Washington DC Metro Area

Your infrastructure is either working for you or costing you.

If your VMware bill tripled overnight, if your compliance audit has gaps you can't see, if your IT vendor is charging you per device for tools that should be free — those are solvable problems.

$46,100 Avg. first-year savings documented
0 min Downtime during 60+ VM migration
48 hrs Insider threat fully remediated
What changed

You used to buy your software. Now you rent it — at 5× the price.

When Broadcom acquired VMware in 2023, they eliminated perpetual licenses. Everything became subscription. Prices jumped 150% to over 1,000%.

A small company that spent $5,000 a year is now looking at $50,000. Forced bundles. 72-core minimums. 20% late-renewal penalties. Features you don't need, in packages you can't unbundle.

This isn't a VMware-only problem. It's the playbook: acquire, bundle, raise prices, lock in. Your infrastructure shouldn't be held hostage.

What they want you to pay
$48,600/yr
72 cores × $135/core × 5 servers
  • 72-core minimum purchase
  • Subscription only — you never own it
  • Forced feature bundles
  • 20% late-renewal penalty
What it actually costs with open-source
$2,500/yr
Optional support. Same capabilities.
  • No minimums. Pay for what you use.
  • You own your system. Take it with you.
  • No forced bundles. No penalties.
  • Open-source foundation — fully documented.
$46,100
Average first-year savings — documented
Documented outcomes

These are real numbers from real projects.

Not marketing copy. Not estimates. Measured results with before-and-after evidence.

Infrastructure · Scientific Research Company
60+ VMs migrated from VMware to Proxmox. Zero downtime.
After Broadcom's acquisition, their VMware bill was set to triple. Every virtual machine was migrated to an open-source hypervisor with equivalent capability. Production never went offline.
60%+
Annual savings
0 min
Downtime
Security · Defense Contractor
Insider threat detected, evidence preserved, systems restored. 48 hours.
Sophisticated insider attack identified. Full forensic evidence preserved with chain-of-custody for legal proceedings. All affected systems remediated. Monitoring implemented to prevent recurrence.
48 hrs
Full remediation
100%
Evidence preserved
Infrastructure · 1000+ Device Enterprise
Complete network redesign. 300+ users. Zero unplanned outages since.
High-speed backbone with proper security segmentation and built-in redundancy. Designed to fail gracefully — when hardware breaks (it always does), the network routes around it.
1000+
Devices supported
0
Unplanned outages
AI Integration · Technology Company
Hybrid AI system. Local processing for routine work, cloud for complex.
Your data stays on your hardware. Routine tasks run locally on high-powered GPUs. Complex work escalates to cloud APIs only when needed. Costs drop, privacy improves, capability stays high.
70-80%
Cost reduction
6-12 mo
Hardware ROI
How it works

Your problem gets the same process every time.

No guessing. No assumptions. The methodology is the same whether you have 10 servers or 1,000.

1
Reconnaissance
Before anything changes, your environment gets systematically mapped. Every config file, every firmware version, every security gap. If information is missing, a script gets written to find it. Nothing is assumed — everything is verified on the wire.
2
Assessment
Every finding gets a confidence score. You see exactly where you stand, what the gap is between current state and target, and what needs to change. If compliance is involved — CMMC, NIST, FIPS — every control maps to specific evidence from your actual systems.
3
Phased execution
Changes happen in phases with rollback procedures at every step. One thing changes, it gets verified, then the next. AI handles documentation, monitoring, and pattern recognition in parallel. Every action is logged: who, what, when, where, why, how.
4
Verification & handoff
You get complete documentation of everything that changed and why. Not a summary — the actual commands, the actual configs, the actual before-and-after state. If you ever need to hand this off to someone else, they can pick up exactly where it left off.
Open-source foundation

Your infrastructure runs on tools you can inspect, modify, and take with you.

No vendor lock-in. No surprise licensing changes. Everything documented. Full catalog of 210+ tools →

Proxmox
Proxmox
Virtualization
WireGuard
WireGuard
Mesh VPN
Ubuntu
Ubuntu
Linux
Docker
Docker
Containers
Nginx
Nginx
Web Server
Let's Encrypt
Let's Encrypt
SSL
Fail2ban
Fail2ban
Security
Certbot
Certbot
Auto SSL
📈
UptimeKuma
Monitoring
🎛️
Tactical RMM
Remote Mgmt
🛡️
Wazuh
SIEM/XDR
💾
UrBackup
Backup
Operational infrastructure

This isn't a pitch. This is what's running right now.

Every workflow below represents real automation executing against production infrastructure. The controls are verifiable. The data is live.

75Managed Nodes
99.9%Mesh Uptime
24/7AI Monitoring
L2CMMC Alignment
CMMC L2 Compliance
Scheduled Audit
daily 02:00 UTC
Control Scan
AU, AC, SC, IA, CM
Verify Evidence
configs vs. 800-171
POA&M Report
Gap Alert
Infrastructure Health
Continuous
every 25 seconds
WireGuard Health
75 peers keepalive
Classify Status
online / stale / down
Dashboard
Auto-Fix
Server Onboarding
New Server
manual or API call
Baseline Script
harden + VPN + monitor
Verify & Register
mesh join confirmed
5W1H Log
Foundation layer
AI
Claude API + RTX 5090
SSH Relay Triad
Credential Vault
Monitoring Stack
WireGuard Mesh
Operational today
Encrypted mesh VPN
75 WireGuard peers with 25-second keepalive across Proxmox clusters, cloud instances, and edge devices. Every node verified within 30 seconds.
SC.L2-3.13.1 · SC.L2-3.13.2
AI-assisted operations
Triple-relay command execution with Bearer token auth and automatic failover. Every hop authenticated: HTTP → relay → SSH → WireGuard → target.
IA.L2-3.5.2 · AC.L2-3.1.1
Idempotent server hardening
One script: SSH lockdown, fail2ban, sysctl tuning, audit logging, VPN enrollment, monitoring registration. Repeatable on every server, safe to re-run.
CM.L2-3.4.3 · SI.L2-3.14.1
Centralized monitoring
UptimeKuma, Graylog SIEM, Wazuh XDR, LibreNMS. Alert routing to Discord, Teams, SMTP. Admin dashboard with 16 embedded services.
SI.L2-3.14.6 · AU.L2-3.3.1
In development
Visual workflow builder
Drag-and-drop orchestration for infrastructure workflows. The automation runs today via scripts and relay; the visual layer is next.
Automated CMMC evidence collection
Continuous scanning of all 110 NIST 800-171 controls with auto-generated POA&M. Currently per-engagement; full automation in progress.
Single sign-on
Keycloak OIDC across the entire service mesh. One login authenticates every embedded tool automatically.
Self-healing infrastructure
Automatic remediation for detected failures. Operational for VPN tunnels today; expanding to all services.

Every CMMC control maps to NIST SP 800-171 Rev 2. Format: Family.Level-Section. These are actual controls, not aspirational checkboxes.

Engagement models

Three ways to work together. All open-source. No lock-in.

Every engagement starts with reconnaissance. You get a complete picture of where you stand before anything changes. Pricing is scoped to your environment — not inflated by headcount.

Assessment
One-time engagement
Know exactly where you stand. Full reconnaissance of your environment with confidence-scored findings.
From $2,500
Scoped to environment size
Reconnaissance
Infrastructure mapping — every host, config, firmware
Security gap analysis with confidence scores
Compliance posture (CMMC, NIST, HIPAA)
Vendor lock-in assessment & migration paths
5W1H documentation of all findings
Deliverables
Executive summary + technical detail report
Prioritized remediation roadmap
Cost comparison: current vs. open-source alternatives
Ongoing monitoring
Implementation
AI agent deployment
No changes made. Intelligence gathering only. You decide what happens next.
Most common
Managed Infrastructure
Monthly engagement
Your infrastructure runs on open-source tools you own. I manage it, monitor it, and keep it hardened.
From $2,500 /mo
Scoped to node count + complexity
Everything in Assessment, plus:
24/7 monitoring — UptimeKuma, Graylog, Wazuh
Encrypted mesh VPN (WireGuard)
Patch management & vulnerability remediation
Backup verification & disaster recovery
Firewall management (iptables, not UFW)
DNS management (Pi-hole + Cloudflare)
SSL certificate lifecycle
Incident response with triage + remediation
AI-assisted operations — relay triad, automated checks
Deliverables
Admin dashboard — your services, live status, one pane
Monthly reporting with 5W1H audit trail
Quarterly business review
CMMC evidence packages
Compliance audit preparation
You own every tool, every config, every credential. If you leave, you take it all with you.
Compliance + Security
Monthly engagement
Full infrastructure management with continuous CMMC/NIST compliance. For organizations pursuing or maintaining certification.
From $5,000 /mo
Scoped to compliance framework + environment
Everything in Managed, plus:
CMMC Level 2 control mapping — 110 NIST 800-171 controls
Continuous compliance monitoring per control family
POA&M generation & remediation tracking
SSP (System Security Plan) development
SIEM tuning & log retention compliance
Access control enforcement & audit
Security awareness training coordination
Incident response plan & tabletop exercises
vCTO advisory — 4hrs/month
Deliverables
CMMC evidence packages per assessment domain
Pre-audit readiness reviews
Full 5W1H change documentation — auditor-ready
Built for defense contractors, government subs, and regulated industries. CMMC, NIST, HIPAA, FedRAMP alignment.
Project engagements
Migrations, buildouts, and one-time implementations. Fixed-price or time-and-materials.
VMware → Proxmox migration Network redesign VPN deployment SIEM implementation Server hardening DR planning

All pricing is scoped after reconnaissance — not before. You'll know exactly what you're paying for and why. The assessment fee applies toward any ongoing engagement.

Zachary Ross
Zachary Ross
Frederick, MD · Remote available

Fortune 500 to defense contractors to small businesses. I've built infrastructure at every scale, and I've watched vendors extract maximum profit from every one of them.

DATAROSS is not a traditional MSP. No sales team, no account managers, no overhead to pass along.

0 years
building, breaking, and rebuilding infrastructure
Digital Counsel
18 AI agents governing every CMMC domain
SOLOMON
Master Architect
NEHEMIAH
Security · Firewalls
DANIEL
Audit · Logging
SAMUEL
Uptime · Monitoring
BEZALEL
Automation · AI Relay
GIDEON
Incident Response
+ 12 more governing Configuration, Identity, DNS, Backup, Patching, Risk, Training, Comms, Capacity, Certificates, Media, and DR
One engineer directing eighteen agents across seventy-five nodes. The AI doesn't replace the thinking — it multiplies the reach.
Matthew 10:8
What you receive freely, give freely. Technology should serve people, not create dependency.
Proverbs 27:6
Sometimes the honest answer is "don't change anything." You'll hear what you need to hear.
Galatians 6:2
Technology should be invisible when it works. You focus on your work; the complexity is handled.
Philippians 2:3-4
Your interests come first — even when that means less revenue. Trust outlasts any transaction.
Contact

You know if this applies to you.

[email protected] LinkedIn GitHub

Frederick, MD. Remote or on-site within the DC metro area.

Self-Hosted Infrastructure
Encrypted mesh network · No third-party dependencies · Full sovereignty
E2E
Encrypted
24/7
Monitored
<5m
Recovery
Live Status