Lead the RMF Support Team in providing RMF support to Booz Allen Hamilton programs at the Department of Veterans Affairs (VA); Appropriately staff the team with analysts to support the company’s programs; Provide support to assigned programs; Oversee staffing and execution of the cybersecurity aspects of the VA’s Health Services DevSecOps (Health DSO) program; Develop RMF-associated processes to appropriately fulfill our Health DSO obligations

Assist government RMF Transformation Team Lead in identifying and prioritizing RMF Process improvements, executing tasks in monthly, quick-win team Sprints; Partner with other CIO and customer organizations in developing cybersecurity transformation tasks and projects; Review current cybersecurity processes and documentation for possible gaps and improvements that can be executed under a Lean Six Sigma umbrella.• Co-authored a U.S. Government Agency’ s strategic RMF vision to move their processes to concentrate on actively monitoring production systems to counter operational riskso Designed and led the operationalization projects of that visiono Developed & deployed customer’s first PII/PHI protection processeso Led team to identify high-payoff security control baseline that all systems must implemento Wrote customer’s first comprehensive security impact analysis guide and SOP to analyze a proposed change’s impact and risk prior to its implementation• Reinvigorated and completed stalled RMF Process projects, eliminating a common customer concern while developing metrics to measure effectiveness of new processeso Instituted a continuous RMF process improvement regimen for the projects• Established open lines of communications for customers and teammates to propose future changes for considerationo Instigated and led the effort to secure a sub-contractor’s commitment to fully staff their chronically understaffed team• Diplomatically worked with RMF Transformation Team members to improve their performance to meet the team's new high operational tempo monthly Sprints• Reviewed ill-defined Artificial Intelligence/Machine Learning project and recommended its termination, saving the customer over $1M• Wrote cybersecurity input for three RFP responses with the company winning two of them• Tracked the developing Cybersecurity Maturity Model Certification (CMMC) framework on behalf of company and future customers

• Transitioned U.S. Army’s physical security intrusion detection system from the legacy DIACAP to the RMF as “Type” authorized systemo Revised cybersecurity elements of 2 contracts to replace DIACAP requirements with those found in RMF within days of joining the company• Rewrote program’s policies and procedures to reorient them to RMF and with minimum disruption, applying to system under design and one currently in operation• Provided hands-on technical Windows expertise to rearchitect system to meet RMF standards• Advised on inserting RMF cybersecurity requirements into new and existing contracts• Led team to maintain consistent security postures across 74 global sites• Expanded corporate presence through upselling cyber capabilities to U.S. Army PEO IEW&S organization

• Oversaw nation-wide staff of 65 full and part time cybersecurity employees and as many as 350+ active classified and unclassified systems• Advised and educated corporate and subordinate IT and security staffs on cyber threats facing the company• Wrote corporate policy, establishing a company-wide cybersecurity program for government-authorized systemso Articulated need for strong centralized repeatable processes across corporation• Revamped 2 failing NISPOM security programs to ones that went from low Satisfactory / Marginal government assessment to Commendable• Cultivated close relationships with IT staff and business units, solidifying Cybersecurity as IT & business thought processo Performed asset analysis and identified possible efficiencies after major corporate acquisition• Directed Harris’ participation in Defense Security Service (DSS) RMF Piloto Provided continuous review of new DSS A&A Process Manual and supporting documentationo Wrote Harris input on NISSPAC and NDIA/AIA cybersecurity issues• Created company’s position on federal cybersecurity legislation in multiple forumso Developed Harris response for FAR/DFAR requirement on protection of Controlled Unclassified Information (CUI), NIST SP 800-171 and DFARS 252.204-7012• Performed ISSO Staffing Needs Assessment, identifying optimum staffing level at each locationo Provided options in cybersecurity organizational structure for improving management and promoting staffing efficiencies• Formulated and oversaw several short-term, high-impact network security improvements, lowering residual network security risk by over 85%• Administered dynamic training budget, ensuring training projects were implemented following training project plan• Developed and coordinated system consolidation plan that consolidated 13 independent systems into single network, significantly reducing risk while providing new multi-site program execution capability