Rick DeGraffenreid, Cocoa Beach, Fl *****

adtmon@r.postjobfree.com (c)626-***-**** adtmon@r.postjobfree.com

Certifications: CISSP, Security + CE, NSA 4011-4016a, CNSSi 1253, (retired cert FQNV) Trained on NQV, AMRIP Aerospace Mini and micro assembly soldering repair. Avionic, Aviation Electrical, Space Ground Systems, remote sensing, and Developmental Operational Test & Development, Technical Inspector, Quality Control Certifications, and Instructor Certifications.

· Solution-oriented, results-focused Cyber Security Professional with extensive commercial, federal/military technical training and solid, business/mission awareness of security engineering realities central to information protection governance.

· Experience supporting simple and complex Governance Risk & Compliance (GRC) efforts, validating baseline security assessments from NIST800-53r5 and r4 to r5 transitions, documenting raw and residual risk for AO Acceptance or further mitigation and refinement of compensating controls.

· Strong analysis, troubleshooting, collaborative problem-solving remediation/mitigation skills with a proven record of success in passing cyber audits and rescuing floundering programs such as IT based stop work orders relative to flawed IT waivers or Risk Based Decisions (RBD) based on inaccurate information.

· Achievements include sustainment of baseline compliance controls, resolution of substandard assessments, documentation development/repair, recovery from failed or adverse audits, and validation coordination between approved baseline assessments and applicable configuration item (CI) End of Life considerations.

· Expertise includes the ability to squeeze detailed findings from assessment tools to substantiate baseline control compliance and identify/solve compliance issues. Extreme examples include Supply Chain Management (SCM) resolution and adverse Inspector General & authoritative agency audit remediation such as Treasury Federal Taxpayer Info (FTI); HHS/CMS HIPAA; FDA medical devices / electronic health record security compliance; and protection of classified and sensitive data.

· Skillset includes certification of PCI/DSS along with Identity Management, detailed analysis skills to prove or disprove and issue down to the configuration item CWE/CVE. Analyzing scan dumps in pivot tables sorting by PID, CWE/CVE, criticality of raw risk, residual risk, DISA/NSA CTO TASKORD, as well as NSAS SOC MAR actions and zero-day CVE/CWE remediation-mitigation.

· Further experience in supporting complex avionic, electronic warfare, COMSEC communications &Telecommunications TSEC Encryption system maintenance, ground, UAV/UAS, Autonomous Vehicle, Ground Station, Space Hardware, Platform IT (PIT), and other hybrid systems on top of traditional endpoint, mobile, enterprise, & Cloud.

Work Experience

SCA (Security Control Assessor) NASA ITSS Contract Kennedy Spaceflight Center (KSC) - Brevard County, FL 4/2022 – 12/2022

· Interface with information system owners (ISO), information system security officers (ISSO) along with all stakeholders to Assess and Validate scheduled SAP(security assessment plan) baseline compliance in GRC ARCHER/RISCS compliance records system along with processing other than satisfied (OTS) findings using the Risk Based Decision (RBD) and POA&M process. New expertise with RISCS, VAMPIRE, BIGFIX, BUGZILLA.

· Combination of onsite and remote work during COVID, I am well set to work remotely or locally to multiple locations.

· To-date experience includes Federal NIST 800-53 rev 5 Allocated Baseline Assessments including Platform IT, traditional datacenter solutions hosting, Mobile Launch Systems, Range / Command and Control systems, cleanroom lab IT along with legacy automation equipment including robot automation for TOSC (Test and Operations Support) AWS / exploration ground systems, as well as Neil Armstrong Operations and Checkout (O&C) High Bay Cleanroom Environment instrumentation IT support systems.

· Developed pilot draft artifacts to communicate ‘observations’ from assigned SAP control assessments that were cited as ‘sat’ based on interview or other evidence but had documentation observations that would not show up in the security assessment report (SAR).

US Army Disabled/Retired 4/2021 to Present

Technical Writer/Proposal Development and Special Projects 3/2020 – 3/2022

Technical Writer for IT systems Security and Public Interface State of NC Courts System

Technical Writing and technical proposal review for Military Sealift Command.

Technical and Governance Writing Project involving Records Governance and Compliance.

DoD-DECA, (Fort Lee, VA) 8/2019 – 3/2020

DoD ISSO for SORN-Registered Systems

Temporary GS-11 assigned to get a problematic DIACAP System into RMF Compliance so an appropriate Authorization To Operate (ATO) could be registered. Directly appointed to position which was severely behind due to staffing and management problems. This involved going from a DIACAP Registered MAC III Mission Support posture to a RMF COTS PIT System of Record (SORN) package assessment. This urgent fix was over a thousand controls in 90 days. It involved leveraging expertise with ACAS/Security Center, and DoD Enterprise Mission Assurance Support Service (eMASS) tool to assess FISMA and other regulatory governance compliance of the selected control baseline for AO Authorization.

ADITI-SAIC/ARCH – Unisys Team (Richmond, VA) 7/2018 – 7/2019

GRC Lead ISO for Commonwealth of Virginia IT Agency VITA-Assist & VITA Next Contracts

Commonwealth of Virginia Pinnacle/Unisys Team Customer Facing Information Security Officer (ISO) managing cyber security compliance, developing SSP and Federal Audit remediation plans, resolving server as well as other asset/network security issues and resolving the confusion generated between audit processes using multiple (differing) standards to manage risk to an acceptable level.

Commonwealth of Virginia ADITI-SAIC Governance Requirements Compliance Lead (ISO) for Virginia IT Agency (VITA Assist) Governance Risk and Compliance (GRC) Transition Assistance/reinvention, supporting 84 State Agencies as well as VITA CSRM while assisting several agencies in resolution of overdue Federal FTI and PHI Audits.

Primary fixer for multiple failed cybersecurity audits of collaboration / shared data between Federal and State Agencies.

Federal Contracting 4/2012 – 6/2018

Technical Writer/Cyber Security Control Assessor / Validator

Federal and State cyber security assessment, validation and sustainment projects for FEDRAMP application and data hosting, allocated control validation, CVE/CWE remediation, mitigation, and Risk Reporting. Supported Agencies include Air Force Medical Devices Command, Navy, Army Certification Authority, Marine Corps Systems Command and DoD Agencies including DISA, DAU, & DLA.

US Army National Guard (through 04/2021 – now Retired Military)

Avionics Maintenance Supervisor & Master Aircrew CBRNE/CERT Chem-Bio Response Team.

MDARNG Weide Army Airfield, Howard Air Force Base/Ft. Kobbe USARSO (Panama), DCARNG, Ft Leonard Wood, Ft Belvoir 29th ID Staff. Avionics / Aviation Electrical Electrical Component Repair Section supervisor and Quality Control Technical Inspector

US Marine Corps

Electronic Warfare/COMSEC Instructor, Curriculum Course Manager-Avionics Supervisor

Marine Aviation Training Support Group 90, 2nd Marine AirWing & Naval Air Maintenance Training Group. Course Manager/author for DECM, EW, COMSEC and Telecommunication Security TSEC device maintenance. Expertise included Frequency Domain and Time Domain Reflectometry test and certification of Antennas, coax/waveguide, and other airframe integration systems it also included automated & manual interim and depot testing of Electronic Warfare, Deceptive Electronic Countermeasures, COMSEC/TSEC and other avionic & Aviation Electrical systems. Mini-Micro soldering repair collateral certification (AMRIP) B Card Holder.

Education & Training

Masters in Cyber Security Candidate.

Graduate Level NSA 4011-4016a and CNSSi 1253 certificate training.

University Undergraduate Level: 140 SH of Electrical Engineering Technology (Transcripts available)

NASA RISCS Cyber Security FISMA Tool, KSC SATERN Security Control Assessor Training, ISSO, ISSE, VAMPIRE, BIGFIX, BUGZILLA.

State Level Cyber Security COV VITA-ISO, RSA ARCHER GRC, VSM, ServiceNow/Keystone Edge, MCP, MCSE; F5 Networks LTM/GTM SE, Cisco CCNET/CCNA, DoD ACAS, Telos (XACTA-DHS IACS), NESSUS PVS, N-Circle 360; Certified Ethical Hacker Core; Microsoft MCITP Refresh of MCP and MCSE.

DOD 8570 Information Assurance Workforce Registered IAT and IAM Registered, DoDD 8140 Cyber Workforce Management.

CISSP: ISC2 Certified Information Systems Security Professional Certificate 410346

SECURITY+ CE: CompTIA: Certificate: COMP001020390368

PM eMASS Train the Trainer Course (Booze Allen Hamilton [BAH]) Navy and DoD CIO

Army: PM eMASS Train The Trainer BAH

USMC: FEMA, GHS XACTA, MCCAST, IACS

DoD, Army CIO, and Navy RMF Validator training for EMASS. DHA MEDCOM RMF training

Fully Qualified Navy Validator: FQNV #I1296; Next Gen Navy QNV/NQV Training completed

oNavy CA SPAWAR Qualified Navy Validator Course (QNV) Resident and non-resident BAH Training

DOJ/FEMA WMD Counterterrorism; DEARNG CST Chem Bio; US Army 74D CBRNE training

PTO & DOJ: CSAMS

US Navy/Marine Corps Aerospace Electronics, Avionics, Aviation Elect, Electronic Warfare & COMSEC training