Cyber Security Officer
Resume:
STEVEN R. LAPE
Tularosa, NM *****
865-***-**** (C)
*********@**********.***
Relevant Experience
IT Professional with 25 years of experience, including proven management/leadership ability in a fast paced, changing environment to include positions as Information System Security Officer (ISSO) and Information System Security Manager (ISSM).
Experienced with cyber security and security awareness training, for DOE/NNSA and DOD projects, with an emphasis on cyber security planning and implementation. Practiced with FDCC, FISMA, NRC, NISPOM and NIST standards. Also experienced with wireless security, penetration testing, network monitoring, change management, POA&Ms, policies and procedures.
Strong knowledge of FIPS 199, NIST 800-53, NIST 800-30, NIST 800-37, NIST 800-39, NIST 800-70 and NIST 800-82. Extensive knowledge of Risk Management Framework (RMF), Cybersecurity Framework (CSF), and the Certification and Accreditation (C&A)/Assessment and Authorization (A&A) process as part of the authorization package for an Authority to Operate (ATO).
Work Experience
DMI 12/21 – Present Industrial Control System (ICS) Cyber Security Subject Matter Expert (SME) III
Assist with the modernization of the cyber security program for the ICS environment for a federal agency
Team lead for the review of all documentation relating to current ATOs for the various ICS environments including system categorization, SSPs, and all supporting documents
Team lead for moving the various ICS environments from NIST 800-53r5 to NIST 800-82r3 to address security controls
Worked on the development of a Cyber Security Supply Chain Risk Management program
Assist with the development of and implementation of Zero Trust Architecture (ZTA) in relation to the Purdue Model
Assist with the development of ICS Incident Response (IR) Team Model, ICS Threat Hunting Team Model and Change Management documents
Responsible for an ICS Cyber Security staff of 7
Team Lead for the mapping, documentation and network topology diagrams including recommendations for the ICS network
Developed a Risk Assessment Guidelines document for the ICS environment
UCOR 05/19 - 12/21
Cyber Security Manager/Information System Security Manager (ISSM)
Responsible for multiple networks that include General Support Systems (GSS) National Security System (NSS) and two Industrial Control Systems (ICS)
Provided monthly briefings to the DOE Authorizing Official (AO) and Authorizing Official Designated Representative (AODR) on the cyber security status of the GSS, NSS and ICS Accreditation Boundaries
Evaluation, analysis, interpretation, and implementation of Federal laws and regulations including:
oFISMA
oBinding Operational Directives (BODs)
oExecutive Orders (EOs)
oOMB Memorandums
oDOD National Industrial Security Program Operating Manual (NISPOM)
oNNSA Policies (NAPs)
oDOE EM-CSPP and DOE Orders 205.1c
Responsible for a Cyber Security staff of 8 analysts
Responsible for Cyber Security Awareness Program
Created and maintained POA&Ms for all accreditation boundaries including the GSS, ICS, and NSS
Responsible for the development and maintenance of the C&A package, including the SSP, policies/procedures, risk register, roles and responsibilities, incident response plan (IRP), configuration management plan, and disaster recovery plan (DRP)
Savannah River Remediation 12/13 – 05/19
Principal Cyber Security Specialist
Mentored junior members of the cyber security team
Responsible for development and maintenance of the Certification and Accreditation package for GSS and ICS, including development of the SSP, security policies/procedures, roles and responsibilities, IRP, configuration management plan, and DRP
Responsible for risk assessments on equipment, hardware, and software
Developed program to mentor high school students interested in Cyber Security
Developed a security awareness program
Presented at the SANS Security Awareness Summit
Developed curriculum and taught multiple cyber security classes at South Carolina Department of Revenue, Midlands Chapter of Information Systems Audit and Control Association (ISACA) chapter, and US Army Cyber Command teaching Industrial Control System (ICS) security
URS 01/06 to 12/13
Information System Security Manager (ISSM)/Information System Security Officer (ISSO)
Supervised four individuals for DOE/NNSA and DOD cyber security projects
Served as ISSM for NNSA projects that included implementation of the NNSA NAPs for classified and unclassified systems
Performed fingerprinting and penetration testing of network resources in corporate and government environments
ISSO for DOD classified vault
Performed risk assessments for security threats and ensured all network security procedures followed DOD NISPOM and/or DOE 205.1 standards based on project oversight
Partnered with network engineers to ensure backups ran appropriately, and patches and updates were pushed out as required
Wrote articles for URS newsletter addressing computer and network security
Coordinated with Facility Security Officer (FSO) on physical security issues
Augusta State University 01/05 to 01/06
Information Technology Security Officer
Developed and implemented Disaster Recovery and Business Continuity Plan
Updated and expanded school’s Policy and Procedure manual
Developed curriculum for security awareness program, including classes, campus newspaper articles and radio programs
Monitored firewall activity and firewall logs for illegal activity
Performed fingerprinting and penetration testing of network resources; scanning of network for vulnerabilities
Ensured PCI, HIPPA and FERPA standards were met.
Worked closely with ASU Public Safety to resolve instances of computer crime on campus
Troy University 01/04 to 01/05
Network Engineer
Responsible for daily operations of campus networks at Vidalia, GA, Ft. Gordon, & Augusta, GA
Responsible for setup of VTC for virtual classes
Performed setup, maintenance and troubleshooting of servers, switches and routers
Responsibilities include disaster recovery, network security, and backups
Managed three interns and an IT Specialist
SSI 01/02 to 01/04
Network Engineer
Responsible for network security, disaster recovery and backups
Responsible for daily operation of network
Upgraded network from NT 4.0 domain to Server 2003 domain, and mail servers from Exchange 5.5 to Exchange 2000
Westinghouse Safety Management Solutions 01/00 to 01/02
Network Engineer
Worked with Network Security Officer to ensure network security, assessed and eliminated areas of vulnerabilities, and investigated security violations
Coordinated with systems engineer to administrate active directory and Microsoft Windows security
Responsible for maintenance and troubleshooting of Cisco switches, routers, and firewalls.
Microsoft System Management Server administrator for primary and secondary sites
Supervised Help Desk with support staff of four technicians
Project lead for implementation and documentation of DRP
Jerome Personnel 01/99 to 01/00
Computer Technician
Responsible for installation, maintenance, and troubleshooting of computer and peripherals locally and in the field, as well as for imaging of all computers, asset management, and printer maintenance
Set up user accounts and work group folders with appropriately assigned permissions
Carriage Hills Plantation 01/98 to 01/99
Computer/Building Maintenance Manager
Responsible for computer repairs, upgrades of hardware/software and printer maintenance
Ensured OSHA and DHEC regulations are met
Salem Nursing and Rehab Center 06/97 to 01/98
Computer Tech/Building Supervisor
Installation and maintenance of new and existing computers
South Carolina Highway Patrol 06/92 to 06/97
Senior Trooper/Accident Reconstruction Expert
United States Army 01/81 to 06/92
Staff Sergeant / Infantry
Certifications
Certified Information System Security Professional (CISSP)
Certified Information Security Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Ethical Hacker (CEH)
Certified Network Defense Architect (CNDA)
Security+
A+
Training
Network Penetration Testing and Ethical Hacking - SANS
Wireless Penetration Testing and Ethical Hacking – SANS
Critical Security Controls: Planning, Implementing, and Auditing – SANS
ICS/SCADA Security Essentials – SANS
Cloud Security Architecture and Operations – SANS
Open-Source Intelligence (OSINT) Gathering and Analysis - SANS
Clearances
Current Public Trust Clearance
Past DOD and DOE Security Clearances
Contact this candidate