I served as the Information System Security Manager for two major information systems within the Joint Mission Environment Test Capability (JMETC), a DoD-level testing management program. I developed and updated security authorization packages in accordance with NIST 800-53 and DoD Risk Management Framework. I developed and managed the System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plans, Incident Response Plan, Standard Operating Procedures, Plans of Action and Milestones, Remediation Plans, Configuration Management Plans, and more. I validated that protective measures for physical security were in place to support the system's security requirements. I developed access requirements and ensured users and system support personnel had the required authorization and need-to-know; were indoctrinated; and were familiar with internal security practices before allowing access to the IT Systems. I conducted independent scans of the applications, networks, and databases. I provided continuous monitoring to enforce client security policies and procedures and created processes that provided oversight for the system owner.

Provided oversight of the technology development and information assurance and security program for two government clients and thirteen internal applications. Promoted and oversaw strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations. Collaborated with corporate services leaders to establish and maintain a system for ensuring that security and privacy policies were met. Researched, analyzed, and recommended technology products by assessing customer needs, providing information and technical assistance, and evaluating security concerns to determine cost-effective solutions. Resolved customer issues and satisfied their expectations regarding technology and cyber security issues.Completely overhauled and redesigned the organization’s vulnerability management program. Created processes that streamlined the operation to ensure compliance with legal, regulatory, and client requirements while exceeding organizational goals. The process improvement knocked months off of the time it was taking to install and manage patches while providing senior corporate leaders with visibility into the security status of the IT systems.

Directed the information assurance and security program of a large government datacenter and application hosting provider. Provided technical support, engineering support, and guidance to staff and customers supporting enterprise-class systems with millions of users that enhanced security and efficiency through cost reduction and customer satisfaction. Supervised development of security awareness and training programs. Led security engineering and architecture efforts for major enterprise applications. Provided expert cybersecurity support and guidance for legal and regulatory compliance efforts. Served as the approval authority for the implementation of technical controls to support and enforce security policies. Directed the operation, maintenance, and upgrades of security technologies for anti-malware, intrusion detection, APT, vulnerability assessment and scanning, event correlation, data loss prevention, configuration management, and continuous monitoring. Led the Incident Management Team and developed procedures to ensure timely reaction to critical incidents. Managed the process of gathering, analyzing and assessing the current and future threat landscape. Developed budget projections based on short and long term goals and objectives.Identified weaknesses in organizational procedures and developed solutions to ensure adequate and timely remediation. Led efforts to ensure successful independent audits of the organization and developed procedures to ensure non-reputable evidence of compliance was documented.

Developed and led the implementation of plans, policies, and procedures to ensure the confidentiality, integrity, and availability of the USDA Forest Service computer networks supporting thousands of users geographically dispersed across all 50 states. Planned and conducted network vulnerability assessments and developed remediation and mitigation plans. Led project teams engaged in agency-wide IT system design, ITIL process implementation, Security Operations Center implementation, and inter-agency network connectivity.Established the agency vulnerability assessment and patch management capability. Developed and successfully implemented processes to manage patching and remediation efforts. Recognized as the driving force behind agency passing financial security audit for the first time in five years by providing leadership and expertise to various teams charged with developing new policy and procedures to secure a vast government network.

Served as the Chief of IT Security at a US Army major command headquarters. Ensured the security of the organizational IT infrastructure consisting of UNIX and Windows 2003 servers and over 500 customer workstations. Developed courses of action to secure and mitigate risks. Prepared organizational security policies and internal process guidelines. Deployed and managed the organization's network security tools, such as firewalls and Intrusion Detection Systems (IDS). Monitored system activity, reviewed audit trails, and performed actions to ensure compliance with security directives and procedures. Developed scripts to deploy security patches and system upgrades. Performed compliance and vulnerability assessment scans. Planned and scheduled workload assignments to be accomplished by subordinates, adjusted program and project priorities, and prepared schedules for work completion. Established guidelines, performance expectations, and performance reviews for staff. Provided briefings and written policy input for senior policymakers and General Officers. Planned and delivered customer support services, including configuration, troubleshooting, and assistance in response to customer and security requirements.Redesigned and hardened the agency’s Internet-facing web server security system in order to stop the attacks that were occurring prior to my arrival. Led numerous acquisition initiatives to procure new capabilities and ensure the security and confidentiality of an Army major command headquarters network.

Led the development and implementation of the Army's Vulnerability Assessment Training Program which trained IT Specialists to use vulnerability assessment tools to determine the security posture of their area of responsibility and how to take measures to mitigate vulnerabilities they discovered. Deployed alongside assessment teams to various locations throughout the U.S. to provide assistance after cyber attacks had occurred and developed processes to mitigate against future exploitation. Led security engineering activities such as designing and implementing security controls to protect critical military networks and ensuring compliance with applicable regulations. Documented and tracked the status of computer security incidents and vulnerabilities and developed processes to mitigate against future exploitation. Led the initial IA certification and validation of the Army Golden Master Program designed to deploy a secure desktop environment Army-wide. Planned and scheduled workload assignments to be accomplished by subordinates, adjusted program and project priorities, and prepared schedules for work completion. Established guidelines and performance expectations for contract employees and soldiers.Developed and directed, the RCERT-CONUS Penetration Testing and Exploitation program. This program effectively demonstrated to senior officials the need for strict information security controls by discovering and exploiting weaknesses in a live network environment.

Lead a dynamic team of IT security professionals charged with the mission of providing real-time computer network defense using a wide variety of network security tools to include IDS, SIEM, and in-house developed analysis tools. Designed security solutions for U.S. Army installations to protect sensitive information systems, detect intruders or malicious code, and provide response to cyber attacks. Developed processes to mitigate against future exploitation. Planned and scheduled workload assignments to be accomplished by subordinates, adjusted program and project priorities, and prepared schedules for work completion. Provided security incident handling and audit support, coordination, and oversight of implementation for the agency. Developed daily reports for senior Army leadership to advise on current and emerging threats to agency information systems.Designed new organizational structure that recognized the need for better analysis of data provided from the hundreds of data sources in use. The new organizational structure more efficiently aligned the existing personnel into new operational roles that supported analysis as well as daily operations. Developed a much improved reporting system for handling and tracking security incidents that allowed employees to more effectively handle incidents while ensuring all regulatory requirements were met.

Served as the Local Area Network (LAN) manager, System Administrator, and Webmaster for the organization. Managed the configuration, installation, setup, and certification of servers, workstations, and software. Assessed the total need for automation resources and analyzed a variety of sources to make purchasing decisions. Prepared requisitions, tracked acquisition actions, developed deployment plans, and deployed new information systems. Provided technical support for customers throughout the military community. Provided advice, assistance, and training in both hardware and software systems. Designed, developed, and deployed the community World Wide Web site, Intranet site, and a DoD first-of-kind online flight planning system. Established community network presence and built entire domain to support over 500 users providing shared access to resources and process improvements resulting in over $250,000 in annual savings.

Provided complex technical support, repairs, and assistance to customers geographically dispersed over a 40,000 square mile area. Worked independently to perform hardware and software diagnostics and repairs of personal computers, network servers, printers, network hardware, and various other computer peripherals. Performed site analysis for the installation of local area network equipment. Installed network cabling and prepared network servers and client workstations. Maintained a spare part inventory valued in excess of $180,000. Ensured that all service level agreements and contractual obligations were met or exceeded by ensuring timely repair and customer-friendly communication.Repeatedly recognized for outstanding customer-support and technical ability.