Responsible for Cybersecurity and Classified Information Systems at SPA.

Led a team of System Administrators, Network Administrators, Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), and Information System Security Engineers (ISSEs) responsible for the design, procurement, configuration, accreditation, operation/maintenance, and continuous monitoring of 10+ classified networks. These classified networks include isolated Local Area Networks (LAN) or NISPOM systems, Secret Internet Protocol Router NETwork (SIPRNet) connected systems, and Type A systems connected to Government installations. Acted as the primary liason to the Defense Counterintelligence and Security Agency (DCSA), Defense Information Systems Agency (DISA), and the Defense Industrial Base (DIB) to challenge the status quo and enhance the classified computing capabilities at SPA. Led the digital transformation for SPA classified systems from DIACAP in DCSA's ODAA Business Management System (OBMS) to the Risk Management Framework (RMF) in DCSA's Enterprise Mission Assurance Support Service (eMASS) instance. Assisted DCSA as an eMASS Subject Matter Expert (SME) by advising and providing lessons learned which were incorporated into the initial Industry eMASS Implementation Guide.

• Lead a team of ISSOs/ISSEs to assess and improve the overall security posture of cloud-hosted Major Automated Information Systems (MAIS) in development and their supporting organizations.• Support business development efforts including client demonstrations for applications migrating to the cloud, Agile and DevOps implementations, Cybersecurity, and information technology opportunities.• Fill several different roles for US Public Sector programs as a Cybersecurity SME including ISSM, ISSE, Cloud Security Engineer, and auditor.• Provide cybersecurity support for the Total Ammunition Management System (TAMIS) through the Army’s Risk Management Framework (RMF) Assessment and Authorization (A&A) process using the Enterprise Mission Assurance Support Service (eMASS). • Designed and developed the Security Architecture and Network for the TAMIS migration to Amazon Web Services (AWS) GovCloud.• Developed and implemented Cybersecurity Policies, Processes, and Procedures for TAMIS to attain Authorization to Operate (ATO).• Work as the liaison between Army G-3/5/7 and third parties (i.e. NETCOM, DISA Cloud Access Point, DISA Internet Access Point, ARL, AWS, Akamai Technologies) to ensure proper implementation of security controls and maintain compliance. • Work as part of a DevOPs team for development of a modernized TAMIS application including participating in the 2-week Agile sprint cycle.• Manage program and cybersecurity risks, the Cybersecurity Workforce (CSWF) Improvement Program, third-party software licensing, Cybersecurity Service Providers (CSSP), and software development support applications (Visual Studio, SharePoint, TFS, etc.) for the TAMIS project.

• Responsible for ensuring Confidentiality, Integrity, and Availability for corporate IT assets including laptops, phones, blackberries, monitors, routers, switches, firewalls, Network Attached Storage (NAS) devices, and servers. • Responsible for ensuring corporate networks meet legal and regulatory requirements including those imposed by the Department of Defense (DoD).• Responsible for maintaining corporate security policies, standards, procedures, and guidelines.• Responsible for executing the company’s Strategic IT Plan which includes disaster recovery provisions, cybersecurity upgrades, and forecasted infrastructure needs in accordance with projected company growth.• Responsible for ensuring Third-Party cloud services provider implements the proper security controls and tests them periodically.• Ensure the proper physical security controls are in place including implementing the proper facility design controls for maintaining the company’s Top Secret Facility Clearance and ability to handle classified information.• Responsible for managing and investigating security incidents.• Work with DoD Chief Information Officers (CIOs) of several Program Executive Offices (PEOs) to classify company assets for use in secure DoD environments using the NIST Cybersecurity Frameworks.• Responsible for maintaining the company DataWatch swipe badge system and managing the 3rd party IT Company who provides company’s cloud services, web-based systems, active directory management, and VOIP capabilities.

Manage a team of Cybersecurity and IT Professionals to:o Support the Infrastructure Branch with implementation, configuration, and management of core IT networks and RDT&E environments.o Support the Application Branch with secure application development and implementation of proper software development security controls in accordance with policies and guidance.o Support Cybersecurity Branch with security policy development and Certification and Accreditation (C&A) of IT Systems.• Directly support the Command Information Systems Security Manager (C-ISSM) with project management expertise to manage several project schedules, risks, costs, reporting, and metrics.• Responsible for managing financials, staffing, contract documents, tasking, and contract actions.Lead a team to identify and pursue opportunities for business development by: o Developing and executing Herren's Cyber Security and Information Technology Business Development strategy.o Identifying emerging needs in the Federal marketspace such as Cyber Security and positioning Herren to pursue those opportunities by developing the requisite personnel, skills, and expertise.o Serving as the Technical Lead and IT Subject Matter Expert for several proposal development efforts.o Developing relationships with potential business partners that compliment Herren’s service offerings.o Meeting with clients to shape opportunities and discuss additional ways Herren could help them reach their goals.

• Provided Program Office personnel with cybersecurity and mission assurance for their network of IT infrastructures, which include the internet, telecommunication networks, computer systems, and embedded processors and controllers for Naval Power and Electronic Systems. • Support the ESO’s four major product lines throughout the product development lifecycle by developing Industrial Controls Systems (ICS) Acquisition Plans, Security Requirements Documents, Security Testing Plans, and Navy Platform IT (PIT) Cybersecurity Compliance documentation.• Provided Cybersecurity Engineering support to determine the IA requirements for Certification and Accreditation (C&A), or Platform Information Technology (PIT) determination and Risk Approval for IT systems to be delivered to the Government.• Performed IA risk assessments for given systems to identify shortfalls or programmatic risks of an IA nature• Employ all IA controls that are deemed appropriate and demonstrate the intended IA design features of all systems, software and interfaces to assist PMS 320 in meeting the certification standards specified by the cognizant Government agency.• Assist PMS 320 with the Information Assurance Vulnerability Management (IAVM) requirements where applicable and report/maintain compliance metrics for these requirements via the PPIP CDRL if applicable• Principal advisor for PMS 320 personnel during execution of business operations and contracting requirements ensuring Cybersecurity and IA policies were followed• Submit the results of certification testing to the Government to support a recommendation to the Designated Approving Authority (DAA) for accreditation or PIT Designation• Provide the necessary documents and assist PMS 320 in registering all new applications developed for all new systems with the proper Functional Area Manager (FAM)

• Supported several Assistant Program Managers as a Subject Matter Expert on Naval Power and Distribution Systems • Support Deputy Program Manager during development and implementation of the Combat Power and Energy Systems (CPES) Over-arching Integrated Product Team (OIPT) which included management and coordination of six independent working groups in the fields of Naval Power Systems Research, Development, Test, and Evaluation (RDT&E)• Developed a program-wide System Engineering Master Strategy to enable the client to transition new technologies to the fleet more efficiently by standardizing their operations including budgeting, metrics reporting, configuration management, risk management, schedule management, and Cybersecurity approach• Responsible for the secure design, development, and implementation of web based enterprise-wide applications to support the program office• Served as SharePoint Site Collection Administrator and Developer of the ESO’s IDE in the Navy’s Secure SharePoint environment (iNAVY/iNAVSEA) which included development of security processes and controls, sites, workflows, custom web parts, automated reports, dashboards, user account provisioning, and Microsoft Office integration• Provided troubleshooting, training, and technical support for ERP, NMCI Assets, contractor laptops, SharePoint, and Microsoft Office• Developed several program tools using secure software development principles.

• Led a team of consultants to transition from the ESO’s Integrated Development Environment (IDE) in PowerSteering Software to the Navy’s secure and DoD compliant SharePoint environment (iNAVY/iNAVSEA)• Managed all phases of the project including the stakeholder identification, requirements analysis, custom development, migration of data, training development, and implementation• Ensured Navy required secure development processes were followed and National Institutes of Standards and Technology (NIST) Cybersecurity controls for Federal Information Systems were implemented including Access Control using PKI certificates, Accountability and Audits, Incident Response Planning, Application Hardening, Training, and C&A Support• Developed Herren’s Employee Information Portal (EIP) powered by SharePoint 2013 which included:o Developing site structure, branding, and interactive features to ensure the intranet was easy to use, promoted a sense of community, and encouraged user participation.o Custom development of an accordion on the homepage used for navigation, a visually stunning portfolio page that automatically maps current projects to the company’s portfolio, and a web part that showcased users who had a birthday in the current month.o Additional features developed include an expense report workflow, new hire workflow, deployment of SharePoint My Sites, and integration with Active Directory to enable Single Sign-On (SSO). o Administering companywide training on the new EIP.• Project Manager of Herren’s website redesign project which included leading a team of engineers to:o Define requirements, identify stakeholders, and collect updated content.o Design a modern interface, add interactive elements, and showcase Herren’s portfolio to potential teaming partners and employees.o Develop the site using the WordPress CMS to ease the burden of maintenance.o Develop custom plugins, functionality, and branding using PHP, HTML, JavaScript/JQuery, and CSS.

• Investigated issues on board the LPD 17 Class of ships ranging from engineering failures to incomplete training of personnel• While visiting Naval Installations, communicated an overview of problems found, along with possible solutions, to government working groups located in DC for analysis and implementation • Developed a Final Report that summarized the findings and recommendations to be submitted to CPF/USFF commands

• Coordinated Search and Rescue (SAR) cases and Vessel Trafficking Services (VTS).•Responsibilities included management of SIPRNET messages, loading and destroying cryptographic keys for Encrypted Radio Transmissions, and training subordinates on radio communication, security, and SAR Standard Operating Procedures (SOPs).

• Conducted Research and Development (R&D) within PMS394, the Navy’s Submarine Rescue Division on projects including the Deep Submergence Recue Vehicle (DSRV) and Submarine Rescue Diver Recompression System (SRDRS).•Setup and maintained customer SharePoint sites for information sharing and knowledge management.•Solved defined problems on an independent basis, with review by managers and others as appropriate.

• Provided IT and Program Management support to Naval Sea Systems Command (NAVSEA) in the VIRGINIA Class Submarine Program by reviewing and updating engineering documents.•Setup and maintained customer SharePoint sites for information sharing and knowledge management• Maintained Engineering Change Request (ECR) and Manual Change Request (MCR) databases via LiveLink.• Prepared computers to be used in a classified environment and trained users on proper security procedures for handling classified material.