United States
•Empathetic influencer. Ambitious thought leader with a tech-savvy approach towards collaborative innovation. Lead best of the breed technologists at tip of the spear on high value mission-critical programs. Design products and processes that safeguard mission-essential information. •Results-driven Program Manager actualizing strategies to identify cadence and synchronization requirements to create complex software products. Combine strong team leadership, consensus building and talent development to create agile teams that transform business objectives into effective solutions using Scrum, Kanban, Lean and the Scaled Agile Framework. •More than three decades of Cyber Risk Manager experience in increasingly challenging information technology, management, and administrative positions. Exceptionally talented at leading cooperative efforts for creating solutions to overcome IT issues with cross-integration of system implementation, information security, and technical management in agile DevOps environments. •Systems specialist in synchronizing operations and maintenance support to meet the cadence for assessment and authorization, cyber security, DIACAP/RMF and training. Integrated cost efficient and practical solutions to solve complex enterprise-level network challenges. Project Team Leader experienced at leading projects in fast-paced environments to deploy products and services for enterprise-level data service centers supporting the Federal government. Expert level understanding of government organizational priorities, IT policies, and acquisition procedures supporting FISMA, ISO 9001/20000/27000 series, NIST, FIPS, COBIT, PCI, HIPAA and GDPR.
•Acted as FedRAMP compliance SME, advised cross-functional teams, and ensured alignment with NIST SP 800-53 Rev. 5 and NIST SP 800-37 frameworks. Guided technical teams on meeting relevant compliance requirements and updated necessary documentation. Managed internal and external FedRAMP audit activities, acted as the liaison between auditors and internal stakeholders, assisted with evidence collection and interviews, and oversaw artifact creation and submission. •Supported ConMon initiatives by performing ongoing assessments, tracking POA&Ms, and generating required reports for significant change requests (SCR), vulnerability management and system status. Maintained all FedRAMP documentation including policies, procedures, SSP, Security Assessment Reports and other required deliverables for security compliance. Facilitated cross-team discussions to ensure compliance with security impact levels as defined by FIPS 199 and FIPS 200. •Wrote SOPs, incident response plans, disaster recovery plans, and contingency plans for FedRAMP compliance. Worked with internal teams to ensure accurate, detailed documentation of compliance efforts. Conducted gap assessments to identify risks and developed remediation strategies. Ensured continuous alignment with FedRAMP, DoD, FISMA, and all other applicable security and privacy regulations. •Oversaw vulnerability assessments, analyzed infrastructure, data flows, access controls, encryption methods, and security frameworks to ensure alignment with FedRAMP and public sector security control baselines. Provided mentorship to team members by assisting in the development of skills related to FedRAMP, NIST compliance, and cloud security controls. Facilitated the public sector compliance processes, ensuring that artifacts and evidence were managed within FedRAMP standards. Managed relationships with third-party assessment organizations (3PAOs) and coordinated external audits and compliance assessments.
•Create customized training courses for Security University, www.securityuniversity.net. Courses are designed to provide the lab and classroom experience in order to fulfill the National Security Agency (NSA) and Committee on National Security Systems (CNSSI) 4011, 4012, 4013A, 4015, 4016A educational requirements to become a Navy Qualified Validator (NQV) Level I, II and III. These courses provide the cyber workforce with an overview of a methodology for managing risk within the Risk Management Framework (RMF). The RMF was developed by the National Institute for Standards and Technology (NIST) to standardize IT risk management. •Courses expose learners to a comprehensive examination of the RMF with selection and specification of security controls for an information system. Management of organizational risk is a key element in the organization's information security program and provides an effective framework for selecting the appropriate security controls for an information system. •Other topics covered in the course include: maintaining compliance with FISMA, guidance on OMB Exhibit 300, NIST Special Publications, FIPS, Certification and Accreditation, Platform IT (PIT) and more. Learners acquire hands-on experience using common port scanning, packet sniffing and penetration testing tools such as Nessus, Wireshark, Nmap and other tools in the Kali Linux toolbox. The course also includes labs to gain mastery of eMASS, HBSS, ACAS and dashboard management for CYBERSAFE.
•Industry consultant and leading manager for the Federal Risk Assessment Management Program (FedRAMP) certification and accreditation process on the Department of State's Global Talent Management Applicant Tracking System for Avature. Design and implement automation for partner trust, assurance, compliance, and regulatory activities. Oversee security controls, risk assessment frameworks, policy development, and compliance programs. Evaluate risks and develop security standards, procedures, guidelines, and policies for information and data governance in collaboration with the business areas. •Develop reporting metrics, dashboards, and evidence artifacts demonstrating FedRAMP security risks. Create, optimize, and support cross-functional working groups and projects to enhance the efficacy and effectiveness of policy and guidance across the organization. Document and report assurance failures, inconsistencies, and gaps to stakeholders. Integrate Governance, Risk, and Compliance (GRC) systems with cross-functional stakeholder systems to ensure accuracy and consistency. SME for policy development and control alignment. Enterprise risk management and business continuity leader to keep essential functions up and running during a disaster and to recover with as little downtime as possible.
•Responsible for the implementation and management of Quality Management System (QMS) and Information Security Management System (ISMS) for the company’s technology solutions business. Ensure that the QMS and ISMS processes are established, implemented, and maintained in accordance with corporate policies and ISO 9001 and ISO 27001 standards. Champion for quality management and information security management principles and compliance. •Responsible for maintaining the QMS, ISMS, and associated ISO certification. Serve as the point of contact for the ISO certification body (registrar). Work collaboratively with all team members to collect Quality Management System (QMS) and Information Security Management System (ISMS) input, update existing process, procedures, work instruction and guidance documentation. •Execute company quality management plan as it relates to ISO internal audits, management reviews, and risk assessments. Serve as the Management Representative, as well as develop, maintain and facilitate the management review process. Oversee and monitor continuous improvement opportunities for the QMS and ISMS. •Develop auditing plans and oversees internal audits conducted to support the QMS and ISMS. Advise senior management on a periodic basis on the overall health of the QMS and ISMS, identifying critical issues and continuous improvement opportunities. Collaborate with personnel in customer account management roles to ensure that the business identifies and documents customer requirements for quality and information security.
•Administer the security and privacy requirements for the Cloud.gov platform as a service (PasS) hosting for the Head Start Enterprise System (HSES). Provide continuous monitoring activities for high value enterprise systems at the Department of Health and Human Services (HHS). Manage platform security aspects of the underlying network to give HSES customers a virtually isolated network environment. •Establish strategic program goals geared towards deploying threat management and information protection capabilities and standards, strengthening the cyber security workforce, and increasing stakeholder engagement. Provide secure solutions and enterprise services to programs across HHS.
•Cyber Security Program Manager at the Small Business Administration (SBA) Headquarters. Led day-to-day contract requirements with a team of seven Information System and Security Officers (ISSO). Aligned the Office of Chief Information Officer with cyber security cross-woven into dynamic changes in policy based on the priority of the cyber threat landscape for 40 major and General Service Systems (GSS) level systems valued at over $70 million. •Spearheaded an ambitious plan to migrate into Windows 10, Azure, Office 365, OneDrive and SharePoint. The SBA will become the first government agency to complete this modernization. Organized pilot projects for incremental modernization. Built the security plan and identifying solutions for risks to increase mission performance without compromising security. Offered a comprehensive suite of risk management framework services designed to protect enterprise-level networks by pre-empting cyber security threats and providing solutions to cyber security challenges. Created dashboards, heat maps, risk vulnerability comparisons and risk analysis stoplights to compare risks based upon likelihood and impact. •Managed change requests to bring locally hosted systems into FedRAMP certified cloud-based systems hosted on Amazon Web Services, Salesforce, Datapipe and Azure. Assessed the impact of changes to cost, performance and schedule for seven systems joining http://www.certify.sba.gov and seven other cloud-based systems. Prepared project status reports and financial reporting in support of FISMA, local audits and congressional information requests. Created and delivered presentations containing risk profiles and solutions plans with scheduled implementation rollouts to senior management at SBA on project goals and plans, progress reporting, updates, milestones and risk-based metrics. Organized and facilitated project planning, create charters and minutes for security status meetings, program reviews, and software release planning.