Better Decisions Under Pressure

Translating upstream risk into defensible action for security and technology leaders

Learn more
$M+
Portfolio Leadership
+
Federal Authorizations
+
Staff Leadership
%
Risk Reduction

About Me

I serve as an executive advisor and systems-risk strategist working at the intersection of cybersecurity, geopolitics, leadership, and business execution.
My work focuses on translating power dynamics, policy shifts, and global events into actionable foresight leaders can use to make better decisions before risk shows up as an incident, a failed program, or a missed opportunity.

Over 25+ years, I’ve led federal IT operations, cybersecurity programs, and growth initiatives inside regulated, high-consequence environments, from DoD authorization programs to enterprise GRC at scale. That experience shapes how I approach risk and leadership: less theory, more operational realism; fewer indicators, more incentive analysis; no hot takes, just defensible conclusions.

Areas of Expertise

Upstream Risk
Translation

Translating geopolitical signals, policy shifts, and power dynamics into early warning systems improving threat models before incidents emerge.

Federal Authorization &
Compliance

Leading FedRAMP, CMMC, and DoD authorization programs. Authoring SSPs and POA&Ms that survive audit pressure and translate regulatory mandates into engineering workflows.

Cybersecurity & Risk Management

Building resilient security programs that integrate SOC operations, vulnerability management, and incident response at scale while maintaining operational tempo.

IT Portfolio &
Operations Leadership

Directing enterprise IT strategy, infrastructure optimization, and cross-functional delivery for regulated, high-consequence environments.

Vendor &
Third-Party Risk

Assessing supplier exposure through geopolitical, operational, and compliance lenses to protect critical dependencies and maintain service continuity.

Strategic Growth &
Business Development

Leading capture strategy, proposal development, and technical solutioning for federal programs where security, compliance, and delivery execution intersect.

Operating Environments

FEDERAL AUTHORIZATIONS &
DEFENSE OPERATIONS

High-consequence federal systems where policy shifts, authorization timelines, and mission continuity intersect. Led programs across TSA, DCSA, DoD education systems. These are environments where regulatory compliance isn’t optional, operational tempo is relentless, and control failures have national security implications.

Capabilities Demonstrated:
Directed $350M IT portfolio and 500+ staff for critical federal aviation security mission, translating NIST 800-53 and ISO 27001 requirements into operational controls during agency modernization
Led authorization programs (ATOs, RMF packages, SSPs/POA&Ms) under compressed timelines, managing 10x workforce expansion while maintaining authorization posture
Managed global IT operations across 50+ locations in 9 countries supporting DoD education systems, achieving 95% SLA compliance across 3,000+ monthly service requests
Policy translation proves more predictive of compliance success than tool selection; incentive analysis outperforms audit findings for behavior prediction

Organizations: GDIT (TSA), Deloitte (DCSA), CSC (DoDDS)
Timeline: 2010-2020

ENTERPRISE
HEALTHCARE

Multinational clinical research organization operating under HIPAA, GDPR, NIST, GxP across hybrid cloud infrastructure. High-velocity M&A activity, distributed workforce, zero tolerance for data breach or regulatory violation. Scale and complexity where checkbox compliance creates operational drag and GRC theater fails under audit pressure.

Capabilities Demonstrated:
Directed enterprise IT strategy and portfolio governance for global healthcare organization, building programs that embedded NIST, HIPAA, and GDPR requirements into daily workflows rather than periodic assessments
Led GRC program achieving 25% security risk reduction and 22% decrease in audit findings while maintaining operational tempo during multiple acquisitions
Designed vendor risk assessment framework incorporating geopolitical signals (EU data residency, cross-border data flows) into technology decisions ahead of formal mandate cycles
Compliance-in-operations architectures outperform checkbox theater under audit pressure; upstream policy analysis enables proactive control design rather than reactive remediation

Organization: ICON Clinical Research, TREC
Timeline: 2020-2026

GROWTH-STAGE &
FEDERAL CAPTURE

Federal contractors navigating CMMC evolution, FedRAMP requirements, and contract eligibility constraints during rapid growth. Environments where compliance blockers kill revenue, policy uncertainty creates planning risk, and authorization timelines determine business viability. Executive teams require decision frameworks, not implementation checklists.

Capabilities Demonstrated:
Translate emerging policy signals (HACS certification, CMMC program evolution, GSA modernization initiatives) into technical roadmaps and capture strategy for growth-stage organizations
Lead GRC and authorization engagements, authoring SSPs, POA&Ms, and risk assessments that accelerate authorization timelines while surviving audit pressure and maintaining technical accuracy
Advise executives on risk tradeoffs where regulation, innovation, and contract eligibility intersect under policy ambiguity
Geopolitical procurement trends (supply chain security mandates, ICTS restrictions) reshape vendor selection windows before formal policy publication; regulatory ambiguity requires defensible action frameworks, not wait-and-see postures

Organizations: NucoreVision (Chief Growth Officer), Exprima (Founder/CEO)
Timeline: 2024-Present

Operational General Manager

2015-2019

Led a large IT team in full-scope services, serving as a trusted advisor to the agency CIO and executive team
Strategic Risk Management:
Led a comprehensive risk management team for the TSA ITIP contract, aligning security operations with regulatory requirements (NIST 800-53) and information security management (ISO 27001), ensuring successful compliance audits.
Compliance Roadmap Development:
Developed strategic roadmap strategy to ensure ongoing alignment with federal regulations, resulting in the successful audit of mission-critical systems.
Vendor & Stakeholder Management:
Cultivated strong relationships with key stakeholders, including agency senior executives (CIO, CISO) and external partners, improving the integration of compliance requirements into internal and third-party services reducing overall risk by 20%
Volunteer
Chief Information Officer (Fractional)

2020-Current

Oversee technology strategy, aligning IT systems with business goals and managing resources within budget
Strategy Development:
Developed and executed the IT strategy for a behavioral health startup, ensuring scalable operations for a 400% growth in one year.
Vendor & Compliance Management:
Optimize vendor selection and relationships, implementing cost-effective solutions that align with organizational values.

Education

M.S. – Mindful Leadership (2020)
B.S. – Information Systems (2003)
Certifications

What People Say

Elliott is a true professional. You can always tell when a leader is doing well is when they look behind them and their team is still there. He leads intelligently, with integrity, has excellent listening skills, and treats his staff well. Any company that has him on their team will greatly benefit.

Armand S.

Elliott is one of the most valuable and reliable people I have ever met. Elliott is a smart perfectionist that is always looking to help his clients achieve their goals. He is ready to deal with difficult situations and solve the problems on time. No matter how complex the problem is, he will always come up with a brilliant, elegant, and cost-effective solution.

Margaret S.

I found Elliott to be a very good leader and manager, results-oriented, great with project and team management, but also able to change his views and team strategy as to fit the project needs. I think his strong work ethic and high professional standards makes him a distinct and valuable presence in any work environment.

Andrei T.

Get In Touch

Email: contact@elliottmattice.work
LinkedIn: https://www.linkedin.com/in/emattice
Phone: (202)-262-4088

Download CV

Scroll to Top