Thomas Winders, CISSP, CISM, CISA Chesapeake, VA *3322 ad1k9m@r.postjobfree.com 757-***-**** (Mobile)
I am a senior Cybersecurity Professional with over 23 years of experience working in corporate and government environments providing critical cybersecurity services such as security staff management, enterprise security architecture design/implementation, security system administration (firewall, IPS, EDR, DLP), plans and policy development, system certification and accreditation (RMF), application security testing, vulnerability management, change management, NIST compliance (800-171, 800-53), security operations center management, security monitoring/detection, incident response, and user awareness training.
My Technical Certifications and Professional Memberships include:
Technical Certifications
Certified Information Systems Security Professional (CISSP)
42611
January 2003
Certified Information Systems Auditor (CISA)
1194466
December 2011
Certified Information Security Manager (CISM)
1425282
April 2014
Professional Memberships and Associations
National Security Agency (NSA) Commercial Solutions for Classified (CSfC) Trusted Integrator
International Information System Security Certification Consortium (ISC2) member
Information Systems Audit and Control Association (ISACA) member
DISA Command Cyber-Readiness Inspection (CCRI) Reviewer
Cybersecurity Operational Test and Evaluation (OT&E) Director
NIAP General Purpose Computing Platform (GPCP) Protection Profile Development Team – Industry Rep
Work Experience
Director of Cybersecurity and Product Certification
Global Technical Systems (GTS) - Virginia Beach, VA
May 2016 to April 2023
As Director of Cybersecurity, I led a team of dedicated cybersecurity professionals in implementing the GTS Cybersecurity Program encompassing a distributed enterprise corporate network with over 200 networked users supporting defense product development. My responsibilities involved all facets of cybersecurity including Application, Network, Cloud, Data, Web, and IOT security. My extensive technical training background allows me to also serve as a cybersecurity mentor and trainer for my staff.
As the Director of Product Certification, I managed all U.S. Government defense product cybersecurity certifications, required for U.S. Government sales. I worked with GTS Product Development Teams in designing, integrating, testing, and documenting, advanced security solutions to meet or exceed federal standards to protect national security information. My accomplishments Include:
Established a highly effective corporate cybersecurity program strategy focused on NIST control compliance, significantly increasing the company’s DoD Supplier Performance Risk System (SPRS) score, heavily factored in determining DoD contract awards.
Received NSA Trusted Integrator (TI) Status by meeting all the knowledge and experience criteria necessary to architect, design, integrate, test, document, field, and support Commercial Solutions for Classified (CSfC) Solutions for the U.S. Government.
Utilizing my in-depth knowledge of the NIAP Testing requirements, I saved the company more than $300,000 in lab testing fees. This enabled the GTS NXGEN-L product line to be featured on the NSA NIAP Evaluated Products List (EPL) and CSfC Components List websites, expanding product sales to the U.S. Government.
Collaborated with the GTS IT Manager to implement Endpoint Detection and Response (EDR), Multifactor Authentication (MFA), Data at Rest (DAR) encryption, Data Loss Prevention (DLP), and Cloud Security Monitoring, significantly increasing our cybersecurity posture and program maturity.
I led the development of the GTS Technical Integration Lab (TIL), to provide a controlled network service environment for designing, developing, integrating, and testing GTS cyber defense products and solutions.
I conceived and led the development of the GTS Virtual Cyber Range, which provided GTS cybersecurity staff with a virtual training environment to practice Security Operations Center (SOC) threat-hunting techniques and develop incident response workflows.
Adopted Corporate use of the U.S. Government’s Cybersecurity & Infrastructure Security Agency (CISA), Cyber Security Evaluation Toolset (CSET), for documenting and monitoring system accreditations and security control compliance status. The tool substantially decreased the time required for security control assessments and provided a dependable means of tracking, gathering, and retaining control compliance evidence.
Implemented and managed the Office 365 Phishing Attack Simulation Training Tool to train employees to detect and respond to phishing and ransomware attacks. Within three months, we saw significant improvement in user response, making this tool invaluable in fortifying our defenses against email-based attacks.
Led the development of the company's internal Cybersecurity Portal to provide employees instant access to cybersecurity policies, procedures, awareness training, and cybersecurity news.
Conceived and led the development of the GTS Configuration Change Management Portal to automatically upload, track, route, notify, comment, and approve configuration change requests using email automation. This automation simplified the entire process and provided a means to capture essential change request information, necessary for the security review process.
Led the development of the GTS Training Management Portal to automate the assignment and tracking of mandatory training completion requirements. This automation saved countless hours of manual tracking and provided a means to capture training completion records.
Information Assurance Specialist IV
FGS, LLC - Norfolk, VA
US Navy Commander, Operational Test and Evaluation Force
July 2015 to May 2016
Responsible for planning, executing, and recording Cybersecurity Operational Test and Evaluation (OT&E) of US military cyber systems during fleet exercises utilizing a combination of offensive cyber and onboard monitoring. Also performed forensic analysis of data collected during testing to validate test results for the technical OT&E report. Accomplishments include:
Completed the COMOPTEVFOR Operational Test Director (OTD) Course.
Served as the Cybersecurity Data Collector and Observer, for the U.S.S. Harry S. Truman Strike Group Composite Training Unit Exercise.
Developed a method to efficiently capture and parse massive amounts of machine data by developing batch scripts to break up and convert large PCAP files for indexing by Splunk.
Senior Information Assurance Engineer
Super Systems Inc. - Norfolk, VA
US Navy Space & Naval Warfare Systems Command (SPAWAR)
September 2014 to June 2015
Conducted cybersecurity assessments of the Military Sealift Command (MSC) Afloat System Baseline applications and networks to support security accreditation. My accomplishments include:
Developed a virtual software testing environment for testing MSC mission-critical applications, utilizing both commercial and open-source cyber penetration testing tools.
Successfully integrated a Wide Area Network (WAN) emulator into a virtual test environment to simulate ship-to-shore satellite communications required for application testing.
Principal Information Security Analyst (ISSO)
General Dynamics Information Technology, Inc. - Suffolk, VA
U.S. Joint Staff J7
April 2013 to August 2014
Performed Security certification and accreditation of Joint Staff IT Systems and applications under the DoD Information Assurance Certification and Accreditation Process (DIACAP) and the Risk Management Frameworks (RMF). Conducted vulnerability management of all classified and unclassified Joint Staff networked systems and applications. Conducted static and dynamic code analysis of Modeling and Simulation applications development. My Accomplishments include:
Streamlined the system IA accreditation process by directly importing vulnerability scan data from the Assured Compliance Assessment Solution (ACAS) into the Enterprise Mission Assurance Support Service (eMASS)
Increased the security of in-house developed software applications by implementing the HP Fortify Static Code Analyzer (SCA) to analyze source code at various stages of the development and working with the developers to track and correct the vulnerabilities.
Relevant Education and Training
Training Provider
Training Concentration
Atlantic Christian College, Wilson NC
General Business Courses
Combat Systems Technical Schools, Vallejo, CA
Digital Computing Basics
Computer Science and Engineering
Wireless Tactical Networking
US Marine Corps Computer Science School, Quantico, VA
Computer Security Specialist Course for Managers
Fleet Combat Training Center Pacific, San Diego, CA
C4I Systems Engineering
America’s Computer Training Source (ACTS), Virginia Beach, VA
Microsoft Windows 2000 Infrastructure and Directory Services
Global Knowledge Inc. - Virginia Beach, VA
Introduction to UNIX
Advanced UNIX
SANS Institute – Virginia Beach, VA
Security Essentials
Introduction to BOTS and Worms,
IP Packet Analysis
Computer Dynamics Institute (CDI) – Virginia Beach, Va
CISCO Secure Intrusion Detection Systems
Integrating and Securing Wireless Networks
Defense Information Systems Agency (DISA)
Windows 2003 Security
Network Security and Firewall Administration
Designing Security Architectures
Introduction to Cisco Routers and Network Security,
Auditing Logs for Information Assurance Managers,
Vulnerability Management System (VMS),
Public Key Infrastructure (PKI)
Host-Based Security Solution (HBSS)
Immix Group, Inc
HP Fortify Static Code Analyzer (SCA)
Splunk, Inc.
Operational Intelligence and Machine Data using Splunk
Udemy
MS-500 Microsoft 365 Security Administration Lectures and Sims
Udemy
The Complete Cyber Range Hacking Lab: Full Course
OCSALY Academy
The Complete Computer Forensics Course or 2023
Udemy
Cybersecurity Threat Hunting for SOC Analyst
Udemy
Cybersecurity Operations and Technology Solutions
Udemy
SOC Analyst Training with Hands-on to SIEM from Scratch
Udemy
Ansible for Network Engineers: Quick Start GNS3 & Ansible
Udemy
Mastering AI for Cyber Threat Detection: A Complete Course
Udemy
Digital Forensics Masterclass: Forensic Science 2023 DFMC+
Udemy
The Ultimate Guide to ChatGPT & Midjourney
Udemy
IT Security for Cisco CCNA: 640-554 IINS
Udemy
The Complete Wireshark Course: Go from Beginner to Advanced
Udemy
Start Kali Linux, Ethical Hacking and Penetration Testing
Udemy
Cisco ASA VPN configuration site to site
Udemy
SQL Learn SQL 101, 202 and 303 all in 1 Course. 10X Learning
Udemy
Azure Cloud Security with Microsoft Azure For Beginners
Udemy
Blue Team Boot Camp: Defending Against Hackers
Udemy
Mastering Python - Networking and Security
Udemy
Hacking Academy: How to Monitor & Intercept Transmitted Data
Udemy
Java Programming – The Master Course
LearnsSmart LLC
IT Networking for Cisco: (CCNA 200-120, 640-554, 640-721)
Infinite Skills
Learning Windows PowerShell
Green Chameleon Learning
Python for Absolute Beginners
Udemy
Real-World Ethical Hacking: Hands-on Cybersecurity
Udemy
The Complete Ethical Hacking Course: Beginner to Advanced!
Udemy
The Complete Cyber Security Course: Network Security!