…

MICHAEL A. DEFALCO

*** ******* ****** **, ********* PA 15656 adzdk0@r.postjobfree.com 808-***-**** PRINCIPAL NETWORK CYBERSECURITY ENGINEER

SECURITY CLEARANCE: TOP SECRET - Sensitive Compartmented Information (TS-SCI) Inactive; DoD 8570.1 Compliant

CI POLYGRAPH: ADMINISTERED & PASSED

Retired Air Force Veteran

Cybersecurity Maturity Model Certification (CMMC) Practitioner! 20+ years of IT experience in the military, government and civilian sector- Solutions-oriented IT Security Engineer with consistent success directing a broad range of cybersecurity initiatives, while participating in planning and implementation of Information Security solutions in direct support of government and corporate objectives.

Hands-on experience leading all stages of system development efforts, including requirements definition, design, architecture, testing, security implementation and hardware/software support.

Track record of increasing responsibility in secure network support/administration, systems analysis, assessments and development, and full lifecycle project management.

Demonstrates capacity to implement innovative security programs that sustain awareness, decrease exposure, strengthen organizations and increase network production.

Outstanding leadership abilities; able to coordinate and direct all phases of project-based efforts, while managing, motivating, and leading project teams. Customer service oriented!

Highly responsible and dependable. Experience in documenting system configurations, developing operating procedures, and supporting the creation of installation and transition plans. CORE COMPETENCIES: Network and Systems Security! Cybersecurity Framework Assessments/Audits, Information Assurance, HIPAA Assessments, FISMA Independent Assessment, SME for all Certification

& Accreditation Compliance, NIST 800-series publications, Vulnerability Testing/Scanning, ProofPoint Systems Management, ProofPoint Phishing Campaigns, SAI360 Compliance Tool, Upgrade & Maintenance, Business/Security Impact Analysis, Regulatory Adherence, Data Integrity/Recovery, Disaster Recovery, Research & Development, Risk Assessment, Security Assessment Reporting, Cost Benefits Analysis, SOX compliance

CRUCIAL SKILLS: Vast experience Enterprise Threat and Vulnerability Management, DISA Gold Disk and SRR utilization, Windows & LINUX server platforms and clients; SME for STIGs, IAVA, and security targets, VMWare & XEN (server virtualization) experience, System documentation and CONOP development, Researching & applying security patches to servers; Provides support to the engineering team in the application & design of security controls. Coordinates system vulnerability issues with network integration and security implementation teams.

PROFESSIONAL EXPERIENCE

PRINCIPAL CYBERSECURITY COMPLIANCE ENGINEER, RAYTHEON TECHNOLOGIES Jun 2014 - Present Cyber Security Services Division, Dulles, VA

SME for Raytheon Professional Services Cybersecurity team. Employs vast and varied experiences to work with system owners, both federal and in the private sector. A solution-oriented leader who builds dynamic teams by leveraging the strengths of each individual member. Expert knowledge of NIST, FISMA FedRAMP, CMMC, and NCA requirements and policies. Senior network practitioner for CMMC assessments. Excellent understanding of vulnerabilities and weaknesses across complex IT environments and ability to understand. Applicability of security standards across technologies. Extensive experience in the IT industry consisting of developing governance, risk, and compliance programs, writing information security and privacy policies at the Centers for Medicare and Medicaid Services (CMS), and performing Security Readiness Reviews (SRR). Experienced in designing and implementing disaster recovery plans for the Department of Defense (DoD) and the financial sector. Experienced in developing Continuity of Operations Plans (COOP) for the DoD. Ability to analyze, coordinate, and manage complex projects. Highly experienced in the application of engineering concepts, principles, methods, processes and procedures.

Key Contributions:

Provides guidance and network security recommendations to Centers for Medicare & Medicaid Services (CMS) community regarding system implementation, using NIST Special Publications, as guidance, along with various proprietary guidelines for security compliance

Proficiently leveraged SAI360 for Governance, Risk Management, and Compliance (GRC) purposes as a skilled Cybersecurity Engineer, ensuring robust and effective control over organizational security protocols and regulatory adherence

As a member of the Professional Services Team, supports Raytheon customers and clients (both civilian and government) through cybersecurity consulting engagements, including Risk Management Framework Assessments, Compliance Assessments and Policy Reviews

Risk Management Framework (RMF)) and NIST Special Publications (800-series); identifies deficiencies and provides recommendations for solutions; track findings with Plan of Action and Milestones (POA&M)

Produces site interviews & inspection reports in accordance with the site certification schedule

Provides guidance and network security recommendations to Centers for Medicare & Medicaid Services (CMS) community regarding system implementation, using NIST 800-53 Special Publication, as guidance, along with various proprietary guidelines for security compliance

Analyzes network topology diagrams and scan results; assists customers with understanding security controls for enhanced security; identifies false positives and provides advice

Provides reports and guidance on vulnerability assessments, along with mitigation strategies to CMS community and Raytheon supply chain partners; generates technical presentations for leadership

Works with supply chain senior leadership to identify areas of improvement, while documenting plans to execute the improvement processes

Security representative for patch management staff; worked with CMS systems by providing mitigation strategies to enhance overall security posture SENIOR NETWORK SECURITY ENGINEER, AVAYA Oct 2012 – Jun 2014 Federal Bureau of Investigation (FBI), Clarksburg, WV Critical security team member during all phases of creation of a vital FBI network for the National Instant Criminal Background Check System. Actively participated in the planning, installation, administration and support of the government Voice over IP network.

Key Contributions:

Responsible for implementing standards, performing security measures/hardening procedures, and ran network discovery scans for government

Lead the development and maintenance of security documentation such as the System Security Plan (SSP), Configuration Management Plan, Contingency Plan (CP), CP Test reports, and Annual FISMA assessments

Tracked all assigned hardware inventories and IP addresses for network during and after completion of build

Provided daily briefing for government leadership on network issues and progress INFORMATION SYSTEM SECURITY REPRESENTATIVE, KNOWLEDGE CONSULTING GROUP Nov 2011 – Oct 2012 Federal Bureau of Investigation (FBI), Clarksburg, WV Managed all phases of the assessment and authorization (A&A) process. Delivered Information Assurance and preservation of the FBI’s information systems worldwide through security certification. Registered information systems for certification in accordance with the FBI A&A Standards. Performed comprehensive evaluations of information system in support of the FBI’s accreditation process. Completed risk assessments on all security requests submitted to the Security Division. Produced certification and accreditation packages appropriate for the Tier Levels defined by the FBI and submitted them to the government 30 days before Approval to Operate date expires. Provided day-to-day IT support and consultation to all FBI locations.

Key Contributions:

Developed a schedule and plan while ensuring that an acceptable site accreditation is completed and approved in coordination with all field office ISSOs.

Prepare system documentation for assessment in accordance with the Risk Management Framework

Conducts research and technical investigations on data services that traverse government networks

SENIOR SYSTEMS SECURITY ENGINEER, BAE SYSTEMS INC

NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY (NGA), ARNOLD, MO Jul 2008-Nov 2011 Information Systems Security Officer

Utilized Security Readiness Review (SRR) scan/test utilities to isolate potential network vulnerabilities, per Defense Information Systems Agency (DISA) and NGA directives. Conducted risk assessment and provided recommendations for application design. Responsible to the NGA DAA for ensuring that security is implemented throughout the life cycle of information systems. Guaranteed integrity, confidentiality and security of information by applying rigorous security initiatives. Interpreted DCID 6/3 IA network security requirements.

Key Contributions:

Conducted penetration & vulnerability testing/analysis of various security technologies, and information technology security research; reviewed findings, conducted reviews with management.

Oversaw the St Louis Information Library Network Anti-Virus program for over 250 servers/nodes

Managed Radiant Mercury Imagery Guard; coordinated customer requirements with program office and accrediting agency; performed extensive monitoring of installation through rigorous A&A

Directed Assessment and Authorization process; validated tasks via Xacta Management Tool

Performed testing and in-depth analysis of systems before/after gov’t-approved modifications

Developed/maintained Plans of Actions and Milestones (POAM) metrics for mitigation tracking; prepared security reports to regulatory agencies; coordinated progress with site DAA. INFORMATION SECURITY CONSULTANT, US BANK CORPORATION, ST LOUIS, MO Jan 2008 – Jul 2008 Data Security Analyst

Provided technical direction, guidance and support to Information Security staff and other Technical Services departments in developing, maintaining, and/or implementing corporate information security plans, processes, and procedures. Lead the analysis of user and management security needs and recommends security product and procedure solutions. Conducted technical security reviews, investigations, and integrity verifications. Maintained records of findings on all applications. Key Contributions:

Demonstrated project leadership skills and a high degree of specialized expertise; led application team through data analysis; impressive display of quality performance evident in everyday work

Possessed thorough knowledge of corporate and federal regulatory requirements for electronic data processing audit and security; ensured ZERO security breaches for corporate audits

Resident expert with impressive knowledge and expertise in data security systems and products, computer systems and information processing concepts

Exceptional planning, organizational and problem-solving skills showcased ability to develop and provide training to less experienced technical staff and team members EDUCATION AND CREDENTIALS

**United States Air Force (20 years)**

Retired Senior Non-Commissioned Officer

Information Systems Technology

Community College of the Air Force (Montgomery, Alabama) Completed Degree through Hawaii Pacific University Professional Training and Certifications

CMMC Practitioner CISCO Network Structuring & Hardening Concepts Information Assurance Professional Certification Radiant Mercury Future Development Seminar CISSP Boot Camp Microsoft Windows Server Design & Administration CISCO Networking Boot Camp

Contact this candidate