Lead Information Assurance Engineer

• Jun 2022 - Present

• Lead a team of Cybersecurity Professionals in support Chairmen, Joint Chiefs of Staff/J7 Cybersecurity operations in the areas of Computer Network Defense (CND), Intrusion Detection Systems (IDS)/ Intrusion Prevention Systems (IPS), and RMF/NIST Accreditations and Authorizations (A&A). • Provided Subject Matter Expertise to aid Program Managers in the development of A&A documentation. • Performed technical reviews of A&A documentation for compliance with applicable DoD and Joint Staff cybersecurity policies. • Performed system Information Assurance Vulnerability Management (IAVM). • Performed Security Technical Implementation Guidance (STIG) compliance audits. • Performed Risk Analysis and recommend and mitigate controls. • Assessed security compliance, support program security reviews, and coordinate and compile security-related documentation. • Wrote and revised J7 Cybersecurity Policies and Guidance documents for specific cybersecurity related technologies. • Provided critical written and oral analysis of security architecture documentation and vulnerability and risk assessments. • Assisted in the development of plan of actions and milestones (POA&M) and tracking of milestones within POA&Ms directly related to Cybersecurity requirements. • Performed validation of cyber security controls in support of Assessment and Authorization (A&A) efforts. • Coordinated with system owners to ensure the appropriate A&A artifacts are developed to support system authorization. • Developed IT sustainment documents and actions and renewal documentation • Provided security incident reports as required outlining the specific security issue, critical concerns, and remediation actions required to resolve or mitigate the vulnerabilities • Provided Cybersecurity support to include development, writing, and reviewing A&A documentation per DOD RMF and NIST. Show less

Lead Cyber Security Specialist

• Dec 2021 - Jun 2022

Lead Cyber Security Engineer

• Apr 2021 - Apr 2022

• Provided Subject Matter Expertise in the creation, editing, and management of rules and filters for specialized Cyber Security systems including; network and host-based IDS, IPS, firewall, web application firewall, proxy and SIEM systems. • Led Cyber Security team to solve complex problems; use analytical thinking, tools, and judgement to identify innovative solutions while moderating resource requirements, risk, and/or complexity.• Interpreted internal/external business challenges and recommended best practices to improve products, processes, or services.• Communicated complex concepts; anticipated potential objections and influenced others to adopt a different point of view.• Analyzed life-cycle configuration management of applications, rules, filters, and configurations of managed cyber security systems.• Created, edited, and managed changes to network and system access control lists on specialized cyber security applications and systems. • Interpreted internal or external business issues and recommended best practices and solutions.• Updated the rules and custom content of specialized Cyber Security applications and systems. • Troubleshot Cyber Security systems hardware and software issues and directed team in resolution efforts. • Tested and evaluated new cyber security applications or tools, rules, access controls, and configurations of Cyber Security platforms. • Developed solutions to implement Defense in Depth principles and practices. • Identified potential conflicts with implementation of Cyber Security tools within the enterprise and developed recommendations to remediate these conflicts. • Supported enterprise mitigation efforts based on the specific monitoring and filtering capabilities of existing cyber security infrastructure. Show less

Cybersecurity Security Control Assessor

• May 2020 - Apr 2021

• Responsible for conducting comprehensive assessments of management, operational, and technical security controls employed within or inherited Information Systems to determine the overall effectiveness.• Provided assessment of severity of weaknesses or deficiencies discovered in Information Systems; provided recommend corrective actions to address identified vulnerabilities. • Responsible for providing Security Control Assessments of Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.• Provided oversight of development, implementation, and evaluation of Information System security program policy with special emphasis on Special Access Program (SAP) network infrastructure.• Evaluated Authorization packages while providing recommendations to the Authorizing Official (AO) and/or Designated Authorizing Official (DAO) for authorization decision determination.• Reviewed and approved Information System Security Assessment Plans comprised of System Security Plans (SSPs), Security Controls Traceability Matrix (SCTM), and Security Control Assessment Procedures.• Prepared final Security Assessment Report (SAR) containing results and findings from assessments.• Initiated Plan of Action and Milestones (POA&M) with identified weaknesses and suspense dates for each Information System based on findings and recommendations from the Security Assessment Report (SAR).• Assisted the Government with compliance inspections and security incidents related to cybersecurity while ensuring proper and corrective measures were taken.• Assessed changes within Information System boundary which could affect the authorization.• Ensured Information System requirements were addressed during all phases of the system life cycle. Show less

Cyber Security Risk Management Framework Sprcialist

• Apr 2020 - May 2020

• Provided technical analysis for Information Assurance support and integration efforts.• Analyzed Authorization and Accreditation (A&A) documentation for DoD and Navy research, development, testing, and evaluation (RDT&E)• Evaluated operational systems, networks, applications, and commercial-off-of-the-shelf (COTS) information security (INFOSEC) products and documentation.• Conducted Risk Assessments and Risk Mitigation Analysis measures for the development of contingency plans.• Certified and Accredited DON information systems, networks, and platform IT. Show less

Cybersecurity Risk Management Framework Validator at Commander Naval Information Forces

• Oct 2019 - Apr 2020

- Provided Cybersecurity support, analysis, documentation, and validation services for Department of Navy (DoN) IT solutions, including applications, networks, systems, architectures, and infrastructure to Navy organizations in accordance with DoD and DoN policy. - Served independently as a Navy Qualified Validator.- Performed validation activities under the Risk Management Framework (RMF) using Navy Security Control Assessor (SCA)-approved processes. - Applied knowledge of DoD or DoN network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture. - Conducted analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans to validate appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST), DoD, and DoN publications. - Analyzed security assessment plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and DoN information security authorities. - Provided guidance to Navy programs regarding vulnerability remediation and determination of risk posture.- Utilized vulnerability assessment scanning tools and reporting, along with intrusion detection technologies, intrusion prevention technologies, and host-based security system (HBSS).- Reviewed Department of Navy system owner contingency plans, firewall policies, and ports and protocols documentation.- Reviewed DoD published Security Technical Information Guidance (STIG) requirements and implementation for compliance process validation.- Created and tracked Risk Management Framework (RMF) A&A packages in the DON eMASS system. Show less

Senior Cybersecurity Risk Management Framework Analyst, U.S. Fleet Forces Command

• Aug 2019 - Apr 2020

- Evaluated documentation, validation, assessment, and accreditation processes to ensure Information Technology (IT) systems meet Information Assurance (IA) and security requirements. - Defined desired state and risk thresholds, and analyzed actual state information to assess compliance. - Worked with agency leaders to codify strategic cyber objectives into doctrine, policies, and procedures to meet defined objectives. - Evaluated computer applications, software, and specialized utility programs to determine if software assurance best practices were followed. - Maintained compliance of custom-built software against stated security policies using code-scanning approaches. - Provided technical support and applied expertise in assessing information system compliance with DoD and Navy RMF standards.- Reviewed, verified, and validated DoD RMF documentation and artifacts in accordance with DoD Instruction 8510.01, RMF for DoD IT, and the Navy RMF Process Guide (RPG). - Analyzed and processed artifacts required to obtain and maintain Authority to Operate (ATO) for information systems. - Performed quality assurance reviews for required content in all packages in the Assessment and Authorization (A&A). - Supported U.S. Fleet Forces Command in conducting RMF checkpoint and collaboration activities, managed RMF High Risk Escalation (HRE), Conditional Authorization Request (CAR), Authorization Condition Follow-up (ACF), Boundary Change Request (BCR), and RMF Bridge Conversion (RBC) activities. - Performed RMF and FISMA data collection, analysis, reporting, and metrics generation.- Supported transition from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to RMF.- Utilized Navy DIACAP and RMF tools, including DADMS and DITPR-DON and eMASS to process and update Certification and Accreditation (C&A) and A&A packages.- Utilized vulnerability assessment scanning tools to provide related reporting to client. Show less

Cyber Security Assessment and Authorization (A&A) Analyst, Chairman, Joint Chiefs of Staff

• Jun 2018 - Jul 2019

- Performed Assessment and Authorization efforts supporting the Joint Chiefs of Staff Directorate level Information Systems, enclaves, major applications, and PIT systems.- Implemented a documented and repeatable Risk Management Framework (RMF) process for the Joint Staff addressing the six steps of the RMF process: System Categorization, Security Control Selection, Security Control Implementation, Security Control Assessment, System Authorization, and Security Control Monitoring.- Tracked Risk Management Framework (RMF) packages within eMASS; system registration, security, categorization, security control selection and implementation, artifact development, maintenance of POA&Ms and vulnerability scan uploads. - Developed RMF Templates for Continuous Monitoring Plan (CMP), Risk Acceptance (RA), Risk Assessment Report (RAR), Security Assessment Report (SAR), System Categorization, Security Control Selection, and System Security Plan (SSP). - Reviewed and tracked Joint Staff POA&Ms generated within eMASS from security controls responses and those created as a result of Assured Compliance Assessment Solution (ACAS)/Host-Based Security System (HBSS)/Continuous Monitoring and Risk Scoring (CMRS) vulnerability scans or Security Technical Implementation Guide (STIG) and uploaded as Artifacts to the eMASS package.- Developed Security Control Briefings for each Joint Staff Information System regarding system authorization overview, risk assessment, and authorization recommendations. - Ensured vulnerability scan (ACAS) and STIG results were provided by Joint Staff Directorates monthly in eMASS.- Conducted security assessments and provided summary reports regarding security controls and artifacts contained within the eMASS package review.- Conducted authorization status checks and provided a report to reflect status, by organization, of packages at 90, 60, and 30 day authorization termination mark. Show less

Network Compliance Reviewer

• Feb 2018 - Jun 2018

Network Security Program Manager/Division Leading Senior Chief

• Jul 2014 - Dec 2017

• Supervised 45+ information and electronic technicians supporting 27 tactical network systems. Provided training and enforced network security policy for 2,000+ network users across 16 departments.• Coordinated installation, security testing, virus protection and detection, system administration, and auditing of 27 network systems and over 9+ million feet of fiber optic cable.

Lead Information System Security Instructor/Command Senior Chief

• Jun 2011 - Jul 2014

• Acted as an onsite Cybersecurity subject matter expert (SME) to support doctrine and training of Cybersecurity systems delivered to the Navy. • Established requirements, concept development, and drafted of various forms of doctrine, including Concept of Operations (CONOPS), technical reports, training plans and standard operating procedures. Developed command-level Cybersecurity advanced exercises. • Principal advisor to Officer-in-Charge regarding student and training staff network and cryptologic qualifications and certifications. Lead 30+ instructors in qualifying 400+ military and civilian students from 50+ world-wide multiservice warfare commands Show less

Lead System Administrator/Command Chief

• Jun 2008 - Jun 2011

• Provided exercise support, Cybersecurity training of Navy personnel and stakeholder engagement, including meetings, working groups, and conference and shipboard visits.• Trained 50+ personnel in system administration, tactical operation, and world-wide deployment of Tomahawk Command and Control Strike Planning Cell detachments to provide the construction, quality assurance, and deployment of Tomahawk strike missions.

Operations Chief/Network Communications Center Manager

• Oct 2005 - Jun 2008

• Provided operational doctrine development, Navy and joint concept development, Navy capabilities, warfighting areas, and organization, planning, and communication expertise to support all facets of the doctrine development life cycle. • Developed and provided verbal daily intelligence briefings and world-wide network status reports to high-level DOD, NSA, and flag-level military leaders.