About

I’ve spent 19+ years in information security, specializing in security operations, incident response, and DevSecOps. My through-line has been building and mentoring high-performing teams, standing up scalable security programs, and integrating security into how software actually gets built — under the belief that security = quality.

Where I’ve worked

• Titania Solutions Group — ISSO & Cybersecurity SME (2019–present). Led a DevSecOps transformation, integrating automated security testing into CI/CD pipelines across 15+ development teams. Web app penetration testing, threat modeling, and the metrics to keep application security honest.
• Verodin, Inc. (acquired by FireEye) — Threat Research Manager (2016–2018). Founded and led a threat research team producing detection content and instrumentation, and built the multi-release roadmaps that helped mature the product toward acquisition.
• Executive Office of the President — Chief of Security Operations (2015–2016). Directed SOC operations in a high-stakes environment — detection, investigation, response, and an enterprise security technology transition across agencies.
• Defense Intelligence Agency (DCNDC) — Defensive Countermeasures Lead (2012–2015). Built and led the enterprise countermeasures team responsible for detection and mitigation content.
• U.S. Cyber Command — Countermeasures Developer (2010–2012). Defense-in-depth strategies and technical leadership for protecting critical DoD infrastructure.
• National Security Agency (NTOC) — Attack Sensing & Warning Section Manager / Senior Reporting Analyst (2007–2010). Ran AS&W operations and advanced the cataloging of attacker TTPs to improve detection fidelity.

What I work on

Detection engineering and intrusion analysis · DevSecOps and security automation (CI/CD, ZAP, Nuclei) · threat modeling and penetration testing · security operations and incident response leadership · secure-by-default systems. I build in Python, Go, and PowerShell, and I’m comfortable across Windows, macOS, and Linux.

Frameworks I lean on: NIST 800-53, MITRE ATT&CK, CAPEC, and CISA KEV.

A few other things

• Speaker at MITRE ATT&CKcon, and cited in a number of cybersecurity publications.
• Past (ISC)² CISSP and ISSAP, Cisco CCNA/CCNA Security, CompTIA Linux+/Network+, SANS 503 (Intrusion Detection In-Depth) and 501.
• NSA Military Performer of the Quarter, Joint Service Commendation Medal, and Navy Good Conduct Award.
• Off the keyboard, I raise Scottish Highland cattle at Thorny Knolls in Warrenton, Virginia.

Get in touch

Email me at james.lerud@gmail.com or find me on GitHub.