About — NAXS Labs
About

Security is a system.
Not a specialty.

I don't think it's enough anymore for a security professional to know one thing well. The job means covering enough ground across the discipline — governance, identity, cloud, network — to see how it all fits together. That's the model NAXS Labs runs on: strengthening the cybersecurity posture of small and mid-size businesses. They're the weakest link in the chain that protects the nation.

Darnell Keith — Founder, NAXS Labs
Darnell Keith
Founder, NAXS Labs

Not a straight line.
That's where the range comes from.

I didn't come up through a helpdesk or a SOC. Before cybersecurity, I spent years in the automotive industry and running my own entrepreneurial ventures, including online retail. None of that maps directly onto GRC — but it's part of why I don't buy the idea that security is a single lane. Different rooms, different problems, and the same lesson each time: how organizations actually operate, how people make decisions under pressure, and how to communicate with people who aren't technical.

I served in the United States Navy aboard the USS Kitty Hawk — a forward-deployed aircraft carrier in Yokosuka, Japan. That's where I learned what accountability looks like when the stakes are real: strict procedures, clear communication, and no ambiguity about who is responsible for what. Those habits didn't leave when I got out.

I built the cybersecurity knowledge deliberately — a Master's in Cybersecurity from WGU, a credential stack that spans cloud security, identity, networking, and governance, and hands-on work building and operating infrastructure to make the theory real. I'm based in Providence, Rhode Island.

United States Navy
Fireman Apprentice, USS Kitty Hawk — forward deployed, Yokosuka, Japan. Engineering and damage control operations in a high-accountability environment.
M.S. Cybersecurity — WGU
Graduate degree in cybersecurity and information assurance, with undergraduate work in the same field. Built the knowledge foundation first, then the credentials.
Based in Providence, Rhode Island
Available for remote and on-site engagements throughout New England and nationally.

A few principles I don't compromise on.

These are the commitments I hold myself to on every engagement, with every client.

01

Honesty over salesmanship

I'll tell you what you actually need — even if that means telling you the problem is smaller than you thought, or that you don't need me for it.

02

Plain language, always

Security has a jargon problem. I translate findings into clear, actionable language so you can make informed decisions without a decoder ring.

03

Documentation you keep

Every engagement ends with documentation you own. The goal is to leave you better off — not dependent on me for things you could handle yourself.

04

Practical over perfect

Perfect security doesn't exist. I focus on realistic improvements that meaningfully reduce your risk without paralyzing your operations.

05

Responsive and accountable

You'll always know who to call and what's happening. No black box, no waiting weeks for an update on your own systems.

06

Continuous learning

The threat landscape changes. I stay current on emerging vulnerabilities, frameworks, and best practices so my advice doesn't get stale.

Small and mid-size businesses
that need a real security program.

Most small organizations share the same problem: real compliance exposure, limited budget, and no in-house security expertise to bridge the gap. That's exactly where I focus.

Healthcare & Medical Practices

HIPAA obligations, PHI exposure, and vendor relationships that carry real regulatory risk. Small practices rarely have a dedicated security function to manage any of it.

Professional Services

Law firms, accounting firms, financial advisors — businesses that handle client data and face growing compliance requirements with limited technical staff.

Nonprofits

Donor data, grant compliance, and lean IT budgets. Nonprofits face real security obligations without enterprise resources to meet them.

Education & certifications.

Education

Master of Science — Cybersecurity & Information Assurance

Western Governors University

March 2026

Active Certifications

GIAC: GCIH · GSEC

Incident handling and security essentials.

GIAC

ISC2: SSCP · Associate of ISC2 (CCSP)

Systems security practitioner; cloud security

ISC2

ISO/IEC 27001 Lead Auditor

Certified to plan and lead audits of information security management systems (ISMS) against the ISO/IEC 27001 standard.

GRC Mastery · Exemplar Global
View verified badges on Credly

Technical Areas

GRC & Frameworks
NIST CSF 2.0 NIST SP 800-53 ISO 27001 HIPAA PCI DSS CMMC
Identity & Access Management
Okta Microsoft Entra ID AWS IAM SSO & MFA PAM Lifecycle Management
Cloud Security
AWS Azure Policy as Code Terraform / OpenTofu HashiCorp Vault
Network Security
Segmentation & VLANs Firewall Rules Zero Trust Routing & Switching
Risk Management
FAIR Model ISO 27005 Risk Registers Gap Assessments

No pressure, no commitment.

Tell me what you're dealing with and I'll let you know if and how I can help. If I'm not the right fit, I'll say so.

NAXS Labs
Logo