Active TS/SCI · Available for mission-critical work

$ whoami

Samba M. Jalloh

I engineer trust into mission-critical systems — and let AI carry the busywork.

Hanover, Maryland Security+ Certified

View Work Get in Touch

TS/SCI: Active Clearance
20+: Security Config Guides authored
1,000+: POA&M requests supported
5+: Years defending federal systems

//About

Defending what the mission depends on

Cybersecurity engineer securing the systems that defense and federal missions depend on.

I'm an Information System Security Engineer supporting the Defense Counterintelligence and Security Agency (DCSA) through ASRC Federal. My work lives at the intersection of risk management, security engineering, and compliance — assessing threats across the program lifecycle, validating security designs in hardware, software, and data, and shepherding systems through certification and accreditation.

Over the last five years I've defended networks across the U.S. Army, DISA, the Air Force Research Laboratory, and the Marine Corps — hunting threats with ACAS, HBSS, Splunk, and ArcSight, standing up SIEM pipelines, and hardening infrastructure to STIG and SRG baselines. I translate dense security requirements into documentation that teams can actually act on, which is how my Security Configuration Guides cut ambiguity out of the ATO process for an entire enterprise.

I'm also deep in graduate study — pursuing dual MSc degrees in Cybersecurity at Georgia Tech and Johns Hopkins — and I build AI into everything I do, from automating evidence collection to researching how to secure agentic AI systems themselves.

Security engineering & A&A across the full program lifecycle
RMF / eMASS authorization, POA&M management, STIG compliance
Threat hunting, SIEM, incident response & insider-threat detection
AI-assisted automation and agentic-AI security research

Education

MSc, Cybersecurity — Information Security
Georgia Institute of Technology
Feb 2025 — Present
MSc, Cybersecurity
Johns Hopkins University
Mar 2024 — Present
BSc, Computer Networks & Cybersecurity
University of Maryland Global Campus
May 2022
AA, Paralegal Studies
Hagerstown Community College
May 2020

Certifications & Clearance

CompTIA Security+
CompTIA
2023
Active TS/SCI Clearance
U.S. Government
Active

Centerpiece

//AI Workflow

Human judgment, AI velocity

Security work is drowning in documentation, mapping, and evidence collection. I treat AI as a force multiplier — using Claude and Claude Code as engineering partners to compress days of toil into hours, then applying that same security rigor to the AI systems themselves.

claude-code — ~/dcsa-mission-systems

AI as an Engineering Partner

I pair with Claude and Claude Code to draft Security Configuration Guides, mitigation statements, and control narratives — turning dense STIG and RMF requirements into review-ready documentation in a fraction of the time.

Automation That Compounds

Python tooling, refined with AI, handles the repetitive grind: extracting PPSM records, formatting eMASS ingests, batching POA&M extensions, and collecting accreditation evidence — consistently and at scale.

Securing the AI Itself

I research and apply security to agentic AI: least-privilege tool access, prompt-injection defense, and guardrails so autonomous agents stay inside their authorization boundary — bringing RMF discipline to the AI frontier.

// outcome: the same security rigor — delivered faster, documented better, and applied to the AI itself.

Toil → Hours saved

//Portfolio

Work that protects the mission

Selected engagements across compliance engineering, security operations, cloud, and AI security.

Featured

Compliance Engineering

Enterprise Security Configuration Guides

Authored 20+ SCGs spanning 10+ mission systems for the DCSA OCIO and Program Execution Office — including a single guide covering every enterprise workstation and printer on NIPRNet.

Reduced requirement ambiguity and streamlined the ATO package process
Raised agency readiness for assessment activities
Mapped shared-responsibility models to control inheritance

RMFeMASSSTIG CheckerServiceNowNIST 800-53

Featured

AI Security

Agentic-AI Security Research

Applying RMF discipline to autonomous AI: hardening agentic workflows with least-privilege tool access, prompt-injection defenses, and authorization-boundary guardrails.

Threat-models the agent → tool → data trust path
Designs guardrails that keep agents inside scope
Bridges traditional A&A with emerging AI risk

ClaudeClaude CodePythonThreat Modeling

Security Operations

Cloud SIEM Implementation

Stood up a SIEM pipeline for a Professional Employer Organization — defining enterprise IAM roles and shipping log ingestion on AWS with Python and Elasticsearch Cloud.

Enterprise role definition and IAM design
Custom REST API development for log ingest
AWS Boto3 automation across S3, IAM, EC2

AWSBoto3PythonElasticsearchREST API

Offensive / Risk

Compliance Vulnerability Assessment

Bi-vulnerability assessment and penetration testing supporting a 23 NYCRR 500 annual compliance gap assessment for a regional insurance entity.

Vulnerability scanning and third-party risk assessment
Regulatory gap analysis against 23 NYCRR 500
Findings communicated for remediation

OpenVASKali LinuxJiraSyslog

Infrastructure Security

Infrastructure Hardening — AFRL

Hardened Air Force Research Laboratory networks across NIPRNet/SIPRNet — running STIGs and SRGs, remediating vulnerabilities, and improving overall security posture.

STIG / SRG scanning and remediation
Windows Server 2019 & Active Directory hardening
IT risk evaluation and improvement recommendations

STIGServer 2019Active DirectoryDNS/DHCPVirtualization

Governance & Risk

Insider Threat & POA&M Operations

Supported mission systems across 1,000+ POA&M extension requests, drafted mitigation statements for 8+ systems, and contributed to insider-threat detection and mitigation.

Drafted vulnerability mitigation statements at scale
Conducted 10+ cybersecurity product evaluations
Privacy security control analysis for PEO systems

eMASSPOA&MPrivacy ControlsInsider Threat

//Skills & Expertise

A full-spectrum security toolkit

From governance and compliance to live threat hunting, cloud, and AI-assisted engineering.

Governance, Risk & Compliance

RMFeMASSATO / A&APOA&M ManagementSecurity Config GuidesSTIG / SRGPPSMNIST 800-53Privacy Controls

Security Operations & Monitoring

SIEMLogRhythmSplunkArcSightThreat HuntingIncident ResponseIDS / IPSEDRDLPACASHBSS

Vulnerability & Risk Assessment

OpenVASSTIG Compliance CheckerVulnerability ManagementPenetration TestingThird-Party Risk23 NYCRR 500Kali Linux

Cloud & Infrastructure

AWS (IAM, EC2, S3)Boto3Windows Server 2019Active DirectoryDNS / DHCP / WDSVirtualizationNIPRNet / SIPRNet

AI-Assisted Development

ClaudeClaude CodeAgentic-AI SecurityPython AutomationREST APIsWorkflow AutomationPrompt Engineering

Platforms & Tooling

ServiceNowJiraSharePointElasticsearchPower AppsGitTechnical Writing

//Experience

The career trace

Five years across the U.S. Army, DISA, AFRL, the Marine Corps, and DCSA.

Information System Security Engineer
ASRC Federal
Client: Defense Counterintelligence and Security Agency (DCSA)
Sep 2024 — Present
Hanover, MD · Hybrid
- Assess, analyze, and implement information assurance and security engineering across the full program lifecycle.
- Authored 20+ Security Configuration Guides for 10+ mission systems, streamlining the ATO package process.
- Drafted vulnerability mitigation statements for 8+ systems and ran 10+ cybersecurity product evaluations.
- Supported 1,000+ POA&M extension requests and PPSM extraction into eMASS.
- Delivered privacy security control analysis and clarified control-inheritance impacts for system teams.
RMFeMASSSTIG CheckerServiceNowPrivacy ControlsInsider Threat
Mid Cybersecurity Specialist
ECS Federal LLC
Client: Marine Corps Community Services (MCCS)
Feb 2024 — Sep 2024
Quantico, VA · Hybrid
- Provided anomaly tracking for detection and remediation of non-compliance and IT attacks.
- Verified audit-log safeguards — collection, storage, time sync, retention, and review.
- Built use cases and indicators aligned to organizational standards and higher-level policy.
LogRhythmSIEMIDSEDRDLPThreat IntelligenceIncident Response
IT Support Specialist
EPS Corporation
Client: Air Force Research Laboratory
Dec 2023 — Feb 2024
Rome, NY · Onsite
- Partnered with cybersecurity experts to assess and enhance network security posture.
- Performed STIG and SRG scans and remediated identified vulnerabilities.
- Evaluated IT risk, proposed new network technologies, and authored technical documentation.
NIPRNet / SIPRNetWindows 10Server 2019ADDNS/DHCP/WDSVirtualization
Cyber Security Analyst
Keyes Information Technology, LLC
Jul 2023 — Dec 2023
Fort Drum, NY · Hybrid
- Served as Security Analyst and Cloud Engineer across multiple client engagements.
- Conducted vulnerability scans, penetration testing, and third-party risk assessments.
- Built a cloud SIEM with Python, AWS, and Elasticsearch; defined enterprise IAM roles.
- Authored Security Test & Evaluation (ST&E) and comprehensive Security Plans.
OpenVASKali LinuxAWSPythonBoto3ElasticsearchJira
Cyber Security Specialist
U.S. Army
Client: DISA Cybersecurity & Defensive Cyber Operations
Aug 2020 — Jan 2024
Fort Drum, NY · Onsite
- Provided direct support to DISA Cybersecurity and Defensive Cyber Operations.
- Hunted threats and indicators of compromise using ACAS, HBSS, Splunk, and ArcSight.
- Evaluated and reported on the risk posture of DISA-managed and connected assets.
- Responded to urgent network incidents to mitigate active and potential cyber threats.
ACASHBSSSplunkArcSightRMFeMASSDISA STIGs

// Contact

Let's secure something together

Open to conversations about cybersecurity engineering, RMF and accreditation, threat operations, and applying AI to harden — and be hardened by — security teams.

$mail sambajalloh@protonmail.com

/in/sambamjalloh

GitHub

/sambamjalloh

sambajalloh@protonmail.com