EDUCATION:

MS, Bowie State University, ****

MS, Strayer University, 2013

National Catholic University, Graduate courses, 1995

BA, Political Science and History, Virginia Union University, 1983

Certifications and Job Related Training:

Project Management (PMP)

Certified Federal Information Technology Security Professional (FITSP)

Certified Certification and Accreditation Professional (CAP)

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Security Engineering Professional Training (ISSEP)

Certified Forensics System Security Professional (CFSSP)

Certified Business Continuity Planner (CBCP)

Certified Information Assurance Manager (IAM)

Certified Risk Assessment Analyst

Certified Living Disaster Recovery Planner

Certified National Invesitgator and Inspector

Certified Emergency Preparedness Planner

AREA OF EXPERTISE:

Cyber Security (Cloud Computing)

Information Assurance (IA) solutions

Information Security (INFOSEC)

Program Management

Business Process Engineering

Technical Writing and Response

Business Requirements Development

Project Management

Strategic Planning

Software Design Life Cycle

Secure Software Engineering

PROFESSIONAL EXPERIENCE SUMMARY:

Over 30 years of security experience oriented towards Global and Enterprise level IA/INFOSEC and Cyber Security Systems management, Corporate Operations and Development, along with Cyber Security Program Management. Result driven IT Executive Professional with large scale experience implementing Information Assurance (IA) solutions and managing staff in the Financial, DoD, Civilian, Commercial, and Federal markets. Recognized as a subject matter expert (SME) and relied on by C level customer via consults, business development strategies, team building, and managing or oversight over multiple projects simultaneously. Provide clarity to business requirements while exceeding customer security expectations. Write risk statements and risk plans of actions and milestones

Recently worked as a IT Security Oversight Manager working as an Enterprise IA/INFOSEC archectecture solution provider mitigating hundreds of vulnerabilties. From this experience the purpose of the Enterprise Security Service mitigations was to define a comprehensive information system’s security framework and logical migration for a secure enterprise wide program.Develop Policy and Procedures

Applies various tools and methodologies such as NCUA Compliance, object oriented security system development and methodology, enterprise level applications development tools, and quantitative risk assessment tools and analyses. I have been trained in FEDRAMP, NIST, CSF, RMF, ICD 503, PCI, HIPAA, PII, CMMI, ITIL, DIACAP, DITSCAP, NIACAP, DODIIS, and DCID 6/3 methodologies and processes.

WORK EXPERIENCE:

Social Security Administration 07/2019 to Present

Azure Cloud and Technical Security Advisor

Supports the Agency’s Office of the Inspector General (OIG) on task focused on preparing for and then implementing Pega for Investigative Management (IM) and Operational Support (OS). Lead all the security aspects of the work performed by a small team of AFS and client resources: Documented the key security aspects of the current state to ensure exceptable Assessment and Authorization

Wrote technical assessment and implement statements of the current state of the newly implented system for operations

Provided guidance on selection of the main security target architecture

Designed at a high level the target state configuration in the context of the Pega tool, in particular the security aspects (including impacts on application, infrastructure, and Azure platform elements): Helped plan the implementation (estimate, staffing, risks, etc.)

Assisted with reporting on the results of the security work. This was aslo instumental in the successful security audit conducted on Excellus BCBS

• Led Participuntes in development and implementation of security architecture principles and standards that align to the Company’s overall business and strategy.

• Drives adoption and compliance of security standards across development and infrastructure teams both inside of and under contract with the Company.

• Creates functional and technical security requirements for Azure and sees them through the project lifecycle.

• Executes an overall risk management strategy with key business and IT stakeholders for future and forward progrss. This risk management strategy will include enterprise integration of risk management into operational, regulatory/statutory, financial, technical, and security processes, including the creation of robust disaster recovery and/or business continuity plans.

• Performs risk-based assessments of solutions and vendors to ensure appropriate security controls are adhered to.

• Provides security consulting oversight, including design, reviews, and recommendations, for various uture projects and initiatives.

• Supports and led teams by providing hands-on support for technologies owned and operated by the security and risk department.

• Establishes collaborative working relationships with the businesses, other IT functions and subsidiaries to ensure that Information Security risks are managed, and IT solutions align with the business strategy.

• Develops the appropriate processes, standards, and templates for managing information security risks. Supports the implementation of new standards and solutions in close collaboration with other IT teams to allow Company to efficiently and effectively protect company’s information assets (applications and infrastructure solutions).

• Provides state-of-the-art technical experience and support to in-house enterprise architects, solution architects, and developers.

• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.

• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures

• Regular and reliable attendance is expected and required.

• Performs other functions as assigned by management

• Leads the development and implementation of security architecture principles and standards that align to the Company’s overall business and strategy.

• Helps develop an overall risk management strategy with key business and IT stakeholders.

• Fosters a risk management culture through education, skill development, and implementation of effective risk management processes and practices.

• Mentors lower level staff for Azure cloud security controls and implementation

Department of Education 10/2017- 07/2019

Senior Oversight Cyber Security and Vulnerability Program Manager

Responsible for day to day cyber security and program management oversight support to OCIO. I interact with Sr Agency Officials to ensure agency objectives, mission, and strategic goals are being implemented and further assist or train or mentored members of the team when warranted or required. Responsible for a team of 40 covering Assessment and Authorization (A&A), Vulnerability Risk and Governance Management, Configuration Management, and Technical Writing to support OCIO Agency response to White House Memorandiums and mandatory Policy and Procedures related to OCIO Agency Risk, also responsible of contractor oversite for 6 incoming PIVOT and Shared Services. My position is composed and include some of the following:

The Sr. Cyber Security Manager has oversight in supporting the enterprise within DoED including the Office of the chief Information Secuirty (OCIO). This key role provides a technical leadership role over all cybersecurity functions within the DoED. This person acts as the primary interface for all operational and program support cybersecurity issues to senior government customers covering areas including: cybersecurity operations, compliance, technical architecture, continuous diagnostics and mitigation, and supply chain risk management.

This Sr. Level position working in a consultative role with the government customer is to develop cyber security policy, tool evaluation, government compliance, etc. Requires wide-ranging knowledge of cyber security areas: cloud management endpoint protection, network security, security operations, incident response, policy creation, vulnerability management, FISMA compliance, and related areas.

Bank Fund Staff Federal Credit Union 06/2015-09/2017

Sr Information Technology Security Program Manager

As the Information Technology Security Manager (ITSM) I acted as an empowered representative during IT planning initiatives to ensure that security measures were incorporated into strategic IT plans and objectives globally. As the ITSM I was responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance. I translated IT-risk and Cloud requirements and constraints into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement reporting. I lead managed and coordinated the IT organization's technical archectectural activities, implemented and managed the security infrastructure, and provided regular status and service-level reports to Sr level management that also include board level visibility.

Expertise in leading global, large and small projects within IT security and across organizational lines as well as developing and managing projects essential for success. In addition to supporting the organization’s security and regulatory policies and strategies, I was able to prioritize work efforts while balancing operational tasks with longer-term strategic security efforts, vendor relationship management ensuring service levels and vendor obligations were met. I was also responsible for managing highly technical staff at times mentoring them to accomplish corporate and personal development goals that allow my proven leadership skills to improve corporate assets.

I documented and presented overall security postures to Government and Industry Regulators, and Compliance entities. I provided analytical and critical thinking skills, to identify needs and take initiative for key requirements for future technology solutions. My ITSM position was composed of a variety of activities, including tactical, operational, and strategic activities in support of the organization’s security program initiatives, such as:

Architecture, Engineering, Managerial, Technical, and Physical Security. Assess and evaluate Infrastructure and Network monitoring for effective and efficiency security. Advised IT Management and Information Security Officer (ISO) with ongoing development and implementation of the security programs. Manage security projects that address identified risks and business security requirements.

Manage the process of analyzing and assessing the current and future threat landscape, as well as providing the IT Management team with a realistic overview of risks and threat assessments in the enterprise environment. Work with the Director of IT to develop budget projections based on short- and long-term goals and objectives of the overall security program posture.

Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department. Propose changes to existing evaluations, policies and procedures to ensure operating efficiency and regulatory compliance. Manage a staff of network security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members.

Assist resource owners and IT staff in understanding and responding to security audit findings reported by auditors and examiners. Work as a liaison with vendors and legal to establish mutually acceptable contracts and service-level agreements. Manage technology security production issues and incidents, and participate in problem and change management forums. Serve as an active and contributing participant in the Information Technology security steering committee.

Work with the IT Management team, ISO and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security programs. Provided support and guidance for legal, audit and regulatory compliance efforts. Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of all systems including hardware, applications and software.

Recommend and coordinate the implementation of technical controls to support and enforce defined security policies, and serve as an active participant and security consultant for the evaluation and planning on new system technologies and/or major system releases and changes.

Research, evaluate, design, test, recommend and/or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.

Work with IT Staff to ensure that there is a convergence of business, technical and security requirements; liaise with IT Management to align existing technical installed base and skills with future architectural requirements, and leverage industry best practices and frameworks to establish and enforce security standards across the technology landscape.

Coordinate, measure and report on the technical aspects of cloud security management. Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements, as well as manage and coordinate operational components of incident management, including detection, response and reporting.

Create and maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.

Manage security projects and provide expert guidance on security matters for other IT projects.

Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans. Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.

Design, coordinate and oversee security testing procedures to verify the security of cloud systems, networks and applications, and manage the remediation of identified risks. Participate in training staff on industry best practices, experience with public/private/hybrid cloud-based environment

My verbal, written and interpersonal communication skills, communicating with the IT organization, project teams, management and business stakeholders and in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; a strong understanding of information security concepts, protocols, industry best practices and strategies was a key contributing factor in completing 85% of the Security Remediation program project 4 months ahead of schedule..

My strong project management skills and experience in creating and managing project plans, including budgeting and resource allocation. Experience in system technology security testing (vulnerability scanning and penetration testing). Experience with security systems (firewalls, intrusion detection systems, data loss prevention, content filtering, end-point security), database technologies, architectural reviews and PCI-DSS. Experience with risk assessment, threat and incident management methodologies.

MHM Innovations, Inc. August 2012 – June 2015

Scientific Engineering Technical Advisor (SETA) and Cyber Security Information Assurance Manager (IAM)

Responsible for theover all continued operations and developmentand intergration of Cyber Security Cloud based Computer Certification and Accreditation Security. This includes providing guidance to a team of Information Assurance professionals working with multiple security tools, to include C&A scans, recommendations for hardening different operating, manigeral and technical controls to a Azure cloud computing system, web servers, and databases. Futher acts as the overall Lead ISSE advisor (Security Engineer) for code intergration and development, preparing IA documentation for certification, and conducting certification and penetration testing. Also lead ICD 503/PL3 and above certification which includes writing reports, briefing leadership, and coordinating remediation with IC government leads to determine potential areas for risk avoidance, vulnerability mitigation, management of customer expectations, and promotion of process improvements. Continously provides direct guidance and supervision to three prime contractors’ personnel, supervisors and technical leads, in addition to overseeing and approve technical requirements of widgets, software, and systems supporting Azure cloud and security operations. While managing and identifying IA tasks to be completed to achieve project milestones for IA Cyber Operations tasks and IC Community

Stanford Security Services & Solutions, January 2010 – January 2011 Cyber Security and IA Director

Provided solutions to Cyber Security and Information Assurance business issues and processes to match appropriate security policy to the business context of program level, projects and processes. Strong understanding of information security intergration, help desk, risk management, architectural networking, design, and an understanding of disaster recovery planning and business continuity process. Regional IAM/ISSM for IC agency with an understanding of mutiple type accreditations with the principles and techniques of security risk analysis and certification and accreditation, along with activity processes. Responsible for managing and directing multiple project’s, programs, and personnel in day to day operations across multiple levels, organizations, and IC communities.

Energy Enterprise Solutions November 2008 – January 2010

Senior Technical Advisor/Senior Program Manager

Provided technical and senior level management support to five different projects totaling in a $15 million multi-year Cyber Security Program. Responsible for program management, technical leadership, direction, vision for planning and implementation of projects, and involving a wide array of cyber technologies in support of the customer’s mission. Worked on a broad range of cyber technologies and initiatives involving cyber securitysoftware and secure engineering services, such as automating C&A and FISMA reporting systems and tools across agency wide networks, asset management/inventory. Advised and assisted the customer through project reviews and RM conflicts.

DKW Communications, October 2007 – November 2008

Director of Information Assurance

Responsible for providing leadership and direction to the program and project staff during assigned shift. I direct all aspects of staffing and senior level program management support with annual revenue well over 45 million dollars. Maintained vision to assure all phases of the security activities and programs are fully coordinated and carried out to meet the customer’s missions, standards and specifications of the contract during assigned shift. Maintained full authority to direct and allocate team resources in response to support efforts during assigned shift.

BAE System/DigitalNet May 2004 -October 2007

Director of Information Assurance

Duties include running multiple Information Assurance Security Programs. That included HSPD-12 development evaluation and implantation, VA and RM with patch management support, Forensics and incidence reporting and response, DR and CP, SSP, RA, PIA, all phases of C&A, via DCID 6/3, FISMA OMB, NIST and GAO Compliance. Participated in several NIST projects to include CP, C&A, and CIO Council activities. Participation kept me current in all Federal Regulations which provides great customer value added. Supported Federal Sector in DOD DIACAP, DITSCAP, DCID 6/3, DODIIS, NIACAP, and NIST 800 series guidance’s more specifically 8570, 8510, 5200 series.

Management Technology Services March 2003 - May 2004

Principal Member of Technical Staff

Responsible for providing Oracle with its successful Nipernet and Sipernet connection, along with a host of their clients through DITSCAP C&A process. Performs analysis of intrusion events against DII components, augmentation for IA exercises and demonstrations, assessing potential threats against DII components, recommendation for promising technologies to support the correlation and analysis, and recommendations for course of actions to stop or contain damage and restore network operations. Ensure NIPR/SIPRAccreditation considerations unique were incorporated into the information assurance security evaluation.

Lockheed Martin/OAO October 2001 to March 2003

Information Assurance Director

Responsible for providing Information Assurance, Program Management, and Consulting Services for Federal, State and Local Government IT Security Contracts. Developed overall SSD Life Cycle with strict adherence to security on multiple IT environment’s and platforms, which included policy and procedures. Lead and implemented DR, and CPs, which also included COOP, COG, ER, IRR, and Forensics to multiple, computer systems. Business Process Reengineering (BPR) with emphasis on SSD, BC and RP, RA Planning and evaluations, C&A Overall System Security Development with strict adherence to security on the IT environment. Managed, developed, and instituted SSPs with SDLC Techniques.

Troy Systems, Inc March 1999 - October 2001

Sr. Program Manager/Senior Subject Matter Expert

Provided Critical Infrastructure Protection Planning (CIPP) and Computer Security Policy and Procedure Planning for the Department of Labor (DOL) as directed by Presidential Decision Directive 63 (PDD-63). Also wrote Agency wide SSP, RA, VA, CP, MP, IRR, and CSAT. Assisted with developing a DOL agency wide Computer Security Program Plan (CSPP), which produced a Cyber-based Computer Security Handbook. The handbook was approved by the Critical Infrastructure Assurance Office (CIAO), and signed by the Secretary of Labor as Policy. lead the agencies thru C&A.

DC Lottery Board October 1996 to March 1999

Security Manager/Y2K Coordinator

Held three position's, with the DC Lottery Board. Provided and maintained security controls via vulnerabilities, and threats assessments that ensured uninterrupted revenue stream of approximately $365 million dollars annually with fiscal responsibilities to the District. Coordinated, conducted RA to determine critical business impact for three divisions that would interrupt the agency revenue generating process. As the system security specialist developed SSP, performed RA for all divisions, determined threats and vulnerabilities, and organized ER, CP, safety, and DR teams.

Department of Human Services 1984 to April 1996

Program Operations Manager

Responsible for directing, developing, administering, and supervising highly diversified programs, along with providing human services to the community and coordinating the program with other outside agencies.

U.S. Army National Guard July 1988

U.S. Commissioned Military Police Officer

Led the United States 275 Military Police Company in a joint venture task force (JTF), with the US Virgin Island in operation Hurricane Hugo for disaster recovery efforts. Commanded, directed, and controlled military personnel in Military, and Civilian environments.

301-***-****

Stanford McKoy

CISSP CAP CBCP CEH FITSP CFP NSA IAM

11650 Masters Run Ellicott City Md 21042

Contact this candidate