I am an Information System Security Manager (ISSM), the government Assessment and Authorization (A&A) lead, and the Vulnerability Remediation Asset Manager (VRAM) government lead for the TacMobile program at NIWC. I am responsible for all RMF activities within the TacMobile program. Tracking all vulnerabilities across our enterprise and apprising leadership of our current cyber security posture. I lead a team that tracks, analyzes, remediates, and reports each vulnerability across our 22 sites and headquarters. In addition, I have assessed applicable Information Assurance controls to include NIST 800-53 and DoDI 8500.2 using the latest DISA Security Technical Implementation Guides (STIG). Evaluated security controls and safeguards designed through the security engineering lifecycle, developed and executed test procedures to assess, document, review and report the results of security testing for multiple US Navy information systems. I have also performed risk assessments to determine whether IT systems meet Navy requirements to be accredited. I have developed implementation plans, system security plans, plan of actions and milestones (POA&M's) validation reports, Security Assessment Plans and prepared technical security evaluations for the Security Control Assessor/Liason, and Navy Authorizing Official. Other system documentation I have completed include Hardware and Software lists for Step 2 review, Contingency plans, test plans, and mitigations for A&A findings.

I am a cyber security Analyst working on the SPAWAR TACMOBILE project. I am responsible for all aspects of the Risk Management Framework (RMF) accreditation cycle. This includes analyzing risks and making recommendations to the Certificate Authority (CA) and the Authorizing Official (AO). By analyzing vulnerability reports for the different systems, risk can be ascertained and determined. Also included in the RMF process is the creation, updating, and reviewing of all associated documentation. To track our accreditations, we use the Enterprise Mission Assurance Support Service (eMASS) system. As part of my duties, I collaborate with multiple groups (i.e Configuration Management teams, Integration teams, Testing and development teams, ect) to ensure that security is implemented from the beginning of the project or the Software Life Cycle Development (SDLC).

I was a validator for the Navy/Marine Corps Intranet (NMCI is a network of 733 sites and over 700,000 physical assets), I supported the execution of all steps necessary for obtaining DIACAP and RMF accreditations. I conducted system security reviews on a large scale enterprise systems. Evaluated design changes for cybersecurity risk. Analyzed the results of network and system vulnerability scans. Conducted Enterprise Risk analysis and validation. Supported the Government lead with C&A impact recommendations for technical changes presented at the Cyber Security Review Board. Validated accreditation support documentation such as DIACAP packages, etc., to include requirements traceability matrices, NIST 800-34 contingency plans, POA&Ms, Privacy Impact Assessments (PIAs), security standard operating procedures, security test and evaluation plans, and residual risk assessments. I also was the only Enterprise Mission Assurance Support Service (eMASS) administrator for NMCI.

I was the Information Assurance Team Lead for Sotera Defense Solutions on the SPAWAR GCSS-MC contract in Charleston SC. My team is responsible for all IA functions within the scope of the GCSS-MC. My responsibilities include producing contract deliverables on time, handling any team member HR issues, ensuring that projects get assigned to the best qualified team members, taskings are completed in a timely manner, quality checking of documentation produced by the team, interfacing with the client to determine needs and wants, determining project priorities, and briefing status to corporate leadership.I also am responsible for the security posture of the Solutions Development Environment (SDE). This includes creating security policies, ensuring policies are implemented, running audits and test events, coordinating remediation’s with the various hardware and software development teams, and creating training for IA awareness and new hires.

I worked as an Information Assurance Officer (IAO) for the Defense Threat Reduction Agency (DTRA), I am responsible for all aspects of Certification and Accreditation (C&A) for the systems under my purview. This includes creating all DIACAP documents, performing 8500.2 control assessments, using Retina and the REM Security Management Console to scan, manage, track, and remediate findings, and coordinating with the system owners to define the C&A steps that need to be taken to get their systems accredited. I am the direct interface between the system owners and the Certification Authority (CA). Another area of my responsibilities includes representing the Chief Information Officer (CIO) at the Engineering Review Board (ERB) and the Configuration Control Board (CCB). I also have extensive knowledge of the Enterprise Mission Assurance Support Service (eMASS) application. During my time at DTRA I have been responsible for the creation of the Agency’s Plan Of Action & Milestones (POA&M) tracking process, and the agency’s eMASS Implementation Plan. Another contract, was for the Defense Logistics Agency. I was a member of Certification and Accreditation Independent Verification and Validation (IV&V) team, and a member of the Certification and Accreditation team. My Responsibilities included reviewing completed C&A packages for compliance against DoD, DLA, and FISMA regulations. I also performed onsite validations of security controls in accordance with DoD 8500.2.

I was a project manager and systems security technical lead with the Joint Staff Systems Integration Services (JSSIS) project, working for the Joint Chiefs of Staff (JCS). I was responsible for Project Management and all aspects of network design, maintenance, administration, integration and security. I have been project manager on over 30 projects ranging from an estimated project cost of $25,000-$2,500,000. I have managed a staff of eight technical and non-technical personnel. My team and I coordinate interdepartmental events to facilitate the ease of integration between vendors and government data systems. I provide regular weekly briefs to senior ranking officials including flag level officers on project status and timelines. I develop all of my project plans in Microsoft Project and track each project from inception to integration while sharing this information with senior JCS leadership.