STEVEN R. LAPE

*** ****** **.

Tularosa, NM *****

865-***-**** (C)

ad2626@r.postjobfree.com

Relevant Experience

IT Professional with 25 years of experience, including proven management/leadership ability in a fast paced, changing environment to include positions as Information System Security Officer (ISSO) and Information System Security Manager (ISSM).

Experienced with cyber security and security awareness training, for DOE/NNSA and DOD projects, with an emphasis on cyber security planning and implementation. Practiced with FDCC, FISMA, NRC, NISPOM and NIST standards. Also experienced with wireless security, penetration testing, network monitoring, change management, POA&Ms, policies and procedures.

Strong knowledge of FIPS 199, NIST 800-53, NIST 800-30, NIST 800-37, NIST 800-39, NIST 800-70 and NIST 800-82. Extensive knowledge of Risk Management Framework (RMF), Cybersecurity Framework (CSF), and the Certification and Accreditation (C&A)/Assessment and Authorization (A&A) process as part of the authorization package for an Authority to Operate (ATO).

Work Experience

DMI 12/21 – Present Industrial Control System (ICS) Cyber Security Subject Matter Expert (SME) III

Assist with the modernization of the cyber security program for the ICS environment for a federal agency

Team lead for the review of all documentation relating to current ATOs for the various ICS environments including system categorization, SSPs, and all supporting documents

Team lead for moving the various ICS environments from NIST 800-53r5 to NIST 800-82r3 to address security controls

Worked on the development of a Cyber Security Supply Chain Risk Management program

Assist with the development of and implementation of Zero Trust Architecture (ZTA) in relation to the Purdue Model

Assist with the development of ICS Incident Response (IR) Team Model, ICS Threat Hunting Team Model and Change Management documents

Responsible for an ICS Cyber Security staff of 7

Team Lead for the mapping, documentation and network topology diagrams including recommendations for the ICS network

Developed a Risk Assessment Guidelines document for the ICS environment

UCOR 05/19 - 12/21

Cyber Security Manager/Information System Security Manager (ISSM)

Responsible for multiple networks that include General Support Systems (GSS) National Security System (NSS) and two Industrial Control Systems (ICS)

Provided monthly briefings to the DOE Authorizing Official (AO) and Authorizing Official Designated Representative (AODR) on the cyber security status of the GSS, NSS and ICS Accreditation Boundaries

Evaluation, analysis, interpretation, and implementation of Federal laws and regulations including:

oFISMA

oBinding Operational Directives (BODs)

oExecutive Orders (EOs)

oOMB Memorandums

oDOD National Industrial Security Program Operating Manual (NISPOM)

oNNSA Policies (NAPs)

oDOE EM-CSPP and DOE Orders 205.1c

Responsible for a Cyber Security staff of 8 analysts

Responsible for Cyber Security Awareness Program

Created and maintained POA&Ms for all accreditation boundaries including the GSS, ICS, and NSS

Responsible for the development and maintenance of the C&A package, including the SSP, policies/procedures, risk register, roles and responsibilities, incident response plan (IRP), configuration management plan, and disaster recovery plan (DRP)

Savannah River Remediation 12/13 – 05/19

Principal Cyber Security Specialist

Mentored junior members of the cyber security team

Responsible for development and maintenance of the Certification and Accreditation package for GSS and ICS, including development of the SSP, security policies/procedures, roles and responsibilities, IRP, configuration management plan, and DRP

Responsible for risk assessments on equipment, hardware, and software

Developed program to mentor high school students interested in Cyber Security

Developed a security awareness program

Presented at the SANS Security Awareness Summit

Developed curriculum and taught multiple cyber security classes at South Carolina Department of Revenue, Midlands Chapter of Information Systems Audit and Control Association (ISACA) chapter, and US Army Cyber Command teaching Industrial Control System (ICS) security

URS 01/06 to 12/13

Information System Security Manager (ISSM)/Information System Security Officer (ISSO)

Supervised four individuals for DOE/NNSA and DOD cyber security projects

Served as ISSM for NNSA projects that included implementation of the NNSA NAPs for classified and unclassified systems

Performed fingerprinting and penetration testing of network resources in corporate and government environments

ISSO for DOD classified vault

Performed risk assessments for security threats and ensured all network security procedures followed DOD NISPOM and/or DOE 205.1 standards based on project oversight

Partnered with network engineers to ensure backups ran appropriately, and patches and updates were pushed out as required

Wrote articles for URS newsletter addressing computer and network security

Coordinated with Facility Security Officer (FSO) on physical security issues

Augusta State University 01/05 to 01/06

Information Technology Security Officer

Developed and implemented Disaster Recovery and Business Continuity Plan

Updated and expanded school’s Policy and Procedure manual

Developed curriculum for security awareness program, including classes, campus newspaper articles and radio programs

Monitored firewall activity and firewall logs for illegal activity

Performed fingerprinting and penetration testing of network resources; scanning of network for vulnerabilities

Ensured PCI, HIPPA and FERPA standards were met.

Worked closely with ASU Public Safety to resolve instances of computer crime on campus

Troy University 01/04 to 01/05

Network Engineer

Responsible for daily operations of campus networks at Vidalia, GA, Ft. Gordon, & Augusta, GA

Responsible for setup of VTC for virtual classes

Performed setup, maintenance and troubleshooting of servers, switches and routers

Responsibilities include disaster recovery, network security, and backups

Managed three interns and an IT Specialist

SSI 01/02 to 01/04

Network Engineer

Responsible for network security, disaster recovery and backups

Responsible for daily operation of network

Upgraded network from NT 4.0 domain to Server 2003 domain, and mail servers from Exchange 5.5 to Exchange 2000

Westinghouse Safety Management Solutions 01/00 to 01/02

Network Engineer

Worked with Network Security Officer to ensure network security, assessed and eliminated areas of vulnerabilities, and investigated security violations

Coordinated with systems engineer to administrate active directory and Microsoft Windows security

Responsible for maintenance and troubleshooting of Cisco switches, routers, and firewalls.

Microsoft System Management Server administrator for primary and secondary sites

Supervised Help Desk with support staff of four technicians

Project lead for implementation and documentation of DRP

Jerome Personnel 01/99 to 01/00

Computer Technician

Responsible for installation, maintenance, and troubleshooting of computer and peripherals locally and in the field, as well as for imaging of all computers, asset management, and printer maintenance

Set up user accounts and work group folders with appropriately assigned permissions

Carriage Hills Plantation 01/98 to 01/99

Computer/Building Maintenance Manager

Responsible for computer repairs, upgrades of hardware/software and printer maintenance

Ensured OSHA and DHEC regulations are met

Salem Nursing and Rehab Center 06/97 to 01/98

Computer Tech/Building Supervisor

Installation and maintenance of new and existing computers

South Carolina Highway Patrol 06/92 to 06/97

Senior Trooper/Accident Reconstruction Expert

United States Army 01/81 to 06/92

Staff Sergeant / Infantry

Certifications

Certified Information System Security Professional (CISSP)

Certified Information Security Auditor (CISA)

Certified Information Security Manager (CISM)

Certified Ethical Hacker (CEH)

Certified Network Defense Architect (CNDA)

Security+

A+

Training

Network Penetration Testing and Ethical Hacking - SANS

Wireless Penetration Testing and Ethical Hacking – SANS

Critical Security Controls: Planning, Implementing, and Auditing – SANS

ICS/SCADA Security Essentials – SANS

Cloud Security Architecture and Operations – SANS

Open-Source Intelligence (OSINT) Gathering and Analysis - SANS

Clearances

Current Public Trust Clearance

Past DOD and DOE Security Clearances

Contact this candidate