Provide Cybersecurity Maturity Model Certification (CMMC) expert services, to include teaching the Cyber AB authorized Certified CMMC Professional (CCP) and Certified CMMC Assessor (CCA) courses, conducting CMMC assessments (certification, mock assessments, readiness assessments), and CMMC consulting. Provide other cybersecurity readiness and mock audits/assessments, provide consulting services, and 27001 audits.

Mange the ABS QE CMMC/NIST 800-171 and ISO 27001 programs. Responsible for standing up and managing an authorized CMMC Third Party Assessment Organization (C3PAO) and a Licensed Training Provider (LTP) service. Responsible for ensuring ABS QE remains an ISO 27001 Certification Body. Provide continuous sales support, proposal development, and establish teaming relationships with other CMMC and ISO 27001 professionals. Ensure contract and employee assessors are competent, trained and certified to perform CMMC and ISO 27001 assessments. Provide strategic direction and leadership to ABS QE personnel for the sustainment and evolution of the CMMC and ISO 27001 programs.

The ABS QE technical Subject Matter Expert (SME) providing CMMC/NIST 800-171 consulting and gap assessment services to clients. Responsible for standing up an authorized CMMC Third Party Assessment Organization (C3PAO) and a Licensed Training Provider (LTP) service. Provide continuous sales support, proposal development, and establish teaming relationships with other CMMC professionals. Performed an internal assessment of ABS QE parent company’s Controlled Unclassified Information (CUI) environment, provided comprehensive feedback and trained the cybersecurity and information technology personnel responsible for it. Assigned as an ISO 27001 Lead Auditor and provide final review and approval of related audit reports and certification actions.

Perform all cybersecurity functions on classified systems, to include system security auditing, performing certifications and inspections of systems, investigating security incidents, sanitizing and clearing classified systems, maintaining accountability of systems, and updating the System Security Plan.

Appointed as the Information Systems Security Manager (ISSM) for a large, multi-zoned test and development enclave. Considered and determined viability and security impact of requested changes as a member of the AMCOM G-6 configuration approval board (CAB). Negotiated change request technical approaches to mitigate changes with security issues to an acceptable level of risk and initiate system reauthorization when required. Managed information systems authorizations in accordance with the Army Material Command (AMC) policy and implementation of the Department of Defense (DoD) Risk Management Framework (RMF) via the DoD Enterprise Mission Assurance Support Service (eMASS). Conducted analysis to determine the categorization of systems, select and apply the appropriate controls, overlays, and inherited policy records. Determined and defined continuous monitoring strategies for each assigned information system to ensure effectiveness of applied controls and maintain an ongoing authorization to operate (ATO). Performed self-assessments of assigned information systems under RMF to determine the organizations current level of compliance and track any determined vulnerabilities via a plan of actions and milestones (POA&M). Developed RMF compliant policies, procedures, and processes that provided an acceptable level of risk and considers successful mission achievement. Supervised eight Government IT Specialist (Network) (2210) ranging from grade GS-9 to GS-13 and three Network Engineer support Contractors. Developed subordinates through mentoring, counseling, training, and work assignments. Planed and managed work of subordinates to ensure compliance with Service Level Agreements (SLA) and Baseline, Enhanced Baseline and Mission Funded services as stated in the Command, Control, Communications, and Computers Information Management (C4IM) Services List. Responsible for the network infrastructure of the Redstone Arsenal Installation Campus Area Network (ICAN).

Supervised seven Information Systems Security Officers (ISSOs) and provided cyber security leadership and direction. Appointed as the Information Systems Security Manager (ISSM) for five programs with five information systems ranging from a small Local Area Network (LAN) to a large Wide Area Network (WAN). Considered and determined viability and security impact of requested changes as a member of the Huntsville Lockheed Martin Space Systems configuration control board (CCB). Managed information systems authorizations in accordance with the Defense Counterintelligence and Security Agency (DCSA) implementation of the Department of Defense (DoD) Risk Management Framework (RMF) via the DoD Enterprise Mission Assurance Support Service (eMASS). Performed self-assessments of assigned information systems under RMF to determine the organizations current level of compliance and track any determined vulnerabilities via a plan of actions and milestones (POA&M). Developed RMF compliant policies, procedures, and processes that provided an acceptable level of risk and considers successful mission achievement.

Provided cyber security and IT strategic direction and leadership for PdD TSS to reduce risk effecting program cost, schedule and performance. Developed cybersecurity and IT requirements of the acquisition PWS and authored the Cyber Security Strategy approved by the MDA in support of a successful Milestone B. Performed Information System Security Engineer (ISSE) functions for the systems under acquisition. Served as the technical liaison with PMO Chief Engineer, PEO Chief Engineer, National Security Agency and Army R&D communities on cyber technology and research to identify and bring new capability to the PMO's programs/projects/products. Planed, coordinated, scheduled, and conducted cyber security related test for cognizant systems. Participated in Test and Evaluation IPTs and ensures cyber security testing is incorporated into the Test and Evaluation Master Plan (TEMP). Engineered and planed for short- and long-term information technology requirements for the organization. Worked closely with host organizations to ensure PdD TSS needs are adequately met via a service level agreement. Represented PdD TSS in configuration control boards and led the Cyber Security IPT for the system under acquisition. Ensured the completion of the appropriate Risk Management Framework (RMF) authorization packages (especially in support of the critical proposal and source selection effort) and ensured all vulnerabilities are mitigated or properly assessed for risk. Ensured compliance with the JSIG regulations for PdD TSS systems and systems under acquisition. Liaised with Army CIO G-6 Special Access Programs (SAP) Delegated Authorizing Official (DAO) and DSS SAP Director. Analyzed technical approaches in proposals to ensure viability of proposed cyber security implementations for systems undergoing the acquisition process. Provided cyber security and IT oversight of the prime contractor and associated sub-contractors performing on PdD TSS acquisition efforts/contracts.

Task lead for cybersecurity portion of the contract and prepared required contract deliverables, work break down structure, input into the integrated master schedule, earned value management data and contract performance metrics. Cyber security subject matter expert for a proposal team and wrote the cyber security portion of the proposal response to a re-compete of the PEO MS information technology support contract. Developed RMF compliant policies, procedures, and processes that provide an acceptable level of risk and considers successful mission achievement.

Provided Government cybersecurity and information technology oversight to contractors performing on DoD awarded contracts. Certified, inspected, verified, and validated the confidentiality, integrity, and availability of information systems and networks processing classified Government information. Conducted Command Cyber Readiness Inspections (CCRI) of Cleared Defense Contractors (CDC) SIPRNet connected systems as a Defense Information Systems Agency (DISA) Certified Network and Vulnerability Scanner Reviewer. Conducted Pre-CCRI inspections to prepare CDCs for impending CCRIs and performed Certification and Accreditation (C&A) actions for CDC SIPRNet connected systems.