About
AI Security, Cyber Defense & Compliance Architect
I help AI and technology teams build security programs that actually work — technically sound, audit-ready, and built to scale.
Nicholas Vidal
AI Security, Cyber Defense & Compliance Architect
I've spent nearly two decades working where cyber defense, incident response, infrastructure security, and risk management collide in environments where mistakes actually matter and failure has real consequences.
My background is hands-on by necessity, not theory. I've worked real incidents, operated under real constraints, and led teams responsible for keeping mission-critical systems up and running — not just looking good on paper.
I focus on helping teams bake security into how they build, not bolt it on at the end. That means practical controls, clear documentation, and security programs that support velocity instead of becoming a bottleneck.
Before shifting deeper into AI-driven systems and automation, I led and executed cybersecurity operations across global environments supporting tens of thousands of users, high-availability networks, and regulated systems aligned with NIST, RMF, and federal security standards. Today, I bring that same rigor to modern AI, cloud, and DevSecOps environments.
I'm building a repeatable approach to AI security and compliance because I keep seeing the same patterns:
- Security treated as an afterthought
- Compliance reduced to a checkbox exercise
- Teams stuck between "we know this matters" and "we don't know where to start"
My goal is simple: security that enables trust, growth, and resilience — without unnecessary friction or theater.
Current Work
Active Projects
Building practical security, AI, and training systems that work in the real world.
I focus on applied security — projects that harden systems, train people, and close real gaps between policy, engineering, and operations. Below are the initiatives I'm actively building and evolving.
Human-First AI, Always
AI safety, security, and guardrails for real-world systems
A research and applied framework focused on building AI systems that are:
- Secure by design
- Aligned with human decision-making
- Transparent, auditable, and failure-aware
This work explores AI threat modeling, misuse prevention, guardrails, and operational safety — especially where AI intersects with cybersecurity, compliance, and human trust.
Explore insights and writingZero Hour Cyber Academy
Hands-on cybersecurity & AI training — no fluff
A practical learning platform designed for:
- Career-switchers and transitioning professionals
- Students and early-career defenders
- Builders who want real skills, not just theory
Training emphasizes:
- •Incident response & forensics
- •Defensive architecture
- •AI-augmented security workflows
- •Hands-on labs using Docker, GitHub, and real tooling
PHS Cyber & AI Initiative
Workforce development starting before college
A local education initiative bringing modern cybersecurity and AI concepts to high school students through:
- Gamified labs and CTF-style challenges
- Real-world security scenarios
- Ethical hacking, forensics, and defense fundamentals
The goal is early exposure to how security actually works, not just buzzwords.
See the programSecurity Automation & Cyber Range Projects
Where theory meets execution
Ongoing technical projects including:
- AI-augmented DevSecOps pipelines
- Configuration and IaC security auditing
- Local LLM-powered security agents
- Enterprise-style cyber range for red/blue team simulation
- SIEM integration and live telemetry analysis
These projects serve as both R&D and proof of execution — the same patterns I bring into client environments.
View technical projectsBackground
Experience & Focus Areas
A track record of securing complex systems, leading under pressure, and translating risk into action.
Cyber Defense & Incident Response
- Digital forensics and incident response across classified and unclassified environments
- Post-incident analysis and remediation planning
- Threat hunting and continuous monitoring
- Executive-level incident leadership and reporting
Cloud, Infrastructure & Network Security
- Secure design and operation of hybrid Windows/Linux environments
- Network segmentation, firewalling, IDS/IPS, and VPN security
- Proxmox, pfSense, VLAN-based architectures
- Secure infrastructure design aligned to NIST SP 800-53 and RMF
Compliance & Risk Management
- NIST SP 800-53 / 800-37 control implementation and assessment
- Vulnerability management and remediation tracking
- Inspection readiness and audit support
- Translating compliance requirements into engineering-friendly controls
DevSecOps & Automation
- CI/CD security using GitHub Actions
- YAML, Docker, and configuration auditing
- Infrastructure-as-Code security fundamentals
- AI-assisted security analysis and reporting
AI-Augmented Security
- Local LLM-powered security automation using Ollama (Mistral)
- AI agents for configuration review, policy drift detection, and remediation guidance
- AI-generated security documentation, SARs, and reports
- Early work in AI-assisted threat modeling and control validation
Enterprise Security Operations
- Global environments supporting tens of thousands of users
- High-availability network security
- Federal security standards compliance
- Security program building and leadership
Credentials
Education & Certifications
Professional credentials that validate expertise across security, compliance, and cyber defense domains.
M.S. Digital Forensics & Cyber Investigation
University of Maryland Global Campus
In progress, 2026
B.S. Computer Networks & Cybersecurity
University of Maryland Global Campus
2023
CISSP
(ISC)²
Expected 2026
CompTIA Security+
CompTIA
Active Certification
CompTIA A+
CompTIA
Active Certification
Philosophy
How I Approach Security
Principles that guide every engagement and every recommendation.
Security Should Enable the Mission
Controls should exist to reduce risk and support outcomes — not to satisfy checklists at the expense of velocity.
Built for Reality, Not Slides
Every recommendation is shaped by operational experience, not theoretical frameworks alone.
Documentation Matters
If you can't explain your controls clearly, you don't really have them. Audit readiness starts with clarity.
Partnership Over Policing
Security works best when it integrates into how teams already build and operate.
Designed to Scale
What works today should still work as the organization grows — technically and organizationally.
Let's Build Security the Right Way
Whether you're strengthening your security foundation, building AI-aware defenses, or preparing for future compliance requirements, I focus on clear, practical, and defensible security programs. If you want security that works in the real world — not just on paper — let's talk.