Cyber Security Risk Analyst
Resume:
STEPHEN DONELSON
Broad Run, ***** VA
***************@*****.*** / 571-***-****
OBJECTIVE
Experienced Cyber Security and Risk Analyst with a robust background spanning 12 years of military service and 22 years in IT contracting. Proficient in applying advanced computer and network security concepts to analyze, design, and assess risks within data networks. Adept at designing, optimizing, and securing network topologies and site configurations to ensure robust protection and efficiency. Demonstrated ability to lead and mentor less experienced security engineers while managing comprehensive IT infrastructure projects. Seeking to leverage extensive technical and managerial expertise to enhance operations and security in a dynamic IT environment.
SKILL SUMMARY
NIST 800-53 Compliance
PCI DSS Standards
Xacta IA Manager
AWS Cloud Services
Network Security Administration
Teamwork
Leadership
Communication Skills
Interpersonal Skills
Technical Aptitude
WORK EXPERIENCE
Cyber Security and Risk Analyst / Oath/Verizon Media/Yahoo Inc - Reston, Virginia 06/2018 - 04/2024
Conducted comprehensive cybersecurity assessments of on-premise enterprise infrastructure and AWS Cloud Instances, identifying vulnerabilities and implementing advanced mitigation strategies to enhance overall security posture.
Performed detailed risk analysis and threat modeling to evaluate potential security risks and impact on client systems, providing actionable recommendations to improve resilience and compliance with industry standards and best practices.
Delegated Authorizing Official Representative/Information Security Analyst / Quantech Services - Chantilly, Virginia 03/2016 - 01/2018
Facilitated communication between system and data owners, system certifiers, and the Cyber Security Office, providing critical insights and recommendations for IT system accreditation in compliance with ICD 503 and RMF guidelines.
Evaluated and reviewed IT system security documentation and assessments, delivering final accreditation recommendations to ensure alignment with NRO's cybersecurity standards and regulatory requirements.
Delegated Authorizing Official Representative/Information Security Analyst / The KEYW Corporation - Chantilly, Virginia 12/2009 - 03/2016
Collaborated with system and data owners and system certifiers to gather and assess security documentation, delivering final IT system accreditation recommendations to the NRO's Cyber Security Office and Risk Management Group to ensure compliance with security standards and policies.
Reviewed and synthesized risk assessments and security evaluations, providing authoritative accreditation recommendations to the NRO's Cyber Security Office, facilitating informed decision-making and ensuring robust risk management practices across IT systems.
System Risk Assessment/Information Assurance Analyst / General Dynamics - Chantilly, Virginia 09/2002 - 12/2009
Executed nationwide vulnerability assessments to identify and analyze security weaknesses across various systems, assessing exploitability and providing actionable recommendations for countermeasures in line with the Intelligence Community's Risk Management Methodology and DCID 6/3 guidelines.
Developed and delivered comprehensive risk assessment reports that highlighted critical areas of concern and proposed effective mitigation strategies, ensuring adherence to DCID 6/3 standards and enhancing overall system security and resilience.
Information Assurance Engineer / Veridian - Oakton, Virginia 01/2001 - 09/2002
Performed detailed vulnerability assessments on the National Geospatial Architecture's TLOS (Thin Line Operating System) Demo LAN, identifying security gaps and weaknesses to ensure system readiness and compliance for accreditation.
Developed and implemented security controls and mitigation strategies based on the findings from vulnerability assessments, enhancing the security posture of the TLOS Demo LAN and facilitating a smooth accreditation process.
Information Security Engineer / Veritect/Veridian - Reston, Virginia 01/2000 - 01/2001
Implemented and configured perimeter security solutions to meet customer requirements, including firewalls, intrusion detection systems, and VPNs, ensuring robust protection against external threats and unauthorized access.
Provided ongoing support and maintenance for perimeter security infrastructure, conducting regular updates and monitoring to address emerging threats and maintain alignment with the customer's security policies and standards.
Network-System Administrator/Customer Support/Team Lead/Facilitator / TRIDENT DATA SYSTEMS - Oakton, Virginia 01/1995 - 01/2000
Maintained the operational readiness of three major networks
Controlled all aspects of the network from installation and maintenance of user accounts to insuring the integrity/protection of the equipment itself
Systems Administrator / Senior Field Technician / UNITED STATES AIR FORCE - Aerospace Corp. El Segundo, CA 01/1984 - 01/1995
Administered mailserver systems for government contractor sites across the San Diego and Los Angeles Metropolitan areas, ensuring reliable email services and efficient network access for over 200 users.
Managed and maintained Wide Area Network (WAN) access for multiple government contractor sites, troubleshooting and resolving connectivity issues to support seamless communication and operational continuity for a diverse customer base.
Project Clerk / Security / HUGHES AIRCRAFT CORP. - Radar Bldg. R50, Culver City 01/1992 - 01/1994
Administered SCIF (Sensitive Compartmented Information Facility) security protocols to safeguard controlled facilities, ensuring compliance with security regulations and maintaining the integrity of sensitive information.
Oversaw and maintained accountability for sensitive materials, implementing tracking and reporting procedures to ensure proper handling, storage, and access in accordance with security standards and protocols.
EDUCATION
B.S. in Information Technology: Concentration in Enterprise Security
Strayer University
Status: Pending - 12 remaining classes
CERTIFICATIONS AND TRAINING
CISSP - Certified Information System Security Professional, 08/2024
Comptia Security+, 07/2027
SANS SEC504 - Hacker Tools, Techniques, and Incident Handling, 09/2020
SANS SEC542 - Network Penetration and Ethical Hacking, 07/2021
SANS SEC560 - Enterprise Penetration Testing, 04/2022
SecurityCenter Training through BITS Systems
Xacta Certification and Accreditation Tool IA Manager (Training and pilot program participate)
ICD 503 and the RMF (Risk Managed Framework) Process
Attended 5-day training course on Xacta 5.1 at Telos HQ in Ashburn, 2016
Completed Security + Certification Training at Learning Tree in Reston, VA, 04/11/2011
Intense Training Boot Camp (CISSP), 2005
Information System Security Workshop, NRO, 2006
Certifying and Accrediting NRO Information Systems, 2007
CCSA & CCSE (Check Point Firewall) Management Course
CCSI (Check Point Systems Instructor), Veridian, 2002
PC Configuration and Troubleshooting, Learning Tree International, 2003
Cisco Router Configuration and Management
SKILLSUMMARY
NRO [National Reconnaissance Office] Information Assurance Risk Managed Framework
Intelligence Community Directive 503
Committee on National Security Systems 1253 (CNSSI 1253)
National Institute of Standards and Technology 800-53 (NIST 800-53)
PCI DSS [Payment Card Industry Data Security Standard]
Xacta IA Manager - NRO
Extensive experience in IT Certification and Accreditation of classified and unclassified systems
Strong team player with proven leadership skills and the demonstrative ability to work with administrative and technical support teams
Excellent leadership and other military training and skills from 12 years serving in the United States Air Force
Excellent communicative and interpersonal skills, both written and verbal
Extensive background in both system and network security administration
Proven record of obtaining technically challenging roles and showing the aptitude to see them through
Proficient understanding of IP and network infrastructures
Delegated Authorizing Official Representative (DAO-Rep)
Enterprise Cloud Computing
AWS Cloud Services
REFERENCES
References to be rendered upon request
Contact this candidate