K Walther, CISSP CISM CAP

Experience

• 

  Commander Navy Region Southwest MWR

  Jun 1999 - Jun 2017

  Senior IT Specialist

  • Provided IT support for the enterprise business network at Navy Region Southwest San Diego as a member of the civilian IT team.• Managed IT records, including Cyber Security Awareness Training records and System Authorization Access Requests for regional civilian employees. Ensured records were accurate and up to date, and conveyed security requirements to end users. Wrote acceptable-use policies and facilitated submission of records to Human Resources for background checks.• Implemented technical security controls on production workstations, servers, and peripherals. Conducted security assessments using SCAP, Nessus, and McAfee tools and rectified any vulnerabilities identified.• Developed USB external device procedures and guidelines in accordance with network security policy to mitigate malware risk. Provided technical advice to management and served as end-user liaison for evaluating business requirements, conducting risk analysis, and implementing risk mitigation strategies Show less

• 

  B.E.A.T. LLC.

  Sept 2018 - Jul 2021

  Information Systems Security Officer (ISSO)

  Specializing in Risk Management Framework (RMF) of NIST Cybersecurity Framework. ACAS, HBSS, ForeScout, Tanium, eMASS, Information Security Systems Management.

• 

  Sigma Defense Systems LLC

  Jul 2021 - Mar 2024

  Development, Security & Operations (DevSecOps)

  DevSecOps is a software development approach that emphasizes security throughout the entire development process, from design to deployment.I aim to integrate security practices and tools into the software development life cycle (SDLC) in order to detect and prevent security vulnerabilities as early as possible. As a DevSecOps professional, I believe that security should be a shared responsibility across all phases of the SDLC, hence the term "DevSecOps" which is a combination of "development," "security," and "operations."My goal as a DevSecOps professional is to help organizations deliver software faster and more securely by integrating security into the development process and automating security testing. To achieve this, I promote a culture of collaboration and continuous integration and delivery, and incorporate security tools and practices into the development workflow. By taking these steps, organizations can reduce the risk of security vulnerabilities and improve the security of their software and systems. Show less

• 

  US Navy

  Sept 2023 - now

  Information Technology Specialist

  I develop and implement security architecture and infrastructure to protect information systems against unauthorized access, modification, or destruction.I conduct security assessments and audits to identify vulnerabilities and threats, utilizing tools and methodologies aligned with industry best practices.I collaborate with IT and cybersecurity teams to integrate security into all phases of the software development life cycle (SDLC) and system development processes.I design, implement, and manage security controls and countermeasures to mitigate identified risks to an acceptable level, in alignment with the organization's risk management strategy.I prepare and maintain documentation related to security accreditation and compliance activities, ensuring adherence to RMF and other relevant security frameworks and standards.I provide expert advice and guidance on security issues, emerging threats, and best practices to senior management and other stakeholders. Show less

• 

  Cloud Security Alliance

  Dec 2023 - Dec 2023

  Zero Trust Exam Writer

  Writing exam questions typically involves the following:I determine the exam content and objectives by reviewing the relevant curriculum and learning materials and identifying key concepts and skills to be tested. Then, I write exam questions by brainstorming and refining a list of possible questions. Finally, I review and revise the questions to ensure their accuracy, relevance, and fairness, which may involve seeking feedback and pilot testing them with a small group of students.