- Using NIST risk management framework developing security requirements for instantiation of new domain at the secret level.
- Collaborate across divisions CSIRT, Ops, Security to build cohesive units to identify and accomplish the security of the new domain.
- Determined and implemented security requirements per NIST risk management framework
- Audited systems against NIST framework to determine deficiencies and provided corrective actions, complete with resources required and time need for completion.
- Project manager for the certification and accreditation for the Army Top Secret domain.
- Collaborated with various subject matter experts throughout the staff/command in order to develop quantifiable metrics for the program management group.
- Developed and completed plans and action of milestones and suggest alternative resource management practices to meet program objectives for accreditation to bring the system into compliance.
- Provided guidance to subordinate analysts in accomplishment of their program tasks.
- Updated and briefed leadership on findings, violations and viable solutions.
- Systems Administrator on DoD's Host Based Security System HBSS
- Effected change by developing best practices in Threat Management, Log Management, Incident Response, Data Loss Protection and Penetration Testing and developed a concept of operations for all cyber activities currently being implemented by Joint Special Forces Command.
- Created and lead the Computer Emergency Response Team CERT that oversaw incident handling across global IT security teams.
- Used open source collection along with classified indicators to defeat the APT targeting the intelligence agency.
- Coordinated and directed all defensive actions in response to threats and attacks to agency computer systems IAW current regulations and industry best practices DoD, Intelligence Community, NIST .
- Prepared reports and briefings, which informed and directed actions in support of cyber initiatives, both internal as well as external, at the national level Director, DNI, Congress .
- Audited and reported on compliance for NGA cyber security posture to US CYBERCOM and Office of Director National Intelligence ODNI .
- Participated, in risk assessments of information systems auditing segments of information systems and/or information technology programs and integrating content and system functionality with essential cyber security safeguards and compliance standards.
- Provided input for Director of National Intelligence's DNI Comprehensive National Cyber security Initiative CNCI including the identification and management of NGA's capabilities, resource priorities and costing requirements.
- Excelled at influencing teams without direct authority as shown by fostering cooperation and collaboration to build coalitions across 4 directorates, which include 14 teams to form the full capabilities of NGA's cyber team which included the SIEM team, forensic team, intrusion detection team, counter-intelligence team, system administrators, perimeter defense team, HBSS team, etc.
- Developed policies and procedures relative to information systems reliability and accessibility to prevent and defend against unauthorized access to systems, networks and agency corporate data.
- Supervised and mentored junior members of the Division, both Government and contractor.
- Constantly involved in problem solving by identifying problems determining accuracy and relevance of information used sound judgment to generate and evaluate alternatives, and to make recommendations to seniors within the agency.
- Supervised and rated two military personnel, one Major and on Staff Sargent
- Performed engineering support in support of a 4B effort to upgrade NGA's infrastructure.
- Analyzed customer's information assurance needs from the enterprise perspective ensuring the rigorous application of information security/information assurance polices, principles, and practices in the development and maintenance of information systems
- Assessed information technology related operational risk identified and implemented risk prevention and mitigation strategies
- Evaluated configuration and change management practices to ensure that all modifications were adequately controlled.
- Audited network infrastructure security to ensure confidentiality, integrity, availability and authorized use of the network and information.
- Provided subject matter expert advice to program managers and industrial partners in developing and/or using computer systems in direct support to NGA.
- Interpreted guidance and direction received from legislative initiatives, regulatory requirements/changes higher-level management which I incorporated into developing information assurance goals and objectives.
- Responsible for collaborating on the development of IT enterprise system security plans, contingency plans and disaster recovery plans and procedures.