Don McCoy has over ** years’ experience in Commercial and Federal IT systems. Don’s core expertise includes the ability to solve highly complex challenges and apply effective solutions through identification of inefficiencies to align solutions with business and compliance goals. This experience provides a clear understanding of FedRAMP requirements with demonstrated achievements in developing security policies and plans for cloud systems including Infrastructure as a Service, and Software as a Service.

Core Skills

Cybersecurity

Cloud Computing

Regulatory Compliance (FedRAMP, NIST, HITRUST, HIPAA, CMMC, CMS)

Program-Project Management

Data Center Security

IT and Security Integration

FedRAMP

NIST 800-53 R5

IT Sector Experience

Commercial and Federal IT Systems

Governance, Risk Management and Compliance

Healthcare

IaaS, PaaS, SaaS

Certifications

Successfully passed the Baltimore Cyber Range (BCR) required for FedRAMP 3PAO assessors

Certified Information System Security Professional (CISSP)

Certified Cloud Security Professional (CCSP)

Certified Information Security Manager (CISM)

Clearances

Non active currently

Previously held TSSCI

Education

BS EET from Siena Heights University

Cloud Service Provider

Physical Security Systems

FedRAMP

NIST 800-53 R5

Cloud Security Knowledge (CCSK)

Project Management Professional (PMP)

Security+

Cloud+

Professional Experience

Sr. Cyber Security Consultant / Owner

Interactive Cyber Solutions, LLC - Self Employed (August 2023 – present)

Working Remote on all projects.

Provide advisory services for CSPs entering the FedRAMP ready and in-process status. Prepare these CSPs for their FedRAMP assessment.

Assist in writing FedRAMP System Security Plan, policies, procedures, and other related documentation.

Reviewing architecture and processes to validate their compliance with FedRAMP.

Providing compliance assessments and artifact collection assistance.

Sr. FedRAMP Lead Assessor

NCC Group - New York, NY (June 2022 – August 2023)

Worked remote for all assessments.

Responsible for Risk Management Group 3PAO FedRAMP Assessments (full, annual, and readiness) to include interviews, documentation, and customer relationships.

Provide Cybersecurity and Compliance advisory services supporting multiple frameworks (FedRAMP, NIST, HITRUST, HIPAA, CMMC, CMS) as required to support customer requirements.

Sr. Cyber Cloud Authorization Analyst

Take2 IT – Vienna, VA (March 2022 – May 2022)

Worked remote for all projects.

Technical lead working with the Joint Cyber Operations and Integration Center (JCOIC) new interfaces team supporting the Veterans Administration (VA) Electronic Health Records Modernization (EHRM) Program.

Supported JCOIC team with compliance reviews of Authority to Connect (ATC) packages for vendors connectivity to the VA EHRM systems.

FedRAMP SME supporting VA EHHRM program with FedRAMP Agency ATOs.

Chief Information Security Officer (CISO)

CyLogic - Chevy Chase, MD (January 2020 – February 2022)

Worked remote with as needed on-site work at the data center.

Responsible for the security and compliance program for CyLogic Cloud Infrastructure as a Service (IaaS); both Federal and Commercial.

Monitor security and compliance of datacenters, oversee Cloud IaaS, and manage all aspects of personnel security and training, leading daily technical and security meetings to assess / mitigate risks and vulnerabilities. Confirm ongoing compliance of VMware deployments and perform comprehensive vulnerability scanning of infrastructure and in-scope assets providing solutions using Active Directory, firewalls, VMware cloud builder, vCenter, SDDC manager etc. to confirm assets are properly patched and adhere to strict POAM management. Track security compliance and provide monthly reports to maintain FedRAMP status.

Executed FedRAMP FISMA HIGH System Security Plan, Policies and Procedures and associated compliance documentation and implemented continuous monitoring and timely resolution through ticketing system.

Enhanced the system’s security posture by leading technical operations teams in mitigating risk and developing business processes for continuous monitoring and maintenance.

Sr. Cyber Security Consultant – Owner

Interactive Tech Solutions - Crownsville, MD (June 2018 – January 2020)

Worked remote and as needed on-site at the Ostendio corporate office in Rosly VA.

Delivered consulting services to Ostendio. Ostendio offers a compliance platform (MyVCM) for compliance frameworks such as SOC 2, HIPAA, HITRUST, NIST 800-53, GDPR and other frameworks.

Managed projects with customers to achieve certifications. Created audits, tasks, documentation, control mapping and configured platforms to ensure customer compliance.

Consulted on the implementation of administrative, technical, and operational security controls for relevant frameworks (SOC, HIPAA including NIST 800-53 r4 FedRAMP System Security Plan and related attachment support.

Delivered training on generating compliant FedRAMP System Security Plans for customers.

Program Manager

Constellation Inc – Washington DC (May 2017 – September 2018)

Worked on-site in Washington DC.

Provided Program Management support for Customs and Border Protection and U.S Border Patrol mobile device program. Managed deployments and logistics of mobile devices for all field offices nationwide.

Sr. Cloud Program Manager - Cloud ISSO

Clear Government Solutions - Ashburn, VA (June 2013 – January 2017)

Worked remote and on-site as needed at the data centers.

Led the planning, coordination, documentation, compliance, and dissemination of the FedRAMP Security Authorization Package associated with the FedRAMP P-ATO awarded by the Joint Authorization Board (JAB) comprised of DHS, DOD and GSA. This includes updating the System Security Plan, Policies, Procedures, and other required plans (CONOPS, Disaster Recover, Configuration Management, and Business Continuity) per NIST SP 800-53 r3 to NIST SP 800-53 r4 including the FedRAMP additional controls. These plans, policies, and procedures became the core focus of the business’ mission goals and aligned with Federal Agencies’ missions.

Led on-going risk analysis and risk assessment with the technical teams to ensure the integrity of the system’s security posture.

Implemented business process to ensure security posture was continuously monitored, maintained and enhanced. Held daily technical and security meetings with staff to ensure risks or vulnerabilities were assessed and mitigated as quickly as possible.

Led Change Authorization Board (CAB) ensuring the systems integrity and validating planning, implementation and testing of system changes, patches, updates and enhancements. Weekly CAB meetings included the identification of the current system state and planning for future technologies to improve performance and security.

Led planning coordination and successful implementation of System Security Policies, Plans and Procedures for the entire System Engineering Lifecycle.

Held scheduled technical interchange meetings with Customers, FedRAMP ISSO, JAB and FedRAMP PMO.

Coordinated integration of IT Security requirements necessary to migrate to secure cloud infrastructure. Facilitated migration planning from As-Is to the To-Be architectures, conducting vulnerability analysis and continuous monitoring activities. Ensured security tools were up-to-date and developed plans and procedures to align new technologies with security tools and techniques.

Managed the POA&M from vulnerability scan results obtained using the vulnerability scanning tools and other documents required for the monthly Continuous Monitoring process and deliver to FedRAMP. This requires tracking new, closed, inventory baselines, and Deviation Requests (DR).

Responsible for daily supervision of all IT Staff to include ensuring information security was continuously maintained. Trained staff as appropriate by providing annual Security Awareness Training and as needed role-based security training.

Member of the internal Change Authority Board (CAB) and fully involved in all change control activities (Change request submission, planning, approval, implementation, review, testing and close-out).

Managed multiple concurrent programs composed of cross-functional and geographically dispersed teams.

Test Director

Constellation, Inc – Washington DC (October 2012 – June 2013)

Worked remote with monthly on-site meetings at FEMA Headquarters.

Maintained the FEMA Test & Evaluation Management Plan keeping it current with new releases of the Logistics & Supply Chain Management System (LSCMS).

Maintained the Integrated Master Schedule to ensure vendor deliverables met program milestones and resources were available for User Acceptance Testing, transfer to operations and operational testing.

Director of Managed Hosting

Computer Technology Consultants – Lanham, MD (November 2011 – December 2012)

Worked on-site at Computer Technology Consultants with frequent trips to the data centers.

Directed the Hosting Division's staff, budgets, programs, customer relations, technical teams, and day-to-day operations. Provided daily supervision of technical and security teams. Managed concurrent and planned future programs with a strong focus on the technical and security requirements to ensure CTC and customer mission/goals/needs were met.

Authored and completed three separate System Security Plans with corresponding Policies and Procedures following FedRAMP -NIST SP 800-53 guidance for FedRAMP authorization. This included the required documentation as well as CONOPS, Disaster Recover, and Business Continuity.

Directed a third-party assessment team and the technical team ensuring FedRAMP - NIST SP-800-53 control documentation and implementation.

Directed the division's design, implementation, and maintenance of the Managed Hosting and Cloud Services, consisting of over 100 servers and 500+ websites, employing a mixture of VMWare and Xen servers. Responsible for ensuring the security controls were implemented to meet 800-53 guidance and the mission/business goals of CTS as well as the Department of State.

Directed a global team of System Administrators and a 24/7 Help Desk providing full life cycle support of Hosted systems on physical and virtual servers for the division.

Developed strategic relationships, with specific Service Level Agreements (SLAs), with hosting providers to sustain Managed Hosting solutions and Cloud Services.

Managed system deployment through the SELC and into the Operation and Maintenance Phase. This required help desk activities included support requests, patch management, and system upgrades.

Participated in the Configuration Control Board to ensure that system upgrades, bug fixes, patches, and enhancements conformed to functional, technical, and security-related specifications/guidance.

Directed day-to-day operations and interfaced with the customers under the Department of State (DOS) Networks contract. This team was responsible for all the DOS websites including hosting, operations, and maintenance. System maintenance was coordinated with Government officials to ensure that maintenance was tested before implementation as well as to ensure it was within scope and budget.

Worked with multiple Government teams to accomplish work under various IT task orders.

Contact this candidate