Steve Boddy Email & Phone Number

Chantilly, VA, US

• Industry consultant and leading manager for the Federal Risk Assessment Management Program (FedRAMP) certification and accreditation process on the Department of State's Global Talent Management Applicant Tracking.
• Develop reporting metrics, dashboards, and evidence artifacts demonstrating FedRAMP security risks. Create, optimize, and support cross-functional working groups and projects to enhance the efficacy and effectiveness.

New York, New York, US

• Act as the FedRAMP compliance SME, advising cross-functional teams, and ensuring alignment with NIST SP 800-53 Rev. 5 and NIST SP 800-37 frameworks. Guide technical teams on meeting relevant compliance requirements and.
• Support the ConMon initiative by performing ongoing assessments, tracking POA&Ms, and generating required reports for significant change requests (SCR), vulnerability management and system status. Maintain all FedRAMP.
• Write SOPs, incident response plans, disaster recovery plans, and contingency plans for FedRAMP compliance. Work with internal teams to ensure accurate, detailed documentation of compliance efforts. Conduct gap.
• Oversee vulnerability assessments, analyze infrastructure, data flows, access controls, encryption methods, and security frameworks to ensure alignment with FedRAMP and public sector security control baselines. Provide.

Herndon, VA, US

• Create customized training courses for Security University, www.securityuniversity.net. Courses are designed to provide the lab and classroom experience in order to fulfill the National Security Agency (NSA) and.
• Courses expose learners to a comprehensive examination of the RMF with selection and specification of security controls for an information system. Management of organizational risk is a key element in the.
• Other topics covered in the course include: maintaining compliance with FISMA, guidance on OMB Exhibit 300, NIST Special Publications, FIPS, Certification and Accreditation, Platform IT (PIT) and more. Learners acquire.

Arlington, Virginia, US

• Responsible for the implementation and management of Quality Management System (QMS) and Information Security Management System (ISMS) for the company’s technology solutions business. Ensure that the QMS and ISMS.
• Responsible for maintaining the QMS, ISMS, and associated ISO certification. Serve as the point of contact for the ISO certification body (registrar). Work collaboratively with all team members to collect Quality.
• Execute company quality management plan as it relates to ISO internal audits, management reviews, and risk assessments. Serve as the Management Representative, as well as develop, maintain and facilitate the management.
• Develop auditing plans and oversees internal audits conducted to support the QMS and ISMS. Advise senior management on a periodic basis on the overall health of the QMS and ISMS, identifying critical issues and.

Arlington, Virginia, US

• Administer the security and privacy requirements for the Cloud.gov platform as a service (PasS) hosting for the Head Start Enterprise System (HSES). Provide continuous monitoring activities for high value enterprise.
• Establish strategic program goals geared towards deploying threat management and information protection capabilities and standards, strengthening the cyber security workforce, and increasing stakeholder engagement..

Washington, DC, US

• Cyber Security Program Manager at the Small Business Administration (SBA) Headquarters. Led day-to-day contract requirements with a team of seven Information System and Security Officers (ISSO). Aligned the Office of.
• Spearheaded an ambitious plan to migrate into Windows 10, Azure, Office 365, OneDrive and SharePoint. The SBA will become the first government agency to complete this modernization. Organized pilot projects for.
• Managed change requests to bring locally hosted systems into FedRAMP certified cloud-based systems hosted on Amazon Web Services, Salesforce, Datapipe and Azure. Assessed the impact of changes to cost, performance and.

Reston, Virginia, US

• Principal oversight of Naval Facilities Engineering Command (NAVFAC) Risk Management Framework Security Control Assessor (RMFSCA) Support at CI06. Provided CYBERSAFE, DIACAP & RMF support to systems currently.
• Led teams of Navy Qualified Validators (NQV) for security control assessment, RMF implementation, ashore ICS C&A process standardization and technical risk assessment, certification determination and other RMF.
• Provided reports of the findings for existing systems that are used to measure performance against service level agreements (SLAs). Coordinated the update, tracking and communication of Plan of Action and Milestones.

Washington, DC, US

• Plank owner at the new Security Exchange Commission (SEC) headquarters office in the CyberWatch Office with the Technology Control Program (TCP), Office of Information Technology (OIT). First responder to disruptions.
• Worked with teams to harvest information from key security metrics in order to produce real-time trending and analytics. Produced reports on demand using a combination of cyber and financial data for stakeholders.
• Led teams and influenced decisions to mitigate risks. Encouraged best practices from entities to bring SEC to the forefront of cyber security on the global financial market. Implemented security objectives with.

Washington, D.C., US

• Applied all government mandated security standards incorporating private sector industry best practices to General Services Administration's most progressive open source platform developed within an agile DevOps.
• Developed and deployed a long list of the most modern open source COTS vendor-supported third party applications including ForgeRock OpenAM, IBM Security Identity Manager, Chef, Docker, GitHub, Jellyfish, Logstash.
• Led small teams of government and contractors running agile projects with WBS and project planning in MS Project. Used JIRA and Confluence to organize and execute epics, features and user stories. Developed all FedRAMP.
• Provided program and project management support in the following areas: risk management, integrated schedule management, performance metrics, document management, and change management. Supported the facilitation of.
• Guided self-forming teams that executed work in progress. Integrated their input to manage user stories for the best estimation of time to completion and planning upcoming work in future sprints. Executed innovation.

Washington, DC, US

• Consultant to Federal Emergency Management Agency. Executed a wide portfolio of technical assessment services associated with A&A, cyber security control assessments, accreditation package development and all other.
• Conducted vulnerability scans using approved automated security tools to build security plans. Captured IS hardware and software inventories, identified and verified host names and internet protocol address domains..
• Worked closely with internal and external clients in order to maintain cyber awareness for all systems. Initiated the re-accreditation process and maintained documentation for enterprise-level systems throughout all.
• Created ATOs for multiple enterprise systems preparing to enter virtualized hosted systems in an Infrastructure as a Service (IaaS) environment. Created Personal Identification Validation (PIV) compliant login.
• Explored Agile methods to overcome new risks created by enterprise-level IA system interoperability changes. Led teams to have a maximum focus on events leading up to full rate production at most competitive cost.

Bethesda, MD, US

• Lockheed Martin Cybersecurity Manager supporting Joint Personnel Recovery Agency (JPRA) Communications Directorate (J6). Worked closely with internal and external clients on NIPRNet, SIPRNet, and JWICS systems for all.
• As Deputy Project Manager, successfully executed a complex recovery plan in order to bring JPRA back to a stable baseline. Performed root cause analysis, integrated master schedule planning, resource/schedule.

Silver Spring, Maryland, US

• Provided information assurance expertise to the Information Assurance Manager supporting the Military Health Systems (MHS) of the newly created Defense Health Agency (DHA), Infrastructure and Operations Department in.
• In 2014, our major operational goal was to work with DHA, SPAWAR, and DISA to institute Host Based Security Systems (HBSS), Assured Compliance Assessment Solution (ACAS), Enterprise Mission Assurance Support Service.
• Managed all information assurance requirements of the following enterprise-level MHS networks: MHS Intranet (MHSi), MHS Virtualization (MHSV), Network Management System (NMS), Network Protection Suite (NPS) 1.3 & 2.1.

• Supported Military Health System centrally managed Clinical, Resources, Logistics, and Executive Information and Decision Support, and Theater systems. Maintained information assurance packages in accordance with.
• Integrated risk management approaches that communicated and managed Information System Security Officer (ISSO) as a Service, Identity, Credential and Access Management (ICAM) technical risks across the Agile.
• Assisted with writing POA&Ms and providing layer of security for software vulnerabilities. Interpret monitoring results and identify false positives produced from COTS software scanning tools including, App Detective.
• Led security engineering teams to document system security posture using eMASS, Trend Analysis Database and other repository query tools. Developed customized security artifacts such as CONOPS, System Security Plans.
• Consultant in the development of system and security designs. Construct briefings for Milestone Decision Authorities, DSAWG, and Engineering Control Boards. Executive IA support team member to the engineering support.

• Capture Manager for five multi-million contracts and task orders to DISA, NAVSEA, SPAWAR PMO 142, Dept. of Education, and DIA for a total value of over $70M over a 20-month period. Managed all business aspects of three.
• Directed enterprise-wide strategic systems planning activities at the Department of Education Office of the Chief Information Officer and Defense Information System Agency (DISA) PEO-MA/IA2 programs. SME for all.
• Provided Computer Security Awareness Training (CSAT). Maintained, coordinated, and conducted the Security Awareness Outreach (SAO) training activities on a monthly basis including the administration and reporting of.
• Provided oversight, planning, and support activities to the Joint Information Management System (JIMS), Global NetOps Information Security Environment (GNISE) and Defense Industrial Base Network (DIBNet) for enterprise.
• Pioneered the development of a non-disruptive method for continuous visibility between multiple network vulnerabilities using a sophisticated out of band (OOB) network connection.

• Short-term security consultant and business developer specializing in SPAWAR contracts under SeaPort-e (SeaPort-enhanced). Led Red Team/White Glove to compete for $240M Cyber Warfare Defense Command GENSER Contract.
• Pioneered a series of changes that successfully integrated the best practices of Carnegie Mellon Software Engineering Institute Capability Maturity Model Integration (CMMI) Model/framework to increase efficiency and.
• Classification Code: A -- Research & Development
• NAICS Code: 541 -- Professional, Scientific, and Technical Services/541330 -- Engineering Services

Mclean, Virginia, US

• Sole support to the Information Assurance (IA) Technical Authority and Technical Process Owner for SPAWAR 5.0.2 (Office of the Chief Engineer).
• Coordinated enterprise-level network planning and IA technical reviews for ACAT Level I – IV programs including AMF JTRS, NTCSS, N-GEN, CANES, ISNS, ADNS, MOC, Link-16, GCCS-M, Navy-ERP, DCGS-N, and other non-ACAT.
• Implemented C&A processes to provide guidance to Fleet authorities using Agile techniques with Kanban boards to improve IA best practices. Many successful portions of IA programs were modified and implemented in.
• Expert level understanding of all Tier II Echelons organizational priorities, policies, and procedures. Provided IT-centric development services.
• SME for the Integrated Defense Acquisition, Technology, and Logistics Life Cycle Management System, a complex acquisition process that lasts up to a decade for program costs in excess of $340M. Reviewed and assessed.
• Supported technical area experts at SPAWAR System Center (SSC) San Diego, PEO SPACE, PEO JTRS, and PEO C4I by reviewing C4I related programs across system commands.

Mclean, Virginia, US

• Analyzed multi-million dollar business capture opportunities. Wrote executive-level summaries that cross-matched customer needs to internal organizational manpower resources in a "best fit" approach. Minimized manpower.
• Developed execution of marketing strategies for targeted opportunities. Introduced a series of changes that successfully integrated the best practices of Carnegie Mellon Software Engineering Institute Capability.
• Successfully led teams on four occasions from the entire sequence of RFI to final orals presentation with net wins over $750M.
• Team Leader for cooperative efforts between prime and sub-contractors for creating business solutions to overcome IT issues with cross-integration of C4ISR, system implementation, IA, and technical management.
• Systems Specialist in developing business support opportunities for IA, cyber defense, and training.
• Integrated cost efficient and practical solutions to solve complex enterprise-level network challenges.

Dallas, TX, US

• Senior Instructor for the Center for Information Dominance Information Assurance Manager course NEC IT-2779, and Network Security Vulnerabilities Technician course NEC IT-2880.
• Facilitated computer-based training.
• Extensive background in information systems course development and implementation into on-line environments. Led strawman evaluation analysis, created Instructional Design Documents (IDD), and made adjustments to.
• Resident IA SME for the curriculum development of Network Continuum in systems security and accreditation processes, and risk analysis.
• Managed up to twenty learners per course and 450 learners per year.

Falls Church, VA, US

• Coordinated planning, implementation, and health plan security assessment for 2.7 million beneficiaries over a twenty-one state region via a five-year, US$10B managed care support contract while supporting.
• Served as the lead authority on privacy policies and regulations on how to protect, handle, and secure Personally Identifiable Information (PII) and Sensitive but Unclassified Information (SBU). Co-chaired the Initial.
• Created and implemented twelve organizational policies and procedures that enhanced security for data at rest for electronic patient health information (ePHI), and physical security.
• Participated in national level decision-making policy to create HIPAA's National Provider Identifier (NPI) program to integrate provider identification for medical billing.

Dallas, TX, US

• SME for technical aspects for installation and maintenance of hardware and software for network-based information systems.
• Maintained training projects on time and within budget. Managed multiple courses that were taught simultaneously using web-based resources.
• Curriculum administrator & instructor for the DoD Information Assurance Manager and Network Security and Vulnerability Technician schools.
• Developed state-of-the-art training curricula with colorful visual aids to enhance training.
• Set up and maintained Windows and Linux network systems in virtual machine (VM) environments with multiple simultaneous operating systems for student training.
• Provided logistical support to students and instructors in Network Continuum training courses.

Washington, DC, US

• Developed and installed modernized Naval Tactical Command Support System (NTCSS) computer systems with customized lesson plans and detailed training materials. Effectively managed personnel and resources with Project.
• Provided 24/7-customer support to the Fleet for database analysis and testing. Created more than 100 solutions for system and application problems that occurred with the Organizational Maintenance Management System.
• Tested three major revisions of the optimized NTCSS Force Level cycle support for Pacific Fleet units on NTCSS and Shipboard Non-tactical Automated Data Processing II (SNAP II) systems onboard 12 Force Level ships.
• Awarded the Navy Commendation Medal for meritorious service and extraordinary contribution to the Navy in recognition of the successful worldwide installations of modernized NTCSS systems on time and on schedule.

Washington, DC, US

• Initiated a state-of-the-art oil spill protection system for 63 United States Navy and Coast Guard ships and submarines based out of San Diego, Coronado, and Point Loma. The system resulted in measurable decreases in.
• Taught over 3,000 Federal employees the First Responder Guidelines from the National Environmental Protection Act, Clean Water Act, Clean Air Act, and other Federal, State, County, and local laws and requirements for.
• Created enterprise-level database tracking systems to fetch customized reports for every accidental oil spill release in San Diego for the previous ten years from a military source. Materials, manpower, and logistical.
• Received national attention and local awards when our team produced a 15% water pollution reduction in San Diego Bay over a three-year period.
• Wrote dissertation for M.S. in Environmental Management. Dissertation was based on ad hoc reviews of the results of risk analysis, cause and effect relationships, and the risk mitigation results from previous oil spills.
• Awarded the Navy Commendation Medal for meritorious service and extraordinary contribution to the Navy in recognition to maintaining a safe and clean environment.

Washington, DC, US

• Managed all shipboard equipment maintenance onboard the USS George Philip (FFG 12), a United States Navy warship, using integrated Preventive Maintenance System (PMS) database systems. Upgraded the hardware and.
• Qualified over 100 personnel in complex shipboard maintenance procedures within a ninety-day period. Won three consecutive “Battle Efficiency” and "Golden Anchor" awards. In cooperation with the South West Regional.
• Saved $1.2M over a nine-month period by pre-planning or deferring maintenance at optimized time periods to match operational schedules and logistic support availabilities. Scheduled maintenance activities in close.

Washington, DC, US

• Continuously monitored all occupational and safety activities onboard the USS Cape Cod (AD 43), a Navy supply and support tender and afloat ship IMA. A deployable Naval Industrial Activity, capabilities included a.
• Directed all safety operations and training of the1,500 person crew to increase safety posture for a myriad of industrial hazards. 50% of crew self identified as minority where English was not their first language..
• Accountable for $500M of assets and execution of a $130M annual operating and maintenance budget. Directed safety aspects of 6800 repairs to Navy ships, totaling more than 560,000 man hours. The repairs spanned the.
• Ship won sixth consecutive Repair "R" award for repair services to 17 ships in Yokosuka, Japan, including 2 CVs, 12 combatants, and 2 auxiliary ships. More than 2,900 jobs were safely completed in 23 days.
• Monitored crew to protect them from industrial hazards: radiation, lead, asbestos, ambient noise, heat, and HAZMAT.
• Supported Safety Departments on 20 other combat ships with support services such as ambient noise measurement, heat stress monitoring, and laboratory testing for lead, asbestos, and safe drinking water. Assisted other.

Ph.D. (Abd), Organizations And Management

M.S., Environmental Management

B.S., Physician Assistant, The George Washington University School Of Medicine And Health Sciences

B.S., Nuclear Undersea Medicine, The George Washington University School Of Medicine And Health Sciences

B.S., Technical Management

H.S., English, Mathematics, Physics, Chemistry, Biology, Geography, History, French