TECHNICAL SPECIALTIES:

• IT, Data and Telecom - Information, Data and Technology Governance, Strategic Planning, International Operations, Maintenance & Sustainment
• Enterprise Architectures/Cloud Computing/Data Management/Data Science, Software/Systems Design, DevOps, Systems Engineering and Integration, Process Improvement, CyberSecurity, Information Security, Information Assurance (IA/C&A/IV&V), Threat Management, Incident Response, Risk Assessment, Analysis & Management, Business Continuity/Disaster Recovery Planning
• Government security/risk/privacy requirements and compliance standards, i.e., DoD, NSA and NIST Policies, FFIEC, IRS-1075, FISCAM, CMS, FIPS, ITGI, SOX, GLBA, 21 CFR Part 11, ISO 27000 Series, ISO 22301, FERPA, PCI DSS, FedRAMP, HIPAA/HITECH, SOC 2, HITRUST, CJIS, FISMA, ITGC, STIGs, NERC CIP, CCF, DIACAP / RMF / eMASS, OWASP, GDPR/Reg.(EU) 2016/679, etc.
• IT Security Audit, Privacy Impact Assessment (PIA), Information Operations and Security (Cyber/Information Warfare-Offensive/Defensive, Computer and Security/Network Operations-SOC/NOC, Electronic Warfare-EW, Vulnerability/Penetration/Forensic Testing/Red-Blue Team)
• Program Leadership and Support, Strategy, OAT&E, Reporting and Metrics, SecDevOps, Agile/XP/SDLC/LEAN Software Engineering and Development methodologies and practices
• Markets: Government, Commercial, Defense, Homeland Security, Public Safety, Finance, Healthcare

PROFESSIONAL EXPERIENCE:

Senior Consultant - Program Manager

Confidential

Responsibilities:

• Recent responsibilities include strategy development, technology roadmaps and IT Enterprise-Information/Cyber Security program development for LOBs/portfolios, including supporting program/project portfolio review at the IPT (Integrated Product Team) level and representation at stakeholder meetings and other leadership forums.
• Provide IT Enterprise Architecture modeling expertise leveraging knowledge of the COBIT, TOGAF, COSO, ITIL, DoDAF, Common Controls Framework (CCF) and NIST SP 800 subseries Cybersecurity and Risk Management Frameworks.
• Work collaboratively with the Software, Hardware, Application and Infrastructure Teams, CIO/CISO/CSO, PMOs, Vendors/Procurement and IT Portfolio Management to optimize the pipeline of incoming SDLC demand, remediation efforts, QA, service delivery and operational continuity.
• Lead and support the Computer Security Incident Response Teams (CSIRT) including incident handling, analysis, response along with forensic investigation.
• Provide effective and elaborated Plans of Actions and Milestones (POA&M)..
• Develop and monitor Risk Mitigation strategies and lead Information Security/Cyber Security, Business Continuity (BCP)/Disaster Recovery (DRP) Planning and IT Security Audit teams to provide direction on usage of the guidelines and/or regulations, maintaining flexibility to accommodate changing needs and threats.
• Liaison with Senior Leadership (CEO, CIO, CFO, CISO, CSO etc.), Application Teams, PMO, Portfolio Management, Finance and other business process owners and stakeholders to support IT governance, risk and compliance (GRC) activities.
• Responsible for decision support working with the Services Delivery teams, Application Support Teams, and PMOs for identifying and tracking key metrics, producing monthly dashboards, and analyzing overall performance, both operational and financial.
• Develop key artifacts, templates and procedures to support the annual IT Strategic Planning cycle per IT Enterprise standards and regulatory governance requirements.
• Coach, mentor and train on practices, standards, processes, procedures and frameworks.

Senior Consultant 

Confidential

Responsibilities:

• Provide program leadership, risk assessment and technical advice for the architecture, implementation and integration of GRC (Lockpath) platforms and advanced State-wide Enterprise system security networks, technologies, processes and operations.
• Working with the CSO, internal audit and agency services, I developed system security plans (SSP) for integrating and implementing information security controls & technologies within existing division and agency infrastructure.
• Developed KPIs and coordinated the establishment of a Unified Vulnerability Management system.
• Also, led remediation efforts and solutions development for regulatory compliance to prevent, detect and mitigate risks. Assisted with identifying and enumerating enterprise common controls.
• Designed full life cycle processes and procedures along with repeatable guides for standard implementation across highly complex distributed enterprise environments. Instituted Sec DevOps principles within development, test and QA environments. Enhanced data collection and correlation capabilities while identifying control gaps in data collection/analysis architecture.
• Conducted training, as necessary, to division and agency personnel on security processes, procedures and methodologies to ensure risk information and security events are properly identified, correlated, documented, treated in accordance with State policies, guidelines and unified enterprise standards. 

Senior Consultant  / IT Security Director

Confidential

Responsibilities:

• Engaged to provide senior leadership with GRC and IT strategy development on Cybersecurity initiatives, Data Privacy/Protection, Disaster Recovery/Business Continuity and secure Cloud Migration (AWS, Azure, O365) as the company expands and grows globally.
• Oversaw all IT Security functions. Formulated and implemented policies and procedures to meet regulatory and company compliance. Advised senior management on IT Portfolio and Program Management best practices and business integration.
• Acted as interim CISO. Spearheaded GDPR initiatives and compliance globally.

Senior Consultant 

Confidential

Responsibilities:

• Provided leadership for a data center consolidation and cloud services migration effort incorporating SAP ERP solutions, Oracle cloud services, web services, virtualization, SAN and related databases, system software and networking technologies.
• Duties included and spanned the entire software and system lifecycle including infrastructure architecture design, migration, testing, and deployment to regulatory compliance and disaster recovery. Acting as the information security officer, provided technical expertise and analysis of information assurance (IA)/ Cybersecurity/ supporting deploying the Risk Management Framework (RMF), security operations, incident response, forensics and cybersecurity practices to include software applications; operating systems; Internet and Intranet; physical security e.g. access control, Security Information Event Management tools (SIEM), Endpoint Detection & Response tools (EDR), and Network Security Monitoring tools (NSM). Ensure compliance with all governmental security baselines, regulations and policies.

Program Manager / Vice President

Confidential

Responsibilities:

• As Program Manager, my key role supports IT Enterprise Planning and Operations, including IT annual planning, portfolio management, product roadmap and strategy, project lifecycle (PLC) and governance as it relates to Federal and commercial markets. Responsibilities include performing a broad range of integrated planning activities across focus markets (Ex: Confidentail), Veteran Affairs, Confidentail, etc.) and working collaboratively with representatives from PMO/Application Support Teams to ensure and monitor successful delivery for OCIO projects/programs. In this capacity, I support strategic planning and project management processes ensuring both are well integrated, comprehensive and concentrated on organizational investments in IT Enterprise resources delivering targeted stakeholder return.
• Responsible for forming complex technical solutions and teams addressing IT/Enterprise Networks and Architectures, Software Engineering, Systems Engineering/SOSI, Information Security, Cybersecurity, Cloud computing, Data Analytics/Big Data, Telecommunications, WAN/SAN, datacenter integration, Strategic, Mobile and Tactical C4ISR segments and a variety of other information delivery and digital/data management systems. Developed and managed project/program plans, project schedules, resource demand and project staging plans with business partners and vendors. Developed and refined the product/services roadmaps while formulating solutions that created business value and reduced stakeholder risks.

Program Manager - Director

Confidential

Responsibilities:

• My responsibilities include performing a broad range of integrated planning activities across business units and application pillars, working collaboratively with representatives from various PMO/Application Support Teams to ensure and monitor successful service delivery for projects/programs. I supported strategic planning and project management processes ensuring both are well integrated and focused on IT Enterprise process/product owner and stakeholders. Additionally, responsible for new business development and growth focusing on the IConfidentail and Confidentail Information Technology (IT), Cybersecurity, C4ISR, Mobility and Confidentail. Led multiple business opportunities leveraging the full complement of business unit capabilities and functions.
• Responsible for forming complex technical solutions and teams addressing IT/Enterprise Networks, Information Security/DIACAP, Cybersecurity, Business Continuity Planning (BCP)/COOP, Cloud computing, Communications, WAN/SAN and a variety of other information delivery and digital/data management systems. Analyzed work scope, forecasted IT/Enterprise needs and led business strategy including negotiation of teaming agreements, master service agreements (MSA), service level agreements (SLA) and letters of intent (LOI) with internal customers, partners and vendors. Drafted, developed and defined statements of work (SOW)/performance work statements (PWS), project schedules with milestones and program outlines.
• My key responsibilities included:
• Business Applications and technology team’s adoption strategy management
• Project management and governance to ensure adoption targets are defined and agreed.
• Achieving sustained engagement and agreement to project/program milestones
• Close interaction, communication and coordination with Sotera business units
• Focus on Process Improvement and Technology Transition
• Project management of transitioning technologies and processes for running the service(s)
• Tracking of issues, risks issues throughout the program/projects
• Task coordination, budgeting and scheduling

Program Manager

Confidential

Responsibilities:

• Assigned as the Program Manager/delivery manager for the business sustainment of Command, Control, Communications, Computer Intelligence, Surveillance and Reconnaissance (C4ISR) systems for the Software Engineering Center (SEC) of CECOM - Fort Monmouth, NJ/Aberdeen Proving Grounds, MD. Led, governed and oversaw all programmatic functions and the complete operations, including P&L, of programs exceeding $300 Million per year (>1200 people) of revenue on the following IDIQ task orders:
• Worldwide C4ISR Field Software & Systems Engineering Support
• DCGS-A Fixed Architectures and Embedded Mentor Support
• Optimized this customer’s technology infrastructure and advised on all elements of the information technology enterprise infrastructure from data center solutions to IT service management addressing areas such as cloud migration, networking, convergence, connectivity and collaboration, and disaster recovery. Demonstrated and capitalized upon technology transformation including leveraging an extensive knowledge of IT strategy, roadmaps, architecture engineering operations policy, processes, standards along with IT governance and program delivery strategies. Functional support of programmatics, IT/enterprises, IP-based networks, Telecommunications, workstations, datacenters, databases, strategic and tactical intelligence gathering systems, web-based/SharePoint applications supporting major systems. Program management duties included the following:
• Conducting and supporting relevant intelligence, security and information operations for DOD organizations, Army, joint and combined forces around the world (Southwest Asia, Afghanistan, Iraq, Kuwait, Qatar, Africa, Europe, Asia-Far East, Australia, South and North America).
• Forecasting IT needs, exploiting innovation and leading edge IT enterprise technology.
• Employing tactical, theater, national, and international forces, logistics, and tactical and strategic IT capabilities.
• Establishing process performance baselines to enable improvement efforts.
• Deploying service oriented architecture (SOA) and cloud-based services.
• Training on C4ISR systems for deployed or exercise operations to enable battle command, situational awareness, and force protection.
• Operational oversight of cyber security and information assurance (IA)/DIACAP/RMF programs.
• Enabling or enhancing network connectivity and data sharing/distribution capabilities.
• Executing tactical over-watch and fused all-source analysis to develop timely and tailored intelligence products for commanders forward.
• Fostering/formalizing partnerships between international, national, theater, and tactical organizations.
• Leading complex projects/programs from design and development to production.
• Defining requirements and plan project lifecycle deployment, resources and schedule for project/program implementation.
• Creating strategies for risk mitigation, business continuity/BCP-COOP/disaster recovery (BCDR) and contingency planning.
• Planning and scheduling project deliverables, goals, and milestones.  

Major Technologies, Frameworks and Platforms supported:

• Servers – IBM, HP, Dell, Oracle, Apache, Citrix
• Networking equipment – Cisco Systems, Juniper Networks and Brocade Communications Systems
• Web/Application Servers – SharePoint, Apache, MS IIS, nginix, Java EE, .NET framework, CGI, PHP, JSP and ASP, Perl, Python
• Databases and Data Management (RDBMS/NoSQL) – MySQL, Oracle, SQL, SAP BusinessObjects, IBM Cognos/Clarity, SPSS Modeler, Oracle 11g, Hyperion and PeopleSoft
• Big Data and Analytics – SAP HANA, Apache Accumulo/Hadoop, BigTable, ZooKeeper and Thrift stack; MongoDB, JSON.
• Cloud Computing Platforms – AWS, Azure, O365, Oracle, Google, OpenStack, VMware ESXi, VCE and Secure Private Cloud deployment
• Storage/SAN/NAS – EMC, Hitachi, VCE
• InfoSec/IA/Cyber vulnerability assessment, penetration testing, forensic and incident response, monitoring and analytic tools: IDA Pro, ArcSight, LockPath Keylight, Fortify, WebInspect, AppScan, BeyondTrust, Burp Suite, Qualys, Guardium, Symantec DLP, Digital Guardian, Nessus/ACAS, DoD HBSS, Metasploit, Nmap, Nikto, Netcat, Kali Linux/BackTrack, SCAP, LogRhythm, FireEye Threat Analytics Platform, Forcepoint, Proofpoint, Splunk, McAfee Enterprise Security Suite/ePO, Redline, CarbonBlack, Bro, Snort, FireEye NX, AccessData FTK, EnCase and Wireshark.

Career Highlights and Functional Expertise:

• Public sector experience at the Federal and State-levels
• Program/project management, systems/software and enterprise engineering/architecture, risk management, strategic planning, business development, sales, marketing, finance and operations.
• Cloud Migration strategy and planning, frameworks and operating models
• Cybersecurity/Information Assurance (IA)/Information Security
• Governance, Risk Management and Compliance (GRC) - SDLC and PDLC
• IT Strategy Development / IT Financial Management and Planning / IT Cost Reduction and Optimization / Business IT Alignment / Process Design and Re-engineering
• Large Scale IT Transformation Program Management
• Sourcing Strategy and Vendor Management
• IT Operations Governance, Risk and Controls; IT Operating Models (organizational and functional structures, skills and competency planning, etc.)
• Application Development, DevOps, Maintenance and Sustainment Strategies
• BC/COOP/DR Audit methods