Brenda S. Mey
Email: ad3ad9@r.postjobfree.com
Phone: 434-***-****
Education
Associates of Science, Rose State College, Midwest City OK, Graduated May 1989
Bachelors of Science, University of Oklahoma, Norman, OK, Major MIS / Minor CIS (Senior)
Certifications:
CompTia Advance Security Practitioner (CASP), issued: 2018 plus recerts
Security +, 2012
DAWIA ACQ LEVI, APR 2008
DAWIA ACQ LEVII, APR 2009
DAWIA ACQ LEVIII, Cert issued: APR 2010
Awards & Recognition
US Air Force, Hanscom AFB, INCENTIVE CASH AWARD, 2022
DIA, J2 (AF Task Force) Pentagon, Top Performing 10% CASH AWARD, 2014
Summary:
Familiar with the Federal Acquisition Regulation (FAR)
Cradle to grave acquisition
Experienced in managing a robust collateral security (Personnel, Physical, and Information) program within: Federal Government Agency environment IAW DoD 520001 Volumes 1 through 4; Industrial security IAW DoD 522022-M and DoDM 522022, Vol 2; Controlled Unclassified Information IAW DoDI 520048
General experience implementing and maintaining the SCI security program.
Assisted in planning, awarding, administering, and closing awards, including non-R&D contracts, R&D contracts, and simplified acquisitions
Refined existing or developed new templates for key acquisitions documents, such as the Performance Work Statement (PWS), sole source justifications, etc.,
Defined, modeled and maintained reference architecture viewpoints to facilitate
seamless interaction between different architecture domains and groups
seamlessly
In-depth understanding and knowledge of the DoD security program
that encompasses Personnel, Information, Physical and Industrial
security disciplines IAW DoD 520001 Volumes 1 through 4; Industrial
security IAW DoD 522022-M and DoDM 522022, Vol 2; and Controlled
Unclassified Information IAW DoDI 520048
Performed as the primary cybersecurity technical advisor to the Authorizing
Official (AO) for IS under each purview
Track record of NIST compliance and passing audit results for over 15 subsystems
Worked with Special Security Office, Foreign Disclosure Office,
Facility Security Office, and as a Subject Matter Expert to determine or
make recommendations regarding personnel and classified information
situations and/or issues
Situationally aware of best practices and cost efficient, practical solutions
Plan and develops methods, approaches, and procedures task tracking, metrics, &
roadmaps that simplify while documenting organizational effectiveness
Understanding and experience with Red Team, and Blue Team concepts and the
tools used in threat detection and penetration testing
Develop System Security Plans (SSP), Contingency Plans, Business Impact
Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment
Report (SARs), Security Assessment Plan (SAPs), and other documentation
Monitored compliance with cybersecurity policy and ensure cybersecurity testing,
inspections, and reviews were synchronized and coordinated
Proven Security Executive in working with System & Network Administrative
staff.
Skilled at developing win-win scenarios for both IT Operations and IT
Security Teams
Complete OSI Model security architecture experience
Incident reporting and coordinating system-level responses to unauthorized
disclosures
Perform assessment and authorization (A&A) efforts under the NIST Risk
Management Framework (RMF) working in Service Now, eMASS and XACTA
Conduct cybersecurity analysis in preparation for A&A reviewing and validation
of all associated cybersecurity documentation and technical controls
Identify key stakeholders in A&A efforts and ensure system documentation
reflects current system security configurations to include hardware and software
components, data flow, interconnections, and ports, protocols, and services, etc.
Identify potential risks associated with system configurations and advise on
mitigation strategies
Participate in A&A status meetings and facilitate moving systems toward a
successful A&A effort
Formulated information management and technology strategies, goals, policies,
and plans
Represent the DC I at senior-level National, Joint, DoD, DON, and inter-service
councils, committees, and forums that address intelligence-related IT and ISR
technologies, issues and future requirements and solution sets.
Assist to estimate Level of Effort (LOE)
Assist to develop and implement detailed test plans and review findings from self-
assessments to determine readiness for independent validation and verification
(IV&V) assessment
Assist program offices in interpreting and applying mitigation strategies;
Conduct IV&V assessments and analyze test results for accuracy, compliance,
and adherence to Federal cybersecurity requirements
Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth
strategies and report findings in POA&Ms document
Document residual risks and provide the cybersecurity risk analysis and
mitigation determination results
Performs a broad range of Crypto/Cyber or Software Engineering assignments
entailing unique problems, creativity, innovative use of techniques, advanced
approaches, and/or new technologies
Design, build and implement enterprise-class security systems for a production
environment
Produce risk assessment artifacts describing initial risks during system
development and residual risks identified during IV&V
Maintain cybersecurity policy and processes, lead the development of a cyber engineering strategy, roadmap and execution plan in conjunction with
Manage and track systems or programs involved in the A&A process
Develop and implement security related directives and guidance for Information
Assurance; Information Technology; and Information Management
Promote an environment of continuous process improvement, learning and team
collaboration
Compare infrastructure level solutions and risk- based
methodologies
Project Management, Complete Hack and Defend, CMMI-Staged / CMMI,
Management Skills for Technical People formal training
Experience in securing a hybridized AWS (Azure) environment
Plan and coordinate the installation, testing, operation, troubleshooting, and
maintenance of hardware and software systems in support of Army Cyber
Operations.
Years of experience writing, designing, and presenting information security educational material
Plan and carry out difficult and complex assignments to lead studies to identify
improvements in the way IT architecture is applied to key business functions.
Ensure the rigorous application of information security and information assurance
policies, principles, and practices to the systems administration process.
Performed needs analyses to define opportunities for new or improved IT solutions
to emerging cyber threats.
Work History
USAF 505th/ 805TH CTS, Nellis AFB, NV with Elevate
Nov23 to CURRENT
Cyber Engineer III Contractor
As the Cyber Engineer III, works with Authorizing Official / SCA as third party to evaluate risk brought on by the command and missions supported. Assists with the RMF processes with the applicant regarding the obligations imposed by the Federal laws, regulations, requirements, and conditions.
MYSTEK Systems, sub with Archfield as Prime, Chantilly, VA
June23 to Oct23
Delegated Authorizing Official Rep (DAO-Rep), Contractor
As an Authorizing Official Designated Representative (AODR), performs on behalf of the agency/organization Authorization Official in carrying out and coordinating the required activities associated with security authorization. As a DAO-Rep, I provide technical and organizational support to the AO. The Authorizing Official (AO) is authorized to act for the applicant and to assume the obligations imposed by the Federal laws, regulations, requirements, and conditions that apply to grant applications or grant awards.
TELOS (XACTA), sub with GDIT as Prime, McLean, VA
March23 to May23
IA Engineer, Contractor
Previous duties being onsite with ODNI, operate and administer XACTA IA Manager Software Suite, integrating and configuration management, while providing quality customer support (helpdesk) to large user base. Provide XACTA software and RMF support. Develop/streamline RMF workflow templates to align with customer business processes and practices. Develop SQL scripts, stored procedures and queries in support of customer adhoc metrics and reporting requirements. Utilize Application Programming Interface (API) to develop methods of integrating disparate systems.
NGIC (US Army), Charlottesville, VA
Oct2022-Mar2023
Cyber Security Analyst, Contractor
Planned and developed methods, approaches and procedures; provided information and
assistance to customers; provided advice and guidance on wide range and variety of information
technology (IT) issues; interpreted IT policies, standards and guidelines, conducted analysis and
recommended resolution of issues affecting the specialty area managing various networks for
NGIC in various locations. Serves as eMASS SME, action officer and trusted advisor. Develop,
secure and monitor a hybridized AWS (Azure) environment.
US Air Force, AFLCMC/HBUC Hanscom AFB, MA:
(June 2021 to Sept 2022) *RETIRED*
ISSM, Cyber Lead for UAV/other Weapons Systems
Served as C-sUAS ISSM for AFMC HBUC. Responsible for System of Systems (SoS) used
world-wide defensively, comprising of 15 sub-system level programs, to include 8 various
vendors supporting products world -wide with a team of 6 contractors. Develop and maintain an
eMASS and Share Point documentation repository for all organizational cybersecurity-related
instruments leading back to inception. Responsible for cybersecurity architecture, requirements,
system testing, objectives / policies, cybersecurity personnel, and cybersecurity processes,
procedures and reporting to include incident response reporting and coordinating system-level
responses to unauthorized disclosures, while working remotely. Monitored compliance world -
wide with cybersecurity policies and ensured cybersecurity testing, inspections, and reviews
were planned, synchronized and coordinated. Managed the vulnerability and threat identification
lifecycle to include hybridized AWS (Azure) environment.
Defense Intelligence Agency (DIA) J23, S. Korea, Camp Humphrey:
(April 2020 to June 2021)
Capabilities & Integration Chief
Planned and developed methods, approaches and procedures; provided information and
assistance to customers; provided advice and guidance on wide range and variety of information
technology (IT) issues including cloud; interpreted IT policies, standards and guidelines,
conducted analysis and recommended resolution of issues affecting the specialty area managing
NIPR, SIPR, & CX-K for USFK J23 in various locations across the PEN. Served as technology
liaison, action officer and trusted advisor. Effectively partnered with the customers, developing a
deep understanding of the customers' mission, strategic vision and business needs. Monitored
performance of systems for assigned functional area, performing diagnostics on system
operations to identify problems and trends, verify network performance and potential user
requirements. Lead a diversified team of IMO's, VTC techs, AV techs, Knowledge
Management, System Architect's and Information Assurance within split locations.
Defense Intelligence Agency (DIA) CIO-K, S. Korea, (Yongsan Garrison) Seoul:
ISSM (May2017 to March2020)
Chief of Information Systems Security Manager- CIO-K
Serves as Chief of Information Systems Security Manager (ISSM) for DIA Cyber S. Korea
(CIO-K) Pen wide. Provided technical advice and guidance on a wide variety of difficult IT
issues, interpret IT policies, standards and guidelines, analyzes and recommends resolution of
difficult issues. Presents recommendations for future programs, practices, and/or procedures
while making necessary changes to meet the needs of changing programs and missions, or
improving present methods. Oversight and managed contractor work. Incident reporting and
coordinating system-level responses to unauthorized disclosures. Leading
site/system/circuit/authorization and oversight efforts within USFK customers on a daily basis.
Built collaborative working relationships across PEN, DIA, and IC establishing effective
working relationships to successfully complete work. Worked OPLAN, COOP, & military
exercises. Con-currently, unit GPC resource advisor to CIO-K working acquisitions and accounts
compliance with established laws, directives and regulations. Ability to work with others and
build extensive professional networks in order to leverage relationships to resolve complex
problems. Manage the vulnerability and threat identification lifecycle to include hybridized AWS
(Azure) environment.
Defense Intelligence Agency (DIA) CIO-K; DC/Charlottesville, Quantico, Qatar,
Afghanistan, Pentagon: (Sep2011 to May2017)
ISSM / PM DCGS-A,
Worked with various weapon systems/programs and tracks. Oversaw various systems as Information System Security Manager ISSM for DIA Cyber Security units, actively serving multiple locations (Charlottesville & Quantico) working the Intelligence Community Desktop Environment (IC DTE) during design / building phase programs ensuring compliance of each site and systems. Performed as DIA NATO (prime) for agency providing guidance globally on all things NATO related including yearly inspections. Provided technical advice and guidance on a wide variety of difficult IT issues, interpreted IT policies, standard and guidelines, analyzed and recommended resolutions. Presented recommendations for future programs, practices and/or procedures while making necessary changes to meet the needs of changing programs and missions or simply improving present methods. Leading site/system/circuit/authorization and oversight on a daily basis. Worked COOP with NSA, NGA, as well as DIA. Participated in military exercises.
US Air Force, Air Traffic Systems /AFFSA Tinker AFB, OK:
(Dec2001 to Sept2007)
Military Airspace Management System (MAMS) Program Manager/Lead ; Unit
CM/COTR, 2210
MAMS Project Manager/ Lead, Responsible for providing critical air traffic control and airspace
management support to over 100 air traffic control facilities and over 250 Department of Defense
flying and range scheduling organizations worldwide. Responsible for briefing at regional levels
of software, hardware, and technical support for all air traffic control systems in the United
States Air Force, and provides the similar service to some US Army, US Navy, and US Marine
Corps units, Federal Aviation Administration air traffic control towers, and the National
Aeronautical & Space Administration air traffic control facilities; and acted as the DoD database administrator for the Military Airspace Management System in support of257 DoD airspace management and scheduling activities in the CONUS, Alaska, Hawaii, and Puerto Rico. Handled a yearly budget
resource of over $2.5 million on this project alone.
Unit Configuration Manager/ Quality Assurance
Manager/Information Assurance manager:
DA WIA Level II certified. Accomplished analysis,
design, and programming functions inherent to automated real-time ATC or near real-time
airspace management and airspace scheduling processing systems.
Program Manager/Contractor Official Representative (COR), Trusted Agent:
developed operational budgets, contract solicitations, statements of work (SOWs), performance work statements (PWSs ), performance metrics, IT Business Plans (ITBPs ), IT Purchase Plans (ITPPs ), budget and funding requirements and justifications, operational level and service level agreements (OLAs/SLAs),
Inter-Agency Memorandum of Agreement / Understanding (MOAs/MOUs), requirements
analysis initiatives, and operational concept documentation. Worked closely with staff to identify
/ quantify requirements, resolved existing problems and incorporate effective work processes in
both ongoing and planned IT projects. Developed and documented IT policies and procedures to
support other related operations and management, including IT and telecommunications service
support and delivery, contract management, asset management, and acquisition / procurement
processing. Liaison and fostered collaborative relationships with offices within the community,
for which our organization furnished support. Served as Contracting Officer's Technical
Representative (COTR) to ensure effective management and oversight of contracts for IT and
services. Performed related functions including directing, evaluating, and controlling the
contractor staff (within contract specifications and processes) to meet cost, schedule and
performance specifications and ensured the contractor is performing the technical requirements
of the contract. Formed/chartered, chaired and participated in technical working groups and
project teams as directed by our senior leadership. Manage the vulnerability and threat
identification lifecycle.
Other duties include Unit Resource Adviser, Unit Training manager, Unit Physical Fitness
Leader, Defense Travel System and Gov Travel Card POC.
Professional references provided upon request