David R. Gillispie.

David R. Gillispie.

I'm a cybersecurity engineer based in St. Augustine, Florida. My full formal name is David R. Gillispie III, but I use David R. Gillispie for my public portfolio and professional brand.

My work focuses on Microsoft 365, Entra ID, cloud access, SaaS security, AI tool guardrails, vulnerability workflows, and practical remediation. I care about the part of security that happens after risk is found: designing the fix, making it usable, validating that it worked, and turning it into something repeatable.

I also teach networking and cybersecurity concepts, which shapes how I communicate technical risk. Clear enough for non-security stakeholders, detailed enough for technical teams, and focused on what can actually be fixed.

Outside of full-time engineering work, I run DeepDream Security for fixed-scope security reviews, hardening projects, and remediation planning.

Where it started

I have been interested in systems, controls, and how things break for as long as I can remember. When I was a kid, I used to take apart the family computer because I wanted to understand what was inside. We did not always have reliable internet access, so when I could not get online, I spent time learning Windows, hardware, software, and basic computer concepts on my own.

I was not just interested in using computers. I was interested in making them do things, testing limits, bypassing restrictions, and figuring out why something failed.

My stepdad had a screen-time control device connected to the TV. He kept changing the PIN because I kept figuring it out. What I was really doing was listening. I would pretend to be asleep while he entered the PIN, memorize the keypad tones, map the sounds back to the numbers, and use that to unlock it later.

At the time, I just wanted more video game time. Looking back, that was one of my first lessons in how controls can fail when the process around them is predictable. I was observing behavior, recognizing patterns, testing assumptions, and learning that security is not just the device or the rule — it is the whole system around it.

Later, I started writing batch scripts and experimenting with what I could control. I broke that computer plenty of times by taking it apart, changing settings, and trying things I barely understood. That was how I learned: touch the system, break it, fix it, try again.

By the time I was around 12, I knew technology was what I wanted to do. Penetration testing and cybersecurity made sense to me because they gave structure to the thing I was already drawn to: understanding weak points, testing assumptions, and figuring out how to make systems safer after you understand how they fail.

Today, that same instinct still drives how I work. I like understanding how systems behave, where controls break down, how risk becomes real, and how to turn that into practical fixes people can use.