Risk Management Security Operations

Staci D. Taglisferi

Mechanicsville, MD 240-***-**** *****.**********@*****.***

Active Top Secret/SCI Clearance 20+ years of Department of Defense Cybersecurity Experience

Professional Summary

Senior Cybersecurity professional with expertise in risk management, compliance, cybersecurity frameworks and security operations. Skilled in risk management, security operations, and regulatory adherence, with a proven ability to develop and implement security policies, risk assessments, and incident response strategies. Strong leadership in managing security teams, conducting audits, and collaborating with executives and government agencies to mitigate cyber risks and enhance security postures. Adept at project management, aligning security initiatives with business objectives, and ensuring the confidentiality, integrity, and availability of critical systems.

Professional Experience

Consumer Financial Protection Bureau (CFPB)

January 2025 – Present

Compliance Technology Analyst

Conduct risk-based cybersecurity assessments, identifying vulnerabilities in financial institutions’ technology infrastructure and ensuring compliance with regulatory standards.

Provide expertise in information technology systems, change management, configuration management, and governance to organizations.

Lead the development and implementation of cybersecurity examination procedures, enhancing risk assessment methodologies and ensuring alignment with industry best practices.

Perform in-depth analysis of security frameworks, to provide expert recommendations on cybersecurity risk mitigation strategies.

Advise senior leadership on emerging cyber threats and regulatory trends, leveraging data-driven insights to strengthen compliance strategies and improve overall security posture.

National Aeronautics and Space Administration (NASA)

July 2024 – January 2025

Cybersecurity Lead

Analyzed and implemented national and agency cybersecurity mandates, ensuring compliance with evolving regulatory requirements while strengthening organizational security postures.

Led cybersecurity risk assessments for mission-critical systems, identifying vulnerabilities and developing mitigation strategies to enhance overall security resilience.

Served as the primary Cybersecurity Point of Contact, collaborating with cross-functional teams, working groups, and leadership to drive cybersecurity initiatives and policy alignment.

Developed automated processes for assessing cybersecurity risks across system security plans, enabling proactive threat identification and mitigation.

Managed cybersecurity incidents in partnership with the Office of the Chief Information Officer (OCIO), driving awareness, training, and response strategies to minimize security threats.

Hopper Global Communications Center (HGCC)

June 2023 – July 2024

Supervisor, Research, Development, Test, and Evaluation

Led the authorization and implementation of security controls across enterprise software, hardware, and firmware, ensuring alignment with cybersecurity policies and risk management frameworks.

Supervised a team of cybersecurity professionals, ensuring continuous monitoring of threats, maintaining secure network environments, and driving operational resilience across the organization.

Managed and tracked the RMF authorization process, ensuring systems met regulatory and security compliance requirements, while minimizing organizational risk.

Delivered strategic cybersecurity recommendations to senior leadership, conducting risk analysis and proposing effective mitigation strategies to bolster the organization’s overall security posture.

Directed cybersecurity operations during system integration, testing, and implementation, ensuring full compliance with risk management frameworks and adherence to security best practices.

Hopper Global Communications Center (HGCC)

October 2019 – May 2023

Enterprise Information Systems Security Manager (ISSM)

Executed ISSM duties to enhance the cybersecurity posture of the Joint Worldwide Intelligence Communications System (JWICS) Enterprise, ensuring comprehensive protection for all information systems through effective risk management and control implementation.

Managed and tracked the RMF authorization process using eMASS and Xacta, ensuring proper identification, documentation, and testing of security controls to maintain data confidentiality, integrity, and availability.

Led the development and maintenance of System Security Plans, conducted Risk Assessments, reviewed Security Technical Implementation Guides (STIGs), and managed Automated Continuous Monitoring (ACAS) reports to assess system security impacts and ensure compliance with security standards.

Led and managed cybersecurity inspection initiatives, overseeing vulnerability assessments, threat analyses, and risk evaluations for critical systems, ensuring compliance with industry standards and enhancing the organization's security posture.

Directed and mentored cybersecurity teams, including Cyber Analysts and ISSOs, to ensure adherence to policies and procedures, while overseeing the training, certification, and performance evaluations of personnel to enhance security operations.

Naval Air Warfare Center – Aircraft Division (NAWCAD)

August 2007 – September 2019

ISSM, Presidential Helicopter Replacement Program

Managed and tracked the status of RMF eMASS and Xacta projects and authorizations, ensuring system compliance with cybersecurity standards and maintaining security across all platforms.

Served as the primary liaison for Navy, USMC, and Intelligence Agency Authorizing Official offices, aligning cybersecurity priorities with broader organizational and mission goals.

Monitored IT systems and operational environments, developed and maintained System Security Plans (SSPs), managed system changes, and assessed their security impacts to ensure continued compliance.

Provided timely monthly cybersecurity updates to leadership, facilitating informed decision-making and ensuring prompt responses to emerging cybersecurity events.

Led validation efforts for eMASS and Xacta RMF packages, ensuring compliance with applicable policies, processes, and cybersecurity guidance across all project phases.

Core Competencies

Risk Management & Compliance

Incident Response

Vulnerability Management

Policy Development & Implementation

NIST SP 800-53

NIST Risk Management Framework (RMF)

Education & Certifications

Master of Science, Information Technology Program Management

National Defense University, College of Information and Cyberspace, GPA: 3.78

June 2021

GIAC Security Leadership Certified (GSLC), Analyst #7505

DOD 8570 IAM Level III

November 2011

CompTIA Security+, ID# COMP001007110851

DOD 8570 IAT Level II

March 2008

George Washington University, Associates Certificate in Project Management

June 2007

Bachelor of Science in Information Systems Technology Management

University of Maryland University College (UMUC), GPA: 3.68

June 1998

References

Available upon request

Contact this candidate