Thomas Winders, CISSP, CISM, CISA Chesapeake, VA *3322 ad1k9m@r.postjobfree.com 757-***-**** (Mobile)

I am a senior Cybersecurity Professional with over 23 years of experience working in corporate and government environments providing critical cybersecurity services such as security staff management, enterprise security architecture design/implementation, security system administration (firewall, IPS, EDR, DLP), plans and policy development, system certification and accreditation (RMF), application security testing, vulnerability management, change management, NIST compliance (800-171, 800-53), security operations center management, security monitoring/detection, incident response, and user awareness training.

My Technical Certifications and Professional Memberships include:

Technical Certifications

Certified Information Systems Security Professional (CISSP)

42611

January 2003

Certified Information Systems Auditor (CISA)

1194466

December 2011

Certified Information Security Manager (CISM)

1425282

April 2014

Professional Memberships and Associations

National Security Agency (NSA) Commercial Solutions for Classified (CSfC) Trusted Integrator

International Information System Security Certification Consortium (ISC2) member

Information Systems Audit and Control Association (ISACA) member

DISA Command Cyber-Readiness Inspection (CCRI) Reviewer

Cybersecurity Operational Test and Evaluation (OT&E) Director

NIAP General Purpose Computing Platform (GPCP) Protection Profile Development Team – Industry Rep

Work Experience

Director of Cybersecurity and Product Certification

Global Technical Systems (GTS) - Virginia Beach, VA

May 2016 to April 2023

As Director of Cybersecurity, I led a team of dedicated cybersecurity professionals in implementing the GTS Cybersecurity Program encompassing a distributed enterprise corporate network with over 200 networked users supporting defense product development. My responsibilities involved all facets of cybersecurity including Application, Network, Cloud, Data, Web, and IOT security. My extensive technical training background allows me to also serve as a cybersecurity mentor and trainer for my staff.

As the Director of Product Certification, I managed all U.S. Government defense product cybersecurity certifications, required for U.S. Government sales. I worked with GTS Product Development Teams in designing, integrating, testing, and documenting, advanced security solutions to meet or exceed federal standards to protect national security information. My accomplishments Include:

Established a highly effective corporate cybersecurity program strategy focused on NIST control compliance, significantly increasing the company’s DoD Supplier Performance Risk System (SPRS) score, heavily factored in determining DoD contract awards.

Received NSA Trusted Integrator (TI) Status by meeting all the knowledge and experience criteria necessary to architect, design, integrate, test, document, field, and support Commercial Solutions for Classified (CSfC) Solutions for the U.S. Government.

Utilizing my in-depth knowledge of the NIAP Testing requirements, I saved the company more than $300,000 in lab testing fees. This enabled the GTS NXGEN-L product line to be featured on the NSA NIAP Evaluated Products List (EPL) and CSfC Components List websites, expanding product sales to the U.S. Government.

Collaborated with the GTS IT Manager to implement Endpoint Detection and Response (EDR), Multifactor Authentication (MFA), Data at Rest (DAR) encryption, Data Loss Prevention (DLP), and Cloud Security Monitoring, significantly increasing our cybersecurity posture and program maturity.

I led the development of the GTS Technical Integration Lab (TIL), to provide a controlled network service environment for designing, developing, integrating, and testing GTS cyber defense products and solutions.

I conceived and led the development of the GTS Virtual Cyber Range, which provided GTS cybersecurity staff with a virtual training environment to practice Security Operations Center (SOC) threat-hunting techniques and develop incident response workflows.

Adopted Corporate use of the U.S. Government’s Cybersecurity & Infrastructure Security Agency (CISA), Cyber Security Evaluation Toolset (CSET), for documenting and monitoring system accreditations and security control compliance status. The tool substantially decreased the time required for security control assessments and provided a dependable means of tracking, gathering, and retaining control compliance evidence.

Implemented and managed the Office 365 Phishing Attack Simulation Training Tool to train employees to detect and respond to phishing and ransomware attacks. Within three months, we saw significant improvement in user response, making this tool invaluable in fortifying our defenses against email-based attacks.

Led the development of the company's internal Cybersecurity Portal to provide employees instant access to cybersecurity policies, procedures, awareness training, and cybersecurity news.

Conceived and led the development of the GTS Configuration Change Management Portal to automatically upload, track, route, notify, comment, and approve configuration change requests using email automation. This automation simplified the entire process and provided a means to capture essential change request information, necessary for the security review process.

Led the development of the GTS Training Management Portal to automate the assignment and tracking of mandatory training completion requirements. This automation saved countless hours of manual tracking and provided a means to capture training completion records.

Information Assurance Specialist IV

FGS, LLC - Norfolk, VA

US Navy Commander, Operational Test and Evaluation Force

July 2015 to May 2016

Responsible for planning, executing, and recording Cybersecurity Operational Test and Evaluation (OT&E) of US military cyber systems during fleet exercises utilizing a combination of offensive cyber and onboard monitoring. Also performed forensic analysis of data collected during testing to validate test results for the technical OT&E report. Accomplishments include:

Completed the COMOPTEVFOR Operational Test Director (OTD) Course.

Served as the Cybersecurity Data Collector and Observer, for the U.S.S. Harry S. Truman Strike Group Composite Training Unit Exercise.

Developed a method to efficiently capture and parse massive amounts of machine data by developing batch scripts to break up and convert large PCAP files for indexing by Splunk.

Senior Information Assurance Engineer

Super Systems Inc. - Norfolk, VA

US Navy Space & Naval Warfare Systems Command (SPAWAR)

September 2014 to June 2015

Conducted cybersecurity assessments of the Military Sealift Command (MSC) Afloat System Baseline applications and networks to support security accreditation. My accomplishments include:

Developed a virtual software testing environment for testing MSC mission-critical applications, utilizing both commercial and open-source cyber penetration testing tools.

Successfully integrated a Wide Area Network (WAN) emulator into a virtual test environment to simulate ship-to-shore satellite communications required for application testing.

Principal Information Security Analyst (ISSO)

General Dynamics Information Technology, Inc. - Suffolk, VA

U.S. Joint Staff J7

April 2013 to August 2014

Performed Security certification and accreditation of Joint Staff IT Systems and applications under the DoD Information Assurance Certification and Accreditation Process (DIACAP) and the Risk Management Frameworks (RMF). Conducted vulnerability management of all classified and unclassified Joint Staff networked systems and applications. Conducted static and dynamic code analysis of Modeling and Simulation applications development. My Accomplishments include:

Streamlined the system IA accreditation process by directly importing vulnerability scan data from the Assured Compliance Assessment Solution (ACAS) into the Enterprise Mission Assurance Support Service (eMASS)

Increased the security of in-house developed software applications by implementing the HP Fortify Static Code Analyzer (SCA) to analyze source code at various stages of the development and working with the developers to track and correct the vulnerabilities.

Relevant Education and Training

Training Provider

Training Concentration

Atlantic Christian College, Wilson NC

General Business Courses

Combat Systems Technical Schools, Vallejo, CA

Digital Computing Basics

Computer Science and Engineering

Wireless Tactical Networking

US Marine Corps Computer Science School, Quantico, VA

Computer Security Specialist Course for Managers

Fleet Combat Training Center Pacific, San Diego, CA

C4I Systems Engineering

America’s Computer Training Source (ACTS), Virginia Beach, VA

Microsoft Windows 2000 Infrastructure and Directory Services

Global Knowledge Inc. - Virginia Beach, VA

Introduction to UNIX

Advanced UNIX

SANS Institute – Virginia Beach, VA

Security Essentials

Introduction to BOTS and Worms,

IP Packet Analysis

Computer Dynamics Institute (CDI) – Virginia Beach, Va

CISCO Secure Intrusion Detection Systems

Integrating and Securing Wireless Networks

Defense Information Systems Agency (DISA)

Windows 2003 Security

Network Security and Firewall Administration

Designing Security Architectures

Introduction to Cisco Routers and Network Security,

Auditing Logs for Information Assurance Managers,

Vulnerability Management System (VMS),

Public Key Infrastructure (PKI)

Host-Based Security Solution (HBSS)

Immix Group, Inc

HP Fortify Static Code Analyzer (SCA)

Splunk, Inc.

Operational Intelligence and Machine Data using Splunk

Udemy

MS-500 Microsoft 365 Security Administration Lectures and Sims

Udemy

The Complete Cyber Range Hacking Lab: Full Course

OCSALY Academy

The Complete Computer Forensics Course or 2023

Udemy

Cybersecurity Threat Hunting for SOC Analyst

Udemy

Cybersecurity Operations and Technology Solutions

Udemy

SOC Analyst Training with Hands-on to SIEM from Scratch

Udemy

Ansible for Network Engineers: Quick Start GNS3 & Ansible

Udemy

Mastering AI for Cyber Threat Detection: A Complete Course

Udemy

Digital Forensics Masterclass: Forensic Science 2023 DFMC+

Udemy

The Ultimate Guide to ChatGPT & Midjourney

Udemy

IT Security for Cisco CCNA: 640-554 IINS

Udemy

The Complete Wireshark Course: Go from Beginner to Advanced

Udemy

Start Kali Linux, Ethical Hacking and Penetration Testing

Udemy

Cisco ASA VPN configuration site to site

Udemy

SQL Learn SQL 101, 202 and 303 all in 1 Course. 10X Learning

Udemy

Azure Cloud Security with Microsoft Azure For Beginners

Udemy

Blue Team Boot Camp: Defending Against Hackers

Udemy

Mastering Python - Networking and Security

Udemy

Hacking Academy: How to Monitor & Intercept Transmitted Data

Udemy

Java Programming – The Master Course

LearnsSmart LLC

IT Networking for Cisco: (CCNA 200-120, 640-554, 640-721)

Infinite Skills

Learning Windows PowerShell

Green Chameleon Learning

Python for Absolute Beginners

Udemy

Real-World Ethical Hacking: Hands-on Cybersecurity

Udemy

The Complete Ethical Hacking Course: Beginner to Advanced!

Udemy

The Complete Cyber Security Course: Network Security!

Contact this candidate