Start Tools Patterns Notes About Contact
About

David R. Gillispie.

Cybersecurity engineer

David R. Gillispie
David R. Gillispie
Cybersecurity Engineer
St. Augustine, FL Remote
Application securityAI securityCloud & identityPenetration testingFounder, DeepDream SecurityAdjunct IT instructor

I'm a cybersecurity engineer based in St. Augustine, Florida. My full formal name is David R. Gillispie III, but I use David R. Gillispie for my public portfolio and professional brand.

My work spans application security, AI security, cloud security, identity and access management, vulnerability management, and penetration testing. I focus on finding exploitable weaknesses, validating what is actually real, and turning technical findings into fixes that engineering and business teams can act on.

My current focus includes AI security, penetration testing, Zero Trust architecture across cloud and identity environments, and building vulnerability workflows driven by exploitability and business impact rather than scanner severity scores.

View resume → DeepDream Security ↗ LinkedIn ↗
Where it started

I have been interested in systems, controls, and how things break for as long as I can remember.

When I was a kid, I used to take apart the family computer because I wanted to understand what was inside and how it all fit together. We did not always have reliable internet access, so when I could not get online, I spent time learning Windows, software, hardware, settings, and basic computer concepts on my own.

But I was not just interested in using computers. I was interested in making them do things, testing limits, bypassing restrictions, and figuring out why something failed.

My stepdad had a screen-time control device connected to the TV that limited when I could watch TV or play video games. He kept changing the PIN because I kept figuring it out. What I was really doing was listening. I would pretend to be asleep while he entered the PIN, memorize the keypad tones, map the sounds back to the numbers, and use that to unlock it later.

At the time, I just wanted more video game time. Looking back, that was one of my first lessons in how controls can fail when the process around them is predictable. I was observing behavior, recognizing patterns, testing assumptions, and learning that security is not just the device or the rule. It is the whole system around it.

Later, I started writing batch scripts on the family computer to automate small things and experiment with what I could control. I broke that computer plenty of times by taking it apart, changing settings, working around admin controls, and trying things I barely understood yet. That was how I learned: touch the system, break it, fix it, and try again.

By the time I was around 12, I knew technology was what I wanted to do. Penetration testing and cybersecurity made sense to me because they gave structure to the thing I was already drawn to: understanding weak points, testing assumptions, and figuring out how to make systems safer after you understand how they fail.

Today, that same instinct still drives how I work. I like understanding how systems behave, where controls break down, how risk becomes real, and how to turn that into practical fixes people can use.

Age 6–10
Took apart computers. Learned Windows, hardware, and software on my own. Broke things, fixed them, tried again.
Early lesson
Controls fail when the surrounding process is predictable. The weakness was never the device. It was the behavior around it.
Age 12
Knew technology was the direction. Penetration testing gave structure to the curiosity about how things fail.
Today
Security engineering, public-safe tools, engineering patterns, and practical fixes through DeepDream Security and a full-time engineering role.
Current work

Full-time engineering and independent consulting.

At my day job I work across internal AI security and penetration testing programs. I also run consulting engagements through DeepDream Security. The day job keeps me close to enterprise-scale security operations. The consulting keeps me close to practical problems that smaller teams face.

I also teach networking and cybersecurity as an adjunct instructor at Cincinnati State and serve on the NETA/CSA Program Advisory Board. Teaching sharpens how I explain technical risk: clear enough for non-security stakeholders, detailed enough for engineering teams, practical enough to act on.

This site

A public proof layer, built carefully.

This portfolio exists because security engineering work is hard to show without exposing things that should stay private. The tools, patterns, and notes here are built specifically to be inspectable: no employer data, no client data, no internal screenshots, no NDA-protected details.

Everything uses mock data, generalized patterns, and public-safe tooling. The goal is a record of how I think through security problems, not a record of where I've worked or who I've worked with.

Consulting

DeepDream Security.

Fixed-scope security reviews, external exposure assessments, web application security, AI security reviews, and remediation planning for small and mid-size businesses.

Visit DeepDream Security ↗
Boundary note

This page reflects general background and focus areas. It does not include employer names, internal program details, or proprietary information from any employer or client engagement. Use the tools, patterns, and notes to see how I think through security problems.