Michael J. Horwat
Director of Federal Civilian Services – w/Top Secret Clearance
Summary: I’m an accomplished technical and program management lead with an MS in Applied Information Technology (IT) / Cyber Security and over 20 years of relevant experience. For the last 13 years I’ve performed in leadership roles as Director, Senior Manager and Technical Lead supporting numerous large-scale and high-value cyber-security contracts. Regularly, I perform management duties at the program and project levels, including technical leadership to diverse project teams.
Skills: Broad knowledge of communication and infrastructure design, support and network security; Hands-on experience leading various stages of system development efforts, including requirements, design, testing, and support; Extensive background with access control, authentication, monitoring, operation and organizational security systems technologies; Developing effective cyber security policies and procedures, documentation and technical specifications; Deploying, integrating, trouble-shooting and problem solving systems and applications.
•Intrusion detection and prevention (IDS-IPS) technologies; FireEye products, ArcSight (SIEM); McAfee IntruShield, Sourcefire and NIKSUN NetVCR; Open source tools, Snort with Sguil GUI.
•Network and hosts analysis tools; FireEye, Symantec, Nessus, NMap and E-eye REM/Retina among others.
•McAfee's SmartFilter and ePolicy Orchestrator (ePO); HBSS and HIPS to monitor and detect attacks against computer networks and systems; Bluecoat web proxy; controlling internet usage throughout the enterprise.
•Microsoft Windows operating systems, Linux and Mac OS X. Remote Access Services (RAS); Virtual Private Networks (VPN); Virtual Local Area Networks (VLAN); Internet Information Services (IIS).
•Implementing protocols and services based on organizational requirements. Active Directory, TCP/IP, DHCP, HTTP, SNMP, FTP, DNS, ICMP, LDAP, NetBIOS and others.
Director of Federal Civilian Services – FireEye/Mandiant, Alexandria VA
February 2016 – Present
Program and Project Management of all stages of engagements, including but not limited to inbound calls, project scoping, pricing and delivery of cyber-security products/services. Serving as key point of contact to stakeholders, providing tactical and strategic oversight to the Mandiant teams.
Organizing, resourcing, scheduling and executing Compromise Assessments, Incident Response/Threat Hunt, Penetration Tests (Red/Blue Team) and Strategically based security assessment services for federal clients, from kick-off, completion to out-brief.
•Leading all aspects of Compromise Assessments, Incident Response, Penetration Tests and Strategically focused professional services for federal clients; providing project management for short and long term contracts.
•Managing security assessments; evaluating organizations security posture for vulnerabilities, as well as the presence of targeted threats (APT), insider threats and breaches.
•Incident Preparedness and Strategically based assessments lead; providing comprehensive analysis of organizations security architecture; host/network, security event monitoring capabilities, threat intelligence and incident response.
•Project lead and Manager for a myriad of Cyber Security initiatives, including but not limited to Security Program Assessments and Response Readiness Assessments, as well as Table Top Exercises (TTX).
•Providing Project Management to multiple large and small-scale high-risk projects throughout their project lifecycles.
•Managing critical day-to-day operational elements of engagements, including objectives, financials, scope, quality control, scheduling, resourcing, dependencies, risks, status reporting and stakeholder management.
•Providing leadership, vision and direction for projects and teams while continually evaluating their progress and quality, in addition to proactively identifying and resolving potential issues as they arise.
Senior Manager and Lead – General Dynamics IT, Fairfax VA
February 2012 – January 2016
Operations and Deputy Program Manager at the Department of Homeland Security, Security Operations Center (DHS SOC); Responsibilities include supervising the SOC teams to monitor, analyze and respond to cyber security events 24x7x365. Key contributions included:
•Subject Matter Expert, directing analysis and incident response stemming from a myriad of cyber security events, including but not limited to malware, file sharing and exploits, as well as phishing and hacking attempts. Managing key processes and serving as Technical Lead.
•Supervising diverse teams of security professionals, including the Vulnerability Assessment Team (VAT), Focused Operations Team (FO), Digital Forensics Team and Security Engineers. Coordinating efforts to identify and respond to security alerts occurring at the Trusted Internet Connections (TIC’s) and Policy Enforcement Points (PEP’s).
•Assessing threats, risks and vulnerabilities from emerging security issues; making recommendations and providing guidance to senior management.
•Threat and Impact analysis; Producing briefings to provide an accurate depiction of the threat landscape; advising upper management on methods for mitigating risk to DHS OneNet; Direct advisor to the DHS SOC Branch Chief.
•Key to implementing Intrusion Kill Chain methodology of analysis; yielding Indicators and Content creation; Adversary mitigation techniques; data analytics for metrics.
•Serving as key in cyber technical volume RFP and RFI response efforts; designing customer win themes. Statement of Work (SOW) reviewing and consulting; Technical lead for business capture efforts.
•Supporting various Business Development (BD) initiatives to strengthen GDIT’s presence in the Information Security realm, including technical writing, editing, review and drafting; Serving on Pink, Blue, Green and Gold Request for Proposal RFP and RFI teams.
Senior Manager and Lead – General Dynamics IT, Fairfax VA
October 2001 – January 2012
Responsibilities as the Lead Technical Contractor for the U.S Coast Guard Computer Incident Response Team (CGCIRT) included but were not limited to leading efforts to identify and evaluate all critical systems 24x7x365; Supervised the daily activities of other analysts; managed, motivated, mentored and provided leadership to 25 members of distinct project teams. Key contributions included:
•Technical Lead provided the pinnacle of support for other team members; Ensured the highest level of standards were furnished by General Dynamics IT (GDIT) to the United States Coast Guard; Direct advisor to USCG Section Chief and GDIT Director in support of U.S. Coast Guard cyber security operations.
•Cyber Incident Handling Lead and end user support; performed network traffic analysis; identified new, previously unknown malware. Deep network packet analysis. Utilization of open source tools and COTS, such as WireShark to identify and report many new, previously unknown viruses and malware.
•Vulnerability Assessments; evaluated systems for their security posture; Reported deficiencies and provided recommendations for implementing security measures; coordinated resolution efforts with points of contact; Daily discussions with upper management to include Government civilians and Military personnel.
•Digital Forensics Examiner Lead; Utilized Guidance EnCase and Access Data, FTK software to conduct complex network investigations throughout the enterprise. Identified network intrusions; Wrote Security Incident Reports, made recommendations to upper management for mitigating risk.
•Computer Network Defense Service Provider (CNDSP); Contributed to the accreditation process of the U.S. Coast Guard in achieving its Tier 2 CNDSP classification.
•Provided final approval in ECP's (Engineering Change Proposals) impacting Coast Guard Infrastructure. Reviewed Business Case and plans of risk management; Ensured security precautions were met, including confidentially of data; C&A Packages.
•Co and lead engineer on major projects; Sygate Endpoint Solution to ensure USCG systems were adequately safeguarded from systems connecting remotely to the network; Lead engineer for USCG Server Less image.
Security Network Engineer – Northern Virginia Realtors (NVR), Mclean, VA
April 2001 – June 2001
Responsibilities working within a centralized network, which consisted of NT and Windows 98 computers with over 1500 users across 70 sites. Key contributions included:
•Provided technical support in accordance with security related best practices to assist with successful migration from NT to Windows 2000.
•Assisted with Integration of Blackberry Enterprise Server, including configuration, security settings, testing and deployment.
•Provided router security, configuration and management support in accordance with best security practices; Implemented access control lists (ACL); thus allowing only necessary IP addresses, ports, protocols and services.
Network Administrator – District Lock, Washington DC
Sept. 1994 – March 2001
Installed/configured peer-to-peer network of Windows 98/NT computers, including hardware, software and drivers; provided all phases of design, security, implementation and support. Key contributions included:
•Deployed antivirus software on all server and client systems; Integration and support of applications.
•Enabled auditing and routinely reviewed Event Files, security events; enforced security policies.
•Trouble-shoot and resolved all matters related to the network availability, ensuring integrity and security of the computer systems; effectively applied security patches in a timely manner.
Education and Credentials
Bachelor of Science Degree - Computer Networking – Strayer University - Alexandria, VA - 2006
Master of Science Degree - Applied Information Technology, Cyber Security Concentration – George Mason University - Alexandria, VA - 2019
Professional Training and Certifications
PMP – Project Management Professional – Learning Tree Certificate
CISSP – Certified Information Systems Security Professional
C EH – Certified Ethical Hacker
MCSE– Microsoft Certified Systems Engineer
CCNA – Cisco Certified Network Associate
MCP – Microsoft Certified Professional
Security+ – CompTIA