Douglas Gray Email & Phone Number

Washington, DC, US

Hollywood, MD, US

• Lead a project to migrate the IT service management functions of several premier situational awareness applications to ServiceNow.
• Developed an Agile assessment and improvement plan to mature assessment and authorization, vulnerability management, personnel security, supply-chain risk management, and compliance across 17 organizations in 13.
• Initiated a first-of-its-kind project- management program to converge cybersecurity governance functions across 17 organizations worldwide, to include the first-ever sets of goals and objectives for the project.
• Developed and implemented the organization’s first-ever centralized automated tool for integrating cybersecurity priorities and tasks and tracking statuses across all member organizations.
• Initated the organization’s first-ever inspection concept of operation for improving preparation for, support of, and follow up of audits, assessments, appraisals, and inspections, to include key metrics.

Washington, District Of Columbia, US

• Led a 23-person governance, risk management, and compliance; audit; and security awareness program.
• Developed and initiated a multi-year information assurance strategic plan.
• Spearheaded the development of the organization’s first risk-management strategy.
• Initiated a cybersecurity policy program leading to delivery of 13 new high-quality cybersecurity policies.
• Initiated a program to improve the organization’s cybersecurity supply-chain risk-management (C-SCRM).
• Developed a repeatable C-SCRM risk assessment model using NIST, ATT&CK, and OCTAVE to increase rigor and repeatability.

Mclean, VA, US

• Responsible for cybersecurity and risk management functions for an independent regulatory agency, to include strategy and planning, risk management, incident response, vulnerability management, security-focused.
• Further refined an automated risk-management processes I developed as consultant, improving prioritization at all levels of the agency and delivering demonstrable results in several key areas.
• Performed a bottom-up security-capabilities analysis and developed the agency’s first security-operations concept of operations, clarifying responsibilities and methods to maximize limited resources.
• Managed the migration of Office of Information Technology (OIT) change-management program from a SharePoint/MS Word-based system to a ServiceNow-based process, to include training and documentation.

Ashburn, Virginia, US

• Integrated Lunarline Inc.’s managed-service, intelligence, computer network operations, compliance, management consulting, product development, and educational capabilities into a seamless set of cybersecurity.
• Oversaw the day-to-day operations of Lunarline's award-winning School of Cybersecurity.
• Developed and implemented formal appraisal-and-improvement and risk-management programs for a major U.S. bank and an independent U.S. regulatory agency.
• Developed strategic road map for sub-cabinet federal agency and key-management strategy for a federal cabinet department.
• Represented the company as a member of the National Initiative for Cybersecurity Education (NICE) Working Group.
• Key cybersecurity advisor to Farm Credit Administration CIO, CISO and Office of Information Technology staff.

Pittsburgh, PA, US

• SEI portfolio manager for DHS federal network resilience functions.
• Managed FISMA Transformation and Continuous Diagnostics and Mitigation (CDM) efforts; led analysis effort which led to significant reduction of FISMA CIO metrics, enabling focus on key federal cyber readiness.
• Created the Intelligence Preparation for Operational Resilience (IPOR) framework to enable CISOs, cybersecurity managers, risk managers to identify problems, determine accuracy and relevance of information and support.
• Taught courses, delivered presentations, and led workshops on cyber readiness, risk-management, and quantification.

Arlington, Virginia, US

• Led agency to be selected as runner-up for the National Security Agency's Rowlett Award, which recognizes outstanding organizational excellence in the field of information systems security.
• Developed innovative, automated, statistical, quality-control processes for the Army Operations Center leading to a 97% decrease in vulnerabilities over a six-month timeframe.
• Spearheaded a Pentagon-wide Security Information and Event Management (SIEM) pilot to enable the integration of tenant-organization host-based event data with network-based data managed by the campus-area-network.
• Once told by a chief warrant officer 4 that I was "usually right".

Fort Drum, New York, US

• Managed IT Security for the 18,000-person Multi-National Division-South, which the theater information-assurance manager praised as the “most aggressive division program” he had ever seen.
• Developed IT security strategy for relocation of the Multi-National Division-South headquarters to relieve British forces in Basra, Iraq, leading to 100% on-time compliance in over 30 classified-network-equipped.
• Implemented a proactive program to integrate new Multi-National Division-South units arriving in theater, bringing them up to full compliance with standards in 60 days.

Arlington, Virginia, US

• Served as go-to person for the Commanding General of U.S. Army Human Resources Command and the Adjutant General of the Army for unique system requirements, resulting in unprecedented senior HR leader awareness of.
• Performed program management of 140 different system interfaces for the U.S. Army Human Resources Command, ensuring interface designs met customer requirements, as well as ensuring statutory and regulatory compliance.
• Identified the need for integrating the DOD medical community’s patient-tracking data with Army HR data systems, showing persistence and diplomacy in overcoming organizational barriers, and providing Army commanders.

Shaw AFB, SC, US

• Managed video teleconferencing capabilities for a three-star headquarters, enabling high-quality collaboration among senior leaders in Iraq, Afghanistan, Kuwait, Saudi Arabia, Qatar, Bahrain, and the United States
• Initiated a project which increased capacity and quality of video conferencing by over 200% for this critical capability.

Arlington, Virginia, US

Ms, Information Systems

Ba, Journalism (Newspaper/Print Media)