About Our CEO

As Chief Executive Officer of Aethon Security Consulting, Derek leads a team of cybersecurity professionals focused on helping federal contractors confidently achieve and sustain compliance with DFARS 252.204‑7012 and CMMC Level 2 requirements. He works closely with clients to ensure cybersecurity programs are practical, defensible, and aligned with real‑world operational needs—not just regulatory checklists.

In his role, Derek oversees the design, implementation, and governance of CMMC‑aligned security controls across client in‑scope environments. He also ensures Aethon’s clients receive clear, thorough documentation of their Covered Contractor Information Systems, delivering NIST SP 800‑171A‑aligned System Security Plans and supporting artifacts built to withstand assessment scrutiny while minimizing disruption to business operations.

Prior to founding Aethon Security, Derek served as Director of Cybersecurity Operations at a Managed Security Service Provider and as Deputy Chief Information Security Officer of a CMMC Third‑Party Assessment Organization. In these roles, he directly supported defense contractors through Joint Surveillance Voluntary Assessments, guiding teams to perfect 110 scores—the equivalent of successful CMMC Level 2 certification assessments. This experience gives Derek a firsthand understanding of assessor expectations and the challenges contractors faced during high‑stakes evaluations.

Derek holds the Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) credentials from ISC2, the Certified CMMC Assessor (CCA) credential from Cyber AB, and a Master of Business Administration from William& Mary’s Raymond A. Mason School of Business. His leadership philosophy is grounded in partnership, transparency, and helping clients move through compliance with clarity and confidence.