About William Zujkowski
Currently serving as an Information Technology Specialist (INFOSEC) at Technology Transformation Services (TTS) - cloud.gov, where I lead security initiatives for the government's premier cloud platform serving 30+ federal agencies. My work focuses on Zero-Trust architecture implementation, FedRAMP compliance automation, and building secure infrastructure for government innovation.
Quick Navigation
What I Bring
15+ Years in Cybersecurity
From IT support to senior security engineering roles across federal agencies
AI/ML Security Focus
Building tools at the intersection of artificial intelligence and security
Open Source Contributor
Active development of security automation tools and AI integration frameworks
Federal Expertise
Deep understanding of NIST compliance, FedRAMP, and government security requirements
Technical Leadership
Experience leading teams, mentoring engineers, and driving security initiatives
Professional Experience
Current Position
Information Technology Specialist (INFOSEC)
Technology Transformation Services (TTS) - cloud.gov
November 2023 - Present
Leading security initiatives for cloud.gov, the government's cloud platform serving 30+ federal agencies.
Career Timeline
View Full Career History (2005-2023)
National Heart, Lung, and Blood Institute – Laboratory of Computational Biology
Lead HPC Site Reliability Engineer
May 2023 - November 2023
Led automation and resilience for NIH’s LoBoS high-performance computing cluster—implementing Ansible-driven provisioning, SLURM job scheduling, and NVLINK GPU interconnects—to accelerate molecular dynamics research and ensure continuous high-performance availabilityNational Institutes of Health – Office of the CIO
Vulnerability Management Team Lead
November 2021 - March 2023
Led NIH’s enterprise-wide vulnerability management across all 27 Institutes, driving strategy, automation and OS-hardening initiatives. Built and mentored a 18-member security team, championed CISA BOD 22-01 and Log4j response, and forged cross-IC stakeholder partnerships to dramatically improve NIH’s security posture.National Human Genome Research Institute (NIH)
Security Engineering Lead / Alternate ISSO
December 2020 - November 2021
Orchestrated vulnerability remediation, Synack VDP and penetration-test programs, and rolled out Absolute endpoint protection across NHGRI. Served as alternate ISSO, chaired inter-institute working groups, and ensured federal compliance with continuous monitoring and forensics capabilities.National Human Genome Research Institute (NIH)
Information Technology Security Engineer
December 2018 - December 2020
- Cyber defense infrastructure support
- Secure architecture implementation
- Incident response and threat mitigation
Foundation Years (2005-2018)
2017-2018: Lead Service Desk Engineer (Tier III) at GRSi & MSC - National Heart, Lung, and Blood Institute (NIH)
2016-2017: Technical Support Engineer at Partners International
2015-2016: IT Infrastructure Manager at Sensible Software - Led cloud migration initiatives
2014-2015: IT Asset Management at e-End - NIST/NAID compliant data destruction
2005-2014: Independent IT Consultant - Built foundation in diverse technologies
Key Achievements
Recognition
- NHLBI Exceptional Performance Recognition
- NIH OCIO Contractor Excellence Award
- Certificate of Excellence
Certifications
- CompTIA Security+
- CompTIA Network+
- CompTIA A+
Professional Memberships
Technical Skills & Expertise
Core Competencies
AI/ML & LLM Development
Model Context Protocol (MCP)
LangGraph & LangChain
Prompt Engineering
AI Security & Safety
Python Development
Python (Advanced)
API Development
Data Pipeline ETL
GitHub API Integration
Security Engineering
NIST 800-53r5 Compliance
Supply Chain Security
Zero-Trust Architecture
Security Automation
Technical Stack
View Complete Technical Stack
| Category | Technologies | Experience |
|---|---|---|
| Languages | Python, JavaScript/TypeScript, Bash, YAML, Markdown | Daily use |
| AI/ML Tools | Model Context Protocol, LangGraph, LangChain, OpenAI API, LLM Integration | Advanced |
| Security Tools | Dependency Analysis, SBOM Generation, NIST Compliance, Supply Chain Security | Expert |
| Development | API Development, ETL Pipelines, GitHub API, Package Development, CLI Tools | Expert |
| CI/CD & DevOps | GitHub Actions, Docker, GitHub Pages, Automated Testing, Deployment Pipelines | Expert |
| Web Stack | Eleventy, Tailwind CSS, Nunjucks, PostCSS, Static Site Generation | Advanced |
Soft Skills
Leadership
Team lead experience, mentoring junior engineers, cross-functional collaboration
Communication
Technical writing, stakeholder briefings, security awareness training
Problem Solving
Root cause analysis, incident response, strategic planning
Open Source Projects
Building tools that solve real problems – from security automation to AI-powered content generation.
Featured Project
MCP Standards Server
A comprehensive Model Context Protocol (MCP) server providing intelligent NIST 800-53r5 compliance checking, automated code analysis, and standards enforcement for modern development workflows.
- Built using official MCP Python SDK
- Real-time standards compliance validation
- Automated security control mapping
- Integration with AI development tools
Project Categories
🤖 AI & LLM Projects
LLM Markdown Generator
Leverages Large Language Models to generate markdown blog posts with customizable, 11ty-compatible front matter for various topics.
Vulnerability Post Generator
A comprehensive system for generating high-quality vulnerability analysis blog posts using AI.
🔒 Security & Compliance Tools
Dependency Risk Profiler
A command-line tool that goes beyond traditional vulnerability scanners to assess the overall health and risk of a project's open-source dependencies.
- Comprehensive dependency analysis
- License compatibility checking
- Maintenance status evaluation
- Supply chain risk scoring
RepoVac
A tool for grabbing dependency lists from an entire organization's repositories.
Don't Panic
Enriched alerting system providing detailed alerts without causing system-wide terror. Success often depends on finding your towel.
🏠 Homelab & Personal Learning
Security-Focused Homelab
Personal security operations center for learning, experimentation, and testing new security concepts.
Infrastructure:
- pfSense firewall with Suricata IDS/IPS
- 5 VLANs for network segmentation
- Proxmox virtualization cluster
- Raspberry Pi monitoring nodes
- Automated backup systems
Security Stack:
- Wazuh SIEM with custom rules
- OpenSearch for log analysis
- Grafana security dashboards
- Automated vulnerability scanning
- Honeypot deployment
Currently Exploring
Learning & Growth
Current Focus
- • Advanced Model Context Protocol patterns
- • Multi-agent AI system orchestration
- • Supply chain security automation at scale
Exploring Next
- • Zero-knowledge proof implementations
- • Privacy-preserving LLM techniques
- • Distributed compliance validation
AI Security
LLM security, prompt injection defense, and AI supply chain security
Zero Trust
Implementing Zero Trust principles in personal and professional projects
Automation
Security automation, compliance as code, and developer productivity tools
Let's Connect
Whether you want to discuss federal security, share dad jokes, or collaborate on projects – I'm always happy to connect with fellow tech enthusiasts.
Professional Connections
Code & Community
What to Talk About?
Security Topics
Zero-Trust, FedRAMP, threat hunting, or general security discussions
Career Advice
Transitioning to security, federal contracting, or certification paths
Fun Stuff
Strategy games, sci-fi books, homelab projects, or dad jokes
Speaking & Collaboration
Available For
- ✓ Security conference talks
- ✓ Federal agency workshops
- ✓ Podcast appearances
- ✓ Open source collaboration
- ✓ Security mentorship
- ✓ Technical writing
Response Time
I try to respond within 24-48 hours for professional inquiries. If you're reaching out about security vulnerabilities or urgent matters, please indicate that in your subject line.
Looking forward to connecting with you!