SUMMARY:

• Confidential is an IT Infrastructure and Security/Compliance Project/Program Manager and Executive Consultant with a core focus on results, relationship building and team culture development. He has experience managing project and program portfolios with scopes deep into the multi - million dollar range and insanely constrained time-lines. Confidential has more than 25 years of leveraging his diverse professional experience and performing his roles as a hands-on technician and engineer, DIACAP/RMF engineer leading security and compliance projects and programs as a client executive and consultant as well as developing and maturing inhouse processes, especially responsive processes such as incident management and vulnerability management . Scot’s experiences give him a well-rounded approach to tackle swiftly arising challenges. He brings powerful logistics, planning and technical expertise along with real-time staff and customer relationship management skills.
• Scot’s most recent challenge was to manage the modernization process for a number of national and international organizations wanting to leverage the scalability and flexibility of the cloud. Scot has been a consultant to the Joint Chief’s of Staff, JSP PMO organization, performing gap analysis, reporting and remediation to strengthen the Pentagon JSP PMO project and services bandwidth and capacity management. And the Confidential took advantage of Scot’s leadership, security and compliance background to leverage security compliance modeling, and remediation pathways to bring the DHS FISMA Scorecard back into compliance. More recently, SAP | Confidential used Scot’s project management expertise to bring the SAP Cloud business offerings into compliance after a recent drastic change in how FedRAMP policy related to vendor dependency deviations within vulnerability management and configuration management was being applied to this partnership.
• At Confidential, I have also been working from within the Governance team and in partnership with our technology leaders to mature our compliance program and to develop a comprehensive living and breathing program to maintain our posture within the continuum of operational, steady-state readiness across all lines of business. and developed cross function between teams to tackles compliance upfront starting at architecture and design, and flowing through the entire development lifecycle.
• While working for United Health Group, Scot guided the development, implementation and compliance of U.S. DOD DIACAP, NIST and ISO27K compliant information systems for Confidential program. He coordinated the tightly interrelated and interdependent technology planks and provided DOD Compliance Domain guidance and to plank leads about the purpose and spirit of DOD Information Security requirements. In turn, the technology leads and the experiences coordinating these teams provided to him a crash course in health care information systems.

TECHNICAL SKILLS:

Project Management: Planview, MS Project, SharePoint, MS TEAMS, Azure DevOps, OnePlan, Jira, Kanban, Waterfall, Agile, SAFe

Security and Compliance Models: FedRAMP, DIACAP, DITSCAP, RMF, FISMA, NIST SP & 171, PCI, ISO27K, Cybertrust, SSAE16, SOX

OS: Various Microsoft Windows and Unix/Linux operating systems, some VMS and AS400

Infrastructure and Management Applications: Active Directory and LDAP, SharePoint, PeopleSoft, ACT CRM, SMS/WSUS/SCCM, vCenter, ePolicy Orchestrator, Dell KACE

Development Environments: BASH, VBScript, PowerShell, C (Unix), C++ (Unix) and C#.NET, .NET5.0, Unity, JSON, YAML, Node.js

Roles: Program Management, Project Management, Compliance Management, Information Assurance, Security Operations and Management, DITSCAP/DIACAP/RMF Compliance, FedRamp Compliance, ATO and OA Packaging, Vulnerability Management, Security and Compliance Auditing, Development Support, Risk Assessment, Tier 3 Diagnostic Technical Support

PROFESSIONAL EXPERIENCE:

Sr. Security Project Manager

Confidential - Herndon, VA

Responsibilities:

• Project Manager leading projects critical to maintaining organizational Authority to Operate (ReAuth and CAP item remediations) and provide services within the Federal and Defense cloud spaces. Managed critical response remediations for assessment findings that cannot be deviated and have extremely short turnaround times, requiring concurrent cross-team participation and/or vendor participation to restore and enhance SAP|NS2 FedRAMP accredited compliance posture. Maturing the SAP federal compliance program through streamlining and automatic reporting and vulnerability management systems. He successfully managed and completed approximately
• 25 security tooling deployment and configuration projects including the vulnerability management program. Scot had a combination of projects assigned as well as projects that I identified and prioritized. Projects included managing deployment or reconfiguration of security tooling, but also included projects directly impacting SAP cloud products and release management. For example, although you may not have seen it yet, SAP now supports SELinux Enforced Mode, including by the Hana team (See SAP Note: 2777782). It has been implemented across all lines of business.
• That was one of our project successes. Scot’s projects succeeded in cleaning up security boundary environments and continuous monitoring process maturity. Created VMS Dashboarding draft solution for quick delivery of patch level postures. Created the template project plan for federal assessment preparation and post assessment activity planning. remediated patch level gapping, agent coverage gapping. Implemented Gold Image, Pipelining and Documentation programs. Decentralized security tooling. We confirmed of ATO on 12/17 after assessing the FedRAMP wide remediation projects that I managed.

Sr. Cyber Project Manager

Confidential - Rocky Hill, CT

Responsibilities:

• Managed a global team performing the technical separation of Confidential Global SecOps group from UTC parent company, as well as managing Risk and Compliance framework and policy creation. Successfully managed the development and structuring of Confidential Security Operations infrastructure by working with the OTIS SecOps team, and UTC/Raytheon ensuring proper knowledge transfer of technology and use case, managed the development and deployment of the new security infrastructure, managed the cutover of services from UTC/Raytheon to OTIS, established the vulnerability management program, developed the Agile/SAFe processes and managed the development of new Risk and Compliance framework, matching Corp policy to risk and compliance needs while respecting the needs to conduct business during this transitional period.

Sr. Project Manager and PMO Lead

Confidential - Jacksonville, FL - Remote from CT

Responsibilities:

• Managed Legacy Modernization projects taking organizations from reliance on monolithic mainframe into the cloud and/or scalable distributed computing solutions for such clients as TSYS, Fidelity Investments, Walmart, and General Dynamics. Responsibilities include managing the discovery process, developing project plans, and managing global teams in-charge of the development, execution and delivery of the final solution. In addition to managing client engagements, Scot was the leader of three teams of project managers for the PMO, and helped develop and refine PMO Policy, Process and Procedures while transforming the PMO from a Waterfall centric PMO to a mixed hybrid Waterfall/Agile/SAFe methodology PMO.

Program Consultant

Confidential, - Washington D.C

Responsibilities:

• Scot started working for as a program consultant working with the Joint Services Provider PMO for the Joint Chiefs of Staff. His role is to strengthen the PMO and its project management stakeholder and communication management segments. The first thing Scot did was perform a GAP analysis of the PMO’s Project Planning and Project Artifacts. He then created a detailed report on the strengths and weaknesses of the program and provided insight on how the gaps and weaknesses could be filled and improved so that the JSP organization can clearly report and show Performance Metrics in order to more accurately depict bandwidth and capacity of the program, thereby allowing the organization to provide the highest quality of service and deliverables to the Joint Chiefs and Pentagon tenant organizations.
• Scot moved on to work with SUBMEPP at Portsmouth Naval Shipyard as a supporting consultant to Program Management. He improved the processes and reporting of several functions performed by the contract which were previously deficient and included security findings, including SUBMEPP User Account Audits, of all SUBMEPP Applications, MSWP Interface Scheduling and Reporting and the SUBMEPP Weekly Program Metrics and SUBMEPP Application Source Code Vulnerability Management, including OWASP Top 10 and other identified source code and data base injection vulnerabilities. Scot is also used in a consulting role helping troubleshoot technical problems experienced in the SUBMEPP Customer Service Center and assisted .
• The Inspector General Audit of IT and Security Controls showed a significant improvement since Scot's participation in developing processes and process controls. In July 2018, the Inspector General issued a Satisfactory inspection report after reporting Unsatisfactory results for previous years, and there was not a single finding for any systems or processes within Scot's Area of Responsibility.

Acting ISSO Program Manager

Confidential - Washington D.C

Responsibilities:

• Deputy Program Manager of the ISSO program for DHS Science and Technology
• Reports directly to U.S. DHS CISO and CIO
• Authored the DHS Information System Vulnerability Management Policy
• Authored the DHS Configuration Management Policy
• Dramatically improved security posture and FISMA scorecards for DHS S&T systems and networks from 33% to over 95% within 3 months, including meeting Vulnerability Management Requirements.
• Established a good working collaborative relationship and communication channels between Operations, Engineering and our Security team.
• Invited to participate in White House Interagency Committee activities.
• Developed the team spirit and cooperative environment by utilizing the strengths of each team member to contribute their institutional knowledge and knowledge areas to reinforce one another and customer perception of our team as a cohesive unit.

Program Manager, Compliance

Confidential - Stamford, CT

Responsibilities:

• Principle leader of PCI Compliance and all related compliance initiatives.
• Maintained PCI compliance for 2013 and 2014 and maintaining readiness for our 2015 assessment season expecting excellence across all verticals and horizontals.
• Managed areas of improvement identified during internal assessments and external 3rd party audits.
• Improved the compliance rate of the Vulnerability Management System
• Successfully developed and over the next two years matured unified program of compliance across all security and compliance models.
• Managed executive stakeholders including international group Presidents and Vice Presidents and assure our program remains one of global organizational governance.
• Develop Cross-Team Program buy-in and Relationship building through continual successful delivery of compliance maintenance.
• Created and issued guidance to technology leaders about the spirit of compliance and why we need to maintain our compliance .
• Delivered Subject Matter Expertise when system compliance has caused technical work stops
• Provided executive consultation to leadership when there is lack of clarity or when different PCI rules appear to conflict with other compliance models such as ISO27K or Cybertrust
• Facilitated discussion and cooperation between global teams that need to coordinate technology and between technical teams and executive management when executive input is required.

Project Manager/TriCare Military and Veteran’s Health Care

Confidential - Hartford, CT

Responsibilities:

• Facilitated Stakeholder Management communications and meetings.
• Performed Risk Analysis and managed the technical portions of the Risk Registry
• Change Control Approver for infrastructure and IS/IT changes.
• Cross-Team Development and Relationship building.
• Principle leader of system and process implementation and compliance.
• Successfully delivered milestones within extraordinarily compressed timeline and budget constraints.
• Developed relationships and project buy-in with technical and process owners and stakeholders.
• Developed co-operative alignments with executive leadership, plank leads and other project and program management elements to leverage support where and when needed to assure success of the program.
• SWAT Team Leader for Citrix Cloud and Desktop Problem Management
• Created and issued and guidance to plank leads regarding the spirit of the DOD, NIST, and ISO27K compliance models, and how the standards work to help us protect UHG, DOD and subscriber information.
• Delivered Subject Matter Expertise and Tier 3 Technical Support when system compliance has caused technical work stops, and engineers need additional technical subject matter expertise to troubleshoot DOD hardened systems.
• Provided executive level decision leadership when there is lack of clarity or when different STIG rules conflict with one another, as well as times when executive level decisions must be made relating to our security and compliance posture.
• Facilitated discussion and cooperation between teams that need to coordinate technology and between technical teams and executive management when executive input is required.
• Tracked and managed compliance variances and communicated variances and business need for approval by DOD Designated Authorities.

Program Manager

Confidential - Rock Island Arsenal, IL

Responsibilities:

• Performed the business analysis of First Confidential applications that transitioned from Ft. Gillum, GA to Rock Island Arsenal, IL
• Developed Project Management Plan and subsidiary plans for redevelopment, registration and deployment of NIPRNET and SIPRNET applications and systems.
• Using AGILE methodology, I led the redevelopment all First Confidential Applications for CoN compliance and consolidation within the RIA APC ICAN Data Center.
• Performed DIACAP engineering for systems identified as ineligible for CoN after performing Privacy Impact Assessments.
• Verified compatibility with all desktop operating systems and web browsers in use.
• Deployed AKO SiteMinder for DOD-wide SSO access controls to host systems.
• Directed the migration of First Confidential applications and systems into SharePoint as appropriate, based on the content and functional requirements of each system.
• Developed relationships and co-operative alignments with US Army command leaders
• Developed relationship and lines of communications for further growth opportunities at this point of presence. ed the Confidential of Appreciation for Unwavering Support and Service

Program Manager/BRAC IM Coordinator/DIACAP Program Manager

Confidential - Rock Island Arsenal, IL

Responsibilities:

• Promoted to Program Manager/ Confidential BRAC Information Management Coordinator
• Facilitator for the MICAS Development Team
• Acting Program Manager for the Detroit Arsenal ITES Contract Work Directives seated at Rock Island Arsenal
• Managed the initialization of the Document Imaging Project for TACOM
• Planned and executed consolidation and transition of Confidential IT/IM Resources and Applications for BRAC into the Detroit Arsenal Data Center
• US Army Enterprise Solutions Team Leader
• Directly managed 6000+ workstations and 150+ servers
• Led projects which encompassed all CONUS Confidential systems (estimated at 250,000+) as indirect reports.
• Participated in the DITSCAP to DIACAP Accreditation upgrade for APC Network Rollout.
• 166 individual DIACAP packages and audits processed over 3 years for installation wide DIACAP accreditation of individual systems and processes.
• Developed the pilot baseline mitigation scripts used for the baseline DISA Gold Desktop STIG requirements for Windows XP, Vista and Windows 7
• Rolled out the Confidential migration from Windows 2000 to Windows XP, then to Windows Vista and then again to Windows 7 in compliance with Confidential scheduling and regulation
• 100% Success Rate resolving trouble tickets as Tier 3 last attack.
• Resolved compatibility issues (and thus serious Army Manufacturing Workflow problems) with Ontrack DNC (CNC program management software) on reimaged Windows XP workstations.
• Developed the tools used to perform CAC/PKI Enforcement and Local Admin Rights Audits
• Reduced number of US Army systems not compliant with the CAC/PKI requirement by 70%
• Reduced the number of known software and user accounts with Local Admin Rights requirements by 95%
• Project Leader of Daylight Savings Time date change for Confidential per the Energy Policy Act of 2005.
• Developed and Authored the Configuration Independent Disaster Recovery Plan for SMS/SCCM for Confidential .
• Developed the automatic vulnerability mitigation tools for the Outstanding IAVA list
• Reduced the Outstanding IAVA list by 66% in the first report cycle
• Resolved SAP compatibility and vulnerability issues (caused by DISA STIG requirements) on the APC network and again during IE7 deployment.

Project Manager

Confidential

Responsibilities:

• Managed new user and customer support.
• My team developed and maintained secure administration of project root servers, deployed secure methods of project mirror for global project distribution.
• We developed the first automated compilation and packaging system of a complete secured Linux system using bash
• Developed integrated GNOME-1.4 Packaging and Distribution
• I improved Intel family architecture support for Unix systems by fixing and upstreaming GNU Coreutils machine and CPU detection schema to source project. This improved all Intel based UNIX systems on the planet.
• Developed and Implemented the RPM Package Management System for LFS, including RPM down streaming of critical and security updates to create a package managed Vulnerability Management System.
• Developed and maintained the INN Usenet/GNU Mailman networks and gateway deployment for development communications

Technology Support Manager

Confidential - Sarasota, FL

Responsibilities:

• Developed the world’s first RF Budget analysis software for digital spread spectrum signals
• Developed the world’s first wireless Ethernet networking program
• Developed secure enterprise class solutions for government and commercial implementations
• Developed ISO 01) framework and procedures for R&D, Manufacturing and Technical Support divisions for ISO 9000 .