Mario Lunato
DevSecOps · Cloud Security · GRC
OneUpSec is the personal site of Mario Lunato — a DevSecOps, cloud security, and GRC engineer with 10+ years of experience across national security, public sector, and private industry. I design, build, and operate secure cloud platforms, automated delivery pipelines, and compliance frameworks at scale from CI/CD security gates to continuous ATO programs and FedRAMP authorization.
This site is where I write about cloud security, DevSecOps, GRC Engineering, AI, and whatever else I find interesting.
Work Experience
Cloud Security Engineer / DevSecOps Technical Lead
Aquia Inc. February 2022 — PresentLeading a team of 5 engineers delivering a continuous Authority to Operate (cATO) program for a federal civilian agency. Architected the end-to-end cloud automation framework integrating AWS security services with GRC tooling, reducing time-to-ATO by ~40% and automating 30%+ of compliance evidence generation. Engineered reusable CI/CD security gates, hardened multi-tenant Kubernetes clusters on Platform One, and served as ISSO for FedRAMP systems.
Cloud Security Analyst
Quzara LLC September 2021 — February 2022Conducted security assessments of cloud applications, designed AWS security architectures for regulated environments, and prepared customer systems for FedRAMP audits. Authored Security Assessment Reports and standardized evaluation templates across engagements.
Cloud Security Engineer / Analyst
ByteChek Assurance March 2021 — September 2021Built centralized monitoring and alerting systems using AWS CloudWatch and SNS, integrated SonarQube into CI/CD pipelines, and deployed infrastructure as code with CloudFormation. Defined threat defense controls and built enterprise compliance frameworks that streamlined audit preparation across multiple client engagements.
Cyber Systems Supervisor / SCOM SME
United States Air Force — Air Force Academy, CO September 2019 — September 2021Team lead and subject matter expert for SCOM operations, monitoring 20 mission-critical servers at 99.9% uptime. Administered Windows Server environments and 50+ VMware VMs supporting 4,000+ cadets and 20,000+ personnel while enforcing DoD patching and STIG hardening requirements.
Cyber Systems Operator
United States Air Force — Offutt AFB, NE January 2016 — September 2019Administered a data center supporting 127 servers and 5,000+ workstations, including disaster recovery and continuity of operations planning. Conducted weekly security audits across 8,000+ systems and managed endpoint protection and automated vulnerability patching across the network.
Education
A.A.S. in Information Systems Technology
Community College of the Air Force 2021Applied degree in information systems technology earned through Air Force technical training and operational experience.
Certifications
AWS Certified Solutions Architect Professional Amazon Web Services
AWS Certified Security Specialty Amazon Web Services
AWS Certified Solutions Architect Associate Amazon Web Services
AWS Certified Cloud Practitioner Amazon Web Services
AWS AI Practitioner Amazon Web Services
Certified Kubernetes Administrator CNCF
Kubernetes and Cloud Native Associate CNCF
CompTIA Security+ CompTIA