Security Information
Resume:
Colin Bitterfield
Las Vegas, NV *****
adhr81@r.postjobfree.com
https://github.com/cbitterfield https://www.medium.com/@cbitterfield https://www.linkedin.com/in/colin-bitterfield/
PROFESSIONAL SUMMARY
Highly motivated leader with experience developing complete infrastructure baseline controls, processes and procedures for passing external audits.
Focused on improving business productivity and sales by designing new methods and improving existing infrastructures to meet changing compliance requirements. Good communication, planning and organizational skills developed over 30+ years in the field.
SKILLS
Risk mitigation planning
Creating Compliance programs from inception to audit
Security Champion
Customer and Business Focused
Operational improvement
Problem resolution
WORK HISTORY
ADJUNCT PROFESSOR 11/2020 to CURRENT
University of Wisconsin-Madison WI
Teach Cyber Security courses, providing instruction to up to undergraduate students.
Teach Using variety of learning modalities and support materials to facilitate learning process and accentuate presentations, including visual, aural and social learning modalities.
Course Instruction in Certified Ethical Hacking, Linux, Defense In Depth, CISCO advanced Security Techniques, Cloud Computing, and others
COMPLIANCE PROGRAM MANAGER 08/2020 to CURRENT
Undisclosed Startup Remote, NV
In this role, I lead a team of engineers to create and setup new AWS Architecture with baseline security controls from inception using terraform and creating a production and staging environment. I developed a local Docker strategy for local development in a secure image using security hardened images. I performed an Performed Risk Analysis using RMF and aligned the work against the NIST 800-53 standard and then created NIST 800-53 written policies that will be acceptable for HISTRUST and NIST Certifications in the future.
Enforced alignment of project strategy with business objectives and made modifications to promote efficient project completion supporting HITRUST Certification and compliance with the NIST 800-53 framework
Wrote and Approved Terraform scripts to harden the AWS environment and create production and staging assets.
Implemented automation to enduring patching and vulnerability remediation using automatic update methods.
Developed audit artifact specifications for NIST 800-53 based auditing.
DIRECTOR OF INFRASTRUCTURE SECURITY AND COMPLIANCE 03/2020 to 08/2020
AlphaHealth LLC San Francisco, CA
In this role, I lead a team of DEVOPS engineers to implement NIST 800-53 baseline controls to support HITRUST certification in a highly dynamic startup environment. I developed the project plan and managed the implementation of all security controls across the organization to ensure they matched the written policies and procedures. I developed a high performing team that implemented all of the baseline controls in less than 90 days using collaborative management and mentorship strategies.
Key Achievements in the first 90 days:
Complete set of written NIST policies and procedures including Disaster Recovery and Continuity of Operations. All documents were incompliance with regulatory requirements.
Implementation of all Baseline controls
Development and full implementation of a security awareness program for 42 employees and tracking of compliance.
CIS Hardening of the AWS infrastructure, Docker and EC2 nodes
24x7 Risk Monitoring of the AWS environment
Written and Documented HITRUST preassessment documentation
12-month security strategy
Sales documentation for RFP responses for over 4 million dollars of new sales and closing of over 1M in new business
Developed artifacts for HITRUST assessment and auditing
Enforced alignment of Information Technology strategy with HITRUST certification objectives and built project plan to align resources for efficient project completion.
Analyzed HITRUST requirements to determine resource requirements and procured necessary tooling, SaaS solutions and software.
Worked closely with customers, internal staff and other stakeholders to determine planning, implementation and integration of system-oriented projects.
Developed team communications and information for HITRUST project management and reporting to executive team.
PRINCIPAL CONSULTANT 10/2019 to 03/2020
B3Partners Remote
Directed IT services, counseled executives and collaborated with senior management on strategic planning.
Created and audited IAM AWS Controls and EC2 hardening strategies.
Worked closely with infrastructure staff and departmental decision makers to identify, recommend, develop and implement cost-effective technology solutions and policies.
Managed infrastructure upgrades, analysis and resolution of end user hardware and software issues.
Facilitated IT enterprise architecture across organization's enterprise transformation programs.
Engineered Policies and Procedures to comply with NIST 800-53 framework at the moderate level to support
PRINCIPAL INFRASTRUCTURE SECURITY ENGINEER 03/2015 to 10/2019
Blackboard Inc Washington, DC
In this role, I was one of two initial Infrastructure engineers that hired to transition the company from product-based infrastructure to an enterprise infrastructure and transition to AWS Cloud bases services. I reported directly to the CISO regarding all vulnerability and risk assessment related issues. I worked on a number of high visibility projects that resulted in millions of dollars in revenue.
I developed and implemented a patch and vulnerability program designed to provide audit artifacts for security compliance related to NIST 800-53, ISO 27000/1, GDPR and others. Blackboard operated datacenters in almost every regulatory area worldwide and had reporting requirements for customers in these areas. This system provided Realtime ability to provide high-value customers with immediate compliance and risk information. This program allowed the FedRAMP team to achieve certification the first time in less time than projected.
Created the FedRAMP reporting systems for compliance in 72 hours due to deadline requirements. It was implemented in GovCloud and met all of the FIPS requirements and NIST compliance standards at the moderate level. During the FedRAMP project I provided mentorship and guidance with all NIST 800-53 standards and alignments for the project. I wrote 50% of the documentation for the SSP and compliance documents, provided subject matter guidance for a team of 12 compliance professionals. I wrote all of the PO&AM and security exceptions for the project and validated them across multiple compliance standard.
Created and managed Security Related RFP documents, questions and answers. Led the RFP team of 3 people for 6 months to create a reusable database of facts which were verified as accurate across the enterprise.
Drove remediation times down from over 1 year to 14-30 days over the course of 4 years by prioritizing remediation efforts and providing Realtime risk assessment to executive, managers and engineers that was clear and understandable at all levels. Provided weekly tickets for all product teams and corporate teams for critical remediation and tracked the results.
Developed the IAM policies for all security and compliance systems and worked with operations to implement multifactor SSO across all platforms and environments in both cloud and traditional datacenters.
Developed AWS infrastructure security requirements and drove their implementation with baseline controls.
Developed Enterprise CIS hardening standards in AWS, EC2(Linux/Windows), and Docker environments.
Attended all change control board meetings and represented the CISO for all changes for 2 years to ensure that equities of security and compliance were met.
ADJUNCT INSTRUCTOR 02/2018 to 09/2019
ECPI University Manassas, VA
Integrated current events and cultural themes into course materials to contextualize subject matter and facilitate lifelong learning.
Examined and graded assignments and assessments to report grades to appropriate personnel.
Taught all of the Bachelor program courses for Cyber Security from initial to advanced.
Utilized AWS cloud classrooms and developed additional course materials for my classes to tie real-world requirements to academic pursuit.
OPERATIONS OFFICER 08/2010 to 02/2015
US Army, Second Army Cyber Command Fort Belvoir, VA
Participated as a writer and reviewer in the re-write of the US Army Cyber Security Regulations.
Led US Army Cyber Command project efforts in enterprise re-alignment from traditional architecture to DOD SaaS/Cloud. Projects included Identity Management, Collaborative Services, email, inventory, vulnerability management, Nessus Scanning and others.
Wrote Army Level orders to direct subordinate units with over 1.4 million endpoints to comply and report vulnerability remediation. Consolidated and served as the subject matter expert to for executive presentations to General officers and senior leaders.
Developed new theories, concepts and principles regarding threat mitigation related to the security posture in Army Information Systems.
Analyzed world thread against internal vulnerabilities and provided written thread assessment and recommendations to senior leaders.
Performed root cause analysis in deficient areas to identify and resolve central issues.
US ARMY SERVICE FOR OEF/OIF 10/2003 to 08/2010
Led large teams under combat situations to result operational and technical missions.
Chief Information Security Section (Supporting 140 soldiers)
Company Commander for Interrogation Company signed over 10M in equipment
Completed all military schools included CGSC Resident
Served in the US Army in multiple status from 03/1988 to 02/2015 with an honorable discharge.
Additional work experience available on request.
EDUCATION
Master of Science Information Assurance 05/2010
Capitol College, Laurel MD
Bachelor of Science Management 08/1992
Johnson And Wales University, Providence, RI
ADDITIONAL INFORMATION
Experienced with:
Risk Assessment / Threat Evaluation
Compliance Standards (NIST 800-53, ISO 27000/1, HITRUST, HIPPA, FedRAMP,PCI-DSS)
HITRUST / NIST / FedRAMP Project management and Certification
Specification Writing and Project Planning
Amazon Web Services (IAM, EC2, S3 and others)
Python, BASH, SH and other scripting languages
Terraform
Nessus/Tenable Products
Aqua Security Cloud formally Cloudsploit
Linux Administration (Ubuntu, RHEL, others)
CISCO Routers/Switches
TCP/IP network design
Internet Protocols
Published Papers:
Linked In:
Creating a Bastion Host aka Jump Host for SSH Access to a Production Environment
Creating a LEMP development environment on your MAC (OSX) using DOCKER
How to make a shell script look like a Mac OSX application
Learning to Create Docker images in a day
Medium:
Installing PHP into Jupyter-notebook on your MAC (OSX)
Building an eCommerce Site with Drupal Commerce
Common Infrastructure Security Mistakes Made by Startups
Installing SuiteCRM in the Cloud
References Available upon Request
.
Contact this candidate