Russell L. Mars

Cary, North Carolina ***** 757-***-**** ad46t1@r.postjobfree.com

PROFESSIONAL

SUMMARY

Innovative and accomplished Senior Cybersecurity Controls and Compliance Engineer with extensive experience in Risk Management Framework (RMF), establishing and overseeing Authorizations to Operate (ATO) processes, plans, and policy documentation. Accustomed to driving efficiency, effectiveness and supporting Financial

/ DOD-Military / Federal, Cybersecurity Strategy and Operational Risk Management Certifications.

SKILLS

• Security Control Evaluation

• System Security Planning

• Developing security plans [RMF]

• Data Loss Prevention

• Risk Mitigation and Remediation

• Privacy regulations – PII/PIA/

HIPPA-SORN

• Vulnerability Assessment

• Security Best Practices

• Compliance Management

• DOD/RMF/EMASS/POAM

Documentation

• Audit Support-Documentation

• Information Governance

• Problem-solving aptitude

• Security assurance

• Vulnerability Analysis

• Incident Response Management

• Penetration Testing

• Security policy development-

Benchmarks

• Cloud Security Knowledge and

Implementation

WORK HISTORY

SENIOR CYBERSECURITY ENGINEER 04/2018 to 02/2024

Truist Bank Raleigh, NC

Reduced cyber-attack incidents by developing and enforcing robust security controls, policies, and validation procedures.

• Increased enterprise Vulnerability Management network security policy coverage over 60% bringing total Truist network security OS/APPs to first-ever 90%+ risk reduction.

• Enhanced network security by implementing advanced threat detection and prevention measures, (Continuous Monitoring).

• Reduced cyber-attack incidents by developing and enforcing robust security policies and procedures in accordance with detection, protection and preventative guidelines in NIST, ISO 27001, PCI-DSS, SOX, GBLA and Risk Management Framework / EMASS type security documentation.

• Bolstered company’s cybersecurity posture with regular security baseline configuration assessments, and updates to security infrastructure.

• Led cross-functional teams in identifying potential vulnerabilities and implementing proactive safeguards to mitigate risks near real-time.

• Applied Center for Internet Security (CIS) benchmarks to verify Enterprise Systems performance of ongoing security measures.

• Collaborated with IT teams to address identified security weaknesses, fostering a proactive approach to risk management.

• Advised organization on selecting suitable automated tools for monitoring network activity and detecting potential intrusions, contributing to a more robust security posture. Recommend improvements in security systems and procedures. SENIOR CYBER SECURITY ENGINEER – (ISSO/IAO) 08/2013 to 04/2018 TEKsystems Roanoke, VA

Enhanced network security by conducting regular vulnerability assessments and implementing or recommending necessary patches, and or updates. Earned distinguished Army PEO EIS Accolade for 1st RMF NIST Program Cloud Datacenter 3yr A&A ATO-2016. The shared [eMass] package was used as Army Platform Model reference documentation.

• Led technical security evaluations, impact analysis and recommendations for complex Information systems on prem and Cloud computing SLA’s or service models: IaaS, PaaS, SaaS, Hybrid, Private network configurations. Ensured the implementation of confidentiality, integrity, and availability of hosted systems in the Data Center.

• Implemented simultaneously nine multiple Organization and customer’s Risk Management Framework (RMF), and or, DIACAP packages and processes in accordance with DoDI 8510.1, DoDD 8500.01, 8530.1 and NIST 800-37/53A, guidance.

• Developed and implemented comprehensive Organization Cybersecurity policies, resulting in improved data protection and compliance with industry security standards.

• Collaborated with IT team to design secure system architectures, effectively reducing potential cyber threats.

• Trained employees on cybersecurity Risk Mgmt. Framework / NIST Security Controls 300+ best practices and promoted a culture of security awareness around Cybersecurity.

• Review and implement System Security controls assessments, selection for organization Policy governance and Service Level Agreements (SLA) compliance. Provided autonomous support and development for System Security Plans (SSP), Incident Response Plans (IRP), Disaster Recovery Plans (DRP) / Business Continuity Plans (BCP), Business Impact Assessments (BIA) and Configuration & Service Release Management (CM) documentation.

• Implement and review security overlays for Classified, Privacy and Cloud controls in support of (RMF/ eMass) Assessments and Authorizations (A&A) process.

• Developed metrics to measure the effectiveness of implemented security measures, allowing for continuous improvement in organizational defense strategies and Plans of Action & Milestones, [POAM] activities.

• Influenced organizational culture by promoting a proactive RMF / NIST security controls approach towards cybersecurity awareness and fostering a sense of responsibility among all employees.

• Educated and trained users on information security and the technical implementation of EMASS documentation, policies and RMF Program process entry procedures.

INFORMATION ASSURANCE TEST MANAGER 04/2010 to 01/2013 P3I, Inc-Planning Performance Process and Innovation Hopkinton, MA Enhanced system security by implementing comprehensive risk management strategies and protocol processes throughout DevOps/DevSecOps. Directly supervised IA teams in achieving Air Force’s Enterprise Systems (Type Accreditation ATO, for 3 years, 20+ individual AF Multi-Operational sites).

• Demonstrated leadership skills in managing simultaneous Risk Management projects from concept to completion. Increased Air Force Site remediation times by over 50% by correcting code, communication and technical gaps in OPS audit/survey processes. Teams gained cross-examination data access which allowed for real time, (non-delayed) risk reduction, security code modifications at the sites.

• Demonstrated creativity and resourcefulness through the development of innovative solutions which increased AOC Test productivity over 80-100%. Previous failing Sites were now passing A&A examinations. [Green light]

• Drafted EMASS security reports and metrics to track security performance and strategize SAP/SSP/POAM improvements.

COMPUTER SECURITY ANALYST II, DRC–Dynamics Research Corporation Hampton, VA - As acting Cyber Defense Officer (CDO) 13+ months: Analyzed monthly security documentation/plans for over 100 remote and local connections to the NATO core Enterprise network in direct support to CIAO and the Risk Mgmt. NATO Security Accreditation Board.

(Achieved NATO and DoD A&A for over 100 Systems/Network connections 2007-2010). SYSTEM NETWORK ENGINEER - U.S. NAVY, NATO Communication Service Agency Norfolk, VA - Implemented a cross-training program and a ITSM knowledge database for collection of technical solutions. Direct code modification contributions and ITIL implementation improved overall Help Desk Tier 1 through 3 incident resolution capability by over 50% percent. As a result, implemented ITIL processes and new code modified scripts throughout the majority of the organizational workflows to include Admin, Configuration Management, Hardware/Software Change Management, and for everyday Remedy service site operations. IT SUPERVISOR INFOSEC ADMINISTRATOR, - U.S. NAVY, NAVSEA Shipbuilding Newport News and Overseas Duty stations - Supervised 5+ network security technicians in daily operations of Network Security and Configuration Control Resource Management; Maintained, and organized hardware, software inventory of $1.7 Million. Monitored 3,200+ system users and 4,000+ computer workstations web and internet activities/auditing. Collaborated and developed Cyber judiciary investigative results with Navy Legal by providing systems data intelligence when warranted for litigation processing. EDUCATION

Associate of Arts Information Technology Management Saint Leo University, Saint Leo, FL

CERTIFICATIONS

PROFESSIONAL

DEVELOPMENT

• Top Secret Secret SCI Clearances (Expired)

• CompTIA Security+ CE

• Information Systems Security (INFOSEC) Professional-(NSTISSI No. 4011)

• Senior Information Assurance Systems Manager-(CNSSI No. 4012)

• Contracting Officer Technical Representative, COTR-(2952.201-70)

• Cloud Security Profession (CSP)

• Qualys / Cloud View / Rapid7, CIS-CAT Pro, Nessus, Tenable/ACAS, Baseline Security / Policy Administration

• GitLab/GitHub

• Systems Risk Analysis and Methodology, FAIR, NATO CRAMM/PILAR implementation tools, Business Impact Analysis and Assessments

• Continuity Management, Disaster and Recovery

• Certified Information Systems Security Professional (CISSP)

• Network +, Hardware A+, Cisco Certified Network Associate (CCNA), Introduction to Cisco Networking Technologies (ICND)

• Help Desk Manager (HDI-ITIL foundation workflow process)

• Implementing MS Windows; Professional & Server, Administering Windows Active Directory Services, LDAP, Windows 2022 Server Security configurations

• VERITAS Backup Exec. SharePoint, Archer, Big Data, Hadoop/ Cloudera, Hive

• Contracting Officer Technical Rep. (COTR) / Source Selection (Plans and Process, RFPs, SOW)

• IT Project Mgmt. – PMP, Agile, Version One, Rally, Remedy, Service Now [CMDB]

• Host-Based Security System (HBSS/McAfee. ePO), IDS/IPS, (SIEM Monitoring/Auditing)

• SPLUNK / SOAR – (Threat Model-Hunting) / Monitoring

• Microsoft Azure, AWS, Application Program Interface-(API), O/M365

• System Architecture (SA), VISIO Design

• Benchmarks: Windows, IBM-Mainframe, RACF, DB2, MACOS, RHEL, OpenShift, SQL, ASA, Checkpoint, VMWare vCenter, CISCO and Mobile IOS Security administration

• Familiar with Terraform, CrowdStrike, Trellix/ePO, DISA, Air Force-AOCs, Army PEO EIS, EMDS, GFEBS, PD ALTESS Datacenter/on-prem/Cloud/Hybrid / Navy Precom Unit / NAVSEA IT Networks, SCIF, FISMA, FedRAMP, FIPS 140-2/3 documentation, operations, and processes

.

Contact this candidate