- Founded company specializing in business and technology consulting ranging from long-term goal management to risk analysis to IT / Cyber compliance review. - Lead new CMMC and NIST 800-171 gap self-assessments to identify framework compliance. - Develop System Security Plan (SSP), Policies, Procedures, Standards, and Guidelines for compliance management programs within NIST 800-171 (CMMC) and FedRAMP (NIST 800-53) environments. - Produce, organize, and manage all evidence required to prove compliance with industry standards. - Create business plans outlining ownership, marketing and sales strategy, and operating territory. - Conduct business development tasks including Lead generation, contact, negotiation, and contracts.

Owner and Head Coach of a USATF and AAU certified Track Club for ages 5-18 using the Junior Olympic circuit for competitions.

- Lead externally facing Consulting Services team including up-to 4 CMMC Registered Practitioners (RPs). - Supply managed services & risk assessments, as needed, to any CMMC, NIST 800-171, or NIST CSF (Cyber Security Framework) customers. - Create Cyber Operations documentation for customers including System Security Plans (SSP), Plan of Actions and Milestone, and any applicable policies and procedures needed by the organization. - Act as Project Manager for all Assessment Services and Supply Chain Risk Management operations including project creation, team assignments, timeline management & resource allocation. - Manage contract requirements for 50+ customers ranging from Gap Assessment, Program Advisory Consulting, Supply Chain Risk Management, or Project Management, including Audit Preparation. - Identifies compliance project risks resulting from new or revised laws and regulations, ensures action plans are developed to manage the risks, including effective training, procedures, and other controls. - Assist in developing business proposals and SOWs by negotiating project terms with clients. - Plan and manage multiple projects effectively and report project status to clients on regular basis.

• Lead CMMC external services team including 2 CMMC Registered Practitioners (RPs).• Conduct CMMC and NIST 800-171 (CUI) Gap Analysis for customer organizations.• Create Cyber Operations documentation for customers including System Security Plans (SSP), Plan of Actions and Milestone, and any applicable policies and procedures needed by the organization.• Act as Program Manager for CMMC operations including project creation, team assignments, & timeline management.• Assist business development in conducting sales calls, developing proposals, operating as technical expert with prospective customers.• Manage contract requirements for 30+ customers ranging from Gap Analysis, ad hoc Consulting, or Policy and Procedure documentation creation.• Supply managed services & risk assessments, as needed, to any CMMC or NIST 800-171 customers.

Assist in creating a Track and Field program and expanding the current Cross Country program.

• Lead the Cybersecurity Maturity Model Certification (CMMC) assessment team, including pricing, client/customer interaction, partnership communication, and demonstrating products.• Prepare and maintain documentation of System Security Plans (SSP), Risk Assessment Reports, and Certification and Accreditation (C&A) packages.• Attend conferences and trade shows to demonstrate tool, product, and services capabilities to potential clients and/or customers.• Identify partners to assist internal/external cybersecurity objectives in CUI, CMMC, or RMF.• Assist collaboration of Cybersecurity, Marketing, and Sales teams to meet business objectives.• Facilitate corporate response in meeting Controlled Unclassified Information (CUI) requirements.• Perform external cybersecurity assessments on clients to assist meeting their DoD compliance needs, including Risk Management Framework (RMF) and Controlled Unclassified Information (CUI).• Analyze and maintain systems for compliance using Nessus (ACAS), SCAP, and executing STIGs and Center for Internet Security (CIS) Benchmarks.• Organize, develop, and present briefings, summaries, and reports to address applied patches and STIGS to determine the security posture and readiness of applicable systems and architectures.• Support engineering teams by assessing system security designs and making recommendations concerning overall security readiness and compliance with cybersecurity guidance and best practices.• Conduct vulnerability assessments using Nessus (ACAS), risk mitigation, and Plan of Action and Milestone (POA&M) development and tracking.• Travel, as needed, to meet customer/client cybersecurity requests or requirements.• Utilize experience and judgement to independently solve problems effectively and efficiently.

This position supported Department of Energy - Savannah River (DOE-SR) and National Nuclear Security Administration (NNSA) Cybersecurity Information Technology Division (CITD) and legal departments at the Savannah River Site (SRS). This position provided support for network vulnerability management & network security configuration management to protect data assets from external unauthorized use, modification, disclosure, or destruction. This position interfaced with information technology (IT), human resources, and legal departments to create legal holds, perform collections, preserve data, process data, and generate associated deliverables. Essential Duties and Responsibilities:• Vulnerability scan network space & notify owners & accountable personnel of results & track, report, & validate remediation actions.• Research & develop configuration baselines, scan configurations, & notify owners & accountable personnel of results & tracking, reporting, & validating remediation actions.• Supported security activities within the System Development Life Cycle (SDLC) in accordance with DOE Cyber Security Program, Risk Management Framework (RMF) and NIST Controls.• Assisted with penetration testing, forensic analysis, and incident response activities.• Assisted with development/review of security related policy & standard operating procedures.

• Performed risk and cost analyses to identify appropriate network security countermeasures.• Detected UNIX/Windows process issues and applied solutions to increase company efficiency.• Led IT onboard training of 20 junior members in network security and troubleshooting data circuits.• Developed plans to safeguard computer files against modification, destruction or disclosure.• Instructed 25 students in Operating Systems Fundamentals with a 100% pass rate.• Consistently met deadlines and requirements for all production work orders.

• Build mission kits for up to 75 monthly flights out of Dover AFB allowing secure communications.• Trained 300 users annually in proper hardware and software use to support national security missions.• Processed and managed telephone work orders for 250 personnel totaling 125 devices ensuring 100% telecommunications uptime.• Reviewed violations of computer security procedures and developed mitigation plans.• Oversaw the daily performance of 22 computer systems for utility and process efficiency.• Created 10 aircraft cryptologic packages in three hours to be sent overseas due to deployed encryption failure.• Processed computer support tickets ranging from creating/deleting accounts, modifying user information, and software/hardware installations.• Managed technology requirements within applicable budget allowances.

- Managed largest Communications Security office on base- Supplied secure communication capabilities to 16 planes allowing for up to 12 missions a day in support of military operations in the Middle East to include Operation Enduring Freedom in Afghanistan

• Advised senior management on $14.8M network modernization project, while monitoring milestones and funding, to provide an 80% network speed increase with 98% uptime to be used by the customer.• Served as advisor for $69M facility design to determine adequacy and correctness of project packages and to provide recommendations for implementation of security controls.• Implemented administrative, physical, and technical safeguards through use of government directives to protect $41.7 million of IT resources from malicious activity.• Utilized eMass to certify 2 internal networks and 5K computers for use in accordance with FISMA requirements and Risk Management Framework (RMF) controls.• Compiled department guidance letters into corporate System Security Plan (SSP) detailing security standards, business practices, and efficient process management saving 120 man-hours per year.• Organized weekly meetings between IT policy, administration, customer service, and engineering increasing IT work order process speed by 50%.• Conducted IA risk and vulnerability assessments to ensure enterprise IA policies fully support all legal and regulatory requirements and policies are applied in new/existing IT• Conducted vulnerability assessments using Nessus (ACAS) to ensure enterprise policies support regulatory, legal, and FISMA requirements.• Audited Information Assurance policy compliance and investigated 50 security incidents.• Conducted submission, routing, and management of 1400 trouble tickets.