Information Security Risk Management
Resume:
Todd Sternberg
Madison, ***** AL 703-***-**** ********@*****.***
Professional Summary
Results-oriented Information Security SME with expertise in software vulnerability assessments, dynamic and static analysis, and implementing effective security solutions. Skilled in leveraging software assurance tools to optimize processes and drive predictable, repeatable outcomes that contribute to revenue growth. Skills
Technical Skills:
Network and Database Security
Risk Mitigation Recommendations
Security Infrastructure Architecture
Security as Code (SaC)
Vulnerability Management
Cloud Security Strategy
Security Information and Event Management
(SIEM)
Zero Trust Architecture
Threat Analysis
Cloud Architecture
Soft Skills:
Risk Management Strategies
Policy and Control Implementation
Business Operations Management
Responding to Security Breaches
Change Management
Team Leadership and Mentorship
Cross-functional Collaboration
Strategic Decision-Making
Communication and Stakeholder Management
Problem Solving and Critical Thinking
Work History
PRINCIPAL INFO-SEC ENGINEER 05/2024 - Current
Hadron Industries - Cambridge, MA
Collaborated with developers to identify and mitigate security vulnerabilities, reducing release risks and enhancing application security.
Implemented and managed cloud services in AWS and Azure, achieving an 83% improvement in system reliability and compliance.
Deployed scalable and secure solutions in AWS and Azure environments, streamlining operations and ensuring adaptability.
Assisted with access control management, improving network security and ensuring compliance with organizational policies.
Optimized Splunk and ACAS to meet CMMC accreditation requirements, aligning operations with customer and regulatory standards.
SENIOR PRINCIPAL SECURITY ARCHITECT 08/2021 - 05/2024 Capitis Solutions - Reston, VA
Conducted threat-based security assessments of C2IE information assets, identifying vulnerabilities and reducing risk exposure.
Developed threat models and security requirements for APIs, reducing vulnerabilities and strengthening application security.
Validated security controls, including SG, NACL, IAM, and SecCM, to ensure compliance and bolster organizational defenses.
Engaged business and technology stakeholders to gather requirements, including PaC needs, improving decision-making and aligning security strategies.
Advised and mentored security assessment and incident response teams, enhancing operational effectiveness and team capabilities.
SENIOR TECHNOLOGIST 02/2019 - 07/2021
Harmonia Group, LLC
Served as a trusted technical advisor for Federal clients, enhancing cybersecurity strategies for agencies such as the Census Bureau, CFPB, SBA, IRS, and U.S. State Department. Presented cutting-edge research on cybersecurity technologies, including Zero Trust and Deception as a Service (DaaS), at industry conferences, driving innovation and adoption. Managed disaster recovery efforts following catastrophic failures due to natural disasters, ensuring operational continuity and resilience.
Evaluated advanced cyber tools such as DevSecOps and Keyless Signature Infrastructure (KSI) for Federal agencies, improving compliance with Sarbanes-Oxley and HIPAA. Developed procedures, awareness programs, and templates to standardize security operations and enhance policy adherence.
PRINCIPAL SOLUTIONS ARCHITECT 04/2018 - 01/2019
Verizon, Public Sector Security Solutions - Ashburn, VA Managed support for Verizon Federal's sales team, leveraging Salesforce to track $2.4 billion in sales and driving significant revenue growth.
Led technical solution development across multi-tower domains (Cloud, Security, Networking, IoT, Contact Center), delivering tailored solutions for Federal agencies such as DHS, IRS, and U.S. Air Force.
Provided expertise in cutting-edge cyber tools, including Deception as a Service and spatial computing, to address advanced security and collaboration needs for Federal clients. Collaborated with developers and engineers to implement COOP solutions, ensuring operational continuity and technological resilience for critical systems. Designed network monitoring tools that minimized storage requirements for logging, enhancing system efficiency and reducing operational costs.
INFORMATION ASSURANCE SUBJECT MATTER EXPERT 11/2015 - 04/2018 Triangle Experience Group, Inc, TEG - Arlington, VA Supported the Air Force Innovations Integration Office (A2I) in deploying and accrediting the Advanced Collaboration Enterprise Services (ACES) into the Joint Collaboration Cell (JCC) at the National Reconnaissance Operations Center (NROC), enhancing mission-critical collaboration capabilities. Led the Intelligence Community Directive (ICD) 503 and 500-27 accreditation effort, managing testing and documentation to secure and maintain an Authority to Operate (ATO). Analyzed complex business problems, identified root causes, and developed robust solutions, driving efficiency and operational improvements.
Directed teams in delivering quality products and services, enhancing user experience and successfully introducing new features to expand functionality.
Oversaw scheduled and unscheduled equipment maintenance, optimizing readiness and ensuring consistent system availability.
SENIOR SECURITY ENGINEER/ PROJECT MANAGER 07/2014 - 11/2015 ActionNet - Washington, DC
Led a team within the JC3 Security Operations Center (SOC) to support the Department of Energy customer, enhancing security operations and risk management. Conducted threat-based security assessments of JC3 information assets, identifying vulnerabilities and implementing effective solutions to improve system security. Advised and mentored security assessment and incident response teams, boosting their operational efficiency and responsiveness.
Provided technical subject matter expertise for Cyber Kill Chain (CKC) analysis, improving the detection and mitigation of advanced threats.
Authored detailed security and vulnerability reports, outlining incidents and recommending remediation actions to strengthen overall system resilience.
SENIOR SECURITY ENGINEER/ TEAM LEAD 06/2012 - 07/2014 SRC Inc, (ICE SOC) - Tysons Corner, VA
Led the DHS ICE Security Operations Center (SOC) security engineering team, driving improvements in security operations and incident management.
Conducted threat-based security assessments of DHS ICE information assets, identifying vulnerabilities and implementing corrective actions to strengthen security. Implemented essential controls and procedures to protect information system assets, preventing unauthorized modification, disclosure, or destruction. Provided technical subject matter expertise for Cyber Kill Chain (CKC) analysis, enhancing threat detection and response capabilities.
Managed personnel schedules and staffing levels for SOC shifts, ensuring optimal coverage and operational efficiency.
SENIOR INFORMATION ASSURANCE OFFICER/ TEAM LEAD 11/2010 - 06/2012 Raytheon - Springfield, VA
Achieved and maintained ATO for 200+ systems, successfully closing all Plans of Action and Milestones
(POA&Ms), strengthening the agency's cybersecurity posture. Guided the National Geospatial-Intelligence Agency (NGA) Acquisitions branch through the Certification and Accreditation (C&A) process of deployable systems in Xacta, ensuring compliance and security. Achieved the first For Official Use Only (FOUO) Wireless ATO in NGA history, setting a new standard for wireless system accreditation.
Secured an ATO in record time at NGA, obtaining a three-year ATO in just two weeks, pioneering a path for agile accreditation practices.
Represented the Office of the Chief Information Officer (OCIO) in meetings with senior leadership, providing strategic guidance in deploying fully accredited systems. Education
DeVry Institute of Technology - BS
EET electrical engineering technology, 06/1998
Certifications
CompTIA Security Plus, COMP001022675563
NSA IAM
Clearance
TS/SCI with Q & CI Poly, 08/01/24
Air Force CAC, 09/01/24
Military Service
United States Marine Corps, Honorably Discharged (Retired)
Contact this candidate