FedRAMP and StateRAMP lead for 3PAO assessments, advisory, and preparation support. Serve as Information System Security Officer (ISSO) for two FedRAMP accredited programs, overseeing security protocols and ensuring compliance. Serve as virtual Chief Information Security Officer (vCISO) supporting clients in meeting HIPAA security rules and FISMA requirements. Consultant and security control accessor on various projects including frameworks and guidelines; FedRAMP, StateRAMP, Safeguard 1075, Cybersecurity Framework (CSF), NIST SP 800-53, HIPAA.

FedRAMP and StateRAMP lead for 3PAO assessments, advisory, and preparation support. Serve as Information System Security Officer (ISSO) for two FedRAMP accredited programs, overseeing security protocols and ensuring compliance. Serve as virtual Chief Information Security Officer (vCISO) supporting clients in meeting HIPAA security rules and FISMA requirements. Consultant and security control accessor on various projects including frameworks and guidelines; FedRAMP, StateRAMP, Safeguard 1075, Cybersecurity Framework (CSF), NIST SP 800-53, HIPAA.

Through qualitative and quantitative research, build out informational data sheets that aid clients in selection of proper security technologies through analysis. Take inquiries to consult clients in security technologies, along with researching and educating clients on technologies to aid in other tasks such as SIEM and configuration management tools. Write informational blogs, analysis, and research papers that educate the community and clients in compliance, security, and new technologies.

Manage over business clients to start up and maintain proper healthy hacking platforms for ethical hackers and security researchers to legally report and disclose vulnerabilities and security findings. Responsibilities to help these clients can span from just guiding the program into a successful start-up with advisory on how to maintain proper reports coming in, to helping with long term goal expansion to scope and reporting assets to maintain hacker interaction with the client.

Lead IA engineer for the 36th ID at Camp Mabry, TX. Train soldiers in Information Assurance and self-protection of social engineering and malicious cyber-crime. Establish proper IA compliance to DoD. 8500 and Risk Management Framework standards and standardized SOC environment for the field with standards and procedures. Train IA team members in IA duties to include but not be limited to; vulnerability scanning and patching, network monitoring, Wi-Fi analysis, system trends analysis, and counter-intelligence gathering of social engineers. Created intelligence briefings for commander to keep complete transparency for proper unit vigilance of cyberspace.

Managing over vulnerability disclosure program to ensure responsible handling, remediation, and disclosure of vulnerabilities in Alienvault public domains and product. Part of a team of 4 security personal to establish HIPAA, PCI-DSS 3.2, SOC2 (Type 1 & 2), ISO 27001 and GDPR compliance of Alienvault USM Anywhere and Central products. Solely responsible of inventory control, follow ups of log anomalies, vulnerability management process, public relations of hacker and security researcher community via Twitter and HackerOne, auditing various controls and documents and setting rules and configs in Alienvault USM Anywhere. Organize penetration and segmentation testing per compliance requirements, along with managing the findings and retesting after remediation. Along with helping developers improve the product from a security analyst point of view. Helping our training team with proper content to train students as security analyst using our products. Am also a contributor to the network security team as a reference point and help with resources to allow them to succeed in their operations in PenTesting, log analysis, and vulnerability testing.

Establish, document, implement, and monitor the Information System Security program to ensure compliance to NISP standards in a multi-platform environment of Linux and Windows utilizing the NISPOM, ISFO, NESSUS vulnerability scanner, Graylog and McAfee ESM SIEM solutions, and McAfee ePolicy Orchestrator (HBSS). Utilizing DIACAP and RMF processes to maintain proper security and gain accreditation within a classified environment. Trained Information System Security Officers and System Administrators to achieve and maintain proper security posture, as well as training users to maintain information integrity and security. Have received 3 consecutive Superior ratings from DSS during annual government inspections. Won the James S. Cogswell Outstanding Industrial Security Achievement Award in 2016.

Contracted with Veteran Affairs Financial Service Center. 2nd head technician on service desk. Part of veteran affair's Cyber Risk Information Security Program (CRISP) incentive to secure the network and all systems by establishing a SOC. Migration of over 1000 machines to Windows 7 and Office 2010. Managed the deployment/migration, successfully meeting every milestone. Was head tech for IA issues before being escalated to IA cell for forensics and scans. Managed Contractor side of the service desk. Blackberry and smartphone support. Worked with software developers to troubleshoot problems and compatibility issues. Worked closely with system and network admins to troubleshoot more complex issues that lower tiers couldn't resolve. Monitored and delegated tickets on SCSM 2010 system.

Maintained inventory assets, desktop support, and deployment/migration of Win7/Office 2010. Monitored servers and security on Windows server 2008 R1 & R2. Symantec products for intrusion and viral control. Maintained AD, Bothunter, Exchange and Blackberry exchange servers and individual employee BlackBerrys. Network monitoring and control. Maintained tickets using Spiceworks, also allowing full network and systems control. Trained employees in Windows 7 use, security of system, and other items including Office 2010 and MS Navision.

NCOIC (Manager), maintained automated systems for the Military police and Field Artillery units. Troubleshoot network and system issues. Maintained a Wi-Fi security program to watch for rogue devices and hotspots. Trained, in-briefed, and out-briefed system users and privileged users. Asset inventory and supply with 100% accuracy with no combat loss. Maintained team integrity with proper management practices. Was the end tier tech for any escalated issues tier 1 and 2 could not take care of, to include civilian techs that worked with the units and within Army and Air Force Security Operations Center teams.