Bridging the Gap Between Compliance and Capability

I believe that robust cybersecurity isn’t just a checkbox—it’s the foundation of national security and business resilience. With over a decade of experience leading complex technical projects and securing enterprise environments, I’ve transitioned my focus to the front lines of the CMMC ecosystem.

As a current IT Systems Auditor with a deep-rooted background as a Cybersecurity Project Manager, I don’t just identify gaps; I understand the operational ‘why’ behind the controls. My mission is to help organizations navigate the complexities of CMMC certification by blending rigorous technical scrutiny with a collaborative, mission-focused approach. Whether I’m auditing a network architecture or translating compliance requirements for stakeholders, I am dedicated to ensuring that defense contractors are not just compliant, but truly secure.

Douglas Zipay

“Doug was Built not Born” is more than a tagline—it is the philosophy that governs my professional life. My expertise wasn’t inherited; it was deliberately constructed through discipline, field experience, and a relentless drive for evolution. From the technical front lines to the rigor of high-level auditing, every career transition has been an intentional step toward mastery. This is a reputation forged by doing the work and earning credibility at every stage.

The Foundation: Naval Service

My journey began in the U.S. Navy, specializing in electronics and IT within high-tempo, high-stakes environments. This service instilled in me the accountability and operational discipline required for mission-critical work. The lessons in leadership I learned at sea continue to define my approach to technology, risk, and the “no-fail” nature of national security.

The Expansion: Federal & Defense Leadership

Supporting U.S. Special Operations Command (USSOCOM) and the Department of the Interior (DOI), I advanced from Field Service Engineer to Technical Project Manager. This era was my bridge between hands-on engineering and enterprise strategy. It gave me a deep, practical understanding of how federal IT environments operate—not just on paper, but in the real world where uptime and security are non-negotiable.

The Pivot: IT Audit & CMMC Assessment

Today, as an IT Systems Auditor and CMMC Assessor, I have shifted my focus from building systems to protecting them. I look beyond the static checkboxes of a compliance list to help organizations manage genuine risk. My goal is to ensure that systems are not only compliant but defensible, secure, and truly ready to support the missions they serve.

The Strategic Balance: Business & Finance

Complementing this technical background is a deep proficiency in business operations. With an MBA in Finance and a focus on global economics, I view cybersecurity not just as a technical hurdle, but as a critical component of broader business health and financial viability.

Conclusion

By bridging the gap between technical execution and business strategy, I help organizations turn compliance into a vital asset for resilience.

Doug Was Built Not Born

The "Doug Was Built, Not Born" Blog

Here I share past and present experiences where I’ve grown professionally and personally – and some opinions along the way. There’s no particular order to my postings as I add subject matter often. Click HERE to go to my Blog page to see more.

From Shortwave Radios to Cybersecurity Signals: A Lesson in Global Awareness

Nov 8, 2025 | Doug Was Built Not Born

I’m going to date myself here — but stay with me. It’s a good one. My first duty station was in northern Scotland, toward the end of the Cold War. The U.S. Naval Communications Station there served as a strategic post near what was then the Soviet Union. This was an...

Moving On to New Opportunities

Oct 31, 2025 | Doug Was Built Not Born

Nine years ago (Halloween 2016) I submitted my two-week notice to an organization I worked at for nine years. The new job paid more, but that wasn’t the reason. I moved on for a new opportunity. More specifically – professional growth. I left a hybrid job (before that...

Sticking Your Neck Out – In This Case CMMC

Oct 30, 2025 | Doug Was Built Not Born

When I was off work earlier this year due to DOGE contract reductions, I searched for W2 work as many like me do/did. I also sought new opportunities, figuring now might be a good time to pivot to something new, or more in demand compared to project management....

How I Learned to PENTEST

Oct 27, 2025 | Doug Was Built Not Born

Where did I learn to PENTEST (Penetration Test)? It was during the pandemic. We were wearing masks and practicing social distancing. I came across Heath Adams and his Practical Ethical Hacker (PEH) on line course through The Cyber Mentor Academy. It was actually his...

Keeping Relevant By Listening to Podcasts

Oct 26, 2025 | Doug Was Built Not Born

Podcasts are great. They’re informational, educational, and free! I’m an avid daily listener. No matter if you’re new to the subject, or an expert. There’s something for everyone. Here’s three podcasts I listen to regularly: Security Now by Steve Gibson. Once a week,...