James Crabb
Cybersecurity
Clayton,NC
Work Preference
Timeline
Contract Lead - Cybersecurity Operations (SME III)
NATIONAL INSTITUTES OF HEALTH - EDGEWATER FEDERAL SOLUTIONS
07.2025 - Current
Chief Security and Technology Officer
ORGYLE
06.2024 - 03.2025
Vice President of Global Engineering and Managed Services
PROFICIO
10.2021 - 06.2024
MDR Security Investigator / Global Training Lead
CISCO SYSTEMS, INC.
06.2017 - 10.2021
Director of Knowledge Management, Sergeant First Class
UNITED STATES ARMY
02.2003 - 02.2016
Trade School Diploma - Network And Security Infrastructure Specialist
CAROLINA CAREER COLLEGE
Bachelor of Science - Business Administration, Management and Operations
MORRISON UNIVERSITY
Summary
Cybersecurity and operations leader with 20+ years of progressive experience, starting in U.S. Army Special Operations where I directed cyber intelligence, OSINT, and resilience in multi-national theaters under combat conditions, to building and scaling enterprise SOCs, AI-driven detection engineering, and federal-compliant cyber programs at leading MSSPs and contractors. Delivered measurable results including 60% reductions in triage times, $2.5M+ in cost savings through infrastructure optimizations, 45% faster time-to-detect, and pioneering AI tools (custom GPTs and exploit frameworks) that accelerate threat analysis, enrich intelligence, and close detection gaps. Passionate about mentoring teams, breaking silos, and driving collaborative governance, automation, and enterprise resilience in high-stakes federal and commercial environments.
Skills
- Cybersecurity Leadership & Team Building
- Workforce Development & Executive Training
- Cybersecurity Strategy & Risk Management
- Threat Detection, Incident Response
- Agile Development & DevSecOps
- SIEM, EDR/XDR & Security Infrastructure
- AI-Driven Security Automation & Orchestration
- Budget Management & Vendor Relations
Work History
Contract Lead - Cybersecurity Operations (SME III)
NATIONAL INSTITUTES OF HEALTH - EDGEWATER FEDERAL SOLUTIONS
07.2025 - Current
- Served as CSO Contract Lead for a multi-million-dollar federal contract; directed day-to-day operations for Task 3 across 9 sub-teams (CSOC, CTH, CTI, DET, FOR, Fusion, IR, RED, Surge), overseeing tactical and strategic cybersecurity operations for NIH and its 27 institutes.
- Established cross-task cyber fusion operations across all CSO teams and adjacent efforts, eliminating silos and strengthening enterprise cybersecurity resilience and project completion times.
- Architected NIH CSO Advisor GPT, an analyst-driven, federal-first AI capability automating threat analysis, log normalization, threat intelligence enrichment, and exploit chain analysis, accelerating reporting.
- Led enterprise detection modernization, implementing VERIS and MITRE ATT&CK dual tagging in Splunk and closing detection gaps to deliver NIH's first enterprise-wide dual-framework alignment with measurable coverage and audit-ready visibility.
- Produced a 1,220-line VERIS to MITRE crosswalk, enabling automated detection tagging, framework coverage tracking, and standardized reporting across NIH and extended federal environments.
- Conducted dark web breach validation for Anubis and Advanced HPC, identifying 50+ compromised documents versus one identified by the FBI, delivering evidence-based intelligence to inform incident response and risk decisions.
- Implemented Splunk license governance through a centralized dashboard, identifying ingestion inefficiencies and driving cost optimization aligned with OMB A-11, OMB A-123, and FITARA.
- Strengthened workforce and delivery integrity by developing advanced threat hunting training for Tier-2 SOC analysts and instituting 'Second Set of Eyes' QA governance, ensuring accuracy, audit readiness, and sustained federal trust.
- NATIONAL INSTITUTES OF HEALTH
- Enhanced enterprise cybersecurity operations across NIH, improved detection coverage and visibility, and established Task 3 as a model for governance, automation, and compliance.
- Delivered NIH's first CSO AI GPT to streamline threat analysis and investigative reporting, and institutionalized due diligence and QA processes to ensure accuracy, accountability, and federal trust.
Chief Security and Technology Officer
ORGYLE
06.2024 - 03.2025
- Directed enterprise cybersecurity and technology strategy, aligning product development, cyber operations, and AI integration with federal resiliency frameworks and emerging threat landscapes.
- Architected an AI-powered GPT model and exploitability scoring framework leveraging MITRE ATT&CK, CVEs, OSINT, EPSS, and CVSS; reduced threat triage time by 60% (90+ minutes to 10 minutes) and enabled data-driven prioritization for vulnerability management.
- Led the development of an AI-driven Dark Web Intelligence System, integrating 100+ OSINT tools for continuous monitoring, exposure tracking, and 35% faster threat discovery, strengthening enterprise threat awareness.
- Designed and implemented a Continuous Threat Exposure Management (CTEM) and Cyber Resiliency Framework, integrating asset discovery, risk scoring, correlation, and automation, improving alert-to-report turnaround by 60%.
- Served as the primary Subject Matter Expert (SME) for cyber resiliency, threat intelligence, and exposure management, leading executive-level risk briefings and influencing strategic product direction.
- Established AI governance and automation pipelines for attack surface management, vulnerability lifecycle tracking, and threat modeling, operationalizing AI in cybersecurity decision-making.
- Built and scaled Orgyle's Professional Services delivery model, standardizing onboarding, service frameworks, and customer success processes, driving recurring revenue growth and improving client retention.
- Collaborated directly with founders, investors, and client CISOs to align AI-enabled product development and managed services to federal AI adoption goals and zero trust principles.
- Established Orgyle as a federal-ready, AI-enabled cybersecurity provider, reduced triage and reporting latency by 60%, enhanced risk visibility by 45%, and built the foundation for scalable, framework-aligned service delivery.
Vice President of Global Engineering and Managed Services
PROFICIO
10.2021 - 06.2024
- Directed global cybersecurity operations and engineering services for 250+ enterprise and federal clients, managing 10+ offerings across MDR, CTEM, Threat Intelligence, SIEM, and Breach and Attack Simulation (BAS) platforms.
- Led strategic modernization initiatives spanning engineering, SOC operations, and client delivery, deploying Lean-Agile frameworks that improved operational efficiency by 40%, reduced onboarding timelines by 30%, and elevated service delivery maturity.
- Orchestrated Proficio's enterprise migration to Elastic Cloud, enhancing scalability, search performance, and observability; realized $2.5M annual savings through ingestion optimization, data tiering, and retention policy enforcement.
- Developed and integrated AI-driven automation via SOAR orchestration, behavioral analytics, and threat correlation pipelines, improving SOC efficiency by 30% and cutting time-to-detect (TTD) by 45%.
- Unified detection engineering, CTI, and IR teams under a federally aligned cyber defense framework, increasing coverage across MITRE ATT&CK and VERIS, and achieving measurable alignment with CISA Zero Trust Maturity Model benchmarks.
- Instituted continuous improvement and KPI governance using Six Sigma DMAIC, automating metrics for SLA adherence, capacity planning, and cost governance through executive dashboards.
- Served as escalation lead for 11 high-risk incidents, executing containment strategies that secured 8 renewals and reinforced CISO trust and federal audit readiness.
- Directed validation of 1,380+ Elastic detection rules via BAS simulation, driving measurable improvements in detection fidelity, alert enrichment, and SOC maturity across multi-tenant environments.
- Built a global workforce enablement program, mentoring 60+ engineers and analysts, designing career pathways, and aligning technical certifications to NICE/NIST Workforce Framework competencies.
- Partnered with CISOs, federal program managers, and auditors, translating technical outcomes into executive risk summaries and compliance documentation aligned to EO 14028, OMB M-21-31, and FISMA reporting standards.
- Delivered federally aligned MDR operations that improved detection speed by 45%, reduced operational overhead by $2.5M, strengthened cross-domain coverage, and elevated Proficio's position as a trusted security partner for enterprise and federal clients.
MDR Security Investigator / Global Training Lead
CISCO SYSTEMS, INC.
06.2017 - 10.2021
- Built and operationalized Cisco's first MDR SOC, designing SOAR playbooks, correlation logic, and adversary simulations aligned with MITRE ATT&CK.
- Directed investigations of 30,000+ incidents, employing VERIS classification for threat attribution and improved detection fidelity.
- Led global analyst training programs, developing curriculum across CTI, DFIR, and AI-powered automation, improving team efficiency by 25%.
- Served as Claroty SME, advancing ICS/OT threat detection and continuous monitoring capabilities for industrial environments.
- Championed Lean Six Sigma DMAIC initiatives at Krakow SOC, improving workflow efficiency and ticket closure rates.
Director of Knowledge Management, Sergeant First Class
UNITED STATES ARMY
02.2003 - 02.2016
- Directed cyber intelligence, OSINT, and information operations supporting U.S. Army Special Operations missions across multi-national theaters, integrating risk assessment, mission assurance, and resilience planning under combat conditions.
- Led and mentored 1,000+ personnel in OSINT tradecraft, vulnerability analysis, and counter-threat intelligence, improving situational awareness and decision-making across joint operations.
- Coordinated emergency communications infrastructure during crisis operations, enabling delivery of $1.5M in humanitarian aid to 3,000+ displaced persons; awarded the Philippine Bronze Cross for heroism in disaster relief.
- Advised command leadership on continuity of operations (COOP), business continuity planning (BCP), and enterprise risk management, achieving 99% communications uptime across 500+ miles of joint operations.
- Directed multi-domain command and control (C2) networks, hardening mission systems against interference, and ensuring real-time command communications during high-tempo operations.
- Strengthened mission resilience, enhanced operational continuity, and developed scalable intelligence frameworks that informed strategic and tactical decision-making across U.S. and allied commands.
Education
Trade School Diploma - Network And Security Infrastructure Specialist
CAROLINA CAREER COLLEGE
Durham, NC01.2017
Bachelor of Science - Business Administration, Management and Operations
MORRISON UNIVERSITY
Reno, NV01.2007
Overview
23
23
years of professional experience
7
7
Certificates
Certification
- Certified Penetration Testing Engineer (CPTE)
- Certified Vulnerability Assessor (CVA)
- Certified Disaster Recovery Engineer (CDRE)
- Qualys Certified Specialist - Vuln Management
- Six Sigma Black Belt
- Scrum Master
Languages
French
Limited Working
Bahasa Indonesian
Limited Working
English
Native or Bilingual
Awards And Decorations
- Meritorious Service Medal
- Army Commendation Medal (3rd Award)
- Army Achievement Medal (4th Award)
- Joint Service Achievement Medal
- Joint Meritorious Unit Award
- Good Conduct Medal (4th Award)
- Iraqi Campaign Medal (3 Campaign Stars)
- Global War on Terrorism Expeditionary Medal (2nd Award)
- Military Outstanding Volunteer Service Medal
- Parachutist Badge
- Aviation Crew-member Badge
- Foreign Jump Wings (Germany, Netherlands, Thailand)
- Philippine Bronze Cross Medal
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Notable Projects And Publications
- Cisco CyberOps Professional Certification Content Creation - IOA vs IOC
- MSSP Insights: Eliminating Gaps in Security
- Data Breaches and the Dark Web: Protect Your Organization
- Navigating the Resurgence of Raccoon Stealer: Detection, Remediation, and Prevention Strategies
Security Clearance
Active Public Trust - National Institutes of Health (NIH)
AFFILIATIONS
- Information Systems Security Association (ISSA) - Raleigh Chapter, 2016-01-01, Present
- Corinth Holders High School - Cybersecurity and AI Mentorship, 2019-01-01, Present
- Veteran Service Officer, 2018-01-01, Present