Justin May

Experience

• 

  Mississippi Air National Guard

  Jul 2012 - Dec 2022

  Information System Security Manager

  ● Managed Assessment and Authorization Processes, utilizing Risk Management Framework (RMF) for DoD Classified and Unclassified Networks.● Developed, updated, and tested network artifacts, including Contingency of Operations Plan, Disaster Recovery Plan, Configuration Management Plan, System Security Plan, Network Topology, etc.● Enhanced network security for over 2,200 devices and user accounts with the use of Assured Compliance Assessment Solution (ACAS) Vulnerability Scanner, AFNet Compliance Tracker, and DISA Security Technical Implementation Guides (STIGs).● Improved security by engineering PowerShell scripts to address network vulnerabilities automatically, which led to a decrease in vulnerabilities by 90%.● Guided leadership in decision-making related to security and risk assessment operations.● Ensured that countermeasures were in place to protect classified information and contained compromising emanations for 9 areas utilizing over 100 devices that processed classified information.● Implemented procedures for an Incident Response Process, greatly reducing reporting times for security incidents while ensuring proper sanitization and clearing methods were used. Show less

• 

  ITS

  Mar 2014 - Dec 2015

  Data Center Operator
• 

  BAE Systems

  Dec 2022 - Sept 2024

  Information Systems Security Officer

  ● Managed multiple enclaves in the Assessment and Authorization Process, utilizing Risk Management Framework (RMF) Processes for DoD Classified and Unclassified Networks.● Improved STIG process to drastically remediate vulnerabilities across the network, leading to the elimination of over 50% of total CAT findings.● Implemented STIG Manager program to improve the transparency of vulnerabilities over the entire network.● Worked directly with Windows Administrators to implement baseline standards for a variation of Servers and Workstations.● Developed a OneNote to ensure job continuity for future employees transitioning to Cyber Security Team, enabling immediate work productivity.● Tracked and improved the POA&M process for both Classified and Unclassified networks, directly resulting in a significant reduction in overall open findings.● Strategically authored crucial documentation in preparation for significant CCRI inspection, ensuring comprehensive readiness. Show less

• 

  Battelle

  Jan 2024 - now

  Information Systems Security Officer / System Administrator III

  ● Managed and maintained mission-critical Map-based mission planning servers across three classification enclaves with a front-facing web interface, enabling mission planners worldwide to coordinate tactical operations. Deployed back-end code developed on top of the Sitaware suite and ensured data integrity through SQL Server management.● Oversee the maintenance and updates of 100+ servers, ensuring high availability and performance across SCCM, WSUS, SQL, IIS, ADFS, and Domain Controllers (DCs).● Lead comprehensive vulnerability management efforts using ACAS and SCCM to identify, assess, and remediate security risks, ensuring timely patch deployment and system hardening. Developed and enforced the Security Technical Implementation Guide (STIG) process to comply with industry best practices.● Designed and implemented Group Policy updates across the enterprise, enhancing security posture and streamlining user and system configurations.● Developed and standardized comprehensive SOPs for all server and network administration tasks, driving consistency in operations and reducing system downtime.● Utilize Splunk and Graylog for continuous monitoring of system logs and events, proactively identifying potential security incidents and optimizing system performance. Lead incident response efforts, troubleshooting critical issues to restore service and prevent future occurrences.● Manage security accreditation packages in eMASS, ensuring compliance with Department of Defense (DoD) cybersecurity frameworks. Regularly audit systems and configurations to align with established security policies and regulatory standards. Show less