Managed priorities, tasks, and hours on projects in conjunction with the project manager to achieve delivery utilization targets.Escalated client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue. Interfaced with clients throughout engagements, interacting will all levels of client organizations. Established and maintained positive, collaborative relationships with clients and stakeholders.Collaborated with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables. Managed team, responsible for talent decisions regarding performance management and hiring. Provided mentorship and coaching to team members in areas of assessment, advisory and writing. Maintained a strong depth of knowledge in cybersecurity.

Denim Group was acquired by Coalfire. Continued in my previous role while integration and alignment was underway.

Helped to lead a team of approximately 10 consultants in the Information Security practice focusing on Compliance and Penetration Testing.

Led large scale and enterprise information security projects.Clearly communicated progress and status of assigned tasks to Project Manager, Management and client point of contact as required.Provided project oversight and mentorship to information security consultants and ensure the quality of work products written under my supervision.Organized and direct client briefs, mentoring, and status meetings.Researched and reviewed technologies relevant to assigned tasks and provided comparisons among options.Provided input relating to assessment approaches, instruction materials and security consulting techniques.Identified opportunities for personal and team learning and provided assistance to others when necessary.Wrote or contributed to the development of whitepapers, blog posts, and conducted workgroup presentations.

Delivered customized risk assessment and risk mitigation services to clients using various frameworks including ISO/IEC 27001 and 27002, HIPAA, PCI, FISMA, and others. Performed network security assessments and penetration tests using various network security tools, techniques and methodologies.Applied security design and architecture knowledge of large complex networks to client engagements as needed. Provided security subject matter expertise and support to security, audit teams, and clients.Communicated, presented, and wrote technical reports for technical and non-technical audiences. Created project status reports for engagements. Communicated project status information to key members of the Information Security team.

Conducted technical security tests and evaluations of customer classified and unclassified networks and systems to determine compliance with information assurance (IA) controls. Provided detailed risk mitigation recommendations. Conducted risk and vulnerability assessments of IT systems. Prepared detailed security certification and accreditation documentation in accordance with DoD and NIST methodologies. Made recommendations regarding approval or disapproval for operation of networks and systems. Interpreted and applied security requirements, and advised supported agencies on IA requirements and processes.Evaluated IA controls, interpreted the results, and prepared certification and accreditation documentation and scorecards. Used automated vulnerability assessment tools e.g., DISA Gold Disk, Security Technical Implementation Guides, Security Readiness Review evaluation scripts, Flying Squirrel, DISA benchmarks, Retina. Used the Vulnerability Management System (VMS).Assessed the effectiveness of physical, personnel, communications security, and operations security safeguards. Evaluated firewalls, intrusion detection and prevention systems, virtual private networks, routers, switches, wireless, and server infrastructure. Assessed common operating systems and technologies such as Microsoft Windows, UNIX, Linux, Cisco, and VMware.

Responsibilities were the same as those listed in the Cyber Security Operations Engineer role.

Appointed to Information Systems Security Manager and Alternate Business Continuity Manager roles:Ensured facility compliance with Information Systems security requirements. Identified and documented unique local threats and vulnerabilities to information systems. Conducted periodic vulnerability assessments of the information security program.Ensured procedures governing the marking, handling, and appropriate use of media and equipment are followed. Performed auditing, and system hardening.Reported security incidents to management and customers as required. Implemented security features for the detection of malicious code, viruses, and intruders.Developed, documented, and presented information security awareness and training material.Assisted with planning, coordination, and testing of disaster recovery and business continuity programs.Collaborated with systems engineers and architects to migrate or implement various enterprise information systems. Deployed, administered, and secured systems used for Learning Management, Content Management, Collaboration, Directory Services, Domain Name System services, Virtualization, Asset Management, Performance Monitoring, Vulnerability Management, and Configuration Management. Performed installation, configuration and documentation of network infrastructure for government contracts including Cisco, Linksys, Dell, HP, and NetApp hardware. Participated in the development of bids and proposals.