Dylan Shroll

About

I tend trust — and the things that try to break it.

I'm a cybersecurity engineer with six-plus years across healthcare, financial services, lottery, and logistics — everywhere the stakes are high and the regulations are higher still. I specialize in LLM-powered cyber deception operations and behavior-science-driven security awareness, and I've built and led security programs as both an individual contributor and a manager.

The through-line of my work is simple: security succeeds when people are empowered, not threatened. I design programs, research, and talks around that premise, and I translate complex adversary behavior into actionable strategy for both technical teams and executives.

I live in Des Moines, Iowa. I serve on the board of the Des Moines Queer Youth Resource Center, where I provide pro bono technology support and digital security consulting. I was part of the 2024 Iowa Tech Connect Program with the Technology Association of Iowa.

Competencies

What I work on.

  • Network Security & Firewall Management
  • EDR/MDR/XDR
  • IDS/IPS
  • DLP
  • Endpoint & Mobile Device Security
  • NAC
  • Identity & Access Management
  • Vulnerability Management
  • Threat Hunting
  • Incident Response
  • AWS Cloud Security
  • Application Security
  • STRIDE Threat Modeling
  • Terraform & CloudFormation
  • Docker & Kubernetes
  • CI/CD Security Integration
  • SIEM/SOAR
  • AI-Powered Cyber Deception
  • LangChain & LangGraph
  • Python
  • PowerShell
  • Automation & Tooling Development
  • Security Program Leadership
  • Regulatory Compliance (SOC 2, HIPAA, Financial)
  • Security Policy Development
  • Vendor Evaluation & Management
  • Security Awareness & Culture
  • Team Mentorship & Talent Development
  • Change Management
  • Cross-Functional Stakeholder Communication

Experience

Where I've been.

  1. Dec 2024 Present

    Security Engineer Revology

    Des Moines, Iowa

    • Serve as security engineer for cloud-native healthcare revenue cycle management startup, owning application security, cloud security, endpoint security, and security awareness across the organization.
    • Design and execute application and infrastructure-as-code security processes across the SDLC, integrating StackHawk DAST, GitHub Advanced Security, and Nightfall DLP into actionable workflows.
    • Facilitate SOC 2 Type II engagement for product, managing evidence collection and control implementation.
    • Design and deliver quarterly “Hacky Hour” security awareness sessions using behavior-science principles and creative theming, replacing fear-based compliance training with trust-based engagement that drives measurable behavior change.
    • Collaborate cross-functionally with engineering, product, and operations teams to embed security into development and deployment workflows from design through production.
    • Conduct STRIDE threat modeling across AWS architecture to identify and prioritize risk.
  2. Jul 2023 Dec 2024

    Systems Security Manager West Bank

    West Des Moines, Iowa

    • Led security operations team responsible for engineering, monitoring, incident response, and audit readiness across a regulated financial institution.
    • Piloted and deployed enterprise-wide password manager, driving adoption across all employees and facilitating measurable improvements in credential hygiene and security posture.
    • Revamped EDR/MDR technology stack, evaluating vendors, retiring legacy tooling, and deploying modern endpoint detection and response across the enterprise.
    • Led network security design and implementation for new headquarters and branch locations, architecting security controls from the ground up.
    • Managed vendor relationships across the cybersecurity space, conducting evaluations, negotiating contracts, and aligning tooling decisions with organizational risk posture and budget.
    • Served as primary liaison with external auditors, regulators, and law enforcement on cybersecurity matters, managing audit responses and compliance evidence.
    • Developed and implemented comprehensive security policies, procedures, and standards to safeguard digital assets in alignment with financial regulatory requirements.
  3. Jan 2022 May 2023

    Information Security Analyst Multi-State Lottery Association

    Johnston, Iowa

    • Reduced MTTR on SIEM escalations by 5 days through process optimization and triage improvements.
    • Designed and launched a security internship program, building a pipeline of job-ready analysts.
    • Primary escalation point for physical and technical incident response.
    • Conducted original research on security culture and behavioral influence, maturing the awareness program.
    • Founded the MUSL Culture Committee.
  4. Sep 2020 Dec 2021

    Telecom Specialist Wright Service Corp

    Des Moines, Iowa

    • Managed Cisco Meraki and JAMF Pro MDM environments supporting 6,000+ iOS devices across US, Canada, and Puerto Rico.
    • Led proof-of-value testing integrating Cisco Duo and Umbrella with MDM across 500+ devices.
    • Mobile device project lead; built vendor relationships and produced cost-benefit analyses.
  5. Jan 2020 Sep 2020

    IT Consultant QCI, Inc (Wright Service Corp)

    Des Moines, Iowa

    • Configured, deployed, and managed 6,000+ iOS devices for remote employees across US and Canada.
    • Advocated for mobile endpoint security hardening and access control improvements.

Credentials

The paperwork.

  • Associate of (ISC)² — 2022–2023
  • Iowa Tech Connect, Technology Association of Iowa -- 2024
Download full résumé

Say hello

Get in touch.

The best way to reach me is LinkedIn. You can also find my open-source work on GitHub.