Solomon Gate Advisory helps DIB subcontractors (20–500 employees) in the Georgia, Alabama & Florida defense corridors build secure-by-design software programs, achieve CMMC compliance, and govern AI risk — with hands-on practitioner depth across financial services, federal/public sector, and high-growth technology environments.
Who We Are
Solomon Gate Advisory LLC was formed in 2026 — but there is nothing new about the practice behind it. Our founder brings nearly 30 years of hands-on cybersecurity leadership across the defense industrial base, financial services, hospitality, and commercial technology sectors.
Most DIB subcontractors face a difficult choice: pay Big 4 prices for compliance programs they can’t sustain, or trust a generalist MSP that has never secured a software development pipeline. Solomon Gate exists to fill that gap — boutique advisory with prime-contractor-level expertise, built specifically for small-to-midsize defense subcontractors.
We don’t template your compliance program. We build it with you, from the inside out, grounded in how your software is actually developed, deployed, and defended.
We’ve built the security programs — not just audited them. Our guidance is practical, implementable, and grounded in real engineering environments.
Booz Allen Hamilton experience and CSWAE authorship mean your compliance work carries the weight of someone who has operated at the highest tier.
CMMC compliance fails when it’s bolted on. We start with secure software development practices and let compliance flow from good engineering.
Capabilities
We measure success by what your organization can do after we engage — not by the documentation we produce. Every Solomon Gate engagement is built around one of four core outcomes.
Walk into your C3PAO evaluation knowing exactly which controls meet objective, where your evidence stands, and how to defend every implementation decision. We build SSPs, POA&Ms, and evidence packages to assessor-ready standards — informed by enterprise-scale regulatory experience across FFIEC, OCC, PCI, FedRAMP, and SOC 2.
Most secure-SDLC programs collapse under their own weight. Ours don’t — because they’re built by someone who has architected enterprise application security programs at Bank of America and scaled cloud security across Wells Fargo, Wayfair, and CircleCI. Threat modeling, secure code review, and SAST/DAST integration that engineers actually adopt.
AI adoption is accelerating in the DIB — and most subcontractors have no governance framework for it. We help you adopt LLMs, copilots, and agentic systems responsibly: OWASP LLM Top 10 alignment, AI supply chain risk, policy development, and CUI-safe deployment patterns. Practical AI governance that doesn’t block innovation.
Your leadership doesn’t need a vulnerability scan. They need to know what to fund, what to accept, and what to escalate. We deliver board-level reporting and executive briefings honed across five Fortune 500 VP-level appointments — security translated into business risk, business risk translated into action.
What We Do
Security programs that start with engineering and end with compliance — not the other way around. Four core service lines, each grounded in 30 years of building security from the inside out.
Design and implement secure software development lifecycles tailored to your engineering team. Threat modeling, secure code review processes, SAST/DAST integration, and developer security training — from the person who wrote the CSWAE certification. This is where compliance starts.
Full-scope CMMC Level 2 readiness: gap assessments against all 110 NIST 800-171 controls, SPRS scoring, System Security Plans, Plans of Action & Milestones, evidence packages, and mock assessments. Built for C3PAO evaluation — customized, never templated.
Emerging AI governance advisory for defense subcontractors adopting LLMs, copilots, and agentic systems. Risk frameworks aligned to OWASP LLM Top 10 and Agentic AI Top 10, AI supply chain security, and policy development for responsible AI adoption in CUI environments.
Ongoing monthly advisory as your outsourced Chief AI Officer or virtual CISO. Board-level security strategy, remediation management, C3PAO coordination, AI governance oversight, and continuous compliance maintenance — executive leadership without the full-time cost.
Our Approach
Compliance by design, not compliance by checklist. Our three-phase engagement model ensures your security program is built to last — not just built to pass.
We start with your reality: CUI flows, system boundaries, SDLC practices, existing controls, and organizational risk appetite. A scoping workshop and gap assessment produce a clear, prioritized roadmap — not a 200-page report that sits on a shelf.
Remediation, documentation, and program construction. We build your SSP, POA&M, policies, and evidence packages alongside your engineering team. Secure SDLC practices are integrated into your actual development workflow, not layered on top as an afterthought.
Compliance isn’t a one-time event. Ongoing advisory ensures your security posture evolves with the threat landscape, new CMMC requirements, and AI governance demands. We stay as your fractional security leadership until you’re ready to bring it in-house.
About the Founder
Founder & Principal · CISSP · Corporate Expert Witness
Cybersecurity executive with nearly 30 years of expertise building and leading enterprise security, risk management, and compliance programs across Fortune 500 financial institutions, high-growth technology companies, and Federal/Public Sector environments.
Leon’s career has spanned the full arc of the discipline — from hands-on Java security engineering and web application penetration testing to executive leadership over global security organizations. He brings deep technical fluency in cloud security architecture, application security, and offensive security, paired with the strategic judgment required to manage cross-functional teams, deliver board-level reporting, and lead regulatory audit programs across FedRAMP, CMMC, NIST, SOC 2, FFIEC, OCC, and PCI.
VP, National Security Solutions · GeoTab (Current). Leads strategic national security initiatives supporting U.S. Federal Government and NATO telematics solutions. Designs and implements sovereign CONUS environments ensuring data residency compliance for Federal, State, and Public Sector customers. Designated as Corporate Expert Witness for national litigation, providing court testimony on GPS/telematics architecture, data integrity, and the security reliability of sovereign data environments.
Director, Head of Security & Information Technology · CircleCI. Provided executive oversight across application security, cloud security, security operations, security engineering, enterprise IT, and SOC 2 compliance. Led SOC 2 audit readiness, integrated internal SOC with managed external SOC service provider, and deployed enterprise DLP across global cloud environments.
Director, Global Head of Cyber Security Operations & Red Team · Wayfair. Led application and product security, cloud security, security operations, and security engineering across all Wayfair brands. Built Wayfair’s first Security Fusion Center, integrating Fraud, Physical Security, and Legal teams into a unified enterprise risk function.
Vice President · Wells Fargo (12-year tenure, five VP-level appointments). Scaled Cloud Application Security and Operational Risk programs across the enterprise. Accountable for safeguarding 5,000+ assets and business processes while ensuring strict adherence to FFIEC, OCC, PCI, and NIST. Senior Cloud Governance Strategy Leader for AWS and Azure environments; managed teams of 25+ across Information Security, Business Continuity, DLP, and third-party risk.
Vice President, Application Security Engineering Manager · Bank of America. Architected and launched Bank of America’s first enterprise Application Security Program, establishing a multi-year “Secure-by-Design” framework that integrated security into the SDLC and significantly reduced production-level vulnerabilities for the online banking platform. Led the Secure-by-Design Center of Excellence and ran a weekly risk forum for 100+ domestic and offshore developers.
Application Security Manager · Booz Allen Hamilton. Delivered application security advisory and program leadership to federal and Defense Industrial Base clients. Brought enterprise-scale secure-SDLC and AppSec program design experience into federal mission environments — the engagement model and client profile that directly informs Solomon Gate’s practice today.
Independent Application Security Consultant · Mile2. Created and delivered the Web Application Security Engineering training curriculum (CSWAE) — NSA-CNSS accredited, FBI Tier 1–3 listed, CISA NICCS cataloged, and DoD 8140 mapped. Delivered the program to engineers and product leaders domestically and internationally, including in Canada and Rotterdam, Netherlands.
Earlier roles include Sr. Java Security Engineer / Team Lead at Federal Home Loan Bank of Atlanta, Lead Application Security Engineer at Magnet Communications, and progressive engineering positions across financial services and government dating to 1997.
Panic Is a Poor Career Strategy: How Christian Professionals Build Security and Rise to Leadership (2025).
Get Started
In 30 minutes, we’ll review your current security posture, identify your biggest gaps, and give you a clear next step — no pressure, no jargon, no sales pitch.
Book My Free Readiness Call →Or email leon@solomongate.com directly