The Work Behind the Credentials
AeoliTech is a young practice with a senior delivery record. These are the engagements Leonard Esere personally delivered before founding AeoliTech. This is the experience that gets applied to your CMMC readiness program.
Founder Delivery Record #1
Authorization to Operate at Los Alamos National Laboratory
The Challenge
A complex research system at LANL required full Authorization to Operate under the NIST Risk Management Framework at the High impact level. The system handled sensitive research data across a multi-tenant environment with legacy infrastructure components that had never been formally assessed. The AO timeline was fixed. The evidence package had to be defensible, not performative.
The Approach
Leonard led the end-to-end RMF implementation: system categorization, security control selection, implementation of all applicable NIST 800-53 High controls, documentation of the System Security Plan, development of the Security Assessment Report supporting materials, and POA&M tracking through remediation.
The Outcome
System received full ATO. Zero deferred conditions on the highest-priority control families. POA&M items were contained to low-impact operational items with documented milestones. The evidence package was delivered on schedule with the AO decision.
Why it matters for your CMMC program: CMMC L2 maps to NIST 800-171 Rev. 3, a subset of NIST 800-53. The LANL engagement was at the High baseline, which is more demanding than CMMC L2. The person running your engagement has already done the harder version.
Founder Delivery Record #2
CMMC Controls Architecture at MITRE
The Challenge
MITRE's defense-sector programs required implementation and validation of CMMC-aligned security controls across cloud and on-premises environments handling Controlled Unclassified Information.
The Approach
Leonard worked directly on the CMMC control architecture, mapping CMMC Level 2 practices to implementation configurations, building policy enforcement rules, validating evidence collection workflows, and identifying gaps between stated policy and actual system configuration.
The Outcome
Control implementations were documented to assessor-ready standards. Policy-to-implementation mapping was validated. The evidence workflows built during this engagement became the foundation for the PolicyCortex automation layer AeoliTech now deploys for clients.
Why it matters for your CMMC program: You are not getting an engineer who read the CMMC framework. You are getting the engineer who implemented it at the institution that helped write it.
Founder Delivery Record #3
PCI DSS Compliance at Frontier Airlines
The Challenge
Frontier Airlines required PCI DSS compliance ownership across a large, distributed payment card environment with multiple integrations, third-party processors, and high-volume transaction systems.
The Approach
Leonard led PCI DSS compliance delivery, scoping the cardholder data environment, implementing required controls, managing QSA engagement, and establishing continuous monitoring for in-scope systems.
The Outcome
Frontier achieved and maintained PCI DSS compliance. QSA assessment completed successfully. Continuous monitoring posture established post-certification.
Why it matters for your CMMC program: PCI DSS and CMMC share structural DNA: rigorous scoping, evidence-backed control implementation, and a defensible posture at assessment time. The discipline required at airline transaction volume is a direct analog to CMMC at a defense prime with broad CUI exposure.
Ready to Build Your Delivery Record?
Book a CMMC Readiness CallAeoliTech is a CMMC preparation partner, not a C3PAO. We get you ready. We connect you with authorized C3PAOs for the formal assessment.