Chief Executive Officer for Better Everyday Cyber, LLC providing cybersecurity consulting services to assist public and private sector organizations with enhancing their cybersecurity posture, meeting compliance requirements, and responding effectively to security incidents.

System security compliance liaison supporting a US Air Force (USAF) Intelligence System Support Office (ISSO) cloud-hosted counter-threat finance analysis & visualization program • Collaborates with the Information System Security Manager (ISSM), Information System Security Officer (ISSO), Security Control Assessor Representative (SCAR), and Development Team to maintain system FISMA compliance.• Orchestrated the implementation of the configuration management plan, which introduced a structured approach to reviewing, testing, assessing, planning, approving, executing, monitoring, and documenting changes to the system.• Architected the processes to managing ongoing awareness of system security posture, vulnerabilities, and risk which met the Authority to Operate condition to establish an Information System Continuous Monitoring (ISCM) strategy.• Implemented a plan for testing security controls, managing vulnerability remediation, and updating security and program policies utilizing agile product management practices and Sprint planning to prioritize efforts to add optimal value.

Senior Information Security Consultant operating within the Governance, Risk, & Compliance (GRC) Practice. Served as vCISO for several SMBs and public sector organizations providing security program development, management, and strategic support to align security practices with business objectives.• Conducts comprehensive cybersecurity assessments utilizing NIST CSF, NIST SP 800-171, PCI DSS and FTC Safeguards Rule, to identify, document, manage, and mitigate risk areas and vulnerabilities within client organizations.• Analyzes assessment results to develop detailed gap analyses, providing clients with a clear understanding of their current compliance status, cybersecurity posture, and risk exposure.• Collaborates with executive leadership to create strategic security program roadmaps, outlining prioritized actionable steps to achieve regulatory compliance, enhance cybersecurity resilience, and mitigate identified risks.• Drafts and updates information security policies, establishing a security governance framework for organizations and ensuring alignment with industry standards and regulatory requirements.• Helps establish and oversee risk management programs, which includes identifying risks, creating risk registers, and developing risk mitigation strategies that support business continuity and the security of critical data.• Develops and tests customized Incident Response Plans, preparing organizations to effectively detect, analyze, contain, eradicate, and recover from cybersecurity incidents.

• Assess all applicable security controls defined in the mandated DHS Compliance Tool and applicable to the systems under their purview• Assess the completeness and accuracy of the FIPS-199, Privacy Threshold Analysis (PTA), E- Authentication, Contingency Plans (CPs), Contingency Plan Tests (CPTs), Security Plans (SPs), and Security controls leveraging 800.53A test cases• Develop the Risk Assessment (RA) Package documentation to include Security Assessment Reports (SAR), ATO Letters, ATO Recommendation Memo, Risk Assessment Memos, CFO Designation Memo, POA&M finding matrices, Executive Data Sheet (EDS), OA artifacts (as applicable)• Ensure risk assessment results are documented completely and accurately in the mandated DHS Compliance Tool at the operating system, application, and database levels.• Review POA&M closure and waiver packages in accordance with the IAD POA&M Standard Operating Procedures.• Review RFC or upgrades and provide recommendation on whether this will result in major or minor changes and overall cybersecurity impact and utilize IAD tool for tracking of changes.• Conduct, evaluate, and analyze vulnerability results from ATO assessments, penetration tests, and vulnerability scans; create POA&M Matrices from results.• Execute responsibilities as outlined in the RA and OA Standard Operating Procedures and assist the policy manager in the review of these, and other SOP-related processes for updates.• Provide recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.• Review team Weekly Status Report (WSR) for quality and accuracy – consolidate for mini team• Lead findings meeting and prepare results for security controls assessments, penetration tests, and vulnerability scans• Provide Cross Task Areas support as required

• Develop metrics and communicate the compliance posture and effectiveness to Management on a scheduled basis.• Conduct Security Assessment and Authorization (A&A) document reviews of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Configuration Management Plans, Contingency Plans, Security Categorization (FIPS-199) and other documents as required ensuring that applicable requirements are identified and documented • Conduct comprehensive security controls assessments (SCA) that determine the condition of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls• Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions and or controls to address identified vulnerabilities.• Prepare and submit the security authorization package to the Authorizing Official (AO)• Gather data, analyze compliance and report results on the condition and progress of the IT Cybersecurity Program, POA&Ms, A&A workflow tools data, FISMA compliance requirements, and ATO packages.• Provide POA&M management, coordinating with ISSMs and ISSOs to ensure timely mitigation and sufficient artifacts to support closure.• Track mitigation steps and ensure that risks are managed appropriately and in a timely manner.• Review and analyze metrics and security reports on a regular basis (e.g. daily, weekly, monthly, etc.).• Develop and report weekly on statuses of all activities and systems within the agency’s system inventory.• Support Ongoing Authorization (OA) by assisting the ISSO’s and ISSM’s with the review of the security controls on the agency’s defined timeframes.

Senior cybersecurity compliance specialist for TSA information systems. Responsible for conducting compliance monitoring to assist TSA in completing Monitoring step of the RMF cycle for all of TSA systems.• Researches major obstacles related to the ever-changing DHS FISMA requirements, which customer will need to overcome on a weekly, monthly, and yearly basis.• Tracks customer information system weakness remediation efforts using the appropriate processes, ATO expirations, Information Security Vulnerability Management (ISVM) compliance, DHS Performance Plan requirements, DHS Scorecard requirements, audit efforts, and CDM support efforts.• Creates dashboards, tracking, and monitoring tools as required for, but not limited to the following items: High Valued Assets, ISVMs, Plan of Action & Milestones (POA&Ms), and system scores.• Ensures information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. Supports customers at the highest levels in the development and implementation of processes.

• Served as the Senior Manager for an enterprise service desk providing virtual desktop infrastructure (VDI) services to global stakeholders enabling real-time full-motion video for global distributed processing, exploitation, and dissemination operations • Responsible for the technical oversight and professional development for over 75 system administrators and desktop support specialists in a 24/7 3-tiered service desk

• Principle technical advisor to the senior intelligence officer (SIO) concerning intelligence systems integration and architecture design to include physical and virtual server management, client hardware support, communications security, satellite transport, and systems interoperability. • Served as the Joint Worldwide Intelligence Communications System (JWICS) Information Systems Security Officer (ISSO) for the division. Ensured compliance with identity and access management policies for systems users.• Served as the senior project manager for all intelligence information systems and network modernization projects for the division. Responsible for the planning, coordination, and execution of equipment fieldings, systems configuration & tailoring, and operational integration for new capabilities.

• Served as Chief Intelligence Systems Integration & Maintenance lead for 6 sub-organizations• Responsible for the welfare, performance, and development of 20 military and civilian technicians• Provided the infrastructure support and account management for over 300 users, 900 desktop workstations, 120 VoIP phones, 12 VTC suites/terminals, 3 SATCOM terminals, and 70 virtual servers collectively spanning 7 different enterprise networks

- Technician for various intelligence systems- Shop Foreman for distributed maintenance operations providing system administration and network connectivity for military intelligence operations.