security risk assessments through artifact authoring, augmentation, tabletop exercises, and a subscription service (Compliance Advantage).
  • Led a team of security engineers to assess clients’ security posture, design improvement solutions, integrate into Zero Trust architectures, and bind practices to compliance proof.
  • Grew the compliance practice from lowest utilization to over 85% in 12 months.
  • Modernized development of statements of work (SOW) and responses to RFPs, reducing preparation time by 40%, developing over 200 responses annually.
  • Systemized artifact and product development and project planning, reducing budget breaches from 70% to under 10% occurrence rate.
  • Moved the compliance practice into profitability for the first time in its four-year history.
  • Led definition and refinement of the security practice to enable marketing of discrete and recurring engagements.
Apr 2022 - Oct 2022
7 months
Katonah, United States

Virtual Chief Information Security Officer

Black Talon Security

  • Mentored over 500 clients to customize cybersecurity programs to protect valuable and protected data across small healthcare offices to large medical conglomerates, manufacturing firms, and private equity firms.
  • Led modernization of security risk assessment methodology and improved automation for continuous risk posture monitoring.
  • Guided clients to formal risk awareness and acceptance processes.
  • Provided executive summaries and in-depth technical reviews of risk assessments, penetration tests, and tabletop exercises.
  • Coached in-house IT teams to develop and propose courses of action for risk remediation or mitigation.
  • Advised on implementation of HIPAA Privacy, Security, and Breach Notification Rules, assessing and coaching improvements for practices and business entities of 5 to 3,000 people.
  • Assisted in developing and deploying automation tools that reduced onboarding interaction times by 43% and periodic reassessments by 40%.
  • Developed, facilitated, and outbriefed contingency plans, policies, and rehearsals for help desk technicians to senior executives.
Jun 2017 - Apr 2022
4 years 11 months
West Point, United States

Chief Information Security Officer and Program Information System Security Manager

US Military Academy

  • Led a team of 10 direct and 80+ indirect reports to design, implement, operate, and maintain a greenfield undergraduate college network cybersecurity posture supporting ~4,600 students, 2,650 staff, 300+ servers, 2,700+ wireless access points, and 30,000 devices on a $20M+ budget.
  • Secured Army authorization and funding of $30M for the network and resolved perception and policy disputes through strategic communications.
  • Earned policy backing and technical advising from Defense Digital Service, replacing DoD services with commercial solutions to avoid $16M annual costs.
  • Wrote $5M+ in contracts for migration services ($4M) and RMF support services ($1M).
  • Designed a multi-zone network enclave to reduce RMF costs by $3M upfront and $500K annually.
  • Replaced change management process, halving processing time and avoiding ~$1M in duplicate services.
  • Decommissioned redundant capabilities, saving $300K in direct costs and $1.5M in licensing costs.
  • Achieved first Authority to Operate for the Academy's Defense Research and Engineering Network after two failed efforts, preventing network disruption to 7,250 users.
Jun 2017 - Aug 2017
3 months
Fort Belvoir, United States

West Point Visiting Fellow and Cyberspace Operations Plans Officer

Army Cyber Command

  • Advised the Commanding General and senior leadership on cybersecurity of platform IT, endpoint security capability deployment, and development of the West Point Research and Education Network (WREN).
  • Identified 10 process improvements for cyber threat assessments of major Army weapons platforms, reducing resource consumption by 20% per system.
  • Identified planning shortfalls in Endpoint Management as a Service implementation that would have affected 10,000+ systems' communication with C2 nodes.
  • Served as a subject matter expert and liaison to Deputy Commanding General and Chiefs of Operations, reducing inter-organizational friction for the new USMA network.
Aug 2014 - Jul 2018
4 years
West Point, United States

Director, Cyber Research Center

US Military Academy

  • Led the Cyber Research Center team of four direct reports and subject matter experts in cyber operations.
  • Developed and executed multi-year research plans for USMA, Department of the Army, and DoD sponsors.
  • Provided cadets and faculty research, education, and publishing opportunities, and implemented the Cyber Leader Development Program.
  • Raised $200K–$1.5M annually for research and excellence funding.
  • Funded cadet senior design projects, internships, travel to conferences (e.g., BlackHat, ShmooCon, Grace Hopper), competition participation, and training events (e.g., SANS, DEFCON).
  • Increased CRC endowments from $0 to $3.5M, with an additional $2.5M pledged.
  • Achieved 100% scores on oversight and compliance audits for CRC and the Robotics Research program.
Jun 2013 - Apr 2022
8 years 11 months
West Point, United States

Academy Professor and Associate Professor of Computer Science

US Military Academy

  • Taught computer science and information technology to departmental and non-departmental students, demonstrating excellence in teaching, scholarship, cadet and faculty development, and service.
  • Conducted research, published results, and developed cadets into future leaders of character.
  • Participated in hiring processes, resolved employee behavior issues, and mentored junior rotating faculty and cadets.
  • Led cadet clubs for extracurricular discipline learning and ethical hacking; hacking team consistently ranked in top 15 among undergraduate colleges.
  • Published over 30 papers, magazine articles, presentations, and a book chapter.
  • Created three new courses and revamped three others; mentored 20+ senior design projects; served as academic counselor for the CS program.
Jun 2002 - Jun 2005
3 years 1 month
West Point, United States

Academy Professor and Associate Professor of Computer Science

US Military Academy

  • Taught computer science and information technology to departmental and non-departmental students, demonstrating excellence in teaching, scholarship, cadet and faculty development, and service.
  • Conducted research, published results, and developed cadets into future leaders of character.
  • Participated in hiring processes, resolved employee behavior issues, and mentored junior rotating faculty and cadets.
  • Led cadet clubs for extracurricular discipline learning and ethical hacking; hacking team consistently ranked in top 15 among undergraduate colleges.
  • Published over 30 papers, magazine articles, presentations, and a book chapter.
  • Created three new courses and revamped three others; mentored 20+ senior design projects; served as academic counselor for the CS program.

Summary

Chief Information Security Officer (CISO), Cybersecurity Assessor, and Penetration Tester with 15+ years of leadership in IT and Cybersecurity fields; 15+ years as a leader within the US Army; 13 years within the US Military Academy. Demonstrated proficiency with senior level decision making, team building, appropriate risk-taking, adaptability, technical and policy expertise. Competitively selected for multiple academic scholarships, training opportunities, and challenging positions. Driven to be collaborative to ensure accomplishments outlast individual contributors.

Languages

English
Native

Education

North Carolina State University

B.S. · Computer Science · United States

Carnegie Mellon University

Ph.D. · Computation, Organizations and Society · United States

University of Florida

M.Sc. · Computer Science · United States

...and 2 more

Certifications & licenses

CMMC AB Lead Certified CMMC Assessor (LCCA)

CMMC AB

CMMC AB Registered Practitioner Advanced (RPA)

CMMC AB

Certified Information System Security Professional (CISSP)

CompTIA A+

CompTIA

CompTIA Security+

CompTIA

EC Council Certified Ethical Hacker (CEH)

EC Council

EC Council Certified Network Defense Architect (CNDA)

EC Council

GIAC Certified Penetration Tester (GPEN)

GIAC

Need a freelancer? Find your match in seconds.
Try FRATCH GPT
More actions

Similar Freelancers

Discover other experts with similar qualifications and experience

Bernhard B.

Senior Security Architect - Technical Consultant - Project Manager - Network Engineer

View Profile
Henryk O.

Security Consultant

View Profile
Valeri M.

DORA Readiness – Gap Analysis and Implementation for Banks

View Profile
Dirk M.

Project Lead

View Profile
Federico L.

ISO – Senior Consultant Quality & Information Security

View Profile
Stefan R.

ISO27001 Certification

View Profile
Sascha L.

CEO

View Profile
Vladimir M.

Senior Security Analyst

View Profile
Matthias S.

Senior Consultant Security (freelance)

View Profile
Christian D.

Managing Director and Senior Consultant

View Profile
Manfred L.

Support for the Chief Security Officer (CSO) and Chief Information Security Officer (CISO)

View Profile
Markus W.

IT security consultant

View Profile
Nikolaus B.

ICT Risk Management and Information Security

View Profile
Björn B.

Auditor

View Profile
Volker J.

Interim CISO (Germany, Austria, US, APAC), Auditor

View Profile
fratch Part of Bitkom logo
linkedIncrunchbaseyoutube
  • English
  • Deutsch

2025 © FRATCH.IO GmbH. All rights reserved.