I serve as an executive advisor and systems-risk strategist specializing in the translation of upstream risk—geopolitical signals, policy shifts, and power dynamics—into operationally defensible action for security and technology leadership.
Twenty-five years leading federal authorization programs, enterprise GRC architecture, and cybersecurity operations across defense, healthcare, and federal contracting revealed a consistent pattern: organizations operating reactively against threats that signaled months in advance. Vendor failures preceded by geopolitical procurement shifts. Regulatory mandates telegraphed in draft comment periods. Audit findings shaped by incentive structures visible before assessment cycles began.
In response, I developed systematic frameworks for what I term Upstream Risk Translation—methodologies that formalize the conversion of early-stage signals into strategic decision intelligence. The objective is not prediction but rather the identification and exploitation of decision windows while margin still exists.
Professional Experience
Over 25 years, I have led cybersecurity, IT operations, and compliance programs across federal agencies, defense contractors, healthcare enterprises, and technology companies. Highlights include:
- Federal Authorization Programs: Led 40+ FedRAMP, CMMC, and DoD ATO programs across TSA, DCSA, and defense industrial base organizations
- Enterprise GRC Architecture: Designed compliance-in-operations systems for organizations managing $350M+ portfolios with 500+ staff
- Geopolitical Risk Integration: Developed vendor risk frameworks incorporating state actor analysis and supply chain geopolitics
- Executive Advisory: Strategic counseling for C-suite leaders navigating complex risk environments where compliance failures terminate revenue and control deficiencies carry national security implications
Advisory Services
Through Exprima, I advise organizations on:
- CMMC Readiness: Assessment preparation, gap remediation, and authorization strategy
- FedRAMP Authorization: Program architecture, documentation development, and 3PAO coordination
- GRC Program Build: Compliance-in-operations design that survives audit pressure without operational drag
- Upstream Risk Translation: Custom frameworks for geopolitical signal detection and policy anticipation
Education & Credentials
M.S. Mindful Leadership
Atlantic University
B.S. Information Systems
Strayer University
CISM
Certified Information Security Manager
PMP
Project Management Professional
ITIL
IT Service Management
NIST RMF Practitioner
Risk Management Framework
Speaking & Thought Leadership
I deliver keynotes and workshops on:
- Geopolitical risk translation for cyber teams
- Policy signal detection before formal regulatory publication
- Leadership evolution in AI-augmented environments
- Game theory applications for GRC program design
View speaking topics and request information →
Contact
Professional Inquiries:
- Email: contact@elliottmattice.work
- LinkedIn: linkedin.com/in/emattice
- Phone: (202) 262-4088
Advisory Services (Exprima):
- Website: exprima.io
- Services: CMMC, FedRAMP, GRC architecture
Based in the Washington, D.C. metropolitan area. Available for speaking engagements, executive advisory, and strategic consulting engagements nationwide.