The Customer Success team is focused on enabling our customers to use our awesome Q-products for real time risk management and insider threat audits.

Manage the Customer Success team providing guidance, strategies, and developing templates/videos to streamline and standardize the product adoption process. Support multiple customer accounts to assist in providing compliance guidance to aid in product adoption of multiple compliance frameworks and ICS 500-27.

Premium Splunk apps: Q-Compliance and Q-Audit tools.

Teach and Team Lead Information Technology related classes part time at both undergrad and graduate levels. Tools include Blackboard, Brightspace, Turnitin, Test Out, SIMNet lab based environments. SNHU National Cyber League (NCL) Coach.

ISSO Role(s) - Manage multiple projects to review and maintain FedRAMP and Agency packages to implement risk management framework processes through the system Assessment and Authorization (A&A) process and continuous monitoring activities hosted on multiple cloud based virtual platforms. Develop GRC role based training, create, review, and update system artifacts, review Security Technical Implementation Guides (STIGs), SCAP scans, Benchmarks, and system evidence to confirm hardening of the system, develop Plans of Action and Milestones (POA&Ms), participation on Change Configuration Boards (CCB), manage risks, and track compliance. Achieved multiple ATO’s.Team Lead Role(s) - Implement Continuous Monitoring as a Service (CMaaS), and Risk Management as a Service (RMaaS) by implementing and managing the service tools, Qmulos and RiskSense. Responsibilities include planning and coordination service task priorities using JIRA, developing Organizational Level Agreements (OLAs), onboarding users, partnering with the Agency ISSO’s to define customer requirements and implement. Coordinate training and architecture review with the vendor and train/guide team personnel. Develop policy and procedure documents, customer continuous monitoring plan and schedule, develop POAMs, and automate actions using alerts and reports. Review and develop SOP’s, work with the Splunk engineers to troubleshoot and define future planning/needs. Develop documentation for business planning, marketing, and conducted tool demos for customers.

Supporting DISA/DLA project to implement risk management framework processes through the systems authorization process hosted on DISA cloud based virtual platform. Create, review, and update system artifacts, review STIGs and system evidence, develop Plans of Action and Milestones (POA&Ms), manage risk, and track overall compliance. Key Contributions:- Verified and validated design documentation to achieve Critical Design Review (CDR) acceptance by the Government- Lead effort on Plans of Action and Milestones documentation and control closure to document the system and write the System Security Plan- Led collaboration meetings with the Government to plan and document the security of the system- Appointed the Level I Engineer with oversight of the Level II Applications support technicians configuring an Enterprise Resource Planning (ERP) system- Responsible for staging the initial implementation of 19 servers in a DISA virtual environment

MAR/APR 2017 - Led a team to transition the Air Operation Center Weapons System 10.2 program at Langley Air Force Base from DIACAP to RMF. Funding was put on hold for this project by the Congressional Arms Committee and this ended the task shortly after I came on board.MAY - OCT 2017 - RMF Team Lead in support of the CSRA DISA/DLA Project referenced above. Was hired to join the CSRA/GDIT team as a full time employee in Oct 2017.

Conducted Governance, Risk, and Compliance (GRC) 800-53A Rev 4 assessments at NASA Langley Research Center information technology systems ensuring continuous monitoring requirements were met for all areas. Management oversight of one individual.Key Contributions:- Developed Center Common, Hybrid Control, ICS, Cloud and other custom overlays- Defined Information Security Continuous Monitoring Strategy that aligned with NIST 800-137 and Agency directives to maintain ongoing awareness of information security, vulnerabilities, and threats to support risk management decisions- Streamlined Security Assessment Report process to communicate assessment findings effectively- Led NIST 800-53 Rev 4 Implementation- Supported and trained users on multiple GRC tools: RMS, RSAM, ITSC, and RSA Archer- Worked with technical team to develop Continuous Monitoring dashboards applying NIST 800-53 Control requirements using Splunk, Nessus Security Center, IBM KACE, and BigFix tools- Crafted “Culture of Security” program resulting in substantial improvement in security awareness

Project leader for ANSER, a premier studies, analysis and consulting firm. Led ACC/A589 Information Security for unclassified, classified, and Special Access Required (SAP) Programs up to and including Top Secret ensuring confidentiality, integrity and availability of program data. Overall security responsibility for people, technologies, and data.

Team leader for ANSER, a premier studies, analysis and consulting firm. Led ACC/A589 IT Help Desk to support over 500 directorate users in both unclassified and classified environments. Led Blackberry implementation effort. Managed a team of 5 to support and plan all technology requirements for a Major Gen, his deputy and all directorate personnel.