Mark A. Wilson, CISSP, CFCP, MCSE, MCP

**** ******* **** *****, ******* VA 20171 571-***-**** adwhgg@r.postjobfree.com

Multi-certified Information Security Leader versed in management of teams implementing cybersecurity programs for the Intelligence Community, Department of Defense, and civilian government agencies. Experienced in creating situational awareness to achieve congressional funding for emerging cyber security projects and priorities. Expert in gathering, analyzing and defining business and functional requirements for C4ISR and national security systems. Recognized expert in using tools such as the RMF, Xacta, and Certified Software Asset Manager (CSAM) framework as well as expert in ICD503, FISMA, OMB, NIST, DoD, DIACAP, and DCID 6/3 configuration and reporting requirements. Active – TS/SCI w/CI Poly

Skills

Cloud Computing - AWS Cloud Practitioner

Tenable Nessus Security Suite

Symantec’s Endpoint Protection

Amazon Web Services

Google Cloud

Microsoft Azure cloud

ETL

Security Test and Evaluation (ST&E)

RMF

POA&M

STIG

IAVA

Pen Testing

Disaster Recovery

Incidence Response plans

NIST

SRR

IC SAP/SAR enclaves

PKI

VPN

Firewalls

Intrusion Detection systems

Certified COMSEC Officer for Air Force Intelligence Community

Experience

Independent Cybersecurity Engineer Consultant: 12/30/2020 to Present

Information Technology Professional Consulting Group:

Hands-on use of checking for vulnerabilities using tools such as ACAS, Tenable Xacta 360, SCAP, and Fortify to ensure the systems comply with DISA STIGs, including any overlays required for the system such as PII, PHI, Intel-A, Intel-B, and Intel-C overlays as defined in CNSSI 1253.

oDevelop Plan of Actions and Milestones (POA&M) for upper management to review.

oWork with upper management in the development of courses of action (COA) to properly budget and allocate resources for mitigating vulnerabilities discovered.

oInput data into automated tools such as Xacta, build Security Test and Evaluation (STE) plans for A&A authorization as detailed in the Risk Management Framework (RMF).

oWork closely with developers, engineers and management on how to mitigate vulnerabilities in applications and operating systems.

oIs the interface between upper management, engineers, programmers, and developers, to work closely with Security Control Assessors (SCAs) for achieving Authorization to Operate (ATO).

Providing professional services for security, risk, and compliance for various organizations in the Washington D.C. Metro area. Hands-on planning and develop Microsoft Project Plan for large enterprise customers to operationalize a shared responsibility model as they migrate to the cloud. Experience with Amazon Web Services, Google Cloud, and Microsoft Azure cloud structures and how to work with the clients to achieve authorization to operate (ATO) in both commercial and governmental fields.

Work closely with upper management team on determining risk factors for Governance, Risk, and Compliance to address high-end computing standards. Enable the customers in moving data and conducting extract, translate, and load (ETL) standards for cloud computing. Expert in FedRAMP certification procedures for governmental clients.

Experience: Lead teams that include cloud partners and customers to enhance the security assessment and authorization process through the Risk Management Framework

Solutions: Define and deliver innovative compliance and risk management approaches to customers to move sensitive workloads in to a cloud environment in a timeless and cost-effective manner.

Delivery: Resolve security management questions and understand how to manage risk and achieve compliance while operating and the cloud. Accomplished by deep dive discussions, strategic presentations and recommendations to include hands on demonstrations of how to automate compliance in the cloud.

Insights: Work with cloud engineering, support and business teams to convey partner and customer feedback to enhance technology roadmaps and business process reengineering (BPR).

Independent Cybersecurity Engineer Consultant: DCI Solutions Inc. – Subcontract with ManTech Inc. on classified contract. 3/2020 to 8/2020

Successfully complete A&A efforts for systems that were accreditation to the RMF standard outlined in DoDI 8510.01 Risk Management Framework. Verified the security categorization of the system, verified the security control selection and how those controls were implemented to harden the system. After a discussion with the Designated Authorizing Authority Representative (DAOR) and to achieve the system security authorization agreement (SSAA) and improve the security posture of the system.

After achieving a full ATO the system will move into the continuous monitoring phase to ensure the system security posture does not change throughout the lifecycle of the system. Worked closely with the DAOR worked closely with the System Owner (SO) and Authorizing Official (AO) and developers developing Standard Operating Procedures (SOPs) for the systems being assessed and documented the RMF security posture.

Successfully developed multiple high-level policy documents to meet the RMF standards for each family class of security controls as outlined in NIST SP 800-53 Rev 4, Security and Privacy Controls for Federal Information systems and Organizations. These steps included working with multiple Cybersecurity tools to conduct a security self-assessment identifying what controls were implemented versus what controls needed additional resources, personnel, or budget to properly implement.

Independent Cybersecurity Engineer Consultant: Insight Global – Subcontract with General Dynamics Information Technology (GDIT) to support the CSOS contract. 01/2020 to 03/2020

Works as Cybersecurity Governance Manager in support of the GDIT CSOS contract at the Department of State (DoS) at SA-20 and at DoS HQ. Provide technical expertise to a wide array of IT projects and serves and the liaison between cybersecurity center and major IT programs to ensure that new technologies are architected to meet the DoS security objectives. Provides detailed evaluation on how to securely incorporate the Risk Management Framework (RMF) to the customer’s (internal and external to DoS) to inform senior managers to make risk-based decisions on new and existing architecture.

Support the senior cybersecurity engineers at the CTS level for the continuous monitoring and maintain a record of required artifacts to support NIST SP 800-53 for Assessment and Authorization (A&A) efforts. Provide program specialized security expertise to include: social media, methodical architecture evaluation, firewall rule evaluation, and intrusion detection and prevention sensor (IDPS) deployment. Have a firm understanding of large scale enterprise operations and experience in the security of domains in the areas of vulnerability management, malware TTP’s, networking protocols, and cybersecurity incident management.

Provides technical and governmental expertise and recommendations, working independently and provide written and verbal recommendations for mitigating cybersecurity risks across a wide array of technologies and organizations in the DoS.

Independent Cybersecurity Engineer Consultant: 12/30/2018-08/26/2019

Information Technology Professional Consulting Group:

Hands-on use of checking for vulnerabilities using tools such as ACAS, Tenable Xacta 360, SCAP, and Fortify to ensure the systems comply with DISA STIGs, including any overlays required for the system such as PII, PHI, Intel-A, Intel-B, and Intel-C overlays as defined in CNSSI 1253.

oDevelop Plan of Actions and Milestones (POA&M) for upper management to review.

oWork with upper management in the development of courses of action (COA) to properly budget and allocate resources for mitigating vulnerabilities discovered.

oInput data into automated tools such as Xacta, build Security Test and Evaluation (STE) plans for A&A authorization as detailed in the Risk Management Framework (RMF).

oWork closely with developers, engineers and management on how to mitigate vulnerabilities in applications and operating systems.

oIs the interface between upper management, engineers, programmers, and developers, to work closely with Security Control Assessors (SCAs) for achieving Authorization to Operate (ATO).

Providing professional services for security, risk, and compliance for various organizations in the Washington D.C. Metro area. Hands-on planning and develop Microsoft Project Plan for large enterprise customers to operationalize a shared responsibility model as they migrate to the cloud. Experience with Amazon Web Services, Google Cloud, and Microsoft Azure cloud structures and how to work with the clients to achieve authorization to operate (ATO) in both commercial and governmental fields.

Work closely with upper management team on determining risk factors for Governance, Risk, and Compliance to address high-end computing standards. Enable the customers in moving data and conducting extract, translate, and load (ETL) standards for cloud computing. Expert in FedRAMP certification procedures for governmental clients.

Experience: Lead teams that include cloud partners and customers to enhance the security assessment and authorization process through the Risk Management Framework

Solutions: Define and deliver innovative compliance and risk management approaches to customers to move sensitive workloads in to a cloud environment in a timeless and cost-effective manner.

Delivery: Resolve security management questions and understand how to manage risk and achieve compliance while operating and the cloud. Accomplished by deep dive discussions, strategic presentations and recommendations to include hands on demonstrations of how to automate compliance in the cloud.

Insights: Work with cloud engineering, support and business teams to convey partner and customer feedback to enhance technology roadmaps and business process reengineering (BPR).

Chief Cybersecurity Engineer (Engineer Level 5): 12/18/17-12/30/18

M.C. Dean, Tysons VA

Design, develops, and implements the protection of computer systems from the theft and damage to hardware, software or information, as well as protecting from disruption or misdirection of the services provided to clients of M.C. Dean. Controlling physical access to the hardware and protecting against harm that may come via network access, data and code injection.

Hands-on use of checking for vulnerabilities using tools such as ACAS, Tenable Xacta 360, SCAP, and Fortify to ensure the systems comply with DISA STIGs, including any overlays required for the system such as PII, PHI, Intel-A, Intel-B, and Intel-C overlays as defined in CNSSI 1253.

oDevelop Plan of Actions and Milestones (POA&M) for upper management to review.

oWork with upper management in the development of courses of action (COA) to properly budget and allocate resources for mitigating vulnerabilities discovered.

oInput data into automated tools such as Xacta, build Security Test and Evaluation (STE) plans for A&A authorization as detailed in the Risk Management Framework (RMF).

oWork closely with developers, engineers and management on how to mitigate vulnerabilities in applications and operating systems.

oIs the interface between upper management, engineers, programmers, and developers, to work closely with Security Control Assessors (SCAs) for achieving Authorization to Operate (ATO).

Facilitates consistent, comparable, and repeatable approach for selecting and specifying security controls for information systems and the organizations they support. Provides recommendations for the implementation of cybersecurity design and development in accordance with applicable standards and guidelines creating a foundation for the assessment methodology and procedures for determining cybersecurity effectiveness.

Successfully works to improve communication among organizations and supports the implementation of the risk management framework (RMF) and effective risk management practices within the federal government.

Principal Information Systems Security Manager

Bowhead Business and Technology Solutions 4/15/17-11/30/17

Secured and ensured that the systems used by the PFPA/FPTD are compliant with FISMA, RMF, and requirements that safeguard the occupants, visitors, infrastructure of the Pentagon, Mark Center, Defense Health Headquarters and other delegated Pentagon facilities.

Works closely with all information technology related support services for PFPA, including cloud computing design/delivery, and communications security.

Hands-on use of checking for vulnerabilities using tools such as ACAS, Tenable Xacta 360, SCAP, and Fortify to ensure the systems comply with DISA STIGs, including any overlays required for the system such as PII, PHI, Intel-A, Intel-B, and Intel-C overlays as defined in CNSSI 1253.

oDevelop Plan of Actions and Milestones (POA&M) for upper management to review.

oWork with upper management in the development of courses of action (COA) to properly budget and allocate resources for mitigating vulnerabilities discovered.

oInput data into automated tools such as Xacta, build Security Test and Evaluation (STE) plans for A&A authorization as detailed in the Risk Management Framework (RMF).

oWork closely with developers, engineers and management on how to mitigate vulnerabilities in applications and operating systems.

oIs the interface between upper management, engineers, programmers, and developers, to work closely with Security Control Assessors (SCAs) for achieving Authorization to Operate (ATO).

Monitor, manage and maintain the compliance and security of PFPA systems; perform full vulnerability and STIG compliance audits and review, manage Plan of Actions and Milestones (POA&M), development of policies, procedures, and best practices to ensure the security posture of systems with upper management stakeholders

Conduct security posture reviews to include STIG implementation, SRRs, IAVAs, CTOs, and penetration testing; verify and validate information system security posture reviews; and attend Technical Exchange and Meeting Support.

Chief Information Security Officer (CISO) GS-15

Federal Emergency Information Agency 1/8/17-5/12/17

Responsible for oversight and leadership for all FEMA information systems; governance, planning, budgeting, engineering, development, security, and operations to ensure compliance with the requirement the Clinger-Cohen Act of 1996, FISMA, the President’s Management Agenda, DHS, and other regulatory requirements in support of FEMA mission and objectives.

Brief position as CISO for DHS-FEMA as a GS-15 working closely with Security Control Assessors (SCAs) to achieve Authorization to Operate (ATO).

Information System Security Officer/Manager Mission Systems

Harris Corporation. Herndon VA 5/11/11-1/8/17

Certified COMSEC officer for Air Force Intelligence Community. Managed hardware, software, firmware and developed installation plans for encryption technologies for Data at Rest as well as Data in Transit in accordance with NSA Policy, Procedures, and

Standards.

ISSM and Cybersecurity Integrated Product Team lead for Air Force Distributed Common Ground System, Data Storage and Dissemination Data Center.

Expert in accrediting Multilevel Security standards with Infiniband architecture on high-availability computing platforms for the DoD and the Intelligence Community.

Designs, develops, engineers, and implements solutions for MLS requirements for National Security Systems.

Gathers and organizes technical requirements for developing and implementing advanced information security control concepts, methodologies, theories, and research techniques.

Provides analyses for the Risk Management Framework utilizing ICD503 for environments requiring expert application between current and emerging information system architectures for SIPR, NIPR, and IC SAP/SAR enclaves.

Provides daily supervision and direction to staff, technical support for secure software development and complex system integration tasks, including writing, reviewing, and submitting products that adhere to system design concepts.

Expert in the knowledge of computer security, information assurance, and cybersecurity products such as PKI, VPN, firewalls, and intrusion detection systems. Expert authority in the RMF and Xacta framework and is a certified COMSEC officer for the IC and DoD community.

Master Principal Information Assurance Executive

QinetiQ NA Washington, DC 9/30/09-05/11/11

Principal IA Officer and Deputy Program Manager for the National Defense University reporting to the Chairman of the Joint Chiefs of Staff, the Department of Defense, DISA, and U.S. Cyber Command.

Prepared senior-level technical briefings and compliance reports for USCYBERCOM to include Cybersecurity Scorecard briefings and quarterly and semi-annual reports on current situational awareness and security posture reviews.

Reports generated situational awareness helping to achieve congressional funding for emerging cyber security projects and priorities.

Achieved 95% compliance in IA requirement implementation over 18-month period.

Recognized as expert authority in ICD503, FISMA, OMB, NIST, DoD, DIACAP, and DCID 6/3 configuration and reporting requirements for NSSs.

Developed the IA program for the university; developed program metrics to teach DoD officers and organizations how to successfully control an IA program by providing subject matter expertise for both SIPR and NIPR enclaves.

Provided upper management the information to report to Congress on the overall effectiveness and new challenges to information security to procure additional funding for new requirements.

Information Assurance Officer

NuAxis LLC McLean, VA 07/02/07-09/30/09

Senior IA Security Analyst and Program Manager responsible for creating, vetting, and finalizing certification and accreditation (C&A) process of the Department of Interior, National Park Service. Leading to an improved FISMA compliance reporting level from 0% compliance to over 95 % compliance within the first year.

Created and promulgated IT security plans, policies, and procedures for accomplishing organizational information security reporting requirements in accordance with DoD STIGs. Resulting in the improved security posture of the critical infrastructure within the organization.

Developed first Authorization to Operate (ATO) in the history of the National Park Service. This effort provided the organization to continue a positive path of success for enhanced future compliance and improved communications technology.

Responsible for monitoring and evaluating the effectiveness of security of computer systems through the use of automated tools such as Tenable Nessus Security Suite and Symantec’s Endpoint Protection and implementing solutions for whole disk encryption.

Developed daily, weekly, monthly, quarterly, and annual reports to upper management on current issues and vulnerabilities.

Information Assurance Officer

Indus Corporation Vienna, VA 11/03/06-06/29//07

Team lead for the Federal Highway Administration of the Department of Transportation security compliance with a focus on Certification and Accreditation of federal computer systems for FISMA compliance.

Created and revised C&A documents to comply with NIST Special Publication Series with a focus on NIST SP 800-53 Rev. 1, NIST SP 800-53A, and NIST SP 800-60.

Developed System Security Plans, performed Risk Assessments, conducted Security Test and Evaluation (ST&E) reports, and developed (POA&Ms).

Improved reporting metrics by redesigning and training system owners on how to develop System Security Plans, mitigate vulnerabilities discovered, and map mitigation strategies to POA&Ms.

Developed Disaster Recovery Plans, Continuity of Operations Plans, Incident Response Plans, and Contingency Plans for compliance with federal regulations and guidelines. Guidelines and procedures improved the ability of the agency to recover when incidents occur, and maintain availability at an acceptable level, while protecting confidentiality.

Education

Bachelor of Science, Computer Information Systems

Strayer University Graduation, 2011

Professional Training

Telos Xacta IA Manager, and Telos Xacta 360 certifications

DISA Assured Compliance Assessment Solution 07/07/17

Enterprise Mission Assurance Support Service 06/14/17

NSA-IEM INFOSEC Evaluation Methodology 06/30/05

NSA-IAM INFOSEC Assurance Methodology 06/30/03

Designing a Microsoft Windows 2000 Network 06/27/01

Microsoft TechNet Certification - Microsoft Corporation 06/30/99

MCP

MCSE Certification Training

Computer Electronics Technician Certification

Licenses and Certifications

CISSP - (ISC)2 Expiration 2020-05-30, License #: 391468

Certified FISMA Compliance Professional License #: 113098

Certified FISMA Compliance Professional

Honors and Awards

Industry Recognition Award - ISSA 2012-06-29 ISSA International Fellow 2012 The Information Systems Security Association (ISSA) International Fellow recognizes exemplary long-term members who have distinguished themselves in advancing the professionalism, stature and influence of information security professionals worldwide. Sustained membership and contributions to the cybersecurity profession: 8+ years of association membership 3+ years of volunteer leadership in the association 5+ years of significant performance in the information security profession.

Associations

(ISC)2 –National Capital Region, 2012 – President and Founding Secretary

Information Systems Security Association (ISSA) National Capital Region, 2005 – President and Founding Secretary

Contact this candidate