“DoD Secret clearance. DoE Q clearance. Currently consulting at Los Alamos National Laboratory. I built PolicyCortex because I spent 11 years living the problem it solves.”
- Leonard Esere, Founder & CEO
Active security clearances.
These are not buzzwords. They are active, adjudicated clearances granted by the U.S. federal government after extensive background investigation. They mean I am trusted to access classified national security information.
DoD SECRET
Granted by the Department of Defense. Authorizes access to information that could cause serious damage to national security if disclosed.
DoE Q CLEARANCE
Equivalent to DoD Top Secret
Granted by the Department of Energy. Required for access to Top Secret Restricted Data, including nuclear weapons design information and critical national security data.
Why this matters for your CMMC engagement: the person leading your pilot has been through the same scrutiny the government applies to its most sensitive programs. I understand what assessors look for because I work inside the environments they protect.
11 years inside the problem.
I did not read about compliance in a textbook. I spent over a decade building, securing, and defending cloud infrastructure across defense, government, and regulated industries.
Cloud Security Consultant
Los Alamos National Laboratory (LANL)
Consulting on cloud security architecture for one of the most sensitive research environments in the U.S. national security apparatus. This is where I see firsthand what compliance frameworks actually demand - and where most tools fall short.
Security Engineer
MITRE Corporation
Worked on federally funded R&D supporting the Department of Defense. Built threat models, security architectures, and assessment methodologies that inform how I approach CMMC compliance today.
Cloud Security Architect
USAA
Secured cloud infrastructure serving millions of military families. Learned at scale what it takes to keep regulated environments compliant without slowing down engineering teams.
Infrastructure Engineer
Frontier Airlines
Built and maintained production infrastructure supporting real-time operations. This is where I first understood that compliance cannot be a manual process - it has to be automated or it breaks.
Founder & CEO
PolicyCortex
Built PolicyCortex to solve the problem I spent 11 years watching from the inside. Defense contractors should not need a 12-month engagement and $200K to get CMMC-ready. I built the tool that makes it possible in 30 days for $15K.
Why I built PolicyCortex.
At every organization I worked for - LANL, MITRE, USAA - I watched the same pattern repeat. Smart security teams buried under compliance busywork. Spreadsheets tracking hundreds of controls manually. Evidence collection that took weeks. Documentation that was outdated the moment it was finished.
The defense industrial base has over 200,000 contractors that need CMMC Level 2 certification. The traditional consulting model does not scale. A 12-month engagement at $75K-$200K per contractor is not a solution - it is a bottleneck that threatens national security readiness.
I built PolicyCortex to do what I spent years wishing existed: connect to a cloud environment, automatically baseline it against CMMC requirements, remediate the gaps with real infrastructure changes (not just a PDF telling you what to fix), and produce the exact evidence package a C3PAO assessor needs.
The result is a 30-day, $15,000 pilot that delivers what used to take 6-12 months and cost ten times as much. Not because I cut corners - but because I automated the work that should never have been manual in the first place.
4 U.S. Patents Filed.
PolicyCortex is not a wrapper around open-source tools. The core technology is novel, patent-pending, and built specifically for autonomous compliance.
Autonomous Cloud Governance Engine
A system that continuously monitors cloud infrastructure against compliance frameworks and autonomously generates, validates, and deploys remediation code.
Neuro-Symbolic Policy Reasoning Architecture
A hybrid AI architecture that combines neural language models with symbolic logic for deterministic compliance decisions - ensuring every remediation action is explainable and reversible.
Safety Sandwich Execution Framework
A three-layer guardrail system that validates infrastructure changes before and after execution, with automatic rollback if any validation check fails.
Multi-Framework Compliance Mapping Engine
A system that maps a single infrastructure state against multiple compliance frameworks simultaneously - CMMC, NIST 800-171, FedRAMP, CIS - and generates unified evidence packages.
I take every initial call personally.
If your organization needs to get CMMC-ready by November, let's talk. 30 minutes, no sales team, no generic deck - just a direct conversation about your environment and whether PolicyCortex is the right fit.
Book a 30-min call