Bryan Blank Email & Phone Number

• Spearhead audit defense efforts for the development and integration of the new system's ATO, during a DoS security assessment. Lead the SecOps team in handling all security and operations tasks. Support the completion.
• Managed web application security within MAG while overseeing the life-cycle management of Public Key Infrastructure (PKI) certificates, across all environments.
• Implemented data flow of all application data through WAFs in managing virtual services, servers, content rules, website translations, header request rewrites, redirects, and application policies for each container.
• Designed secure remote access architecture, leveraging third-party network firewalls Cloud Virtual Desktop Interfaces with multi-factor authentication to safeguard critical systems.
• Employed vulnerability management solutions by incorporating Tenable Nessus, Acunetix, and Fortify to address security weaknesses.
• Orchestrated audit log management through Azure Sentinel and Log Analytics for native and third-party solutions, encompassing multiple cloud environments.

• Gathered and integrated cybersecurity processes from the DC Government to map against mandated security controls, in collaboration with OCFO and OCIO entities. Aligned IRS security requirements and NIST SP 800-53.
• Directed the security assessment of the Modernized Integrated Tax System (MITS) to evaluate application and IT infrastructure hosted by a third-party contractor, across multiple geographical regions.
• Executed an Interim Security Assessment to inform application operational determinations in delivering an Interim Provisional Security Assessment Report, as per the DC Government, NIST SP 800-53, and IRS Pub 1075.
• Led a penetration test team for both external and internal assessments of network and web/mobile applications.

• Oversaw the annual IT Security Assessment for enterprise systems and applications across multiple sites. Assumed responsibilities, including documentation review, technical implementation and architecture review, and.
• Conducted discovery and vulnerability scans for internal domain and web applications, using Tenable Nessus Manager and Burp Suite Pro.
• Evaluated the design of traditional networks and AWS Virtual Private Clouds (VPCs) for four distinct business units (separate companies).
• Utilized HIPAA, HHS, ISO 27001, and NIST standards and guidance as input for penetration test reports.

Led the annual IT Security Assessment for enterprise systems and applications, encompassing on-premises data center and cloud architecture, aligned with NIST SP 800-171 standards. Delivered Security Assessment Reports (SAR) and provided overview of security posture and actionable insights. Performed malware assessments, as per NIST requirements, for.

• Developed Information Request List and Project Schedule via SmartSheet, briefing the planned approach to AT&T TNet ISSO, ISSM, and security staff. Initiated the assessment to review security policies, procedures, and.
• Created SAP/ROE and evaluated documented controls within the SAP through onsite and telephone interviews, testing, and continuous monitoring artifact reviews over four months. Performed internal and external.
• Assessed physical and environmental controls at the TNet AT&T Global Customer Support Center Data Center in Charlotte, NC to deliver a separate assessment report to Treasury and AT&T ISSMs and ISSO.
• Drafted and submitted an updated RTM for all security controls assessment, incorporating DHS Reference Architectural Controls, Treasury mandates, and NIST guidance.
• Led a penetration test team for both external and internal assessments of network and web/mobile applications.

• Performed initial security assessment for commercial third-party mortgage servicer by merging vulnerability and configuration scanning. Oversaw the secure design of an AWS VPC and implemented security tools, including.
• FISMA accreditation management, Incident Response support, Threat & Log Management tool deployment and management, Vulnerability assessment and analysis, and AWS security engineering assessment and remediation.

• Managed the security of all IT operations infrastructure, including the Cyber Incident Response Team (CIRT), log analysis, incident response, threat analysis, and risk management. Carried out penetration testing for a.
• Served as the Certification and Accreditation Project Manager to provide direct support to the DOD customer:o Established and managed projects adhering to DOD DIACAP and NIST requirements. Offered guidance to the Chief.
• Led the successful authorizations for 25 systems for a DOD government customer within a 12-month timeframe:o Conducted vulnerability scans on all systems using government-required tools, including eEye Digital.

Mclean, VA

• Responsible for implementing and managing the AEA Global Information Security Program
• Manage and update all IS Policies and Procedures in support of the AEA Global Information Security Program
• Responsible for managing the security of all IT infrastructure within the AEA N.A. and European operations.
• Responsible for managing all IS accreditations to include ISO 27001, HMG InfoSec Standards, FISMA, and other regulatory compliance which includes adherence to:o ISO Security Elements/NIST 800-53 security.
• Responsible for performing continuous monitoring for all Information Security systems and infrastructure to include:o Design and implementation of enterprise security architectures for AEA N.A. and European operationso.
• Manage personnel who support IS accreditation tasks and projects.

Mclean, VA

• United States Department of Justice /Victim Notification System (VNS)
• Serve as Information System Security Officer (ISSO) for the Victim Notification System (VNS) and Victim Information System (VIS). The ISSO responsibilities include:o Serve as the principal advisor to the authorizing.
• Senior and Technical Lead for penetration testing of an infrastructure system in order to examine the effectiveness of the security controls in place and identify management, operational, and technical vulnerabilities.
• Produced Penetration Test Report and provided briefing of all results to Senior Management team.

Mclean, VA

• United States Patent and Trademark Office (USPTO) / Office of the Chief Information Officer, Information Technology Security Management Group (ITSMG) Certification and Accreditation (C&A) Program Support
• Provided Senior Security Engineering support for the USPTO Network (PTONet III) task.
• Served as Program Manager responsible for managing the IT Security and Certification and Accreditation program support for all USPTO ITSMG task orders including management and direct oversight of System Development.
• Served as Information System Security Officer (ISSO) for the Patent File Wrapper (PFW) system.
• Managed a staff of 25 security consultants and project managers including sub-contractor personnel.Managed Security Services Provider (MSSP) - Department of Education
• Project Manager and Principal Security Consultant for the management of a Managed Security Services program in support of the Department of Education Office of the Chief Information Officer.

Reston, VA

• Successfully managed the Certification and Accreditation of all Enterprise Systems in accordance with the National Institute of Standards and Technology (NIST) 800 series for government clients
• Managed successful third-party security audits for commercial clients
• Created a Configuration Control Board (CCB), supporting CCB policies, Configuration Management (CM) plan and serve as chairperson on the CCB
• Performed information security audits to measure compliance to standards as well as the level of vulnerability and protection throughout the enterprise
• Served as Contingency Plan Coordinator
• Provided Senior Management reports on Information Security issues related to project status, security breaches and incidents, and relevant metrics