San Diego Metropolitan Area
PROFESSIONAL SUMMARY Senior Information Systems Security Specialist, Cybersecurity Engineer, and AI Security Leader with 12+ years of experience supporting Department of Defense, U.S. Navy, and Federal information systems through the full Assessment & Authorization (A&A) lifecycle. Expert in Risk Management Framework (RMF), eMASS, ACAS, vulnerability management, security engineering, and cybersecurity governance. Recognized for leading AI governance initiatives, conducting AI risk and security assessments, implementing NIST AI Risk Management Framework (AI RMF) controls, and advising organizations on secure adoption of Generative AI, Large Language Models (LLMs), Agentic AI, and emerging AI technologies. Experienced in developing AI governance frameworks, AI security standards, responsible AI controls, threat modeling, and enterprise AI risk management programs. Recognized as a cybersecurity and emerging technology leader with recent experience conducting Artificial Intelligence (AI) governance assessments, AI risk evaluations, and secure AI adoption initiatives aligned to the NIST AI Risk Management Framework (AI RMF). Experienced in assessing AI systems, identifying AI-specific security risks, developing governance controls, and supporting secure deployment of Generative AI and Agentic AI capabilities within regulated environments. CORE COMPETENCIES Risk Management Framework (RMF) | Assessment & Authorization (A&A) | eMASS | ACAS | HBSS | ESS | DIACAP | DITSCAP | Authority to Operate (ATO) | Continuous Monitoring | NIST SP 800-53 | NIST SP 800-171 | NIST AI RMF | AI Governance | AI Security Assessments | Generative AI Risk Management | Agentic AI Security | Vulnerability Management | Security Control Assessments | System Security Plans (SSP) | POA&M Management | DISA STIGs | Security Engineering | Compliance Auditing | Security Architecture | Threat Modeling | Incident Response | Data Loss Prevention (DLP) | Cloud Security | Azure Security | Microsoft Purview | Cybersecurity Governance | DoD Cybersecurity | Navy Cybersecurity | AI Compliance & Governance | AI Center of Excellence | Human-in-the-Loop Controls
Lead cybersecurity engineering, compliance, and continuous monitoring activities supporting Department of Defense information systems. Support RMF implementation activities utilizing eMASS, ACAS, and DISA cybersecurity guidance. Develop and maintain SSPs, POA&Ms, security control implementation documentation, and ATO packages. Conduct vulnerability assessments and coordinate remediation efforts utilizing ACAS, ESS, HBSS, Microsoft Defender, and enterprise security platforms. Evaluate system compliance against NIST SP 800-53, NIST SP 800-171, and DoD cybersecurity requirements. Support implementation of Data Loss Prevention (DLP) controls protecting sensitive information assets. Collaborate with engineering teams to integrate secure-by-design principles into enterprise systems and modernization initiatives. Develop cybersecurity dashboards, KPI scorecards, and executive reporting supporting risk management decisions. Assess emerging AI technologies for security implications, data protection requirements, and compliance impacts within government environments. Provide recommendations regarding secure adoption of AI-enabled technologies while maintaining regulatory compliance and information assurance requirements. Evaluate Generative AI, LLM, and Agentic AI technologies for cybersecurity, privacy, and compliance impacts within regulated government environments. Conduct AI security reviews focus on data protection, model governance, prompt injection risk, and secure deployment considerations. Collaborate with cybersecurity, engineering, compliance, and leadership stakeholders to develop secure AI adoption strategies aligned with NIST AI RMF principles. Support development of enterprise AI governance practices, security requirements, and risk management controls for emerging AI capabilities. Assess AI-enabled solutions for alignment with information assurance requirements, data handling standards, and cybersecurity policies.
AI Governance & Security Leadership · Conducted Artificial Intelligence governance assessments utilizing the NIST AI Risk Management Framework (Govern, Map). · Performed AI security and risk assessments evaluating Generative AI platforms, Large Language Models (LLMs), and emerging AI technologies. · Developed AI governance documentation, security controls, policies, standards, and operational guidance. · Evaluated AI architectures, data flows, model risks, and privacy considerations across enterprise environments. · Identified AI-specific threats including prompt injection, data leakage, model misuse, and governance risks. · Assisted organizations in developing secure AI implementation strategies aligned with compliance requirements. · Performed AI threat modeling activities assessing prompt injection, data leakage, model misuse, excessive tool permissions, and AI governance risks. · Assisted clients with development of AI governance programs, AI Centers of Excellence (ACE), AI policies. · Advised executive leadership on responsible AI implementation, AI security architecture, and enterprise AI risk management. Human-in-the-Loop Governance & Oversight · Developed Human-in-the-Loop (HITL) governance controls to ensure critical AI-generated recommendations, decisions, and actions received appropriate human review and authorization prior to execution. · Established AI oversight frameworks incorporating human validation checkpoints to mitigate risks associated with model hallucinations, automated decision-making, and inaccurate outputs. · Designed governance processes requiring human approval for high-risk AI activities involving sensitive data, regulatory compliance, security operations, and mission-critical business functions. · Collaborated with legal, compliance, cybersecurity, and business stakeholders to implement Human-in-the-Loop review mechanisms supporting responsible AI adoption and enterprise risk management.
• Create customized scanning/testing configurations within testing tools to suit security configuration requirements. • Experience conducting security audits of information systems. • Vulnerability assessment and analysis experience utilizing SCAP, ACAS/NESSUS and DISA STIGs • Experience with DoD implementation of the Risk Management Framework (RMF) and governing directives (NIST, CNSS, DCSA, etc.) • Familiarity with the Defense Counterintelligence and Security Agency Assessment and Authorization Manual (DAAPM) • Assessed whether security controls are implemented correctly, operating as intended and producing the desired outcome • Installed, configured, and maintained DISA ACAS (Assured Compliance Assessment Solution) and HBSS (Host Based Security System) servers • Configured and conducted daily ACAS scans with the use of Security Center and conduct patching and remediation when necessary in accordance with the IAVM process • Perform security testing and evaluation of servers, workstations, databases, and network fabric devices (i.e. firewalls, switches, routers, load balancers) in order to determine security vulnerabilities and weaknesses, and to create reports of security findings in support of security authorization process. • (FRAG/TASK/OPORDs), IA Vulnerability Management (IAVM), Public Key Infrastructure (PKI) guidance, and STIG requirements. • Track and report compliance status in the Vulnerability Remediation Asset Manager (VRAM) and similar reporting tools as applicable. • Perform risk analysis/independent verification on security configuration and STIG finding risk reports / POA&Ms for devices on the network. · Defined escalation and review procedures requiring human intervention when AI systems generated high-risk recommendations, security alerts, or operational actions. · Conducted AI security assessments to validate the effectiveness of Human-in-the-Loop controls across AI-enabled workflows, automation platforms, and decision-support systems.
· Supported cybersecurity initiatives across enterprise and operational technology (OT) environments. · Conducted risk assessments and security evaluations for ICS/SCADA systems. · Rewrote System Security Plans supporting critical infrastructure environments. · Supported secure architecture reviews and compliance assessments. · Participated in cybersecurity architecture reviews and technical risk assessments. · Participated in applicable NERC-CIP training and attended training classes at CISA. · Proved knowledge of FedRAMP, FISMA, Cloud Computing, Information Assurance, IT Audit, privacy and security processes, tools and methodologies. · Implemented company policies, technical procedures and standards for persevering the integrity and security of data loss prevention (DLP), reports and access. · Worked with diverse teams on Cyber Threat Intelligence and Threat Hunting. · Works with the system team on all aspects of system security in collaboration with the DevSecOps team which includes security designs, security architecture, implementation, operations, and compliance. · Perform threat modeling and assessment on SCADA Industrial Control Systems. · Develop and execute Operational Technology (OT) and Industrial Control Systems (ISC) · cybersecurity solutions with guidelines from NIST SP 800-82 r2. · Rewriting the SSP to reflect the updates to the ICS (SCADA), also writing process, policies and procedures. VM is set up in an ICS environment with the VM hardware located in the ICS DMZ. Using GrassMarlin tool to identify traffic and systems on your ICS network. Using CSET tool. · Department of Homeland Security (DHS) assists organizations in protecting their key national cyber assets. · Maintain POAMs and supervise the completion of assigned tasks and activities by others. · Security test and evaluations, and risk assessments for SCADA, ICS, including risk management, vulnerability assessment, security assessment, and architecture monitoring.
• Using the NIST Risk Management Framework (RMF) and other standards-based guidance like (NERC-CIP), perform risk analysis including identification, recommendation of mitigations, and tracking of risks throughout their lifecycle • Perform threat modeling and assessment on SCADA Industrial Control Systems • Coordinate audit activities by internal and external parties including SOC II Type 2 audits (external) • Using NIST SP800-53R4 and other NIST references, design and coordinate the implementation of cyber security controls with technical teams • Coordinate and oversee the development of system security plans and compliance with standards and policies • Interact with peer supplier organizations in the assessment of risk for their systems and technologies, and coordinate risk management and response activities • Evaluate transactions using established criteria to detect potential incident of fraud utilize resources to obtain forensic evidence for investigative purpose • Conduct data analysis to logically identify opportunities for improvement to shrink data loss (DLP) • Implemented company policies, technical procedures and standards for persevering the integrity and security of data loss prevention (DLP), reports and access • Maintain POAMs and supervise the completion of assign tasks and activities by others • Perform baseline assessments of cybersecurity compliance against documented standards and requirements • Ensure that SAIC and in scope systems are patched according to approved schedule and requirements • Provide input and assessment of new risks and recommend actions • Coordinate annual cybersecurity assessment across multiple vendors and service providers; produce consolidated assessment report • Provide reports, communication and engagement with stakeholders and management • Provide senior management and executive briefings, summaries and reports on activities, assessments and cyber-security posture