About John Koontz

Why I'm Doing This Work

After 20+ years building and securing infrastructure for government agencies, venture-backed startups, and enterprises, I've seen firsthand how compliance can either paralyze organizations or become a foundation for real security.

When I learned about the CMMC deadline and the confusion facing small defense contractors, I saw an opportunity to help. These are businesses doing critical work for our national defense, but they're being overwhelmed by regulatory complexity.

I started AlphaVerify to bring practical, technical expertise to contractors who need compliance guidance—not consulting theater.

Professional Background

AlphaVerify

Founder & Principal Consultant

April 2025 - Present

CMMC Compliance Consulting for Defense Contractors

• Helping defense contractors achieve CMMC Level 1 and Level 2 certification before the November 2025 deadline
• Providing practical, fixed-scope compliance packages for DoD contractors and subcontractors
• Offering additional compliance services including SOC2, GDPR, penetration testing, and FedRAMP assistance

Ketryx Corporation

Chief Operating Officer

2022 - April 2025

Lightspeed-backed Medical Device Software

• Achieved SOC2 Type I & Type II, ISO 27001, FDA/IEC 62304, 13485, 14971, and GDPR compliance certifications
• Built HIPAA-compliant cross-continent infrastructure on premist and cloud
• Helped scale the company from startup to $39M Series B while maintaining compliance frameworks
• Managed regulatory audits and enterprise customer security reviews

Wolfram Research

Chief Information Officer & VP Engineering

2011 - 2022

• Led technical partnerships with all government agencies: including FBI, CIA, and U.S. Army
• Managed infrastructure for Wolfram Alpha (top 2,000 global website)
• Led initiatives for PCI, SOC2, NISP SP-800-171, & FedRAMP compliance
• Technical lead and compliance/security managment for strategic partnerships with Apple, Amazon, Microsoft, and others

Additional Employment

Regulatory & Government focused positions

• Eastern Illinois University
• NASA Ames Research Center
• Argonne National Laboratory

Technical Expertise Relevant to CMMC

Identity & Access Management

Active Directory, LDAP, Kerberos, RADIUS, OAuth2, OIDC, multi-factor authentication, privileged access management

Network Security

VPN configuration, VLAN segmentation, firewall management, network segmentation, intrusion detection systems

Infrastructure Security

AWS security architecture, Windows/Linux server hardening, vulnerability management, patch management, backup & recovery

Compliance Frameworks

NIST 800-171, NIST 800-53, SOC2 Type II, ISO 27001, HIPAA, FDA 21 CFR Part 11, IEC 62304, FedRAMP

Publications & Leadership

Publications

• Published research on computational infrastructure and security
• Speaker at technical conferences on compliance and infrastructure
• Lifetime member of ACM (Association for Computing Machinery)

Board Positions

• Advisory board member for technology startups
• Mentor for early-stage companies on compliance and security

My Approach to Consulting

I'm not building a consulting empire. This is a personal practice focused on delivering real value.

When you work with me, you're getting:

Direct access to me - not a team of junior consultants
Practical guidance - based on actually implementing these controls
Clear scope - fixed-scope packages, no surprises
Real security - not just checkbox compliance

I understand both the technical implementation and the regulatory requirements. That combination is rare, and it's what makes this work effective.