Associate of (ISC)² · CISSP Exam Passed · Secret/TS Clearance Eligible

NoahShaffer

|

Operating at the intersection of AI and offensive & defensive security. I architect agentic penetration testing pipelines, build RAG-driven compliance engines, and ship LLM-integrated security tooling across the full secure SDLC.

Download ResumeGet In Touch
40+
Offensive Tools Integrated
AI-First
Engineering Methodology
Assoc. (ISC)²
CISSP Exam Passed
Secret/TS
Clearance Eligible
scroll

01. About

Who I Am

I'm a Cybersecurity Engineer and Associate of (ISC)² — I passed the CISSP exam and am accruing the 5 years of experience required for full certification. I have strong foundational coding knowledge built on years of hands-on development before AI tooling, and now operate at the intersection of AI and offensive & defensive security.

AI is my core engineering methodology. I architect agentic penetration testing pipelines, build RAG-driven compliance engines, and ship LLM-integrated security tooling across the full secure SDLC. Deep expertise in NIST AI RMF and MITRE ATLAS, including prompt injection defense, adversarial ML mitigation, and RAG pipeline hardening.

As Founder of Lockridge Security LLC and AI Software Engineer at ApexShield LLC, I'm building the next generation of AI-driven offensive security and compliance tooling. At Glacier Peak Capital, I secure regulated fixed-income trading systems under SEC Reg SCI, FINRA 4370, PCI-DSS, and SOC 2.

Clearance: U.S. Citizen · Secret / Top Secret Clearance Eligible
Degree: M.S. Cybersecurity Engineering — USD (Expected Aug 2026)
Current: AI Software Eng @ ApexShield · Founder @ Lockridge Security · Security Eng @ Glacier Peak Capital
Location: Tallahassee, FL
LinkedInGitHubEmail
profile.sh
$ whoami
noah_shaffer@ai-security
$ cat focus.json
{
"methodology": "AI-First",
"specialties": [
"Agentic Pen Testing",
"RAG Compliance Engines",
"LLM Security Tooling"
],
"cert": "Associate of (ISC)²",
"clearance": "Secret/TS eligible"
}
$

02. Skills

Core Competencies

AI-first security engineering across offensive pipelines, compliance automation, cloud, and application security.

AI/ML Engineering

LLM Application DevelopmentAgentic AI SystemsLangGraphLangChainLiteLLMRetrieval-Augmented Generation (RAG)Prompt EngineeringAI Agent OrchestrationMulti-Agent WorkflowsHuman-in-the-Loop DesignVector Databases (pgvector)OpenAI APIAnthropic APIPyTorchTensorFlowscikit-learnPandasFine-Tuning & EvaluationAI Pipeline Automation

AI Security & Governance

AI/ML SecurityPrompt Injection DefenseAdversarial ML MitigationRAG Pipeline HardeningLLM Red TeamingAI Governance & RiskNIST AI RMFMITRE ATLASModel Supply Chain SecurityAI Audit & Compliance

Languages & Development

PythonTypeScript / JavaScriptBashSQLC / C++Go (intermediate)REST / GraphQL API DesignNext.jsFastAPIReact

Cloud & Infrastructure

AWS IAMAWS GuardDutyAWS Security HubAWS KMS / CloudTrailAWS WAF / Macie / InspectorAzure AD / Entra IDGCP IAMDockerKubernetesTerraformGitHub Actions / CI/CDDevSecOpsLinux (RHEL, Ubuntu)Neo4jRedisPostgreSQL

Cybersecurity

Penetration TestingRed / Blue Team OperationsPTaaS DeliveryAutonomous Offensive Security PipelinesVulnerability ManagementThreat Modeling (STRIDE, PASTA)Zero Trust ArchitectureIncident Response & ForensicsSecure SDLCCryptography & PKIAPI SecuritySIEM · EDR · XDRData Loss Prevention

Security Tools

SplunkElastic SIEMCrowdStrikeSentinelOneMicrosoft Defender XDRSnort / SuricataPalo Alto / Fortinet NGFWNessus / QualysBurp SuiteMetasploitNmapNucleiHydraSQLMapOWASP ZAPSemgrepSnyk / TrivyWireshark

Frameworks & Compliance

NIST CSFNIST 800-53NIST 800-171NIST AI RMFISO 27001SOC 2 Type IIPCI-DSSHIPAA / GDPR / CCPAFedRAMPMITRE ATT&CKMITRE ATLASOWASP Top 10CIS ControlsSEC Regulation SCIFINRA Rule 4370CSA CCM

03. Experience

Professional Experience

ApexShield LLCAI / SaaS

AI Software Engineer — Sole Engineer, ShieldAudit Platform

Jan 2026 – Present
Capstone Engagement
  • Architected a Next.js 16 / PostgreSQL application with Clerk auth, Drizzle ORM, and Neon serverless DB; enforced an immutable audit trail via database triggers to satisfy regulator evidentiary standards across all tenant environments.
  • Engineered an 18-component, 40-question AI-assisted assessment engine with risk-weighted scoring aligned to NIST CSF, integrating LLM capabilities via prompt engineering and RAG to auto-generate audit findings, control gap summaries, and remediation narratives — with automated PDF/DOCX report output for regulatory submission.
  • Delivered end-to-end penetration testing engagements as a managed service, leveraging the Lockridge Security agentic offensive platform to provide clients a unified compliance auditing and adversarial testing capability under one engagement.
  • Designed and developed the ApexShield marketing and client-facing website, handling UX, copywriting, and deployment end-to-end.
Lockridge Security LLCFounder

Founder & Lead Security Engineer

Oct 2025 – Present
Tallahassee, FL
  • Architected and deployed a containerized offensive security platform integrating 40+ industry tools (Nmap, Nuclei, Metasploit, Hydra, SQLMap) within isolated Kali Linux environments, eliminating client infrastructure footprint across all engagements.
  • Engineered a LangGraph-based agentic workflow to autonomously validate CVE exploitability, stress-test credential policies, and enumerate lateral movement paths — with configurable human approval gates at high-risk decision nodes.
  • Produced prioritized vulnerability reports with AI-generated remediation recommendations, compressing client time-to-fix cycles and enabling development teams to action findings without manual triage overhead.
Glacier Peak CapitalFull-Time

Security Engineer

Aug 2024 – Present
Financial Services
  • Developed and maintained SSPs and control narratives aligned with SEC Regulation SCI, FINRA Rule 4370, PCI-DSS, and SOC 2 for fixed-income trading systems handling CUSIP-level pricing and Treasury yield curve data.
  • Conducted internal compliance audits and continuous control monitoring, assessing confidentiality, integrity, and availability of sensitive market data and escalating findings through formal remediation tracking.
  • Performed risk assessments and gap analyses against PCI-DSS and SOC 2 frameworks, producing documented findings and tracking remediation actions to maintain continuous audit readiness.
  • Executed vendor risk reviews for third parties with access to proprietary trading data, evaluating security controls and surfacing deficiencies against regulatory requirements.
  • Owned BCP documentation and testing under FINRA Rule 4370, including tabletop exercises and failover validation to verify operational continuity under adverse conditions.

04. Certifications

Credentials

CISSPExam Passed

Certified Information Systems Security Professional

(ISC)² — Associate

Passed the CISSP examination — currently an Associate of (ISC)² accruing the required 5 years of professional security experience toward full certification.

Security & Risk MgmtAsset SecuritySecurity ArchitectureNetwork SecurityIAMAssessment & TestingSecurity OpsSoftware Dev Security
CCActive

Certified in Cybersecurity

(ISC)²

Entry-level certification demonstrating foundational knowledge of cybersecurity principles and best practices.

Security ConceptsBusiness ContinuityAccess ControlsNetwork SecuritySecurity Operations
AWS SecurityIn Progress

AWS Certified Security – Specialty

Amazon Web Services

AWS specialty certification validating advanced cloud security skills across identity, network, and data protection.

Incident ResponseLogging & MonitoringInfrastructure SecurityIAMData Protection
AI SecurityIn Progress

AI Security Certificate

In Progress

Certification covering AI/ML security risks, adversarial attacks, model hardening, and secure MLOps practices.

Adversarial MLModel SecurityAI Risk ManagementSecure MLOpsAI Governance

05. Education

Academic Background

University of San Diego

M.S., Cybersecurity Engineering

Expected August 2026

NSA/CAE-Accredited
NSA/CAE (Center of Academic Excellence) designated program
Vice President, Cybersecurity Club (2025 – Present)
Relevant Coursework
Secure Systems ArchitectureApplied CryptographyCyber Threat IntelligenceIncident Response & ForensicsGovernance, Risk & Compliance

Florida State University

B.S., Computer Science

2024

Graduated
Minors: Business, Mathematics
Honors: Dean's List, President's List
Relevant Coursework
Data Structures & AlgorithmsOperating SystemsComputer NetworksSoftware EngineeringDiscrete Mathematics

06. Projects

GitHub Work

View All on GitHub
WebsiteFinal

No description available.

TypeScript
0
0
CPPA-AUDIT

No description available.

TypeScript
0
0
LockRidgeSecurity-----ApexShield-Website-

No description available.

TypeScript
0
0
LockridgeSecurity-Pentesting-tool-

No description available.

Python
0
0
LockRidgeSecurityCompliance-Software

No description available.

0
0
AutoStigs

No description available.

Python
0
0
ClaudeCodeAgentClone

No description available.

Python
0
0
autonomous-AI-framework-security

An autonomous AI framework that chains reconnaissance, exploitation, and post-exploitation into a single pipeline, then goes further by triaging every finding, implementing code fixes, and opening pull requests on your repository. From first packet to merged patch, with human oversight at every critical step.

Python
0
0
Wazuh_Siem

No description available.

Python
2
1
LockRidge

No description available.

TypeScript
0
0
Leet-coder

No description available.

0
0
phishing-detection-engine

No description available.

Python
1
1

07. Contact

Get In Touch

Open to security engineering roles, consulting engagements, and collaboration.

Email

NoahWilliamShaffer@gmail.com

LinkedIn

linkedin.com/in/noahwilliamshaffer

GitHub

github.com/noahwilliamshaffer

Location

Tallahassee, FL

Available for opportunities

Security Engineering · Cloud Security · DevSecOps · Consulting