LUCIAN HAMMOND, CISSP, CSM, ITILv*, MBA, PMP, PSM
Phone: 443-***-**** Email: ad1k6z@r.postjobfree.com
EXPERIENCE SUMMARY:
Data/Systems and Information Security professional with over 27 years' experience as a contractor, supporting both federal and private/commercial sectors.
Implemented large Transformational Programs of work (>$15 million) and facilitated agile delivery projects in Information Communications and Financial Services.
Leadership, guidance, influence and supporting performance management of teams, providing clear direction and alignment.
Experience in Contract Coordinating Oversight Management and Spend Plans
Hands-on experience in building and maintaining strategic relationships with third-party vendors and partners.
EDUCATION & CERTIFICATIONS:
BSc. Information Systems Management, University of Maryland (Baltimore County)
MBA, University of Maryland University College
CC
CISSP
CSM
PMP
ITIL v3
PSM
CLEARANCE:
DoD – Top Secret
DOJ - Public Trust.
PROFESSIONAL EXPERIENCE:
01/2020 – Present Data Systems Analysts, Inc. – IT Program Manager
Responsible for the technical and business management of a prime program or programs and interaction with the customer and for financial, schedule, and technical performance on assigned program(s).
Work alongside federal clients to help them mitigate risk with the use of continuous monitoring and incident response.
Review eMass packages, ACAS, Burp scan reports to validate vulnerabilities for further decisions.
Brief leadership on various OS Level CAT Findings
Work with internal security and critical incident response teams to share knowledge, training, and best practices
Support cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff.
Adhere to common privacy industry standards and regulations (e.g., GDPR, CCPA, LGPD, PIPEDA, HIPAA / HITECH, COPPA, U.S. State Breach Disclosure Laws, CANSPAM, GLBA,) and industry frameworks (e.g., NIST, GAPP, ISO). Perform technical analysis of multiple sources of data, including network flows/packet data, host forensic artifacts, and application/system logs.
Support cyber security initiatives through both predictive and reactive analysis, articulating emerging trends to leadership and staff.
Use security tools including IDS, IPS, firewalls, proxies, Web Application Firewall (WAF), etc., to triage events that may lead to incidents.
Proficiency analyzing high volumes of logs, network data (e.g., NetFlow, Full Packet Capture), and other event/incident artifacts using SPLUNK and Logger in support of incident investigations.
Manage incident communications, including establishing/scheduling bridge lines and periodic incident update calls.
Document incident tasks and updates in the incident management system.
Responsible for assisting in achieving fiscal year plan and develop and maintain a detailed integrated master schedule.
10/18 – 01/20 Hammond Technologies – Data Center Project Manager
Provided on-site support to Defense Health Agency, assist with determining and implementing both technical and business goals.
Oversee security risks and compliance for organization and systems.
Provide analysis of current business processes and help to formulate continuous improvement initiatives for the C&A and Continuous Monitoring processes, and devise metrics for collecting data to evaluate the performance of cyber processes.
Developed budgets, spending plans, technical, and schedule baselines and controls task(s) accordingly
Provide guidance and support to Information Systems Security Officers
Conducted risk assessment of proposed and existing system architecture for compliance with security best practices, recommending technical, administrative, and physical controls to mitigate identified risks
Designed and developed frameworks and solutions to secure CI/CD pipelines
Led compliance efforts based on industry frameworks and compliance standards
Implemented, maintained, and improved existing industry best practices of operational security controls such as: Monitoring, Identity and access management, Encryption, and data security
Acted as liaison for supply chain risk management in tracking hardware to various locations
Perform functions of subject matter specialist, engineer, or technologist where appropriate
Track, maintain ATOs, POAMs, STIGS and other compliance deliverables.
06/15 – 10/18 Data Center Project Manager, Northrop Grumman
Responsible for developing high level and low-level project plans and budgets for data center projects and/or data center components
Responsible for the management, coordination, and execution of assigned tasks and resources.
In charge of coordinating activities of the projects between these same parties as well as external resources such as the Engineering Design Team, the General Contractors, etc.
Conducted automated monitoring of information system assets by adhering to Department of Homeland Security (DHS) framework using Continuous Diagnostics and Mitigation (CDM) tools and sensors.
Conducted Analysis of Alternatives (AoA) for Kill chain applications.
Worked with cross-teams to implement the secure design, architecture, configuration, hardening, and remediation for applications to protect agency’s sensitive information for On-Prem and Cloud environments.
Assisted with the development of various application security environment Assessment and Authorization (A&A)
Ensured requests for Security Authorization (SA) of assigned applications or systems were completed in accordance with NIST standards
Managed projects according to FISMA Plan of Actions & Milestones (POAM) and associated activities.
Performed security control assessment using NIST 800-53A guidance and according to Department of Homeland Security and NIST continuous monitoring requirements.
Facilitated the delivery of customer Cloud Strategies to align with business objectives with a focus on Cloud Migrations.
Provided oversight for Infrastructure Change Engineering Support
Participated In Reoccurring Ops, CMCR And PM Meetings.
Coordinated the design of client’s Cloud environments with a focus on Azure and AWS.
Provided day-to-day direction to assigned work, implemented training methodologies for the National Computer Center (Data Center) Operations Runbook processes with the assistance of cross-functional teams.
05/12 – 06/15: Project Manager, Army Research Lab, and (STG, Inc.).
Liaised with Army clients about their application portfolio, managed appropriate support processes and SLAs; ensured systems performance and service-level requirements are met.
Coordinated with engineers to developers/engineers to configure Azure cloud solutions for clients using Azure HDInsight and Resource Manager.
Managed application development, testing using Agile methodology.
Coordinate work performed by vendors and vendor service level agreements (SLAs).
Designed and deployed project management templates in support of predictable and repeatable successful life cycle development processes and methodologies.
Participated in contract start-up, implementation, and close-out procedures ensuring compliance with terms and conditions of the contractual agreement policies and procedures.
04/11 – 5/12 Project Manager, Computer Sciences Corporation (CSC)
09/08 – 01/11 Program/Project Manager - EDS/Hewlett Packard
10/06 – 08/08 STG, Inc.
Senior Business Analyst
12/05 – 10/06 Hammond Technologies
Project Manager
11/03 – 11/05 Accenture Consulting
Consultant
04/03- 11/03 Computer Sciences Corporation
Senior Data Analyst
03/ 02 – 04/03 CSI Engineering
Project Lead/Independent Contractor
05/00 – 11/01 ARBROS Communications
Software Engineer
10/99 – 05/00 Unisys
Oracle Database Administrator
06/99 – 10/99 Aerotek Systems
Thin-Client/Server Specialist
09/97 – 02/98 Office of Financial Aid, UMBC
Information Technician
07/91 – 02/98 CSI Engineering
Systems Administrator.
TECHNICAL SKILLS:
Operating systems: Solaris, AIX, HP-UX, Linux, DOS 6.2, Windows 98, NT, 2000, XP, Citrix Winframe /Metaframe, X-Windows, Novell Netware v.4.0 -4.11, OS/390, OS/2, OS/400, MVS, and Unisys Mapper.
Hardware: VM Ware, Sun Sparc Workstations, Sun Server, HP Workstations, IBM PC, IBM PS/2, Intel 80X86 Family, HP-9000,IBM RS/6000, SGI, AS/400.
Languages: ActiveX, PL/SQL, Korn/Bourne/C Shells, Visual Basic, DTML, HTML, UML, XML, .ASP, .NET, CGI, C/C++, Java, PeopleCode, JavaScript, Perl, Pascal, Cobol, JCL, CICS, SQR and Power Builder 6.
Databases: Oracle 6, 7.3, 8i, DB/400, DB2, Access 97/2000, SQL Server 2000, Sybase 4, 9, 10, Informix, dBase III+
Environment, Tools & Methodologies: User Experience (UX), AWS cloud, PaaS, SaaS, SAP, GFEBS, Splunk 6.6, Git, Jira, Puppet, Docker, Jenkins, Bamboo, Tableau, Oracle Designer 2000 and Developer 2000, Oracle Portal (9iAS), Oracle ERP Cloud, MilCloud, Oracle Financials, PeopleSoft People Tools, SQL Navigator, Toad, SQL PLUS 8, ODBC, MS Project 2003, 2007 and 2010, MS SharePoint, Informatica, IIS, Infocus, eMass, Crystal Reports, CRM, Actuate, Rational Clear Quest, PVCS Tracker, Support Magic, Lotus Notes, Quantum, IaaS, Platinum, Erwin, Legato Networker, VERITAS NetBackup, Dreamweaver, PeopleSoft EPM, BEA WebLogic, Mercury ITG, HPE, HP Portfolio Management, Hyperion, Entrust, Quest STAT, Cognos ReportNet, PowerPlay, Impromptu, Brio Reports 6.0, Oracle Financials/Applications, Oracle Enterprise Manager, Remedy Action Request System, OLAP, ROLAP, Sales Force, Storage, Service Orchestration, VMware, Azure Site Recovery/Azure Backup solutions, Maven, Slack, VersionOne, and Web Intelligence. Splunk, Nessus Security Center.