Massachusetts
Derek Carlin is a Staff Security Operations Engineer at IonQ and an Air Force veteran with fifteen years of experience on both the defensive and offensive sides of cybersecurity. He has been working full-time in defensive security since 2010 and has been moonlighting as a penetration tester since 2019, because apparently one job's worth of security problems was not enough. He is a conference speaker, a self-published author of Blue Team Primer: Detecting a Hacker, and an adjunct graduate professor at Bridgewater State University where he teaches network security and helps build the next generation of defenders. Darkroast Protocol is where he codifies his thinking on the subjects he works with in his day job and teaches in the classroom.
Derek currently serves as Staff Security Operations Engineer at IonQ, where he works with the security operations team on unifying the company's detection and response strategy across a complex and rapidly evolving environment. Prior to IonQ, he held the same role at Capella Space, an IonQ subsidiary, where he was responsible for securing space, ground, and quantum computing assets. During his time at Capella Space he spearheaded the company's CMMC Level 2 implementation through Authority to Operate (ATO), led the design and rollout of its Data Loss Prevention program across multiple cloud platforms, and drove the enterprise CrowdStrike implementation. He also participated in one of the first commercial live satellite red teaming exercises ever conducted.
Before that, Derek served as Director of Cloud Security and Operations at Invenio LSI, leading cloud security architecture across AWS and Azure for managed service clients operating under FedRAMP, StateRAMP, CMMC, and NIST frameworks. He was also an Information System Security Manager at Raytheon, managing the IA program under NISPOM and DAAPM for classified government programs. Earlier in his career he worked as an Information Security Analyst at Cognex and as an IT and Network Consultant at Capgemini, supporting defense contractors and ITAR clients across the United States starting in 2010.
On the offensive side, Derek has been a Lead Penetration Tester on HackerOne and Cobalt.io since 2019, leading assessment teams across all industry verticals and serving as a subject matter expert in cloud security and incident response.
Derek is an Air Force veteran who continues to serve as a Cyber Defense Operator in the Massachusetts Air National Guard at Otis ANGB. He advises on cybersecurity policy, risk management, and compliance, and serves as one of the leads of the Massachusetts State Cyber Incident Response Team (CIRT), responsible for ensuring joint forces personnel receive technical training and hands-on exercises to respond to cyber incidents across the Commonwealth.
Derek is an active member of InfraGard Boston, a partnership with the FBI focused on critical infrastructure protection. He is also a member of VetSec, a community of veteran cybersecurity professionals, and MCPA (Military Cyber Professionals Association) Massachusetts. His work spans enterprise defense, compliance frameworks, cloud architecture, and the security challenges that come with operating in emerging technology environments.
Derek consumes enough caffeine that multiple medical professionals have used the word "concerning." He operates on the principle that in fitness you train a muscle to failure to force adaptation. He has chosen not to apply this methodology to his cardiovascular system. Probably.
Connect on LinkedIn.