Resume

Risk Management System Security

Location:

Oviedo, FL

Posted:

March 11, 2024

Contact this candidate

Resume:

ROGER D. CLAYWELL

*** ******* ** ******, ** ***** Cell Telephone: 407-***-****

E-mail: ad39dl@r.postjobfree.com

OBJECTIVE

A professional position that requires a vision for the future, creative ways to precede faced with any given scenario and ideation thinking. I have a proven track record of making things happen.

TECHNICAL EXPERTISE

•IAM level III DoD 8570 Certification CISM.

•Retired Veteran with over 21 years of service (AF E7).

•Deployed to several overseas locations.

•All Phases of Risk Management Framework (RMF).

•Firewall System Admin.

•IAVAM

•On winning team for over $4Billion in new contracts.

•eMASS

•TS/SCI Clearance

SECURITY CLEARANCE

Cleared for TOP SECRET information and granted access to Sensitive Compartmented Information by the Department of Defense (DOD), based on a United States Office of Personnel Management (OPM) Single Scope Background Investigation (SSBI), completed on 12/16/2016 CE 5 Feb 2020.

EXPERIENCE HIGHLIGHTS

Sr. Principal Cyber Operations

Qineriq July 2023- Present

•Performs and/or reviews technical security assessments of computing environments to identify points of vulnerability, non- compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.

•Validates and verifies system security requirements definitions and analysis and establishes system security designs.

•Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.

•Builds IA into systems deployed to operational environments.

•Assists architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions.

•Supports the building of security architectures.

•Enforce the design and implementation of trusted relations among external systems and architectures.

•Assesses and mitigates system security threats/risks throughout the program life cycle.

•Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.

•Reviews certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content.

•Applies system security engineering expertise in one or more of the following: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf

and government off- the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security testing.

•Supports security authorization activities in compliance with NSA/CSS Information System Certification and Accreditation Process (NISCAP) and DoD Risk Management Framework (RMF), the NIST Risk Management Framework (RMF) process, and prescribed NSA/CSS business processes for security engineering

Lead Cyber Security Engineer

Maxar Feb 2023- June 2023.

•Validates and verifies system security requirements definitions and analysis and establishes system security designs.

•Builds IA into systems deployed to operational environments.

•Supports the building of security architectures.

•Enforce the design and implementation of trusted relations among external systems and architectures.

•Assesses and mitigates system security threats/risks throughout the program life cycle.

•Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.

•Reviews certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content.

Enterprise Architect

Bank of the West July 2022 to March 2023.

•Assist with firewall management for third party bank connections.

•Provide support as an information security subject matter expert to department or business units for relevant business or system processes.

Information System Security Engineer/ Manger

Northrup Grumman Dec 2020 to Aug 2022

•Assisted in the creation, consultation, and ongoing assessment and authorization documentation in compliance with Federal Cybersecurity policies and guidelines DOD 8500 and NIST 800-53 controls for several DoD programs.

•Assisted in the response and accountability for Operational Directives and Operational Orders.

•Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan.

•Obtained 3 year ATOs for 4 different programs never done before I became the ISSM.

Principal Information Assurance Engineer

Janus Research Group June 2020 to Dec 2020

•Assisted in the response and accountability for Operational Directives and Operational Orders.

•Document compliance actions within the approved automated compliance tracking system or develop a plan of actions and milestones (POA&M) with the Information Systems Security Manager (ISSM) to address non-compliance in the allotted time frame.

•Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan.

•Team lead. Reviewed resumes for openings, interviewed and hired the candidates that fit the team.

Lockheed Martin Jan 2015 – May 2020

ISSO Sept 2019-

•Oversee day-to-day information system security operations including hardware and software implementations.

•Carry out technical administration of IS in accordance with internal LM and customer security requirements, primarily Risk Management Framework (RMF).

•Auditing of the IS.

•Upkeep, monitor, analyze, and respond to network and security events.

•Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan.

•Ensure configuration management (CM) for security-relevant IS software, hardware, and firmware is maintained and documented in accordance with baseline.

•Ensure all information system security-related documentation is current and accessible to properly authorized individuals.

•Ensure records are maintained for workstations, software, servers, routers, firewalls, network switches, telephony equipment, etc. throughout the information system's life cycle.

•Evaluate proposed changes or additions to the information system, and advise the ISSM of their security relevance.

•Assist and conduct security IS education.

•Participate in internal/external security audits/inspections; performs risk assessments.

•Inform ISSM on technical IS security matters.

•Assist in conduct of investigations of computer security violations and incidents, reporting as necessary to both the Contractor Program Security Officer (CPSO) and Program Managers.

•Ensure proper protection and / or corrective measures have been taken when an incident or vulnerability has been discovered.

•Communicate, implement and manage a formal Information Security / Information Systems Security Program together with ISSM and CPSO.

•Implement and enforce Information Security Policies and Procedures together with ISSM and CPSO.

•Review and oversee RMF Package authorizations together with ISSM and CPSO.

Test Engineer Apr 2018-Sep 2019

•Provide test engineering support to production program F35 FMS • Define test process plans identifying the sequence of required test steps.

•Define required tools, instruments, fixtures, software, hardware, interfaces, test chambers, etc. required to execute the test process plan.

Define optimal product flow and develop the appropriate test work cell layout.

•Develop tests and generate detailed test procedures including narrative, diagrams and photographs. Generate detailed troubleshooting guides to aid in the troubleshooting and analysis of the root cause of test failures.

•Analyze test defect data and trends helping to define and implement corrective actions.

•Support the change management activities of the production program FMS.

•Provide day-to-day test engineering support to the work cell by resolving technician questions, investigating and solving test and/or product performance problems, and improving test procedures, tooling, fixturing, hardware, software, etc. in an effort to optimize the test process.

Project Engineer Oct 2017-Apr 2018

•Plans, conducts, and directs RMS Global Sustainment (GS) activities in support of JLCCTC programs worldwide.

•Provide proposal support to new and follow on business opportunities as needed in ILS, Sustainment and Field Operations areas.

Senior Information Assurance Engineer Staff Jan 2015 Oct 2017

•Planned and executed Information Assurance activities

•Conducted Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) assessments of fielded information systems

•Conducted Risk Management Framework (RMF) assessments of fielded information systems

•Coordinated assessment reviews with System Engineers, System Architects, Information Assurance Officers and other subject matter experts

•Analyzed system security posture; conducted vulnerability assessments and recommended mitigation actions for risk management

•Completed multiple DIACAP executive packages—delivered ahead of government schedule

•Coordinated Plan of Action and Milestone (POA&M) with US Government customer for system vulnerability mitigation and remediation actions

•Led the PKI effort for New Moon Program

Jacobs Technology May 2013 – Jan 2015 Senior Information Assurance Engineer/Configuration Manager Leading a group of 7 Information Technology team

•Planned and executed Information Assurance activities

•Conducted Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) assessments of fielded information systems

•Coordinated assessment reviews with System Engineers, System Architects, Information Assurance Officers and other subject matter experts

•Analyzed system security posture; conducted vulnerability assessments and recommended mitigation actions for risk management

•Completed multiple DIACAP executive packages—delivered ahead of government schedule

•Coordinated Plan of Action and Milestone (POA&M) with US Government customer for system vulnerability mitigation and remediation actions

Unisys Jan 2012 May 2013 • Information Assurance Engineer Supervised 6 IA Engineer 1 Hardware Engineer 1 Software Engineer

Unisys Corporation, Space Launch Range System, Patrick AFB FL

•Planned and executed Information Assurance activities for US Air Force Eastern Range Space Launch operations located at Patrick Air Force Base, Cape Canaveral, and down range sites

Conducted Department of Defense Information Assurance Certification and Accreditation Process

(DIACAP) assessments of fielded information systems

Coordinated assessment reviews with System Engineers, System Architects, Information Assurance Officers and other subject matter experts

•Analyzed system security posture; conducted vulnerability assessments and recommended mitigation actions for risk management

•Completed multiple DIACAP executive packages—delivered ahead of government schedule

•Coordinated Plan of Action and Milestone (POA&M) with US Government customer for system vulnerability mitigation and remediation actions

gTangible July 2011- Nov 2011 Information Assurance Officer/Site Lead Fort Walton Beach, FL

•Planned and executed Information Assurance activities F35 program

•Conducted Department of Defense Information Assurance Certification and Accreditation Process

(DIACAP) assessments of fielded information systems

•Coordinated assessment reviews with System Engineers, System Architects, Information Assurance Officers and other subject matter experts

•Analyzed system security posture; conducted vulnerability assessments and recommended mitigation actions for risk management

Venatore Jan 2011- July 2011 Information Assurance Officer Tampa, FL 6 month contract

L3 April 2010- Jan 2011 Tampa, FL Security Information Analysts

•Planned and executed Information Assurance activities for Special Operations

•Conducted Department of Defense Information Assurance Certification and Accreditation Process

(DIACAP) assessments of fielded information systems

•Coordinated assessment reviews with System Engineers, System Architects, Information Assurance Officers and other subject matter experts

•Analyzed system security posture; conducted vulnerability assessments and recommended mitigation actions for risk management

•Completed multiple DIACAP executive packages—delivered ahead of government schedule

•Coordinated Plan of Action and Milestone (POA&M) with US Government customer for system vulnerability mitigation and remediation actions

GDIT Aug 2009-Apr 2010 Fort Bragg, NC Security Information Analysts

•Planned and executed Information Assurance activities for Ground Intelligence Support Activity

•Conducted Department of Defense Information Assurance Certification and Accreditation Process

(DIACAP) assessments of fielded information systems

•Coordinated assessment reviews with System Engineers, System Architects, Information Assurance Officers and other subject matter experts

•Analyzed system security posture; conducted vulnerability assessments and recommended mitigation actions for risk management

•Completed multiple DIACAP executive packages—delivered ahead of government schedule

•Coordinated Plan of Action and Milestone (POA&M) with US Government customer for system vulnerability mitigation and remediation actions

Kaegan Corporation May 2008-July 2009 Orlando, FL Information Assurance Engineer

Provide analysis and assessments of Information Assurance design and implemented controls required by DoDI 8500.2

Perform penetration testing and vulnerability analysis using EyeRetina vulnerability scanner, DOD Gold Disk and Security Readiness Review (SRR) scripts

• Provide support in preparing documentation of security certification/accreditation processes such as DIACAP and DITSCAP

Indra Systems May 2008- Oct 2008 Orlando, FL

•ISSM in charge of Information Assurance for 125 people

•NISPOM Chapter 8 DIACAP SSAA

•Develop and enforce Information System security policies

•Developed procedures for responding to security incidents, and for investigating and reporting security violations and incidents as appropriate

SAIC Jan 2008- May 2008 Orlando, FL

•ISSO/ISSM

•NISPOM Chapter 8, JAFAN

•Created Disaster Recovery Plan for $200M Mission Planning System Engineering and Integration Contract

•Develop and maintain a formal Information Systems Program for a Classified Lab

•Develop and enforce Information System security policies

Harris Corporation GCSD Oct 2007 Jan 2008 Melbourne, FL

•Engineer Technician

United States Air Force May 1986 – Sept 2007 IT Manager Aug 2004- May 2007

•Led 8 person team in all aspects of IT operations

•Managed an Air Force technical center that was responsible for over 2000 members worldwide.

•Processed over 720K inquires and resolved over 120 questions/comments per quarter resulting in 24/7 operation.

•Successfully launched Army Co-op service and provided a joint platform with standard hardware and software which resulted in joint savings of $15K.

•Information System Security Officer

•Certification and Accreditation of Information Systems per DITSCAP/DIACAP .

IT Manager March 2003- Aug 2004

•Led 13 person team

•Directed operations and maintenance of $3M worth of command, control, computer and intelligence systems including telephone, switching, and multiplexing equipment.

•Championed a mandated Network Operations Security Center alignment effort.

•Reduced unit manpower support by 15%.

•Information System Security Officer

•Certification and Accreditation of Information Systems per DITSCAP/DIACAP.

IT Manger Jan 2000- March 2003

•Led 56 person team

•Merged network administrator duties for classified and unclassified network, which decreased staffing by 3 positions.

•Team lead for $5.2M Storage Area Network. Workload was reduced by 20%.

•Combined Base communication Center and Messaging Services team into one work center. Over 23K users experienced one-stop shopping.

Provided software enhancements in order to improve daily operations for Security Forces. This reduced paperwork by 70%.

Information System Security Officer

•Certification and Accreditation of Information Systems per DITSCAP/DIACAP.

EMSEC Manager July 1998- Dec 1999

•Information System Security Officer

•Certification and Accreditation of Information Systems per DITSCAP/DIACAP four phases.

•Certificate Authority Workstation

•COMSEC Manager

Avionics Technician May 1986-July 1998

EDUCATION

BA Interdisciplinary Studies with Honors Dec 2015 Belhaven

CERTIFICATION

ISACA CISM

CompTIA A+, Project+, Network+, Security+

ITIL v3

CIW Associate

CIW Web Design Specialist

Information Systems Security (INFOSEC) Professional

Senior IA Systems Manager

Contact this candidate