SUMMARY

• A seasoned security executive with more than 15 years of private and public sector leadership experience. Before joining Alliance, Jason served as Deputy Director of Security responsible for 9 DHS component counter - terrorism programs.
• These programs included all lifecycle milestones for an Agency-level infrastructure modernization effort; and had Confidential overseeing information assurance, system security activities, and coordinating Intelligence Community liaison elements for cross-domain interconnection activities.
• He developed and implemented Agency-wide continuous monitoring approach, developed and deployed multi-disciplined Optimization Roadmaps across multiple organizational boundaries.
• He has supervision of multi-disciplined teams of engineers, contractors, and interaction with government executives was responsible for re-alignment efforts resulting in more than 50% decrease in Operating Expenditures.

PROFESSIONAL EXPERIENCE

Confidential

Senior Security and Operations Director

Responsibilities:

• Responsible for providing Security Consulting Services, Business Development, and Sales to our national staff and customer base.
• Provide full Sales lifecycle support of client engagements such as Continuous Monitoring, Training, Security and Risk Assessments, and Security Testing based on the ever-changing threat landscape, compliance requirements, and business functions
• Responsible of development of Division Profit and Loss (P&L), Quarterly goals, Utilization, and Pipeline.
• Provide day to day operations of enterprise security consulting, in the area of information asset management, risk and vulnerability management, audit and compliance, security awareness and training
• Provide strategic support and Executive briefing on customized Penetration Tests for commercial, government, healthcare and systems in accordance with National Institute of Standards and Technology Special Publication 800-115 as well as the Open Source Security Testing Methodology Manual (OSSTMM)
• Deployment and oversight of an enterprise security vulnerability management and patch management solution providing continuous monitoring of Ticket Vending Machines for a nationwide vendor and government customer
• Developed and conducted Incident Response Assessment, Incident Response capability, and Security Monitoring services. Investigated, gathered and documented inappropriate use and internal security incidents for both clients and Confidential
• Established and governed Alliance security policies, procedures, designs, networks, application deployments, and implementation for Confidential .
• Developed an enterprise information security framework. Ensuring data integrity, confidentiality and availability of information as well as creating controls on how data is processed by the Alliance and external organization.
• Developed IT Security Governance structure to reduce risks in business processes, enhance information security, and comply with regulatory requirements
• Led the creation and maturation of client’s security posture through the completion of a Security Risk Assessment and the development and creation of a Remediation Plan to address identified gaps and details recommended courses of actions, prioritized by criticality and grouped around the people, processes, and technologies harmonized with each applicable risk management framework principle.
• Provided clients of various Risk Management Frameworks
• Led client engagements of assessing current security posture and developing an Optimization Roadmap (“Roadmap”) designed to provide a view of the People, Processes, and Technologies recommended to increase the security posture to resist and respond to security incidents and address security requirements through proven, cost-effective, risk reduction measures.
• Established and delivered a custom Governance, Risk and Compliance (GRC) security/risk assessment based on NIST 800-171 and Capability Maturity Model Integration (CMMI) frameworks providing traceability and identification of risks and gaps based on the existing security posture.

Confidential

Senior Security Officer

Responsibilities:

• Developed Insider Threat Program to continuously monitor internal risks and employees of the organization.
• Provide oversight and recommendations regarding:
• Identification and authentication requirements and security measures
• Remote access requirements and security measures
• Configuration management
• Software use requirements and security measures
• Hardware use requirements and security measures
• Incident Reporting and Response requirements and security measures
• Wireless networks and devices recommendations and oversight
• Responsible for informing, providing oversight and recommendations of the overall security risk of the Business Owners
• Provide patch management oversight and recommendations
• Provide auditing best practice oversight and recommendations
• Provide physical security oversight and recommendations

Confidential

Deputy Director and Lead Information System Security Officer

Responsibilities:

• All phase I through IV Information Assurance activities for multiple mission-critical counter-terrorism systems and Program components
• Development, implementation and ongoing operations for centralized Continuous Monitoring solution
• Creation and ongoing maintenance of first-ever custom FedRAMP HIGH baseline (from hybrid MODERATE baseline) for cloud services
• Integration of enterprise Governance, Risk and Compliance (GRC) platform fusing asset, vulnerability and risk indicator data feeds into a common operating picture (COP) for use Agency-wide
• Standardization of custom vulnerability scanning configuration for OMB data calls
• Development and implementation of continuing professional education program for system security practitioners
• Managing Information Security initiatives such as Vulnerability Scans, Plan of Action and Milestones (POA&M), Privacy Impact Analysis (PIA), Security Categorization (L,M,H) pertaining to Confidentiality, Integrity and Availability (CIA), System Security Plan (SSP), Disaster Recovery, Incident Response Plans (IRP), Business Continuity and Contingency Planning (BCCP)
• Ensure adequate, effective, risk-based security controls are implemented to maintain the confidentiality, integrity, and availability of the customer’s data and SF system
• Ensuring proper Security Technical Implementation Guides (STIGs) for Cisco, HP/Unix/Linux, Windows, Apache, and DB2 are applied throughout Secure Flight
• Security Management and Information Assurance; Certification and Accreditation (C&A) of Secure Flight, Information Systems Audits
• Planning and Development for Major Applications, Upgrades, Major Changes and General Support Systems in accordance with National Institute of Standards and Technology (NIST), Federal Information Security Management Act (FISMA), Confidential (DHS), Office of Management and Budget (OMB) Policies
• Established Interconnection Service Agreements (ISA’s) and Memorandums of Understanding/Agreement (MOU/MOA)
• Security voting member at the Configuration Management (CM) process that ensures that updates, modifications, or additions to IS components do not present unacceptable risks to SF, or do not affect the existing approved security posture

Confidential

Senior Information System Security Manager / Program Manager

Responsibilities:

• Managed Information Security initiatives such as Vulnerability Scans, Plan of Action and Milestones (PO&AM), Privacy Impact Analysis (PIA), Security Categorization (L,M,H) pertaining to Confidentiality, Integrity and Availability (CIA), System Security Plan (SSP), Disaster Recovery, Incident Response Plans (IRP), Business Continuity and Contingency Planning (BCCP)
• Ensured adequate, effective, risk-based security controls are implemented to maintain the confidentiality, integrity, and availability of the customer’s data and SF system
• Ensured proper CIS Benchmarks for Cisco, HP/Unix/Linux, Windows 2003/XP, Apache, and DB2 are applied throughout Secure Flight
• Security Management and Information Assurance; Certification and Accreditation (C&A) of Secure Flight, IS Audits
• Planning and Development for Major Applications, Upgrades, Major Changes and General Support Systems in accordance with NIST, FISMA, DHS, OMB Policies
• Established Interconnection Service Agreements (ISA’s) and Memorandums of Understanding/Agreement (MOU/MOA)
• Security voting member at the Configuration Management (CM) process that ensures that updates, modifications, or additions to IS components do not present unacceptable risks to SF, or do not affect the existing approved security posture

Senior Information System Security Officer / Team Lead

Confidential

Responsibilities:

• Developed appropriate Certification and Accreditation artifacts in accordance with NIST 800-37 for a Department of Commerce (DOC) network
• Responsible for developing initial Systems Security Plan, Continuity of Operations (COOP) and Disaster Recovery Plan following NIST 800 series standards
• Developed appropriate policies and procedures in accordance with NIST standards and implement and test operational, managerial, and technical security controls in accordance with NIST SP 800-53
• Provided consulting support to executive management on security design, implementation and appropriate security processes
• Established Interconnection Service Agreements (ISA’s) and Memorandums of Understanding/Agreement (MOU/MOA)
• Assisted in the development of Continuity of Operations Plans (COOP) and Disaster Recovery Plans (DRP)

Confidential

Information System Security Officer

Responsibilities:

• Provided senior Information Assurance consulting services to FBI Counter-Terrorism Division
• Ensured perimeter protection, data protection, user workstation protection, and provide technical security guidance and support to IT and executive level leadership
• Ensured all CTD systems navigate the certification and accreditation (C&A) process using applicable government standards. Responsible for preparing all forms of C&A documentation and coordinate with FBI certifiers and accreditors
• Incorporated security risk management processes throughout the client to identify and document program requirements and system countermeasures to achieve an acceptable level of security at acceptable cost throughout the organization’s life cycle
• Incident Reporting, Response and Development - Assist in monitoring incident reports to identify programming errors, safeguard weaknesses, and to identify and resolve system deficiencies.
• Aided in the development of the Continuity of Operations Plans (COOP) and Disaster Recovery Plans (DRP) to prepare for disaster or emergency response, backup and restoration of critical data or systems, and post-disaster recovery
• Configuration Management (CM) process to ensure that updates, modifications, or additions to IS components do not present unacceptable risks to CTD, or do not affect the existing approved security posture.