David R. Gillispie

I find the gaps, validate the risk, and help teams fix what matters.

Cybersecurity engineer focused on Microsoft 365 security, cloud and identity hardening, AI security, vulnerability management, external exposure reviews, and practical remediation planning.

View Portfolio Download Resume DeepDream Security ↗
Microsoft 365 Entra ID Azure AWS Defender XDR Sentinel Rapid7 AI Security Zero Trust Conditional Access Terraform Penetration Testing
  • Cybersecurity Engineer
  • Founder, DeepDream Security
  • Adjunct IT Instructor
  • 8+ Years in Security and Infrastructure

About

I'm a cybersecurity engineer with 8+ years of experience across application security, cloud security, identity and access management, vulnerability management, penetration testing support, and enterprise security engineering.

My work sits between engineering, security operations, and business risk. I focus on finding real security gaps, validating what matters, and turning technical findings into remediation plans that teams can actually act on.

I currently work across Microsoft 365, Azure, AWS, SaaS platforms, identity systems, enterprise applications, externally exposed assets, vulnerability management, detection engineering, and AI-enabled workflows.

What I do

Practical security assessment and engineering work.

My work sits between security engineering, operations, and business risk. I review environments, validate exposure, explain impact, and help teams prioritize the fixes that actually reduce risk.

01

Cloud and identity hardening

Microsoft 365, Entra ID, Azure, AWS, privileged access, Conditional Access, MFA, least privilege, and Zero Trust controls.

02

Vulnerability validation

Scanner review, exploitability analysis, business impact, ownership mapping, remediation planning, and fix validation workflows.

03

AI and application security

LLM workflow risk, data exposure, prompt handling, vendor boundaries, application logic, API exposure, and secure adoption guardrails.

Featured Portfolio

Sample deliverable types across core service areas. Structured security reviews built around practical findings and actionable remediation.

Cloud & Identity

Microsoft 365 Security Review

A structured review of your Microsoft 365 environment covering authentication controls, privileged access, and external exposure.

Review Covers

MFA, Conditional Access, privileged roles, risky users, external sharing, legacy authentication, mailbox forwarding, email security, OAuth application risk, and admin exposure.

Sample Coming Soon
Risk & Governance

Cyber Insurance Readiness Assessment

A mapped review of common cyber insurance requirements to identify coverage gaps before renewal or application.

Review Covers

MFA, endpoint protection, backups, encryption, patching, email security, privileged access, incident response readiness, and access controls.

Sample Coming Soon
Attack Surface

External Exposure Audit

A public-facing attack surface review to identify what's visible, accessible, and potentially exploitable from the outside.

Review Covers

Exposed services, DNS, email authentication, SSL/TLS, public login surfaces, cloud exposure, vulnerable perimeter assets, and high-risk misconfigurations.

Sample Coming Soon
Vulnerability Management

Vulnerability Triage Report

Risk-based validation of scanner output — separating what needs immediate action from what can wait, and why.

Review Covers

Scanner findings, exploitability, business impact, remediation ownership, false positives, SLA priority, and fix validation.

Sample Coming Soon
AI Security

AI Security Review

A security review of AI-enabled workflows, LLM integrations, and AI-assisted development practices within your organization.

Review Covers

LLM workflows, data exposure paths, prompt handling, approved tool boundaries, DLP controls, vendor risk, and secure AI adoption.

Sample Coming Soon
Application Security

Application Security Assessment

A security review of business-critical applications focusing on authentication, API exposure, data handling, and configuration risks.

Review Covers

Authentication, authorization, API exposure, secrets handling, insecure logic, data protection, cloud configuration, and business-critical application risks.

Sample Coming Soon

Work Experience

Cybersecurity Engineer

TherapyNotes
Current

Remote

  • Lead internal penetration testing and security assessment initiatives across Azure, Microsoft 365, AWS, SaaS, identity systems, enterprise applications, and externally exposed assets.
  • Lead internal AI security efforts by evaluating LLM-enabled workflows, data exposure risks, prompt handling, vendor and tool risks, DLP controls, and secure implementation boundaries.
  • Strengthen Zero Trust architecture across Microsoft 365 and Azure through Conditional Access hardening, privileged access reviews, PIM administration, least privilege, and identity governance.
  • Improve detection and response capabilities with Microsoft Defender XDR and Microsoft Sentinel.
  • Lead vulnerability validation and remediation using Rapid7 and Microsoft Defender findings.
  • Review Terraform and infrastructure-as-code security standards.
  • Review cloud and network architecture, including NSGs, segmentation, routing, and firewall configurations.

Independent Security Consultant

DeepDream Security / Freelance

Remote

  • Provide practical security consulting for small and mid-size businesses through external exposure reviews, web application security assessments, AI security reviews, and risk-based remediation planning.
  • Assess AI-created and AI-powered web applications for authentication, authorization, API exposure, secrets handling, data protection, cloud configuration, insecure logic, and business-critical security gaps.
  • Perform external attack surface reviews using Nmap, Shodan, vulnerability scanners, and manual validation.
  • Support builders and SMBs adopting AI-assisted development by reviewing workflows, LLM usage, data exposure risks, and secure implementation boundaries.

Senior Information Security Analyst

EssilorLuxottica / EyeMed

Mason, OH

  • Achieved the highest BitSight and SecurityScorecard ratings in EyeMed history.
  • Led a major overhaul of the vulnerability management program, reducing enterprise vulnerabilities by 72%.
  • Partnered with penetration testers and engineering teams to reproduce vulnerabilities, validate findings, assess exploitability, support remediation, and harden applications and network infrastructure.
  • Analyzed vulnerabilities affecting web applications, authentication systems, infrastructure, and externally exposed assets.
  • Integrated security tooling and assessment workflows to improve vulnerability visibility, monitoring, and offensive security readiness.
  • Collaborated with application teams to embed security best practices into the SDLC.

Information Security Analyst

University of Cincinnati

Cincinnati, OH

  • Owned Duo MFA for 350,000+ students, faculty, and staff.
  • Re-architected and migrated the MFA platform to Azure with high availability, backup, and recovery procedures.
  • Reduced fraudulent sign-ins and account takeovers by tightening MFA policies, improving monitoring, and driving user training.
  • Supported identity security, endpoint security, access control, and incident response.

Network & Security Engineer

Nexus Wifi

West Chester, OH

  • Engineered and operated wired and wireless networks for hospitality and commercial clients.
  • Designed, installed, and remotely managed 800+ router, switch, and access point environments.
  • Hardened client environments with security policies, practical assessments, improved remote management, and segmentation.
  • Troubleshot routing, switching, wireless, firewall, VPN, and infrastructure issues.

Skills & Expertise

Security Domains

Application security, AI security, cloud security, IAM, vulnerability management, incident response, security architecture, penetration testing, security governance.

Cloud & Platforms

Azure, AWS, Microsoft 365, Entra ID, GitHub, SaaS security, hybrid infrastructure, Terraform, infrastructure as code.

Detection & Vuln Management

Microsoft Defender XDR, Microsoft Sentinel, Rapid7, Qualys, Nessus, SIEM, log analysis, phishing defense, email and web security.

Infrastructure & Scripting

Network segmentation, VPN, firewalls, Check Point, Cisco, UniFi, Cloudflare, NSGs, routing, Python, PowerShell, Bash, SQL.

Identity & Access

Conditional AccessSSODuo MFAPIM Privileged access managementLeast privilege Admin By RequestAuthentication flows

Frameworks & Standards

NIST CSFNIST 800-53SOC 2 HIPAAHITRUSTPCI DSSFERPA

Selected Impact

Key programs, outcomes, and initiatives across roles.

Internal AI Security Program

Built and lead an internal AI security initiative evaluating LLM workflows, data exposure risks, vendor risk, and secure implementation boundaries across the organization.

Internal Penetration Testing Program

Established and lead an internal penetration testing program covering Azure, Microsoft 365, AWS, SaaS, identity systems, enterprise applications, and external assets.

72% Enterprise Vulnerability Reduction

Led a major overhaul of the vulnerability management program at EssilorLuxottica / EyeMed, achieving the highest BitSight and SecurityScorecard ratings in company history.

External Attack Surface Improvement

Improved external threat posture through structured exposure reviews covering DNS, email authentication, SSL/TLS, cloud exposure, and perimeter hardening across client environments.

350,000+ Identity MFA Environment

Owned and re-architected Duo MFA for 350,000+ users at University of Cincinnati, migrating to Azure and reducing fraudulent sign-ins through tightened policy and improved monitoring.

Security Teaching and Curriculum Leadership

Teach networking and cybersecurity courses as Adjunct Instructor at Cincinnati State, and serve on the NETA/CSA Advisory Board to align curriculum with current industry expectations.

Teaching & Leadership

Adjunct IT Instructor

Cincinnati State Technical and Community College

Teach networking and cybersecurity concepts in an online college environment, translating technical material into clear, practical instruction that students can apply in the field.

Advisory Board Member

NETA/CSA Program, Cincinnati State

Provide industry input on networking and cybersecurity curriculum alignment to keep courses relevant to current employer expectations and skill requirements.

Education

B.S. Cybersecurity and Information Assurance
Western Governors University
February 2025
A.S. Cybersecurity and Network Engineering
Cincinnati State Technical and Community College
May 2021
Information Technology Program, IT Tech Prep Certification
Butler Tech Career Center
2019

Certifications

ISC2
SSCPCertified in Cybersecurity
CompTIA
Security+Network+A+CySA+PenTest+
Cisco
Certified in Network DefenseCybersecurity Essentials
Microsoft
Security Fundamentals

Independent Practice

DeepDream Security

DeepDream Security is my independent cybersecurity advisory practice for small businesses and professional firms that need practical security reviews, Microsoft 365 hardening guidance, cyber insurance readiness support, external exposure reviews, AI security guardrails, ransomware readiness, and clear remediation plans.

Visit DeepDream Security ↗

Connect

Find me on LinkedIn, download the resume, or learn more about my consulting work at DeepDream Security.

LinkedIn Resume PDF DeepDream Security