Cyber Security Information

Location:

Satellite Beach, FL

Posted:

December 01, 2024

Contact this candidate

Resume:

Keith Frederick

CISSP, CGRC, CRISC, CEH, PMP, CMMC-RP, Adjunct Professor, Author

CISO of the Year, 2024 – ORBIE - Houston Enterprise

*****.*********@******.*** 703-***-****

Clearance - Top Secret - SCI

EDUCATION

·Bachelor of Science, Electrical Engineering, University of Texas at Austin, Austin, Texas

·Master Business Administration, Our Lady of the Lake University, San Antonio, Texas

CERTIFICATIONS

·ISC2 – Certified Information Systems Security Professional (CISSP)

·ISC2 – Certified in Governance Risk and Compliance (CGRC)

·ISACA – Certified in Risk and Information Systems Control (CRISC)

·EC Council – Certified Ethical Hacker (CEH)

·CMMC-AB – Registered Practitioner (RP)

·PMI – Project Management Professions (PMP)

CHIEF INFORMATION SECURITY OFFICER (CISO)

CISO of the Year, 2024 – ORBIE - Houston Enterprise – Over 35 years’ experience as a Chief Information Security Officer (CISO) in Four different companies (Private & Public) - (Commercial, DoD, & Federal) with hands-on information security systems design and analysis to include Cyber Security Engineering, Security Control Assessor (SCA), Risk Management Framework (RMF), Cyber Security Framework (CSF), Authorization and Assessment (A&A), FedRAMP (Cloud Technology), Health Insurance Portability and Accountability Act (HIPAA), North American Electric Reliability Corporation (NERC) (CIP), Industrial Control Systems (ISC), SCADA, and Federal Information Security Management Act (FISMA). Outstanding customer service skills. Authored two books on Cyber Security covering testing of RMF Cyber Security and a manager handbook implementing RMF. Strategist with a strong tactical ability to implement using analytical, problem solving, and organizational skills. Effectively manage and prioritize multiple concurrent projects while meeting aggressive deadlines in a fast-paced environment. Willingness to participate in cross-functional training and support.

SPECIFIC EXPERIENCE

(5/21 – Present) Chief Information Security Officer (CISO)

Viasat Inc.

Providing Cyber Security technical support to Commercial Industry and Federal Government Implementation of Risk Management Framework (RMF) in operational environments. Starting from ground floor, assessed the current Cyber Security environment and resources; drafted the Cyber Security strategy; convinced C-Level Management providing resources; and operationalized strategy. Accomplishments:

Implement a business unit Security Operations Center (SOC) – 30 + customers,

Implemented Worldwide Satellite Cyber Security Program,

Implemented RMF on World-wide Enterprise Service Provider Network, and

Implemented Cyber Security Awareness Training Program throughout the company.

(10/21 – Present) Adjunct Professor

Texas A&M University - College Station,

(11/17 – 4/21) Chief Information Security Officer (CISO)

RigNet Inc.

Implemented RMF on a 52 Countries Enterprise Network – 2 years ahead schedule,

Built a Security Operations Center (SOC) – a year ahead of schedule of schedule,

Implemented Cyber Security Awareness Training Program throughout the company,

Improved BitSight score from 300s to “770 – Advance”, and

Improved KKR Cyber Security Assessment from the Bottom to Top 5.

(10/21 – Present) Adjunct Professor

Texas A&M University - College Station,

Providing Courses in Cyber Security - Incident Response.

(1/07 – 10/17) Chief Information Security Officer (CISO)

Computer Network Assurance Corporation,

Providing Cyber Security technical support to Commercial Industry and Federal Government Implementation of Cyber Security engineering projects.

(07/94 – 12/06) Chief Information Security Officer (CISO)

SecureInfo Corporation,

Dedicated business group of Cyber Security professionals providing comprehensive solutions helping secure IT environment with confidence.

(07/76 – 07/94) Retired Officer

United States Air Force,

Dedicated Cyber Security professionals providing comprehensive solutions helping secure DoD IT environments with confidence.

RESPONSIBILITIES

·Manage large-scale information security engineering projects in supervisory and developer roles while providing technical guidance in Cyber Security techniques.

·Management and hands-on activities include system analysis, software development, and documenting solutions for Industrial Controls and SCADA Systems Cyber Security requirements and architecting Public Key Infrastructure (PKI) management services.

·Manage the implementation of Cyber Security global standards following National Institute for Standards and Technology (NIST), North American Electric Reliability Corporation (NERC) (CIP), Health Insurance Portability and Accountability Act (HIPAA), International Organization for Standardization (ISO) (i.e., 15408 & 2700X), and International Society of Automation (ISA).

·Develop and successfully implement an effective Information Security Program that is disciplined to govern the organization’s enterprise-wide network and providing business-relevant metrics.

·Provide vision, strategy, and the implementation of the Information Security program in support of successful governance, execution and delivery of policy and standards.

·Develop a result driven organization for monitoring, analyzing and reporting on all network and application communication specific protocols for the unwanted manipulation of systems, malicious network traffic, network attacks against vulnerable services, data driven attacks on applications, host-based attacks or unauthorized access to sensitive data.

·A viable and proven track record in the creation of a cyber-threat management and prevention architecture which have proven to provide sound, reliable, robust performance for a 24x7x365 organization. Oversee the functions of the Computer Incident Response Team (CIRT) and Security Operations Center (SOC) for perimeter controls, security applications and network infrastructure, to provide security configurations, controls for user accounts, monitoring of services, centralized logging, network connectivity, job scheduling and routine maintenance.

·Manage security incidents and events to protect corporate assets, including intellectual property, regulated data and the company's reputation.

·Manage resources for auditing of applications, operating systems and networks to provide measurable technical assessments that includes interviewing staff personnel, performing, security vulnerability scans, assessing Security Controls to ensure availability, integrity and confidentiality while meeting the organization’s internal and external regulatory compliance, including negotiating vendor contracts and fees.

·Preform Cyber Security systems analysis, hundreds of systems’ security control assessments, information systems including vendor compliance and networks development, public key infrastructure (PKI) management services, program design, program management, as well as preparation in resource planning, programming, and budgeting.

·Manage the program and interpret the results of the attack and penetration testing performed on company owned resources for information gathering, vulnerability detection analysis and exploitation planning, and results reporting to remediate exploits and ensure confidentiality, integrity and availability of mission critical information assets.

·Provide guidance using specialized knowledge and toolsets to operational teams during enterprise-wide crisis scenarios, e.g., large-scale production service outages outside of the routine change management process.

·Lead a Security Awareness program to promote user awareness on phishing attacks in order to educate users on security policies and procedures. Use metrics to drive effectiveness of the program to reduce risk of outside attackers gaining access.

·Develop online school, “Cyber Technology Institute (CTI)” (http://cti.eleapcourses.com) teaching numerous Cyber Security courses.

·Mentor junior engineers in security knowledge and experience in technologies and methodologies as it relates to operating systems, firewalls, proxies access controls, encryption, networking, programming/ scripting, auditing, vulnerability assessments, intrusion management and operations to assist the Security Department team with effective research, data gathering, analysis, metrics, reporting and communications.

SKILLS & ABILITIES

·Exceptional written and verbal communication skills, presentation skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.

·Command presents and recognized for his leadership, situation analysis, and resolute commitment to accomplishing the mission (Providing briefings to Boards and Conferences).

·Strong executive presence to be able to present analysis and recommendations in a clear and compelling manner to both technical and non-technical audiences, including Board of Directors, Executive Management, clients, end-users, IT peers, and attorneys.

·Outstanding analytical skills, organizational skills, and ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

·Capacity to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

·Expert level of personal integrity, ability to professionally handle confidential matters, and a high level of judgment and maturity.

·Complete understanding of IT Operations as it pertains to the role and influence of information security within.

·Solid ability to negotiate with stakeholders and clients on requirements.

PROFESSIONAL ACTIVITIES AND ACHIEVEMENTS

·CISO of the Year, 2024 – ORBIE - Houston Enterprise

·Book author “Independent Testing for Risk Management Framework (RMF), Assessment Test Plan (ATP)” ISBN: 978**********.

·Book author “Authorizing Official Handbook for Risk Management Framework (RMF)” ISBN: 978**********.

·Authored “Cyber Security - not just an “IT” problem”, digital energy journal Publication - June / July 2013. A Cyber Security article for the Oil and Gas industry.

·Developed 21 Cyber Security courses from RMF, CSF, Crypto, SCADA, HIPAA, Network Security, and Practical Information Assurance.

·Invented, developed and implemented:

oThe Cyber Security Lifecycle Tool Cyber Profile™ (CP™) automating the continuous monitoring throughout a system’s lifecycle and provides Cyber Security situational awareness. (5th Generation)

oThe C&A tool Risk Management System™ (RMS™) that helps users with the C&A workflow and documentation. Made standard throughout Department of Homeland Security (DHS). (4th Generation)

oThe vulnerability management tool Enterprise Vulnerability Management™ (EVM™). Made standard throughout the Federal Government by Office of Budget and Management (OMB). (3rd Generation)

oThe C&A tool Security Analyst Workbench™ (SAW™) that helps users with the C&A workflow and documentation. (2nd Generation)

oThe security databases tool Total Enterprise Security Service™ (TESS™), which sold to security professionals. (1st Generation)