Bridging the Gap Between Compliance and Capability
I believe that robust cybersecurity isn’t just a checkbox—it’s the foundation of national security and business resilience. With over a decade of experience leading complex technical projects and securing enterprise environments, I’ve transitioned my focus to the front lines of the CMMC ecosystem.
As a current IT Systems Auditor with a deep-rooted background as a Cybersecurity Project Manager, I don’t just identify gaps; I understand the operational ‘why’ behind the controls. My mission is to help organizations navigate the complexities of CMMC certification by blending rigorous technical scrutiny with a collaborative, mission-focused approach. Whether I’m auditing a network architecture or translating compliance requirements for stakeholders, I am dedicated to ensuring that defense contractors are not just compliant, but truly secure.

Douglas Zipay
“Doug was Built not Born” is more than a tagline—it is the philosophy that governs my professional life. My expertise wasn’t inherited; it was deliberately constructed through discipline, field experience, and a relentless drive for evolution. From the technical front lines to the rigor of high-level auditing, every career transition has been an intentional step toward mastery. This is a reputation forged by doing the work and earning credibility at every stage.
The Foundation: Naval Service
My journey began in the U.S. Navy, specializing in electronics and IT within high-tempo, high-stakes environments. This service instilled in me the accountability and operational discipline required for mission-critical work. The lessons in leadership I learned at sea continue to define my approach to technology, risk, and the “no-fail” nature of national security.
The Expansion: Federal & Defense Leadership
Supporting U.S. Special Operations Command (USSOCOM) and the Department of the Interior (DOI), I advanced from Field Service Engineer to Technical Project Manager. This era was my bridge between hands-on engineering and enterprise strategy. It gave me a deep, practical understanding of how federal IT environments operate—not just on paper, but in the real world where uptime and security are non-negotiable.
The Pivot: IT Audit & CMMC Assessment
Today, as an IT Systems Auditor and CMMC Assessor, I have shifted my focus from building systems to protecting them. I look beyond the static checkboxes of a compliance list to help organizations manage genuine risk. My goal is to ensure that systems are not only compliant but defensible, secure, and truly ready to support the missions they serve.
The Strategic Balance: Business & Finance
Complementing this technical background is a deep proficiency in business operations. With an MBA in Finance and a focus on global economics, I view cybersecurity not just as a technical hurdle, but as a critical component of broader business health and financial viability.
Conclusion
By bridging the gap between technical execution and business strategy, I help organizations turn compliance into a vital asset for resilience.
Doug Was Built Not Born
The "Doug Was Built, Not Born" Blog
Here I share past and present experiences where I’ve grown professionally and personally – and some opinions along the way. There’s no particular order to my postings as I add subject matter often. Click HERE to go to my Blog page to see more.
The AI Sandbox: How I Used Claude and Gemini to Master CMMC and NIST Controls
In the contracting world, stability is a luxury. When a contract enters a recompete phase, you don’t wait around to see which way the wind blows; you get ready for whatever comes next. For me, that meant aggressively closing the gaps in my compliance...
My Third Duty Station Taught Me That Auditing Isn’t About Hiding Problems. It’s About Owning Them.
After Cutler, I didn't get to choose my next assignment. The detailer had a critical fill in Guam and I was the body that fit the billet. The person replacing me in Cutler was — literally — the person I was replacing in Guam. That's how the Navy works sometimes. My...
Eight Certifications, Zero Bootcamps: What They Taught Me (and What They Didn’t)
I currently hold eight active certifications: CISA, CISM, CISSP, CEH, PMP, PSM, CCA, CCP, and ITIL. I've also let four lapse over the years - CCNA, CFCM, Security+, and Network+. Not because I failed to maintain them, but because they'd done their job and my career...
My Second Duty Station Was the World’s Most Powerful Radio Transmitter. I Worked Inside It.
Imagine, I was the SME and Lead Supervisor here - when I was only in my mid 20's! I was stationed at Naval Computer and Telecommunications Station Cutler, Maine — a remote posting in Washington County on the Down East coast, not far from the Canadian border. Most...
Don’t Be Afraid to Pivot – I Did Several Times
During my career in the U.S. Navy, I specialized in IT and Communications. When retirement approached, I was convinced I was done with both IT and the defense sector. Looking for a complete shift, I earned an MBA in Finance and took my first civilian role as an...
Current Certifications
