Steven Patrick Eddy

Principal Cybersecurity Engineer

ad0zh7@r.postjobfree.com

619-***-****

TOP SECRET SCI, CISSP

Navy Qualified Validator (NQV – 0616)

SAN DIEGO ONLY

Summary

Over 30 years of experience in management, System Engineering, Network and Waveform Architecture, Communication Officer, Information Assurance and Cybersecurity, was involved in the transition from DIACAP to RMF. Extensive experience with CRYPTOGRAPHY for NSA, including Lead security engineering, requirements review, testing of Key Management Infrastructure (KMI) and Lead Security Engineer and Lead Tester for requirements generation and review, software and system scanning. Initially worked on the former Electronic Key Management System (EKMS). Was Lead Tester (generally not a contracting position) for NSA due to a shortage of NSA testers. Was Lead Security Architect for KMI system, which distributes key material globally for DOD, NSA, foreign embassies and US functioning.

Worked closely and mentored the Cyber team as the system engineering and RMF SME.

Acted as Interim ISSM, ISSO and ISSE and Cyber Scrum Master.

Provided RMF/System Engineering support to all branches of the service, provided system and security requirements analysis, test management, system architecture development for NSA, the Navy, Air Force, Marine Corps and Space Force and upgraded an overseas COMSTA to TS.

Five major systems, 20+ supporting applications, waveform translation, CI:/CD SecDevOps automated pipeline and testing Agile development in the cloud using AWS. Used Kubernetes clusters, Pivotal applications, Apache Hadoop, Big Data analysis/security/translation, Splunk SIEM, AWS cloud development, worldwide networking, data segregation, all levels of classified data in transit and storage, multiple development contractors maintaining ASD STIG and best practices.

CRYBER Scrum Master in Agile development using the SAFE agile framework, JIRA and Confluence to track program and ROI

RMF – Continuous ATO (CATO) on replacement system for legacy, using Agile techniques, and Continuous Development/Continuous Integration (CD/CI) pipeline using SecDevOPs for development in the cloud (AWS).

Engaged in many projects with NSA the Navy Research Laboratories, SPAWAR/NAVWAR, NIWC – Atlantic and Pacific, NAVAIR and commercial entities including hospitals, and the California Power Grid. Agile, requirements generation and proposal work.

Participated in two Tabletop Mission Cybersecurity Risk Assessments (TMCRAs).

Developed checklist, templates, playbooks, and processes for authenticating new applications. Conducted AOAs of existing and emerging technologies, both DoD, commercial and open source – to assure we could develop an architecture that is automated to the fullest extent possible.

Professional Experience:

2022 – Present

SAIC

Sr Principal Cybersecurity

PMW 120

Supervised and trained Cyber Team for PMW-120. Provided additional training across NAVWAR and the contracting company.

Expanded performance of contracting, acquisition, management, program protection, and global recognition.

Certified as a Navy Qualified Validator

April 20219 –2022

Lead/RMF/Principal Cybersecurity Engineer

REDHORSE

NAVWAR

NAVWAR Package Submitting Offices (PSO). Reviewed and reviewed, returned or submitted all NAVWAR Risk Management Framework (RMF) packages for over 3,000 systems.

That worked out to over a thousand packages reviewed per year.

The PSO team works directly with the Navy Authorizing Officer (NAO) and his staff in assuring packages are ready for an Authorization to Operate (AT), a denial ATO (DATO), an extension or an ATO with conditions.

Packages that do not qualify for an ATO are dealt with through the High-Risk Escalation (HRE) process, which required three-star approval.

Worked directly with the NAO office, and in some cases two- and three-star admirals along with CYBERCOM and FLEET CYBERCOM to assure that critical systems continued to operate.

April 2017 - April 2019

Lead/ Cybersecurity Engineer

Air Force/Space Force/USNORTHCOM

SRC

Project working on the tracking of space debris, orbital objects, launches and reentries, supporting NORAD, the International Space Station and intelligence community.

Transition waveforms from worldwide sensors to Space Catalogue database.

Five major systems and ATO’s, 20+ supporting applications, waveform translation, CI:/CD SecDevOps automated pipeline and testing Agile development in the cloud using AWS. Used Kubernetes clusters, Pivotal applications, Apache Hadoop, Big Data analysis/security/translation, Splunk SIEM, AWS cloud development, worldwide networking, data segregation, all levels of classified data in transit and storage, multiple development contractors maintaining ASD STIG and best practices.

SR RMF CYBERENGINEER, acting ISSM when ISSM resigned.

ISSO/ISSE for the Air Force/Space Force Section 31 systems-of-systems, which replaced the (JSpOC) Mission Systems (JMS) JEMENI program.

This is the Combined Space Operations Center a U.S.–led multinational space operations center that provides command and control of space forces for United States Space Command's Combined Force Space Component Command and sensor C4I for NORAD.

International data access for allies. Used diodes, thin clients, tagging, filtering and cross domain solutions, Mandatory Access Control (MAC), data waveform translation, access security requirements for over 20 applications, IL 2, 4 and 6 conformities, data segregation and CDS for segregation of foreign partners.

Provided system engineering support for requirement review and analysis of alternatives for continuous monitoring of emerging technologies, security risk surface analysis.

RMF – Continuous ATO (CATO) on replacement system for legacy, using Agile techniques, and Continuous Development/Continuous Integration (CD/CI) pipeline using SecDevOPs for development in the cloud (AWS).

Conducted ACAS and SCAP scans and mitigation of STIGs and ASD STIGs.

Worked with eMASS and all elements of package development and authorization.

Worked closely and mentored the CYBER team as the system engineering and RMF SME.

Generated excellent relationships with government ISSM, SCAR, SCA and AO Teram in bringing new products online and maintaining a CATO.

Worked with Kessel Run to improve their production pipeline and replicate and improve their processes for their CATO and Section 31.

Developed checklist, templates, playbooks, and processes for authenticating new applications. Conducted AOAs of existing and emerging technologies, both DoD, commercial and open source – to assure we could develop an architecture that is automated to the fullest extent possible.

Worked FedRAMP and CSP provisions, along with IL2, 4, and 6 communication channels.

Involved with data translations and remote access considerations for international and domestic partners.

The first large system-of-systems to receive a CATO.

The only other Service to receive a CATO on a small program is the US Marine Corp.

July 2015 – April 2017

Lead/ Cybersecurity Engineer

PMW 150

TEA

Command and Control Processor (C2P) SPAWAR. C2P translates Tactical Data Link (TDL) waveforms from ships and translated them into waveforms that can be read by Aegis destroyers and SDSS carriers. It is the main facilitator for the Ballistic Missile Defense System. Provided waveform analysis/translation/testing of Link 4, 11, 16 and 22 to various combat systems. Proposal Capture Manager, proposal main verbal presenter.

Sr Security System Engineer – requirements design and waveform translation, security accreditation and STIGs/ASD STIGs

CRYTP Scrum Master in Agile development using the SAFE agile framework, JIRA and Confluence to track program and ROI

Wrote all policies, plans, artifact generation and collection, security documents and training to conform to RMF/NSS/DISA/DON/DOD/NSA and international requirements.

Coordinated with SPAWAR PMW 150 in progress to achieving certification/authorization under RMF to achieve an Authorization to Operate (ATO) and High-Risk Escalation and Conditional ATOs for legacy systems.

Acting Cyber RMF Lead, acting ISSM during ISSM transition.

Completed ACAS and STIG scans, uploaded to eMASS and entered into the POE&M and provided for mitigation of findings.

Participated in two Tabletop Mission Cybersecurity Risk Assessments (TMCRAs).

Received recognition and bonus for superior performance.

Worked with NAVWAR PMW-150 on RMF requirements.

FEBRUARY 2015 -– JULY 2015

ARMY PD EC2M

Fort Belvoir, VA

US GOVERNMENT

TEAM LEAD ISSO

Acting Lead ISSE for three major systems with two and a half million users each:

Army Knowledge Online (AKO) the backbone Army system providing support for the entire Army, Army Reserves and National Guard – long term received three ATOs, moved to a cloud architecture.

Unified Capabilities Soft Client Subscription System – providing additional capabilities to AKO – system was under development seeking an ATO, designed with cloud architecture.

Task Management Tool –providing additional capabilities to AKO being upgraded to include classified material.

Provided System Engineering, Architecture Design. Developed SLAs for Cloud Service Providers requirements and FedRAMP compliance, PPI and PHI requirements

Developed the security documentation for information systems under their purview, to include policies, procedures, training, System Security Plans (SSP), Plans of Action & Milestones (POA&M), dataflow diagrams and hardware/software baselines.

August 2013 – February 2015

Lead Cybersecurity Engineer

Defense Health Agency

SINTEK

TEAM LEAD ISSE

Provided requirements, policies, and procedures documents.

Provided security architecture and reviewed test plans and results.

June 2008 – February 2015

Booz Allen Hamilton (BAH)

Sr. Cybersecurity Engineer/Information Assurance Engineer

System Engineering, Network Security Architecture, ISO 9000, CMMI Auditor, Waveform Analysis – Proposal Manager – multiple awards, letters of appreciation and bonuses and stock options.

Supported PMW 100 and 101 with C&A, requirements generation, and security compliance.

Multifunctional Information Distribution System (MIDS) Joint Tactical Radio System (JTRS) Link 4, 11, 16 and 22 - International Program – provided broad System Engineering and Information Assurance (IA) supporting, including worked to assure UID, TSRD NSA requirements are met and was Lead SME in MIDS the first system to receive A&A certification in the Navy. Test Manager, provided government (NSA exemption as a contractor) testing of ViaSAT software designed multi-channel multifunctional terminals.

2012-2015 BAH

Lead System Security Engineer

Lead System Security Engineer on SPAWAR Cryptographic Modernization (CM Primary Controlling Authority (CONAUTH) for all JTRS Waveform Test Keys

Sole evaluator for the Navy Research Laboratory/NSA key distribution center for PMW 160 finding that the four-year program was not deployable, ending the program and saving NSA/DOD millions of dollars.

KMI System Security Architecture.

System Engineering, waveform analysis, requirements generation, Lead Tester

Provided security architecture and system engineering support for NSA on KMI program.

Supported SPAWAR PMW-160/130 EKMS/KMI Program Manager

Provided NSA system engineering and test support for EKMS/KMI transition

Provided NSA certification and requirements support for Electronic Key Management and KMI systems.

Traveled extensively to support PM creating and delivering presentations to large international conferences.

IA Lead PMA-213 Joint Crypto Modernization Lead Program Office NAVAIR and PMW-160 for Identification Friend or Foe (IFF) Mode 5 cryptographic program.

Acted as West Coast Technical Lead specializing in Electronic Key Management (EKMS) and cryptographic engineering support.

Provided PMW-160 presentations to multiple conferences when APM was on 6 months disability.

Adjunct Professor at UCSD Extension on NETWORK SECURITY, CRYPTOGRAPHY and CISSP preparation.

Education:

MBA, Webster University, Distinguished Graduate (4.0 GPA) dual emphasis

Bachelor’s Degree, University of California, Santa Barbara

Training and Certifications:

Navy Qualified Validator (NQV)

Certified Information System Security Professional (CISSP), ACTIVE

IAM Level III Compliance Certification

International Systems Security Professional Certification Scheme (ISSPCS)

Common Maturity Model Integrated – Developer (Software) (CMMI) – Appraiser

System Security Engineering –Common Maturity Model (SSE-CMM) - Appraiser

CYBER/System Engineering Scrum Master on large system-of-systems Agile and SAFE programs

Microsoft Certified Professional (MCP)

Microsoft Official Curriculum Adjunct Professor, UCSD Extension, Network Security, Software Development, Server, CISSP preparatory training

Texas University Corpus Christi, TX - System Administrator, Software Development, Scripting

Haley Award for Journalism

Booz Allen Hamilton Performance and Team Award for Absolute Personal Best

Microsoft Certified Professional (MCP) – multiple certificates

Texas University Corpus Christi, TX - System Administrator, Software Development, Scripting

Haley Award for Journalism

Booz Allen Hamilton Performance and Team Award for Absolute Personal Best.

SATCOM TRAINING – Puerto Rico

SYSTEM ADMINISTRATION, COMPUTER ENGINEERING, Scripting and SW development, University of Texas, Corpus Christi, TX.

US Coast Guard Experience

I was promoted ahead of my group and was a Lieutenant Commander when I resigned to fly for Flying Tigers Air Line. When I was stationed down in Ramey, Puerto Rico, I was the Communications Officer and had twenty-four Radiomen working for me. I upgraded the COMSTA from Secret to Top Secret, and introduced SATCOM to the station. I took a number of classes on waveforms and SATCOM.

Contact this candidate