About the Founder
Aegidis Systems is led by a founder who has spent nearly two decades inside the specific disciplines the company works in: Army defensive cyber on classified networks, enterprise cloud security leadership at a Fortune 500 carrier, and now patent-pending hardware security IP. The credentials on the website match the work history because they came from the same career.
Justin Brown founded Aegidis Systems because federal cyber compliance, physical security engineering, and defense delivery are the same problem — and most firms that do one of the three have never touched the other two.
He entered the field in the U.S. Army (2007–2011), starting in tactical signals and transmission systems and expanding into broader network and systems work, including deployment to Iraq in 2008–2009 in support of OIF operations. That led into three continuous years (2011–2014) supporting Army defensive cyber operations at Fort Huachuca — first with the Continental United States Theater Network Operations and Security Center (CTNOSC), which was redesignated RCERT-South during his tenure. The work was SCIF-based under a previously held TS/SCI clearance and spanned NIPR, SIPR, and coalition networks used in OEF and OIF.
Since 2014, he has been inside a Fortune 500 insurance carrier's security organization, moving from Senior Network Engineer through Lead Cloud Security Engineer to his current role as Manager of Cloud Security Engineering. The work in that decade has been hands-on: leading the Cisco ASA to Palo Alto migration, the Bluecoat and VPN replacement with Zscaler ZIA and ZPA as principal architect, a hybrid managed-service data center transition, and running the organization's Zero Trust Maturity Model program against the CISA ZTMM and NIST SP 800-207 frameworks.
In 2025, he filed a provisional patent application (USPTO #63/940,006) on the Tessera architecture — a magnetically retained passive NFC token that solves the saturation failure mode that causes conventional on-metal NFC tags to fail when combined with a high-strength neodymium retention magnet. The flux diverter stack enables hardware-rooted, cryptographically authenticated asset identity on ferrous surfaces without drilling, welding, or permanent adhesives. The device applies non-repudiation principles at the physical layer: every tap generates a cryptographically unique, verifiable authentication event that cannot be cloned, replayed, or passively spoofed.
CTNOSC / RCERT-South
- Three continuous years supporting Army defensive cyber at the theater level, spanning the organizational transition from CTNOSC to RCERT-South. SCIF-based work under a previously held TS/SCI clearance.
- Hands-on engineering and operations on NIPR, SIPR, and coalition networks used during OEF and OIF.
- Full SIPR firewall migration from Juniper NetScreen to Palo Alto next-generation firewalls — a policy-rewrite and cutover on classified infrastructure, not a like-for-like swap.
- Contractor billets across the period: TEKsystems, AFMS Inc., and General Dynamics Information Technology.
Enterprise Security Engineering & Zero Trust
- Principal on the enterprise perimeter firewall migration from Cisco ASA to Palo Alto Networks next-generation firewalls.
- Core team member on the carrier's hybrid managed-service private cloud transition — responsible for the network and middleware layer, specifically the ownership and management transition of F5 proxies and Palo Alto firewalls, with the carrier retaining full firewall administration and security policy control across both retained and hosted data centers.
- Principal engineer and architect on the carrier's Zero Trust transition — replacing legacy Bluecoat proxy and VPN infrastructure with Zscaler ZIA and ZPA.
- Primary driver of the carrier's Zero Trust Maturity Model program, aligned to the CISA Zero Trust Maturity Model and NIST SP 800-207.
- Current role: Manager of Cloud Security Engineering.
Tessera Architecture — Patent Pending
- Identified the saturation failure mode in conventional ferrite-based on-metal NFC tags: when a high-strength neodymium retention magnet is placed behind the ferrite layer, the ferrite saturates, effective permeability collapses, and the tag fails to communicate.
- Designed the Tessera layered physical security stack: high-saturation nanocrystalline flux diverter, optional flux shunt element, NFC antenna substrate, mechanical interlock housing, and outer enclosure — enabling magnetically retained passive HF identity on ferrous surfaces while maintaining antenna tuning under DC magnetic bias.
- Provisional patent filed December 2025 (USPTO #63/940,006). Claims cover the base device architecture, the manufacturing method, the industrial asset lifecycle management workflow, and a ladder of dependent claims from simple passive HF identity through cryptographically authenticated variants using AES-128 SUN authentication with CC EAL4 certified ICs.
- Product lines named in the provisional: Tessera Forge Series (consumer and tabletop gaming) and Tessera Ordnance Series (industrial, LOTO, defense logistics, and supply chain integrity).
Security at Every Layer
Effective security architecture operates at the physical layer, the network layer, and the governance layer — not just the policy layer. Compliance frameworks that ignore how systems are actually built produce paperwork, not protection.
Non-Repudiation as a Design Requirement
The ability to prove that a specific event occurred, by a specific principal, at a specific time — in a way that cannot later be denied — is an architectural requirement, not a reporting feature. It shapes decisions from firewall policy through to NFC IC selection.
Direct Access, No Intermediaries
Engagements are founder-led. NIST assessments, Zero Trust maturity work, Tessera pilots — the person who scopes the work is the person who does it. There's no handoff to a junior team after the initial call.
Reach out for cybersecurity scoping, Zero Trust maturity discussions, manufacturing quotes, or Tessera pilot evaluation.