Yyyyyy x. yyyyyy

Management Executive Cyber Security & Compliance

Certifications & Accreditations ~ Business Process Engineering ~ Project Management

Cyber Security Risk Management ~ Secure Network Architecture ~ Vulnerability Management

         Offer 25 years experience in cyber security including information assurance management, IT program leadership, IT service delivery management, system certification and accreditations, threat and vulnerability management, IT architecture and controls, and security strategy.

         Consummate strengths in Communication Security (COMSEC), risk mitigation and management, product implementations, third-party/vendor risk information security, and orchestrating efforts to bridge the gap between control requirements, technical issues and business/operational risks.

         Highly skilled in applying and enforcing disaster recovery strategies and contingency plans to defend and preserve business-critical and confidential information.

         Excel at Continuity of Operations Programs (COOP) and Information Technology Disaster Recovery (ITDR) process development and training.

         Closely partner with all IT, engineering and business segments to achieve cyber security goals.

         Security clearances include Fully Adjudicated Top Secret and SCI CI-POLY NGA.

         Well-versed in ITIL practices, COBIT framework, and PCI (Payment Card Industry) standards.

Ernst & Young, McLean, VA, 2015 to Present

Sr. Cyber Security Transformation Manager

         Deliver comprehensive cyber security consulting services to clients on a nationwide scale.

         Led team of three in conducting cyber security gap assessment for Berkshire Hathaway and seven subsidiaries.

         Served as technical SME for Milliken s internal audit and cyber security transformation initiative and pioneered clients first information security policy program.

         Project-managed planning and implementation of cyber security incident handling program for Milliken.

         Analyzed and established Milliken s first vendor/third-party information security risk management program.

         Directed all facets of removable media and data-at-rest encryption project for Caterpillar.

Chenega/NJVC, Chantilly, VA, 2010 to 2015

Sr. Cyber Security Threat, Risk, Vulnerability and Compliance Manager

         Devised and launched cyber security compliance program within National Geospatial Intelligence s (NGA s) Cyber Operation Center / Network Operation Center.

         Fostered a cohesive cross-departmental relationship to overhaul agency s cyber security readiness process which resulted in three consecutive outstanding scores from U.S. Cyber Command (2010, 2011, and 2012).

         Scrutinized certification and accreditations/security plans to verify quality control prior to submission to client.

         Validated system compliance/security hardening and compiled Plan of Action and Milestones with recommended corrective actions for non-compliant systems.

         Collaboratively assembled agency s Computer Emergency Readiness Team / Computer Network Defense incident response management program and IT Services Network Management Branch s Information Assurance Vulnerability Management (IAVM) and risk assessment process.

         Handpicked to serve as cyber security subject matter resource on agency s IT Change Management Boards.

         Analyzed weekly vulnerability reports and penetration test results to contrive practical mitigation strategies.

         Proficiently served as Sr. Cyber Security Advisor to agency s Change Management Board and System Engineering and Integration Program Boards.

         Formally lauded by Director of Risk Management for mitigating more than 1,000 unpatched systems.

Continued ►

Professional Experience continued Yyyyyy x. yyyyyy Page 2 of 3

Chenega Technology Services Corporation, Alexandria, VA, 2007 to 2010

Information Assurances Manager

         Guided, unified, and supervised team of 10 in providing day-to-day systems certification and accreditations support to NGA including preparation of ITDR and systems security plans, and ensuring strict quality control.

         Executed repeatable systems certification and accreditations and quality control process to eliminate overall expired systems by 95%.

         Defined IAVM process and pre-Federal Information Security Management Act (FISMA) inspection and training program for over 100 remote sites, eliminating the need for travel by 80% and slashing travel-related expenses by $200K annually.

         Received letter of commendation from IT/IS Management for successfully acquiring a three-year Authorization to Operate from OCIO office.

         Recognized by government and corporate senior management for maintaining highest numbers of accredited systems in contract s history.

Computer Associates International, Herndon, VA, 2005 to 2007

Principal Security Architect / Program and Product Service Delivery Manager

         Aligned and mobilized 10 security technical experts in services delivery and implementation of Computer Associates (CA) enterprise threat management products for Defense Information Systems Agency.

         Masterminded development and deployment of an enterprise threat management solution valued at $1M+.

         Spearheaded full-scope development and implementation of a security target and validation scheme for CA s anti-spyware (Pest Patrol) product common criteria evaluation and NSA code review.

         Oversaw project objectives, application design, deliverables, and implementation strategy for threat management initiative at Harris Corporation.

         Thoroughly tested COOP and ITDR to ensure quality control and employee situational awareness.

         Championed deployment of threat management solution prototype for state government in Arkansas, resulting in the sale of over 1,000 leases.

         Awarded EAL-3 rating for CA s threat management solutions product from Common Criteria Laboratory.

Computer Sciences Corporation, Falls Church, VA, 2003 to 2005

Principal Secure Network / Software Integrations / Lab Manager

         Selected as contract IT Laboratory Manager tasked with testing software functionality to ensure adherence to client s requirements.

         Compiled and tested ITDR plans for systems certification and accreditations packages prior to transmission to customer/government.

         Steered seamless deployment of three primary service center network-monitoring tools to agency s enterprise.

DigitalNet Solutions, Herndon, VA, 2000 to 2003

Sr. Engineer / Networks Installations Team Lead

         Headed team in performing secure network installations, upgrades and maintenance for Defense Intelligence Agency and Department of State s global network operation centers.

         Generated network architecture diagrams, systems security plans and CONOPS for site s certification and accreditation requirements.

         Successfully completed timely installation and upgrades of 10 secure LANs for Defense Intelligence Agency.

         Presented with multiple Letters of Appreciation from Chief Operations Officer, U.S. Consulate in Milan, US Embassy in Rome, US Embassy in Korea and US Embassy in Thailand.

         Received Letter of Recognition from Deputy Chief of Mission, US Embassy of Ghana West Africa.

Land Information Warfare Activity, Fort Belvoir, VA, 1999 to 2000

Sr. Non-Commission Officer / Network Operations Branch Manager

         Provided influential and hands-on team leadership to 17 personnel in administering daily operations of Network Operations Center.

         Controlled $3M operations budget and held responsibility for technology and equipment valued at $7M.

         Led multiple projects related to Remedy trouble ticket database system, data center, and Defense Message Handling System (DMHS).

         Proactively structured and introduced agency s first data center COOP and disaster recovery plan.

Continued ►

Professional Experience continued Yyyyyy x. yyyyyy Page 3 of 3

Headquarters V Corps, G-6, Heidelberg Germany, 1994 to 1999

Sr. NCO / Information Services Support Branch Chief / Communication Security Branch Manager

         Directed, motivated, supervised and coordinated 35 service members in support of V Corps G-6 HQ.

         Held critical accountability for $3M worth of equipment and annual budget of $150K, realizing zero losses during five-year tenure.

         Functioned as COOP program information and disaster recovery expert during all unit deployments.

         Produced and implemented COMSEC inspection program which resulted in 100% accountability during deployment to Bosnia and Herzegovina.

         Persuasively negotiated automation system support services, software, and consulting services to markedly decrease training and deployment automation budget by $500K per year.

         Presented with Army Achievement Medal for creating and deploying first V Corps G-6 website.

         Standardized secure electronic automated messaging during V Corps G-6 tactical missions.

Prior Background:

Non-Commissioned Officer, Pentagon Communication Security Branch Manager

US Army Information System Command, Pentagon, Washington, DC, 1990 to 1994

Bachelor of Science Management, Information Systems and Business Management

Park University

Communication Security (COMSEC) Custodian

Data Processing Advanced NCO Course

Automatic Data Telecommunications Center Operator Basic NCO Course

Primary Leadership Development Course

Security+

ITIL (Information Technology Infrastructure Library)

CISSP (in progress)

Completed ongoing professional development throughout career, covering topics such as:

Project Management; Payment Card Industry (PCI); Computer Associates e-Trust Enterprise Integrated Threat Management (anti-spyware/anti-virus tools); Computer Associates e-Trust Network Forensics: Collection & Analysis; NEUSECURE Network Forensics Collection & Analysis; Computer Associates e-Trust Security Command Center; Computer Associates e-Trust Access Control Center; Remedy AR and 6.X System Administrator; TCP/IP Internetworking and Configuration; LAN/WAN Architecture; Cisco Router & Switch Configuration (advanced); Firewall Configurations and Deployment; Communications Security (COMSEC); Defense Message Handling System