He's been the assessor
Inspecting missile-defense programs for the Missile Defense Agency means knowing exactly what assessors look for — and where programs fail. That's why engagements aim for no surprises on audit day.
About
Meet the founder of Cyberneza
Cyberneza is a U.S. veteran-owned cybersecurity and compliance consulting firm based in Orlando, Florida. If you're looking specifically for a Vanta consultant in Orlando, that's where Larry works from.
Cyberneza is led by Larry Downard, a cybersecurity and risk professional with over 29 years of hands-on experience supporting security, operations, and compliance initiatives across highly regulated and complex environments.
Larry’s background includes work with U.S. Department of Defense programs and large enterprises across energy, finance, and technology, as well as global software and service providers. He has operated at the intersection of infrastructure, security, and business risk for much of his career.
Today, his focus is on helping SaaS companies and growing businesses get the kind of security and compliance support usually reserved for large organizations — without the overhead, complexity, or inflated fees.
Credentials & experience
- CISSP – Certified Information Systems Security Professional
- CRISC – Certified in Risk and Information Systems Control
- CCSK – Certificate of Cloud Security Knowledge
- CCZT – Certificate of Competence in Zero Trust
- CyberAB RP – Registered Practitioner (CMMC), The Cyber AB · verify
- 29+ years across DoD, energy, finance, and SaaS
- U.S. Veteran-Owned business
- Official Vanta & Drata Partner — vendor-agnostic across Vanta, Drata, ControlMap, or no GRC platform at all
Our approach
Cyberneza combines deep compliance expertise with the right tools for your environment. We aim for:
- Practical over perfect – Focus on changes that truly reduce risk and pass audits.
- Clarity in communication – Explain requirements in plain language.
- Right-sized solutions – Align effort and cost with your stage and risk.
- Partnership mindset – Act as an extension of your team, not just a vendor.
Career
Where 29 years of experience comes from
Larry has spent his career on both sides of the table — building security programs and inspecting them. It started in the U.S. Air Force in 1997 and runs through some of the most demanding programs in American defense and industry.
- U.S. Air Force — started as an organization computer manager; appointed Computer System Security Officer when units connected to the military's unclassified and classified networks (NIPRNet and SIPRNet), writing the unit's first security plans. Security career begins here, 1997.
- IBM — Operations Manager for the U.S. Department of Defense's first software-as-a-service application (e-Collab Center) — a program that grew to serve 800,000 global users as DoD's largest cloud SaaS offering. Received IBM's Team Delivery Excellence award for a service launch that exceeded SLA goals.
- Boeing, Missile Defense Agency — security inspections and contractor management on Ground-based Midcourse Defense, the program built to intercept nuclear missiles in flight. Received a personal award for inspection preparation and audit support — work that contributed to the facility's “Superior” Defense Security Service inspection rating.
- Lockheed Martin, F-35 program — security approvals for F-35 simulator systems under NIST 800-53, the federal government's master catalog of security controls.
- TriMark USA — principal security architect for a $2B industry-leading restaurant supplier, advising the CIO and unifying security policies, domains, and infrastructure through 15 mergers and acquisitions.
- National Grid — lead US endpoint security engineer for 50,000+ endpoints at a $22B utility, the world's largest investor-owned electric and gas company; hands-on, tactical defense for critical energy infrastructure.
- Mallinckrodt Pharmaceuticals — security architect in a regulated, FDA-adjacent environment.
- Enterprise banking — permit-to-operate approvals inside a major U.S. financial institution: the internal sign-off a bank requires before any system or vendor is allowed to go live. It's the same enterprise security review SaaS vendors face from their largest customers.
He's lived the federal frameworks
Security approvals on F-35 simulators used the same federal control catalog that drives CMMC and NIST 800-171 readiness today — learned on a flagship defense program, not from a textbook.
SaaS compliance before it had a name
Running operations for DoD's first SaaS application meant proving cloud software trustworthy to the most demanding customer there is — the foundation for today's SOC 2 readiness work.
He's the reviewer your buyers send
Approving systems and vendors for production use inside a major bank means sitting on the buyer's side of enterprise security reviews — so your answers get written for the person who actually grades them.
How Cyberneza works
Founder-led. Partner-backed.
When you work with Cyberneza, you get direct access to senior cybersecurity leadership. Larry does the work and owns the relationship.
Direct, senior, practical
Readiness, implementation, advisory, and coordination for SOC 2, ISO 27001, CMMC, and NIST 800-171 — plus enterprise security reviews and tool-agnostic GRC platform support for Vanta, Drata, and other workflows. We help you prepare for audits and assessments; we don't perform them.
Partner-backed when it helps
For specialized needs, Cyberneza coordinates with a trusted network of independent partners — auditors, C3PAOs, platform and security specialists — and supports conversations with them on your behalf. You keep one point of contact; independent parties stay independent. Cyberneza is not a CPA firm, an auditor, an ISO certification body, a C3PAO, a law firm, or a managed security provider.
Work with Larry
A free 30-minute call is the fastest way to find out whether Cyberneza is a fit — where you stand, what would block your audit or deal, and a realistic path forward. No obligation.