Cyber Security Information
Resume:
Dr. (D.Sc.C.S.) Richard James (Rick) Hays
Reno, Nevada
****@********.***
Willing To Relocate
OBJECTIVE
Seeking a position as a Cybersecurity Subject Matter Expert (SME) EXECUTIVE SUMMARY
Cybersecurity Functional Manager and SME for Cybersecurity Management having 26 years of experience. Hold a Doctoral degree in Cyber Security. Certified Information Security Manager
(CISM), as an Information Assurance Manager (IAM) Level III. Hold an active Top Secret, Specially Compartmented Information (TS/SCI) security clearance with a Date of Investigation 2023. Have mastery knowledge of Cybersecurity technology concepts principles, and techniques, which enables development and response to policy, plans, requirements, and procedures, for current operations, maintenance and business issues. Hold a commanding knowledge of current statutory and regulatory cybersecurity policies. Manage with an attention to detail and a knowledge of hardware and operating configurations, policies, and procedures. Knowledgeable in lifecycle processes for systems and trends in present and emerging communications computer systems and information technology. Enjoy a high level of skill and ability to speak and write effectively, about highly complex and sensitive issues, through statements prepared for senior military, government, and private sector management officials, which includes: giving briefings, chairing meetings, leading multi-organization teams, and preparing reports for General Officer, Federal and State Senior leaders. Envelop an expert knowledge of communications-computer systems architectures, integration, and interoperability. Have a broad knowledge of financial planning, for programming, budgeting and execution systems. Specialize in audits and assessments of information systems and networks, to include incident response development and management.
SUMMARY OF QUALIFICATIONS
• United States Citizen
• Top Secret Specially Compartmented Information (TS/SCI) Clearance
• Doctorate of Science Degree in Cyber Security
• CISM and Security+ Certification (IAM Level III and IAT Level II – Certified)
• Communications Background 35 + Years
• Program Management
• Accreditation and Authorization of Information Systems and Networks
• Communications Security (COMSEC) Management
• Risk Management Framework – Cyber Security
• Strong Attention to Detail
• Analytical Problem Solver
• Customer Service Focused
• Team Builder and Personnel Developer
• Effective Written and Oral Communicator
• Information Security Incident Response Development and Management
• Cybersecurity Field Trainer and Assessor
• Information Security Assessments and Audits for Process Compliance EDUCATION
Doctorate of Science in Cybersecurity (D.Sc.CS) May 2018 Capitol Technology University, Laurel,
Maryland
Masters of Science in Information Assurance (M.S.I.A.) June 2013 Norwich University Northfield,
Vermont
Bachelors of Science in Business Management (B.S.B.M.) May 2010 University of Phoenix - Reno,
Nevada
Associates of Arts in Information Systems (A.A.I.S.) May 2002 Community College of the Air Force (CCAF) Reno,
Nevada
Associates of Arts in Information Management (A.A.I.M.) May 1999 Community College of the Air Force (CCAF) Reno,
Nevada
PROFESSIONAL TRAINING and CERTIFICATIONS
CISM Certification (#1737923 -14 SEP 2017) IAM Level III Certified COMPTIA Security + Certification (#COMP001020236793 – 27 NOV 2013) CISA Certification – In progress
CMMC CCP Certification – In progress
Carnegie-Mellon University – Cyber Resiliency Review (CRR) and External Dependency Management (EDM) Assessment Certification Carnegie-Mellon University – Incident Management Review (IMR) Certification
FEMA Emergency Management ICS 300, 400, 700, & 800 Certification Lunar Line Accreditation & Authorization (A&A)
USAF Public Key Infrastructure (PKI)
USAF Emission Security Management (EMSEC)
USAF Internet Security Scanner (ISS)
USAF Communications Security (COMSEC)
USAF AFSC 3D090 Cyberspace Superintendent 9 Level
USAF AFSC 3D0X3 Information Assurance (IA) 7 Level USAF Senior Non-Commissioned Officers Academy (SNCOA) USAF Non-Commissioned Officers Academy (NCOA)
USAF Trainer and Task Certifier
USAF Security Manager
EXPERIENCE
Nevada Department of Transportation (NDOT) Apr 2024 – Present Contractor
Cybersecurity
Carson City, Nevada 89701
Full Time 40 Hours/Week
Deputy Chief Information Security Officer (DCISO)
and Cybersecurity Compliance Manager
SUMMARY OF EXPERIENCE
• Serve as the primary focal point for cyber security strategy, policy, planning, coordination and compliance for the Nevada Department of Transportation. Conduct and manage cybersecurity risk assessments, strategy and defensive techniques, report cybersecurity concerns and cyber security projects. Provide authoritative technical guidance and oversight related to information systems security to include cybersecurity frameworks, controls and auditing requirements.
• Monitor compliance of security programs. Seek to minimize system vulnerabilities by adhering to information systems security, regulations, protocols or security certification and accreditation requirements. Serve as a representative for complex, high-visibility information technology projects.
• Cybersecurity Workforce Management. Responsible for developing cybersecurity workforce plans, assessments, strategies, and guidance, including cybersecurity-related staff training, and certification. Provide changes to cybersecurity-related policy. Create workforce planning strategies to maintain compliance with legislation, regulation, policy, and the National Initiative for Cybersecurity Education (NICE) framework.
• Cybersecurity Policy and Planning. Responsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
• Program Management. Responsible for leading and coordinating the cybersecurity compliance program. Communicating concepts and details of the program and ensuring alignment with agency or organizational priorities.
• Security Control Assessment. Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness.
• Technology Program Auditing. Responsible for conducting evaluations of technology programs or their individual components to determine compliance with published standards. Test, implement, deploy, maintain, review, and administer infrastructure hardware and software. Monitor network to actively remediate unauthorized activities.
• Perform security reviews. Identify gaps in security architecture, and develop a security risk management plan. Collaborate with critical infrastructure owners, operators, IT security experts, and managers to support organizational cybersecurity objectives. Conduct cyber protective visits and strategic cyber risk assessments to prepare and protect critical cyber infrastructure assets.
• Participate in cybersecurity partnerships with and across critical infrastructure owners and operators within state, county and local government levels. Advise senior management on cost-benefit analysis of information security programs, policies, processes, systems, and elements.
Department of Homeland Security/Cybersecurity and Infrastructure Security Agency
(DHS/CISA) (Civil Service) Aug 2021 – Jul 2023
GS 2210-14
Information Technology Specialist
(INFOSEC)
Carson City, Nevada 89701
Full Time 40 Hours/Week
Cybersecurity State Coordinator to
the State of Nevada
SUMMARY OF EXPERIENCE
• Served as the Federal Cybersecurity State Coordinator (CSC) to the State of Nevada, from the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security (DHS).
• Lead Vulnerability Assessment Analyst. Performed assessments of systems and networks and identified where those systems/networks deviated from acceptable configurations, enclave policy, or local policy. Measured effectiveness of defense-in-depth architecture against known vulnerabilities. Assisted in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources. Assisted in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure.
• Cybersecurity Defense Infrastructure Support. Provided guidance on testing, implementing, deploying, maintaining, reviewing, and administering the infrastructure hardware and software that were required to effectively manage the computer network defense service provider network and resources. Helped key stakeholders to develop programs and processes to monitor networks to actively remediate unauthorized activities.
• Systems Security Analyst. Performed security reviews, identified gaps in security architecture, and worked with stakeholders to develop a security risk management plan. Created and delivered analysis and development of the integration, testing, operations, and maintenance of systems. Provided cybersecurity guidance to leadership.
• Served as the primary point of contact to the State of Nevada government officials with a specific focus on critical functional cybersecurity issues such as critical infrastructure, and elections infrastructure. Worked closely with the State Chief Information Security Officer
(CISO), Nevada National Guard (NVNG), Nevada Division of Emergency Management
(NDEM), and the Nevada Office of Cyber Defensive Coordination (NV OCDC) to develop state cybersecurity strategies and state cyber response plans. Additionally, provided technical assistance on information security to critical infrastructure owners/operators. Conducted cybersecurity and resiliency assessments, incident management assessments, and provided risk analysis with regional information that supported a more accurate estimation of cyber capabilities and cyber risk.
Department of the Air Force (Civil Service) Nov 2020 – Apr 2021 GS 2210-14
Information Technology Specialist
(INFOSEC)
Pentagon, Arlington, Virginia 20330
Full Time 40 Hours/Week
Cybersecurity Subject Matter Expert (SME) and Security Control Assessor (SCA) SUMMARY OF EXPERIENCE
• Planned, organized, and oversaw the IT/Cybersecurity program.
• Evaluated DoD and DAF policies and provide input as required. Lead assigned projects. Communicated clear guidance and timeline to members in support of tasks led. Developed and delivered briefings for assigned projects. Lead discussions in working groups, cybersecurity forums and team meetings as a senior SME. Served as deputy division chief by direct division member’s activities, reviewed and assigned tasks, and represented the division in activities, in the absence of the division chief.
• Served as the focal point for SAP Enterprise IT Governance.
• Served as Secretariat for SAP Enterprise IT Board. Prepared briefings, agendas, etc. for review. Summarized meeting notes and assigned tasks to division leadership. Exhibit ed teamwork and compiled inputs from coworkers to provide a complete response to requests. Elevated challenges with recommendations to the division leadership.
• Served as the focal point for Cybersecurity
• Provided timely and accurate advice for Cybersecurity initiatives and tasks. Confirmed receipt of customer requests, provide accurate and comprehensive responses. Coordinated with coworkers as needed to respond to inquiries. Consulted with division leadership to elevate significant challenges. Maintained Information Assurance Workforce Improvement Program Level III management certification (CISSP or CISM) per DoD policy. Defense Information Systems Agency (Civil Service) Mar 2020 – Nov 2020 GS 0343-13
Program Manager
Strategic Outreach and Talent
Acquisition Division
Fort Meade, Maryland 20755
Full Time 40 Hours/Week
Served as a program management consultant for outreach and talent acquisition efforts and activities within the Defense Information Systems Agency (DISA), ensured DISA was building a diverse pipeline of talent. Performed analysis and assessed impact of program activities to improve efficiency and effectiveness of program operations. Developed and analyzed metrics of data on manpower vacancies. Measured and evaluated the effectiveness and efficiency of outreach and talent acquisition program and/or compliance with agency rules and regulations. Planned, organized, and determined scope and depth of survey(s) which were largely undefined. Researched approaches to evaluations and developed techniques suitable for evaluating the agency's programs and processes. Responsible for preparing agency talent acquisition reporting requirements and presentations for top level internal and external senior official review. Served as consultant to management and project lead for various talent acquisition activities for DISA. Assessed the value (cost, applicability, and business impact) of DISA’s Talent Acquisition Program. Participated in the contracts process efforts for the Talent Acquisition Team to include: paid advertising agencies, recruitment IT systems and tools. Assisted the Division Chief with performing analyses of proposed contractual efforts to ensure availability of resources, appropriateness of proposed statements of work in-light-of existing efforts, and ensured compliance with program objectives for assigned contracts. SUMMARY OF EXPERIENCE
• Subject Matter Expert (SME) in the Information Technology field with a thorough understanding of the DISA mission and functions.
• Provided analysis and recommendations for the achievement of DISA’s Strategic Outreach and Talent Acquisition Division requirements and agency goals.
• Formulated, implemented, and managed communications of the DISA recruitment program, as well as internal DISA communications, to ensure that marketing, outreach, and education were fully synthesized throughout the agency.
• Revised messaging as necessary to meet new and changing needs.
• Prepared and presented high level briefings of conclusions.
• Identified most likely candidate pool for positions within DISA and conduct outreach activities to communicate DISA’s recruitment message to a wide spectrum of targeted populations.
• Advised management on the effectiveness of the management support systems for talent acquisition efforts based on the various Human Capital and Office of Equality, Diversity, and Inclusion fiscal year reports.
• Used quantitative and qualitative techniques to develop innovative methods to collect, validate, analyze and evaluate data from the pool of participants.
• Reviewed and assessed systems to determine strengths, weaknesses, and issues from hiring events.
• Improved work relations through effective communication within and between groups.
• Encouraged members of the Strategic Outreach and Talent Acquisition Division participating in recruitment efforts to gather background information from the participants in order to construct a diverse pool of eligible candidates.
• Assessed current processes for compatibility with the future direction of the organization.
• Recommend changes to assure a more productive, streamlined and effective support organization is achieved.
• Evaluated program quality and provide recommendations on courses of action.
• Performed other duties as assigned.
Defense Information Systems Agency (Government Contractor, Onyx LLC) Jan 2019 – Mar 2020 Program Manager & Lead
Vulnerability Manager, J34
Fort Meade, Maryland 20755
Full Time 40 Hours/Week
Served as the Program Manager for a Government contract that supported Cyber Fusion, Vulnerability Management, and Counter Measures: in support to the Joint Force Headquarters
(JFHQ) Department of Defense Information Network (DoDIN) J34, as well as the entire Department of Defense. Had oversight of personnel and was responsible for completion of all contract deliverables. Provided support for human resource development, performance management, employee relations, and labor relations in support of defined contract requirements in the Performance Work Statement (PWS). Recruited, examined, selected and placed potential employees into job matched roles, which required job position analysis. Led in planning, administering, and evaluation of programs designed to develop employees and managed learning in the organization, which ensured continued employee development and successful retention. Maintained personnel retention through workforce planning and analysis to assuring attraction of, and retention of a quality and diverse workforce that was capable of accomplishing the organization’s mission. Provided advice and assistance to employees and managers, program administration, research, and case management in matters related to conduct, performance, attendance, and dispute resolution. Performed workforce research in workforce programs development and evaluation, in order to further the development and utilization of the contract team’s workforce.
SUMMARY OF EXPERIENCE
• Oversight of personnel and responsibility for completion of all contract deliverables
• Led teams of subject-matter-experts, and individually conducted in depth studies for cyber vulnerability management, cyber fusion, and cyber counter measures
• Determined effectiveness of organizational structure, and ensured coordination with key stakeholders through long range planning, and development of organizational strategies to meet objectives and mission
• Initiated and executed complex administrative/management projects through study of work methods, understanding administrative guidelines, procedures, information and documentation systems
• Analyzed and evaluated study findings in order to provide recommendations to meet program goals
• Prepared weekly/monthly briefings to government customer on progress of work
• Interfaced with Program Management Office (PMO) and stakeholders to provide updates, status reports and adhoc briefings
• Centrally coordinated and/or recommended Computer Network Defense (CND) operations that impacted multiple DoD Components
• Provided Defense-wide situational awareness, attack sensing and warning through fusion, analysis and coordinated information flows
• De-conflicted Vulnerability Analysis and Assessments (VAA) and Red Teaming with CND operations, and recommend changes to in progress, or planned VAAs that may have negatively impacted CND operations
• Monitored the DoDIN for Information Assurance Vulnerability Management (IAVM) compliance and assessed impacts on defense of DoD computer networks
• Developed a coordinated curriculum for CND education training, awareness, professionalization, and ensured the implementation of the curriculum throughout the Computer Network Defense Service (CNDS) Assessment and Authorization (A&A) process
• Ensured that all CNDS providers had continuous information exchange and worked together in synchrony, i.e., simultaneously to execute a single prescribed Course of Action
(COA)
• Recommend Information Operations Conditions (INFOCON) changes in response to unauthorized activity (e.g., computer network attacks, computer network exploitation, system misuse), and mitigated potential damage to DoD information systems and computer networks.
Air National Guard Readiness Center May 2014 – Mar 2019 Cybersecurity Functional Manager,
SMSgt (AGR) A2/3/6SC, Joint Base
Andrews, Maryland 20762
Full Time 40 Hours/Week
Served as the Air National Guard (ANG) Major Command (MAJCOM) Cybersecurity Functional Manager, and was the Subject Matter Expert (SME) to the field, managing 98 ANG Bases, supporting 105,000 personnel in total. Provided Cybersecurity, Accreditation and Authorization (A&A) advice, consultation and management action, through developing, directing, managing, supporting, monitoring, testing, and troubleshooting hardware and software Cybersecurity as well as A&A problems. Implemented, applied, and monitored established Cybersecurity, and A&A safeguards in accordance with federal, DoD, and AF policies, regulations, and directives.
Conducted feasibility studies to determine requirements for developing entirely new or making substantial modifications to existing applications software: and the analysis of large, complex information systems which are characterized by the need for substantial problem analysis. Formulated plans, policies, programming, and procedures in support of various security and networks initiatives. Developed policy, provided technical expertise, and advised on responses to DoD, OMB, AF, and Congressional directives concerning network and computer security. Represented the ANG at senior level meetings within the ANG, AF, DoD communities, and Services, as well as with commercial vendors. Directed actions of ANG cybersecurity professionals to accomplish mission objectives regarding cybersecurity matters. SUMMARY OF EXPERIENCE
• Developed ANG Cybersecurity policies and procedural guidance consistent with latest Federal, DoD and AF Cybersecurity guidance.
• Analyzed and monitored ANG compliance with directives, procedures, and policies.
• Researched and analyzed emerging technology for use in the ANG.
• Technical lead, responsible to ensure ANG Cybersecurity and A&A programs meet AF and DoD requirements.
• Assured confidentiality, integrity, availability, identification, authentication, and non- repudiation of systems, networks, and data through planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools in support of the AF mission.
• Served as the ANG advisor securing worldwide information systems direct by the SECDF, JCS, SECAR, and Congressional mandates.
• Provided periodic and other unscheduled briefings on the status of critical cybersecurity initiatives for the ANG to include the representation into the SECDEF Cybersecurity Scorecard.
• Served as the ANG expert on the Federal Information Security Management Act
(FISMA) and Cybersecurity compliance to include monitoring and reporting of metrics in alignment with the Federal Continuous Monitoring Act.
• Evaluated and developed appropriate ANG recommendations to various security requirements.
• Identified new initiatives and implementation milestones in advance to permit sufficient lead-time for realistic support actions.
• Interpreted AF, DoD, and MAJCOM Cybersecurity strategies, architectures, and concepts correctly, to ensure ANG was compliant.
• Lead and conducted Cybersecurity working groups through research and effective recommendations.
• Provided leadership for accurate project management and ensured completion within established time frames.
• Coordinated and performed reviews of design documents and ensured contract requirements were monitored and met.
• Planned and organized operations and software certification activities for Air National Guard (ANG) Wings, supervised systems test of software installations, and evaluations of facilities layout during certification planning activities.
• Served as the ANG Subject Matter Expert (SME) for design and development of organizational structures. Implemented directives from higher headquarters. Determined and defined equipment, training, and supplies required for systems implementation and support, during integrated process team planning for new technology fielding.
• Performed as an ANG Communications and Information Technology (IT) SME in the area Risk Management Framework (RMF) to include Cybersecurity/Information Assurance (IA) Assessment and Authorization (A&A)/Certification and Accreditation
(C&A) functions and operations.
• Ensured current, future requirements and solutions complied with Federal, Department of Defense (DoD) and Air Force (AF) guidelines by developing project plans and ensured delivery of artifacts for ongoing projects.
• Established training programs to provide knowledge and certification requirements which enhanced professional awareness of technology across the ANG. Lead and participated in various conferences, working groups, and integrated project teams.
• Developed, analyzed, prepared and coordinated guidance and actions to ensure ANG organizations had current C&A/A&A for their communications and computer systems enclaves.
• Performed ANG IA/Cybersecurity and C&A/A&A review and analysis of future systems and applications, to assess the security impacts on the Air Force Information Network
(AFIN), information to include the data on the network.
• Supervised ANG communications security program management (COMSEC), Emanations program (EMSEC) management, and Mobile device security management (MDM).
• Directed activities responsible for system analysis and design, programming, operations, maintenance, security, systems management, technical support, plans, implementation, and resource management.
• Executed operations plans to ensure positive control of assigned forces.
• Participated in evaluation of operational readiness of communications, sensors, intrusion detection, and related support equipment at ANG facilities. Inspected and evaluated compliance with directives. Evaluated, rates, and prepared reports. Recommended and implemented corrective actions for improved methods and procedures.
• Planned, programed, and developed budget inputs, which ensured resource availability for operational requirements.
• Interacted with customers to promote customer satisfaction. Worked with career field functional management, established tactics, techniques and procedures for field units as needed to resolve vulnerabilities.
• Helped functional users define requirements. Recommended automated methods to enhance resource use. Supervised functional user requirements translation into automated systems capabilities. Oversaw database design and certification to optimize collecting and retrieving information. Supervised test and evaluation efforts to determine errors in logic, information flow, and system performance.
• Organized and participated in implementation and conversion. Ensured continued interface between functional users, programming, and operations personnel for implemented systems. Ensured compliance with standards for systems software and documentation.
• Analyzed and interpreted Federal, DoD and AF directives for ANG-wide program integration and implementation. Provided guidance and procedures to ANG organizations.
• Coordinated with and assisted ANGRC personnel regarding Cybersecurity/IA programs. Reviewed, coordinated and provided comments on proposed Federal, DoD, Joint, AF, Major Command (MAJCOM), National Guard Bureau (NGB) and ANG publications.
Nevada Air National Guard Jan 1999 – May 2014
Cybersecurity Manager, MSgt (AGR)
152 Communications Flight, Reno, Nevada, 89502
Full Time 40 Hours/Week
Served as the Base Cybersecurity Manager for over 15 years and have managed a staff of 6 Cybersecurity personnel with the responsibility of risk management, to obtain and maintain Certification and Accreditation (C&A) of all Nevada Air National Guard (NVANG) information systems and information networks. Have been responsible for the following programs as a program manager for Information Assurance (IA); C&A, Public Key Infrastructure (PKI), Emissions Security (EMSEC), Emergency Management (EM) Computer Security
(COMPUSEC), Information Assurance Assistance and Assessment Program (IAAP) and Communications Security (COMSEC). This knowledge has helped to develop skills and awareness to become a Cybersecurity Subject Matter Expert (SME). SUMMARY OF EXPERIENCE
• Developed, reviewed, analyzed, validated, and coordinated Certification and Accreditation
(C&A) packages for the Wing’s computer systems, networks and systems while integrating Federal, DoD, AF, MAJCOM, NGB, ANG IA and C&A programs, plans and requirements.
• Ensured the unit met all special requirements associated with classified IT systems. Assessed security needs and capabilities to support the Certification and Accreditation
(C&A) through policy interpretation, guidance, direction oversight and risk analysis, which identified all known vulnerabilities in both physical and logical realms for the Non-classified Internet Protocol (IP) Router Network (NIPRNet) and Secret Internet Protocol Router Network (SIPRNet).
• Developed security test controls, goals and objectives for both physical and logical realms, to continuously validate security levels of control for all Wing information systems and networks which integrated organization IT and mission support objectives. Installed and configured hardware and software of a variety of IT systems with different hardware and operating systems.
• Served as a system administrator responsible for planning, coordinating, modifying, implementing, and troubleshooting in order to meet customer needs.
• Provided leadership and support, including strategic and tactical planning, compliance, resource management and developed, tested, and implemented a Communications Flight
(CF) Continuity of Operations Plan (COOP) and Emergency Operations Plan (EOP) as the NVANG CF Emergency Manager (EM).
• Served as the Wing Communications Security (COMSEC) Account Manager (CAM) for 15 years.
• Supported home stationed and deployed Wing forces and have kept leadership informed of all COMSEC status.
• Performed security management in accordance with a variety of Higher Headquarters regulations and policies. Zero security incidents involving COMSEC materials and operations have occurred as CAM, and all COMMAND COMSEC inspections have received excellent ratings.
• Managed the Wing’s Emission Security (EMSEC) program.
• Worked locally and with other ANG organizations to train and foster compliance with DoD and AF EMSEC requirements for Wing EMSEC programs.
Contact this candidate