Information Technology Security
Resume:
Robert M. Huddleston
CISM, CASP+, CYSA+
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
SUMMARY OF QUALIFICATIONS
Results driven and detail-oriented professional with over 17 years of diverse experience in the strategic management of Information Technology, Information Security, and Communication- Electronics initiatives within the Department of Defense (DoD) and the US Government. Possesses a deep understanding of Federal, public, and private sector Cyber Security and Information Technology policies, procedures, and technologies, to include the National Institute of Standards and Technology (NIST) Special Publication 800 series and the Federal Information Security Management Act (FISMA). Customer focused with strong interpersonal skills and excellent team-building abilities.
Meets DoD certification requirements for Information Assurance Management Level III and Information Assurance Technology III (CISM and CASP+ CE). COMPETENCY AREAS
Windows Server Active Directory Group Policy Management Microsoft SharePoint McAfee ePO Defense In Depth
Incident
Response/Management
STIG Compliance Information Systems Security
Nessus/ACAS SCCM/SCOM Windows Desktop
SCAP COMSEC Cybersecurity Policy
SECURITY CLEARENCE
Top Secret/Secret (NATO)-Active Security Clearance 2020-12-09 EDUCATION
Western Governors University Master of Science Cybersecurity Estimated Grad August 2025
American InterContinental University Bachelor of Science Information Technology Suma Cum Laude 8/2007
Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
TRAINING
Army Civilian Education System (CES) Intermediate Course Phase 1 (2023) CERTIFICATIONS
CompTIA Cybersecurity Analyst CE (2024)
ISACA Certified Information Security Manager (2021)
CompTIA Advanced Security Practitioner CE (2019)
USAREUR-AF Organizational Unit Administrator- 2017 (OU Admin 2017) Course
COMSEC Account Manager Course and Local COMSEC Management Software Course
(2014)
AFFILIATIONS
ISACA Member Number: 1369123
AWARDS
Time-Off Award - 2020, 2021, 2022, 2023, 2024
Performance Award - 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024
On the Spot Award - 2021, 2022
Service Award – 2020, 2022
WORK EXPERIENCE
844 Comm Group, SCOC Joint Base Andrews, MD
ISSM (INFOSEC) GS-2210-13
40 Hours Weekly August 2023- Current
• Determines cybersecurity program goals, plans, policies, and procedures and work plans dealing with the development and operation of information technology functions and activities within the local enterprise; participates in providing both technical and administrative direction to customers.
• Plans work for accomplishment, adjusts short/long-term priorities, and prepare schedules based on consideration of difficulty of requirements and assignments such that the experience, training, and abilities are used to meet organization and customer needs.
• Provides customers with direction and advice regarding policies, procedures, and guidelines. Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
• Reviews and optimizes use of resources and maximizes efficiency and effectiveness of the organization.
• Balances workload and provides overall direction and vision to the customers on a wide range of financial and information technology activities. Coordinates with other organization managers and customers as appropriate.
• Reviews organization mission, functions, and staffing. Provides advice to supervisor of significant issues and problems related to work accomplishment.
• Establishes metrics and analysis systems to ensure actions are timely and reviewed at critical points. Accepts, amends, or rejects work presented by customers.
• Performs self-inspection and presents detailed and comprehensive report with any corrective action taken to supervisor. Follows up to ensure complete and quality resolution of discrepancies.
• Assesses and revises policies and procedures as needed to find ways to improve quality, timeliness, and efficiency of work. Leads or participates in discussions, meetings, conferences, committees or special IT projects.
• Analyzes areas of concern, identifies problems, and resolves conflicts through persuasive discussions with senior leaders and customer representatives.
• Represents the branch at higher levels within the organization and supports effective working relationships with other organizations.
• Applies Information Technology (IT) security principles, methods, and security products to protect and maintain the availability, integrity, confidentiality, and accountability of information system resources and information processed throughout the system’s life cycle.
• Establishes and publishes system-wide policy to manage the INFOSEC program and provides advice and guidance in its implementation and in procedures used in the development and operation of systems.
• Disseminates information and ensures computer security practices are adhered to by all functional areas.
• Reviews, analyzes, and validates Risk Management Framework (RMF) and/or A&A packages.
• Continuously identifies and analyzes threats and vulnerabilities to the information systems to maintain an appropriate level of protection.
• Ensures computer software designs address information system security requirements.
• Accomplishes risk analysis, security testing, and certification due to modifications or changes to computer systems.
• Evaluates, assesses, or locally tests and approves all hardware, software, and firmware products that provide security features prior to use on any authorized information system or network.
• Certifies all software prior to installation and use on communications and computer systems.
• Executes computer security plans and enforces mandatory access control techniques such as trusted routers, bastion hosts, gateways, firewalls, or other methods of information systems protection.
• Implements and advises on cybersecurity policies and procedures to ensure protection of information transmitted to the installation, among organizations on the installation, and from the Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
installation using communications group enterprise networks, the World Wide Web, or other communications modes.
• Utilizes current and future multi-level security products collectively to provide data integrity, confidentiality, authentication, non-repudiation, and access control of the LAN.
• Reports to MAJCOM, Air Force Communications Agency, National Security Agency, and Air Force Computer Emergency Response Team all incidents involving viruses, tampering, or unauthorized system entry.
• Controls access to prevent unauthorized persons from using network facilities. Limits access to privileged programs (i.e., operating system, system parameter and configuration files, and databases), utilities, and security-relevant programs/data files to authorize personnel.
• Implements methods to prevent or minimize direct access, electronic or other forms of eavesdropping, interpreting electro-mechanical emanations, electronic intercept, telemetry interpretation, and other techniques designed to gain unauthorized access to IT information, equipment, or processes.
• Evaluates unusual circumstances to recognize and define potential vulnerabilities and selects and oversees the installation of physical and technical security barriers to prevent others from improperly obtaining such information.
• Manages the Information Assurance Awareness Program which uses computer-based training for both initial and recurring information protection training.
• Manages DoD Cyberspace workforce compliance program.
• Establish and maintain cyberspace workforce qualification program.
• Serves as the technical authority for the communications group workforce program.
• Formulates and develops workforce qualification plans and requirements for inclusion in WCO activities.
• Maintains accountability for privileged user rights. Oversees issuance of privileged accounts on all networks.
• Furnishes written guidance to supervisors on matters of appointing cyberspace workforce positions.
• Provides an annual report to the management with deviations annotated.
• Maintains and audits the cyber security workforce baseline certification guidelines for the WCO.
• Perform as the technical authority for network security and IA policies and procedures.
• Manage Cybersecurity program which drives the communications group, its communications squadrons and local enterprise network security and IA decision-making environment.
• Provides cybersecurity risk management, authorization and accreditation guidance for networks and systems, and identifies information systems security capabilities, threats, vulnerabilities, countermeasures, and solutions.
• Serves as a member of the local enterprise Configuration Control Board to address IA issues.
• Develop, review, revise, and submit for approval procedures for reporting, investigating, and resolving all security incidents involving the local enterprise systems. Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
• Ensure all personnel who install, operate, maintain, or use the system hold the proper security clearances and access authorization. Review security audit information.
• Develop, review, revise, submit for approval and implement procedures for monitoring and reacting to security warning messages and reports.
• Ensures operating systems and software patches are applied in a timely manner, security controls are applied to reduce security vulnerabilities and strengthen the local enterprise security posture.
• Reports security risks to the communication group Authorizing Official (AO) for consideration and appropriate action.
• Ensures that Security Impact Assessment (SIA), risk analysis, TEMPEST, and other inspections are done in accordance with DOD, Air Force, OJCS, and National Institute of Standards and Technology (NIST) guidance.
• Conducts inspections to ensure that sites requesting access to network meet all applicable qualification.
• Evaluates the security impact of proposed site-unique modifications to software and approve those that do not adversely affect security.
• Oversees the various security incident process and report security incidents to the management and applicable organizations.
• Reviews the procedures routinely to improve weakness areas of security or customer service. USAREUR-AF G6, Cybersecurity Division (CSD) Wiesbaden, GE Senior Cybersecurity Officer (INFOSEC) GS-2210-12
40 Hours Weekly November 2020– August 2023
• Served as a Senior Cybersecurity Officer in the United States Army in Europe Cybersecurity Division with the responsibility for defining and implementing organizational policies and procedures to protect against the criminal or unauthorized use of data and information system assets
• Managed a dynamic risk posture across 16 countries through the development, deployment, and management of new Cybersecurity services, information protection systems, and identity management mechanisms.
• Advised senior management on the risk level and security posture of the US Army Europe Enterprise Network.
• Interpreted patterns of non-compliance of security policies to determine impact on risk levels.
• Promoted awareness on security issues among management and ensures sound security principles are reflected in the organization's vision and goals.
• Provided leadership and direction to IT personnel by ensuring that Cybersecurity awareness, literacy, and training are provided to operations personnel throughout the Army in Europe. Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
• Created actionable and easy-to-comprehend Information Security status reports for executive- level leaders, to include the US Army Europe Commanding General and the Chief Information Officer (CIO).
• Provided Cybersecurity Managers and Cybersecurity Officers throughout Europe with interpretation of national security and other DoD Cybersecurity policies.
• Provided leadership and direction to IT personnel by ensuring that Cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
• Coordinated and leads cross-functional project management teams with responsibility for directing project development and reporting project status to senior leadership.
• Coordinated and oversees the development of systems documentation on assigned projects.
• Developed and maintains milestone schedules for projects, recommending changes in direction, design features, budget, and timelines.
•Reviewed and evaluates completed projects and systems specifications to assure performance and on-site readiness criteria are met.
• Developed planning, budget forecasts, and business justifications for fiscal support of Cybersecurity project and program requirements.
• Served as point-of-contact for the development of USAREUR-AF Theatre Management of the ATCTS program.
• Served as point-of-contact for the development of USAREUR-AF Theatre Management of the DTA program; to include management of the DTA requests and DTA users.
• Served as point-of-contact for the development of USAREUR-AF Policy Violation Program to include the processing of Authorizing Official Network Reinstatement forms, Policy Violation and Trend Report for the USAREUR-AF G6/S6 community by briefing the Cyber Security Community bi-weekly during the Cyber Sync.
• Rewrote the USAREUR-AF Network Policy Violation Program SOP to define the current process for all NPVs within the European Theatre.
• Developed and executed instructional training for the USAREUR-AF theatre wide Cyber Security Community in how to manage ATCTS profiles for their buckets; successfully training 700 ATCTS managers within the USAREUR-AF theatre.
• Developed and executed instructional training for the USAREUR-AF theatre wide Cyber Security Community in preparation for the upcoming USAEUR-AF HQDA inspection.
• Completed the fourteen benchmarks in Cybersecurity for the Army Training, Certification and Tracking System (ATCTS) with zero findings and 100% for the 2021 USAREUR-AF Army Protection Program Assessment.
• Completed the six benchmarks in Cybersecurity for the Data Transfer Agent (DTA) with zero findings and 100% for the 2021 USAREUR-AF Army Protection Program Assessment.
• Developed and executed instructional training for the USAREUR-AF theatre wide Cyber Security Community in preparation for the USAREUR-AF Cyber Summit 2022 capstone event. Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
• Performed daily PowerShell scripting to ensure all users are compliant with Army Regulations for account management and access control.
• Performed ticket management for USAREUR-AF Policy, Programs and Training branch to include stale object control.
• Performed Active Directory (AD) scripts for “VIPs” within the AD structure as defined by USAREUR-AF Policy and manages the group for this within AD.
• Created a Power BI report to pull in the ATCTS compliance report used during the APPA for the HQ Aligned Mission Support Commands and provide a visual to the G6 Leadership as to where we stand with ATCTS compliance according to the APPA standard on a reoccurring two- week basis.
• Created a Power BI Visual for the USAREUR-AF ATCTS Managers by taking the Unit Manager Report from the HQ aligned managers comparing it to the ATCTS Rosters on a reoccurring two-week basis.
• Created a Power BI for G6 Leadership to help track open, unattributed, and disabled Network Policy Violations on a reoccurring two-week basis. US Army, Regional Cyber Center- Europe Wiesbaden, GE Information System Security Officer GS-2210-12
40 Hours Weekly June 2019 –November 2020
Managed all aspects of Account Management and Access Control for the RCC-E to include ATCTS, conducting Quarterly reviews of Privilege Access, identified all Service Accounts both Windows and non-Windows Accounts and completed all required UBE paperwork for them.
Established a process to document the DD2875 process from start to finish for the RCC-E and distributed it to all branch chiefs within the RCC-E.
Established a process to account for all Emergency accounts within the RCC-E and having the passwords changed every sixty days in accordance with the STIG guidance.
Created 8 separate Tactics, Techniques and Procedures (TTPs) for the Account Management position at the RCC-E, to include testing and instructing others to use them.
Provided customer service for the changeover for all Contracting positions within the RCC-E by working with the Contract lead to complete DD2875s and appointment orders with updated contract information and contract expiration date.
Developed a Memorandum to document all RCC-E privilege users and the elevated accounts associated with the users in preparation for the RCC-E CCRI in March 2020.
Completed the Account Management portion of the Traditional Security STIG, CND Directives, and Insider Threat for the CCRI with zero findings.
Worked with an outside organization to complete an identified CAT I findings during the CCRI.
Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
Established working relationships with USAREUR G6 to make sure that the RCC-E account management team has a point of contact and a good relationship with the G6 Cyber Security Division.
US Navy, Explosive Ordnance Disposal School Eglin AFB, FL Information System Security Manager
40+ Hours Weekly June 2016 – June 2019
Defined designs, integrated, and managed information system security policies, processes, practices and procedures within the command.
Responsible for the Risk Management Framework accreditation package for Training Network
(TRANET_U/C) to include all controls and the twenty artifacts that were needed for the C&A package. Responsible for uploading and maintaining all eMASS documents to include all of the C&A packages for TRANET_U and TRANET_C.
Evaluated and implemented technical and administrative solutions for securing Navy Information Infrastructure and defines the standards necessary to help protect the confidentially, maintain the integrity and ensure the availability of sensitive data and critical command computing resources for both Navy Marine Corp Internet (NMCI) NIPR/SIPR. Researches, develops, establishes, and promulgates local policies and procedures pertaining to Information Assurance.
Monitored and facilitated IA licensing/certification requirements, provides periodic training, and ensures information system security and awareness training are accomplished by command personnel. Recommends adequate IA personnel structure at the unit level and ensures network and automated information systems are accredited and following regulatory guidance.
Reviewed risk assessment and analyze impact of potential vulnerabilities, maintain system accreditation, develop alert system to identify events that negate accreditation or require re- accreditation, and are responsible for the forwarding, tracking, and compliance of Information Assurance Vulnerability Alerts (IAVA) for the unit Information Technology
Ensured the Vulnerability Remediation Asset Manager (VRAM) was updated to reflect devices that are affected by IAVA. Utilizes ACAS to scan the TRANET_U network and upload the scans into VRAM to ensure that vulnerabilities were patched and mitigated.
Interpreted ACAS scan results, implements corrective action, prepares reports of findings in support of network infrastructure and conducts periodic reviews and assessments to identify vulnerabilities, confirms compliance, prepares reports on findings, and recommends corrective actions as appropriate. Responsible for managing the nine servers that run inside the TRANET_C NAVSCOLEOD training environment running Windows Server 2012 R2.
Responsible for NAVSCOLEOD usage of the Navy Information Dominance Approval System
(NAV-IDAS) website, which NAVSCOLEOD used to complete Information Technology Purchase Requests.
Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
Served as the COMSEC Responsible Officer, has oversight of security testing and account validation.
Monitored status and receipt of deliveries of government furnished cryptograph equipment, develops command operating instructions, prepares command emergency action plans and provides system and software requirements in support of TRANET_C, NMCI SIPR, Eglin AFB SIPR and JEODNET.
PeopleTec N. Little Rock, AR
Cyber Security Trainer
40+ Hours Weekly June 2015 – June 2016
Developed and instructed the new US Army Cyber Warrior MOS 17 series.
Developed the content for the Linux Module of the Cyber Core Training Course to include PowerPoint Presentations, Instructor Guides, Student Guides, twenty-five hands on exercises, four tests, and one comprehensive hands on Linux Survey.
Completed Army Basic Instructors Course, COMPTIA Network+ training, Wireshark packet analysis training, Linux training, CECOM Cyber Core Prep Phases I and II. US Army, Ft. Drum, NY
Communication Security Account Manager
40 Hours Weekly June 2014 – June 2015
Produced and implemented policies, planning and training for seven-hand receipt holder’s COMSEC accounts.
Supervised and performed maintenance, management and administrative duties related to facility operations, maintenance and security and personnel actions.
Prepared standards of operation, emergency evacuation and destruction plan for the Brigade COMSEC account.
Requisitioned, received, stored, issued, destroyed and accounted for COMSEC equipment and keying material.
US Army, Ft. Drum, NY
Information System Security Supervisor
40 Hours Weekly June 2013 – May 2014
Accountable for system administration, hardware repair, software upgrades and life-cycle replacement for over 500 Logistic Information Systems (LIS) valued at over $500,000. Robert M. Huddleston
CISM, CASP+, CYSA+
153 FLAGSTAFF CIRCLE
MARTINSBURG, WV 25405
******.*.***********@*****.***
******.**********.*@**.**.***
Developed an imaging process for all LIS enabling quicker turnaround times, which vastly improved section’s efficiency.
Trained and assessed 10 subordinates in set-up/tear down and Information Assurance (IA) best practices resulting in zero IA violations with their equipment.
Inventoried 50 Theatre Provided Equipment Aircraft Logbooks for serviceability and coordinated for the repair of 23 logbooks resulting in 100% Fully Mission Capable while within Southwest Asia.
Prepared 300 computers valued at over $ 300,000, for a tactical move to Southwest Asia with zero loss of accountability, zero loss of data, virus attacks or IA violations.
Contact this candidate