Chameleon Technologies is an owner-operated cybersecurity, privacy engineering, and AI assurance firm led by Yarick Tsagoyko with senior engineers Alexander George and Daniel Mirsky. We help federal and regulated organizations design, automate, and operate secure cloud, SOC, CDM, compliance, and AI environments.
Chameleon Technologies is an owner-operated cybersecurity, privacy, and AI assurance firm led by Yarick Tsagoyko with senior engineers Alex George and Dan Mirsky. We help federal and regulated organizations design, automate, and operate secure cloud, SOC, CDM, compliance, and AI environments. Core services include Splunk, ArcSight, and Elastic Stack security analytics; CDM data pipelines; RMF/ATO evidence automation; MITRE SAF-based security assessment automation; FedRAMP/NIST/HIPAA control mapping; vulnerability and compliance engineering; AWS/Azure/GCP security architecture; privacy engineering; incident response; threat detection; and secure DevSecOps. We also support responsible AI adoption, including AI governance, model and data privacy reviews, LLM and agent guardrails, secure RAG patterns, AI integration, and risk controls for small and large models, plus post-quantum analysis proposed as a CDM Phase 3 concept to CISA, delivering strategy, engineering, and operations at mission scale.
Governance, model and data privacy reviews, secure RAG patterns, agent guardrails, small and large model adoption strategy, LLM risk analysis, and secure AI integration into business workflows.
SOC modernization, SIEM and log-platform engineering, telemetry onboarding, incident workflows, detection content, threat hunting support, and executive reporting across regulated environments.
AWS, Azure, and GCP architecture, IAM and secrets patterns, encryption, network segmentation, telemetry pipelines, secure CI/CD, IaC, and zero-trust-aligned platform design.
RMF/ATO, FedRAMP, NIST, HIPAA, privacy engineering, continuous monitoring, MITRE SAF-driven assessment automation, control evidence pipelines, and audit response support.
We present these as team experience highlights to show the types of environments and outcomes our personnel have supported.
Centers for Medicare & Medicaid Services
Built evidence and security-data pipelines for 100+ FISMA systems using AWS, Splunk, Python, Ruby, and repeatable IaC patterns. Expanded the workstream with Elastic Stack alignment, MITRE SAF-based assessment automation, and audit-ready POA&M reporting.
Administrative Office of the U.S. Courts
Led SIEM deployment and migration work for the Security Operations Center, redesigned log collection to achieve full capture, and built C# forensic collection utilities to improve enterprise investigative response.
Microsoft / World Bank Group / federal programs
Architected large-scale ArcSight deployments, including a 200k+ EPS environment, and helped teams synchronize content, scale global telemetry, and modernize monitoring workflows across distributed environments.
CMS / MITRE collaboration
Prepared proofs of concept and white papers for later CDM phases, including a custom SAF automation framework and post-quantum analysis proposed to CISA as a Phase 3 concept.
Our team experience spans civilian agencies, healthcare, financial services, investigations, and enterprise modernization programs.
Chameleon Technologies is built around a compact, senior-only team that combines cybersecurity architecture, SIEM and analytics, cloud engineering, privacy, compliance automation, and AI assurance.
Senior cybersecurity architect with experience spanning CMS, the Administrative Office of the U.S. Courts, Microsoft, the World Bank Group, and Tenable. Built CDM evidence pipelines for 100+ FISMA systems, led SOC/SIEM modernization, and delivered cloud security, compliance automation, privacy engineering, and AI assurance services.
Security architect and operations leader with deep experience across ArcSight, Splunk, Elastic/ELK, Hadoop, AWS, and enterprise security modernization. Team experience spans OPM, IRS, ATF, TSA, Senate, Fannie Mae, and other federal and financial environments.
Cloud security and automation engineer with CMS experience building AWS-based CDM collection architectures, custom Splunk apps, CI/CD and compliance automation, plus research in malware analysis and machine learning at the University of Maryland.
Need a richer team page? View detailed bios and credentials.
Our AI/security language and service design align with current governance and secure-adoption patterns, while remaining practical for engineering teams and regulated programs.
Use risk-based AI governance patterns for secure and responsible adoption, including controls around prompt injection, data exposure, and downstream harm.
Map AI controls to current GenAI application risks such as prompt injection, sensitive information disclosure, supply-chain risk, and insecure agent behavior.
Apply current graduate work in AI Governance & Compliance, AI Security & Data Privacy, AI Applications Integration, Data Engineering for AI, Developing AI Solutions, and AI System Design & Architecture.
This static site package includes an HTML/CSS/JS website with downloadable SBA capability documents, no build step, and no third-party dependencies.