Experience

• 

  Oberon associates

  Jan 2006 - Apr 2008

  Atm network controller

  1 of 3 ATM Network Controllers for the DISA CENTCOM Theater of operations (South West Asia - SWA). Configured, managed, and maintained all of the terrestrial and SATCOM fiber links in/out of the SWA area of responsibility.

• 

  Saic

  Jan 2012 - Jan 2014

  Network engineer ii
• 

  U.s. department of homeland security, office of intelligence and analysis

  Jan 2016 - Apr 2022

  Series 2210/GS-15.Plans, organizes, and directs the activities of an I&A CIO department as the OPTICS Branch Chief, ensuring I&A operations related to intelligence support comply with legal and regulatory requirements and meets customer needs. Develops goals and objectives integrating organization and I&A objectives. Researches, interprets, analyzes and applies various guidelines, policies, regulations, etc. Establishes policies and procedures for accomplishment of I&A operations. Plans and schedules work in a manner promoting a smooth flow and even distribution. Coordinates plans and schedules with other organization managers and customers as appropriate. Identifies need for changes in priorities and takes action to implement such changes. Plans work to be accomplished by subordinates, sets and adjusts short-term priorities, and prepares schedules. Assigns work to subordinate employees based on organization priorities and consideration of difficulty and requirements of assignments such that the experience, training, and abilities of staff are effectively utilized to meet organization and customer needs. Balances workload and provides advice, guidance, and direction on a wide range of I&A and administrative issues. Structures assignments to create effective and economical positions. Coordinates with other organization managers and customers as appropriate. Reviews organization mission, functions, and manning. Identifies requirements and initiates requests for additional resources including personnel, overtime, equipment, supplies, and space to ensure success in meeting goals and objectives. Provides advice to supervisor of significant issues and problems related to work accomplishment. Establishes metrics and analysis systems to ensure actions are timely and reviewed at critical points. Reviews work presented by subordinates. Performs self-inspection and presents detailed and comprehensive report with any corrective action taken to supervisor. Show less Series 2210/GS-14Served as the Vulnerability Assessment Team (VAT) Lead. Provided innovative direction, oversight, and critical problem-solving abilities when conducting vulnerability analysis and independent validation and verification (IV&V) support to various customers including Federal/State/Local/Tribal/Private Sector parties who use the TS/SCI classified network (including CDS and voice and video networks) within the DHS Intelligence Enterprise. Directed a 5-person team utilizing security tools/apps such as HP Fortify and Web Inspect, Tenable Security Center, DISA STIGs, SCC SCAP and CIS Benchmarks to prepare Vulnerability Assessment Reports (VAR), Vulnerability Assessment Matrices (VAM) with Plan of Action and Milestones (POA&M), as well as, software assurance/supply chain reports to assist the DHS I&A CIO, CISO, and Security Control Assessors (SCA) in recommending the overall cyber-security posture of target O&M core systems and applications that are under initial or annual assessment. Facilitated weekly technical exchange and other ad-hoc meetings to de-conflict and ensure critical/priority projects remain on schedule. Was a key contributor to the Intelligence Community (IC) DevSecOps, Vulnerability Management, and Software Assurance working groups. Show less Series 2210/GS-14 Program Manager for the ICS (Intelligence Community Standard) 502-04 - I.T. Security Continuous Monitoring. Instituted/engineered/administered a cloud-based (C2S) eGRC program for DHS I&A and DHS TS/SCI field components to automate 11 security capabilities that include vulnerability management, patch/license management, software assurance, and configuration/asset management. Followed NIST 800-137 continuous monitoring best practices. Created campaign, communications, training and administration strategies that allowed for the DHS TS/SCI IE to utilize the eGRC tool once it entered production.*Assisted in the selection of, and subsequently became the Project Manager for, the Archer eGRC tool. Allowing automation of the previous completely manual RMF (A&A/ConMon) life-cycle process. It allowed stakeholder (ISSO, SCA, CISO, AO, Program Office, and Privacy Office) visibility into the tool to create, assess, and provide risk-based decisions to grant or deny authorizations for over 200+ A&A packages. *The tool also aggregated (up to 8 of the 11 automation capabilities) various scanner and sensor data-feed information to provide the appropriate cybersecurity risk posture view for each stakeholder.*Managed multiple vendor and external Subject Matter Experts (SMEs) to install, configure and test the eGRC system (hosted in the C2S classified cloud environment).*Collected, compiled, analyzed, disseminated and maintained the IC Information Assurance Vulnerability Management (IAVM) reports for all DHS TS/SCI Intelligence Enterprise components. Show less Series 2210/GS 13 (2016)/ GS14 (2017).Responsible for conducting comprehensive assessments of the management, operational, and technical security controls of initial and production O&M core systems and applications within the DHS TS/SCI environment to determine the overall effectiveness of the controls. Recommended corrective actions to address identified vulnerabilities. Prepared the final security assessment report (SAR) containing the results and findings from the assessment. Conducted physical site assessments of Sensitive Compartment Information Facilities (SCIFs) and reviewed Assessment & Authorization (A&A) packages to ensure the security controls for the information systems meet the stated security requirements.*Performed risk assessments on assigned initial or production O&M DHS TS/SCI systems and applications adhering to NIST 800-53rev4/800-37/800-30/CNSSI 1253 standards.*Provided specific recommendations on how to correct deficiencies in the controls and address identified vulnerabilities.*Assessed changes in the system, environmental, and operational needs that could affect the accreditation/authorization.*Coordinated with ISSOs for remediation of POA&Ms with identified weaknesses and suspense dates for each system based on findings and recommendations from the SAR.*Conducted periodic testing of the security posture of the target system (Continuous Monitoring).*Ensured configuration management (CM) for security-relevant system software, hardware, and firmware were properly documented. Show less

  • IT Operations, Infrastructure and Customer Service (OPTICS) Deputy Director/Branch Chief

    Mar 2020 - Apr 2022

  • Vulnerability Assement Team (VAT) Lead

    Jan 2018 - Mar 2020

  • I.T. Program Manager for ConMon and eGRC (enterprise Governance, Risk and Compliance) programs

    Jan 2017 - Jan 2018

  • I.T. Project Manager/Security Control Assessor (SCA)

    Jan 2016 - Jan 2017
• 

  Capital one

  Apr 2022 - May 2023

  Manger, agile product owner (devsecops and cyber security)

  Led two multi-cloud-based security assessment teams (3rd-party SaaS and Core Infrastructure Services) as a Product Owner, overseeing operations on AWS, GCP, and Azure platforms.Developed and communicated a risk-based, data-driven strategy and roadmap for enterprise security services and solutions in collaboration with engineering, operations partners, customers, and stakeholders.Conducted analysis/selection of alternatives based on threat assessment, risk evaluation, desirability, feasibility, and viability.Utilized Atlassian Jira KanBan boards at team and enterprise levels to efficiently prioritize, track, and manage agile projects, ensuring successful project completion and providing timely updates to key stakeholders in case of impediments or delays.Provided guidance to Accountable Executives and Senior Leadership decision-makers on business and technology risks, while maintaining technical and risk credibility across the enterprise with internal teams and external partners.Completed the Scaled Agile Framework (SAFe) Product Owner/Product Manager course to enhance skills and knowledge in product management within an agile framework. Show less

• 

  Cam legacy group

  Apr 2023 - now

  Independent cybersecurity consultant/advisor

  Delivers expert consultation on cybersecurity initiatives for multiple clients on Governance, Risk, and Compliance (GRC), along with vulnerability management, requirements management, IT observability, and critical events management (CEM).

• 

  Ecs federal, llc (client site: fbi hq)

  May 2023 - now

  Sr. cybersecurity advisor/consultant

  Provide technical consultancy support to United States Federal Agencies' Cloud Assessment and Strategic Operations units and executive-level priority programs, delivering value-added solutions.Offer subject matter expertise (SME) for a diverse range of National Security programs, collaborating with Cloud Service Providers (CSPs) to enhance operational efficiency.Support system development initiatives, encompassing project management, requirements gathering, system design, data conversion, documentation, training, and deployment as needed.Develop and implement best practices for branch information technology and data integration efforts, optimizing processes.Conduct comprehensive analyses and studies on IT data requirements, business process re-engineering, business continuity, performance evaluation, bench-marking, and new technology assessments.Advise Senior Federal Agency Leadership on policy formulation and program implementation.Prepare and deliver technical and policy reports and briefings to stakeholders, facilitating informed decision-making.Identify performance gaps, extract lessons learned, and conduct After Action Reviews (AARs) to enhance future operations.Analyze program and policy effectiveness to ensure congruence with overarching Federal Agency initiatives, driving continuous improvement and alignment with strategic goals. Show less