• Provided cyber resiliency and remediation services to the U.S. Department of Navy, Chief Information Officer (CIO). Assist CIO and the Logistics (LOG) systems for systems audits, including creating audit-ready IT control policies and procedures, developing remediation plans for audit findings, and providing insight to clients as they work toimprove their readiness.• Designed, documented, and implemented policies and procedures regarding access controls, interface controls, and complimentary userentity controls (CUECs).• Provided cyber resiliency and remediation services to the Naval Facilities Engineering Command (NAVFAC), U.S. Navy. Assist NAVFAC in preparing for systems audits, including creating audit-ready IT control policies and procedures, developing remediation plans for audit findings, and providing insight to clients as they work toimprove their readiness.• Created and managed the execution of corrective action plans (CAPs) and Plan of Action and Milestones (POA&Ms) to remediate identified IT control deficiencies.• Identified gaps and provided recommendations for revising/developing formalized IT control policies and procedures for cloud operatingenvironments.• Assisted NAVFAC in the preparation and execution of walkthroughs and PBC requests in response to internal and external audit testing efforts.• Designed, documented, and implemented policies and procedures regarding access controls, interface controls, and complimentary user entity controls (CUECs) for Navy Enterprise Systems.• Led risk assessment implementation over Department of Navy’s Enterprise information systems and identified key risks and deficiencies.• Provided systems audit readiness and remediation effort services to the U.S. Navy.• Provide remediation and quality assurance effort services to the U.S Navy, including design, implementation, and testing of cloud-based Enterprise IT Controls in accordance with FISCAM, NIST 800-53, and DON IT Standard Controls.

• Managed a 4-person team to perform numerous security control assessments of DOE systems operating in highly sensitive environments against NIST 800 series technical, physical, and administrative controls.• Supervised and mentored newly onboarded auditors on career progression and navigating audit lifecycle.• Performed risk-based audit work in accordance with GAGAS and FISCAM methodology.• Performed audit work as part of yearly FISMA projects across multiple program offices.• Identified numerous, high-risk, areas of importance to national security for inclusion in annual audit plan.• Led statistical analysis on vulnerability assessment and scanning results generated by Tenable Nessus across over 200,000 scanned IP addresses.• Validated remediation of POAM’s through review of implementation and documentation within System Security Plans and other authorization package items.• Led the analysis and investigation of packet captures of network traffic utilizing Wireshark.• Performed analysis of firewall rulesets for firewalls operating across numerous environments.• Led analysis of over 10,000 recorded incidents occurring over a 2-year period utilizing Splunk.• Developed and issues recommendations on technical, physical, and administrative control implementations based on assessment findings.

• Performed control assessments of Air Force systems across a range of operating environments at multiples bases.• Developed and led the execution of local audit programs containing detailed steps to identify and support conditions, causes, and effects for supervisor approval prior to audit application.• Identified Data Breach involving highly sensitive PII exposure across the Air Force, impacting nearly 50,000 personnel, resulting in an operational report sent to CSAF and the Office of the Joint Chiefs.• Managed a team of auditors to evaluate large caseloads of data for PII evaluations.• Collaborated with Directorate level personnel to lead in the creation of enterprise-wide audits focusing on cyber risks to the Air Force.• Provided supervisors with well-developed audit needs prioritized based on Air Force high priority areas, potential mission impact, and compliance issues.• Performed validation of audit recommendations by conducting interviews and collecting evidence of corrective action implementation.• Designed social engineering/phishing campaigns utilizing tools within Kali Linux.