Marion Williams
Bowie, US, *****, 240-***-****,
******.********@********.***
Professional summary
Dynamic and highly accomplished professional with an Active Security Clearance and over 25 years of expertise in Information Security, specializing in Certification and Accreditation, Cloud Cybersecurity, and DevSecOps Framework Development. Proven track record in designing and implementing automated tool-based security solutions, building robust frameworks, and leading complex information security programs for multi-cloud environments while ensuring regulatory compliance.
Demonstrated expertise in IT Security Management, including evaluating, selecting, and deploying IT security tools to protect critical business information and ensure information systems' availability, integrity, and confidentiality. Extensive experience managing cybersecurity configurations for virtualized environments (VMware), Virtual Desktop Infrastructure (VDI), and Amazon Web Services (Security Hub, CloudWatch, CloudTrail), with a strong focus on Cloud Security Visibility and Compliance.
As a Director of Security with over 20 years of experience, I am skilled in managing investigations, personnel matters, and sensitive information while maintaining operational efficiency in high-pressure, fast-paced environments. I am proficient in enhancing departmental functions, crisis management, and aligning operations with advanced security strategies.
Expert knowledge of advanced security systems, computerized access control, and security-related legislation and regulations. A dedicated and enthusiastic team player and leader with excellent communication and interpersonal skills, committed to driving innovation, enhancing security operations, and fostering collaboration across teams.
SKILLS
Risk Assessment & Compliance
Cybersecurity Maturity Model Certification (CMMC)
IT/Cyber Security Architecture
Security Information and Event Management (SIEM)
Intrusion Detection/Prevention System (IDS/IPS)
Telecommunication
Windows or UNIX operating systems
Enterprise Cryptographic Key Lifecycle Management
AWS Security
Disaster recovery planning
Web Application Firewall (WAF)
Information protection and analysis
DevSecOps Framework
Security Orchestration & Automation (SOAR)
Endpoint detection and response (EDR)
Cloud Security
Agile
NIST Risk Management Framework
CIS Controls
OWASP
Azure Security
ACCOMPLISHMENTS
Leadership
Develop and implement an enterprise security strategy and framework that integrates the NIST Risk Management and Cybersecurity Framework (RMF) and DFARS 7012/NIST 800-171 (CMMC) controls for security.
Strategy and Planning
Developed and communicated CyberSecurity Engineering and CyberSecurity Analyst activities in an R&D and DevSecOps environment.
Established the Information Systems Security program for the Developers and Product teams to implement DevSecOps framework activities successfully.
Team Collaboration
Collaborated across the Departments to establish an enterprise security framework to accomplish common security objectives and standardize and leverage tools to reduce costs.
Coordinated the activities of the Information Security department to define and establish a unified program-wide approach to address Developers, Product, and Security issues to develop the DevSecOps CI/CD pipeline.
Project Management
Managed the implementation of the Security Framework Roadmap centered on hybrid NIST Risk Management and Cybersecurity Framework controls.
Led Cloud Certification and Accreditation (C&A) programs while integrating automated tools to enhance process efficiency and achieve 30% cost savings.
Directed the transition from the waterfall to Agile/SAFE Agile SDLC methodology, ensuring seamless integration within a DevSecOps framework.
Employment history
Information System Security Engineer, Dec 2022- Mar 2025
BAE Systems, Inc.
Aligned security engineering with operational needs, enhancing system integrity.
Ensured ATO compliance with FISMA/NIST, boosting security standards.
Monitored and evaluated security, creating alerts for proactive measures.
Updated technical guides, ensuring accuracy for mission-critical systems.
Provided security insights, shaping future technical strategies.
Implemented comprehensive security controls and ATO packages aligned with FISMA/NIST guidelines while conducting system audits and deploying monitoring solutions through Splunk and Defender for Cloud
Partnered with stakeholders to enhance security engineering practices, providing technical guidance and maintaining critical system documentation while fostering cross-functional communication
Advanced organizational security strategy by analyzing emerging threats and providing strategic recommendations to DHS CISA, strengthening the overall cybersecurity posture
Maintained meticulous security documentation and reporting through the Microsoft Office Suite, ensuring comprehensive audit trails and compliance with federal guidelines
Developed and integrated advanced security monitoring solutions using Splunk and Defender for Cloud, optimizing threat detection capabilities
Led cross-functional security compliance initiatives, ensuring system alignment with FISMA/NIST standards while maintaining comprehensive documentation
Orchestrated security engineering strategies with stakeholders, delivering technical guidance and strengthening organizational security frameworks
Implemented proactive security measures through system audits and monitoring protocols, enhancing overall infrastructure resilience
Designed and implemented security controls aligned with FISMA/NIST frameworks, conducted thorough system assessments, and deployed advanced monitoring solutions.
Driven security enhancement initiatives through stakeholder partnerships, delivering technical expertise while streamlining cross functional communication channels
Optimized threat detection capabilities by integrating cutting-edge security monitoring tools, strengthening overall infrastructure resilience
Maintained comprehensive security documentation and reporting protocols, ensuring robust audit trails and adherence to federal compliance standards
Advanced organizational security strategy through emerging threat analysis, providing strategic recommendations to enhance cybersecurity posture
Designed and implemented security controls for ATO compliance, integrating Splunk and Defender for Cloud to establish comprehensive threat monitoring systems
Enhanced organizational security posture through proactive threat analysis and strategic recommendations to DHS CISA, implementing robust defense measures
Orchestrated system-wide security audits and assessments, ensuring alignment with FISMA/NIST standards while maintaining meticulous compliance documentation
Pioneered advanced security monitoring solutions, optimizing threat detection capabilities while streamlining cross-functional security protocols
Developed comprehensive security monitoring solutions integrating Splunk and Defender for Cloud, optimizing threat detection and response capabilities.
Led system-wide FISMA/NIST compliance initiatives, conducting thorough security assessments, and implementing robust control frameworks.
Partnered with DHS CISA to analyze emerging threats and formulate strategic security recommendations, strengthening organizational resilience.
Information System Security Engineer, Apr 2022 - Dec 2022
Apex Systems, Inc., Gaithersburg, MD
Conducted security risk analyses, ensuring FISMA compliance and enhancing cloud security.
Led cross-functional security efforts, guiding Agile planning and technical insertions.
Managed vulnerability assessments, delivering comprehensive technical documentation.
Performed in-depth analyses of CVEs and CWEs, strengthening system security architecture.
Implemented advanced security controls and vulnerability management protocols in AWS/Azure cloud environments.
Analyzed complex CVEs and CWEs to formulate targeted remediation strategies, strengthening security architecture and risk mitigation.
Pioneered security evaluation methodologies and automated assessment workflows, resulting in enhanced threat detection and response capabilities.
Conducted comprehensive security risk analyses and vulnerability assessments, implementing robust cloud security controls while maintaining FISMA compliance standards.
Orchestrated cross-functional security initiatives, facilitating Agile planning sessions, and driving technical security enhancements across cloud platforms.
Developed advanced threat detection protocols by systematically analyzing CVEs and CWEs, strengthening system architecture, and risk mitigation frameworks.
Streamlined security evaluation processes by creating automated assessment workflows, enhancing incident response capabilities, and improving threat detection efficiency.
Operations Manager/President, Jul 2021 – Apr 2022
Two Tractors and a Truck, LLC, Bowie, MD
Oversee and manage lawn care crews, including hiring, training, scheduling, and performance evaluation.
Ensure high levels of customer satisfaction by addressing client inquiries, resolving complaints, and maintaining strong client relationships.
Develop and manage work schedules to ensure the timely completion of lawn care services, including mowing, fertilizing, pest control, and landscaping.
Monitor and ensure the quality of services provided by conducting regular site inspections and implementing necessary improvements.
Oversee the procurement and maintenance of equipment, tools, and supplies to ensure they are in good working condition and readily available when needed.
Develop and manage budgets for operations, including labor, materials, and equipment costs, and ensure cost-effective practices.
Implement and enforce safety protocols and procedures to ensure a safe working environment for all employees.
Collaborate with the sales and marketing teams to develop and implement strategies to attract new clients and retain existing ones.
Maintain accurate records of services provided, employee performance, equipment maintenance, and financial transactions.
Strategic Planning: Contribute to the development of long-term business strategies and goals, identifying opportunities for growth and improvement.
Director of Security, Oct 2018 – Jul 2021
Nimbis Services, Inc., Bowie, MD
Directed AWS DevSecOps architecture, enhancing security and compliance.
Incorporated security into the Software Development Life Cycle, ensuring the implementation of strong protective measures. Oversaw the CMMC certification process, ensuring adherence to NIST compliance standards.
Managed a team of six security professionals, spearheading key security initiatives. Implemented processes improving incident response and risk management.
Architected a security program with advanced controls, integrating security-focused solutions within SDLC while managing vulnerability assessment frameworks
Transformed enterprise security protocols through strategic R&D initiatives, developing comprehensive training programs, and establishing robust security standards
Optimized incident response frameworks and risk management strategies while ensuring continuous CMMC compliance across multiple AWS platforms
Led comprehensive AWS DevSecOps transformation, implementing advanced security controls and vulnerability frameworks while directing a team of six security specialists
Streamlined enterprise security protocols through strategic initiatives, integrating robust protection measures across multiple AWS environments
Orchestrated end-to-end CMMC certification process, ensuring alignment with NIST standards while enhancing incident response capabilities.
Cyber Security SME Consultant, Jun 2015 – Oct 2018
Robbins Gioia, LLC, Alexandria, VA
Developed and disseminated cybersecurity best practice communications to educate staff on known threats and potential attack vectors.
Formulated and implemented enterprise cybersecurity strategies and plans.
Maintained project management documentation to support the scope, schedule, and budget of specific cybersecurity projects.
Provided technical requirements and designed enterprise solutions for data encryption and key management, aligning with emerging federal or industry cybersecurity priorities.
Assessed the impact of encryption programs on existing processes, tools, and procedures, working with stakeholders to minimize duplication and mitigate costs.
Provided Level 3 support for solutions and assisted with cross-tool and cross-team compatibility issues.
Established a forensics lab for analyzing desktop malware attacks and supported operational escalations.
Collaborated with DHS on DNSSEC and Cyber Hygiene reports, addressing non-compliant or misaligned domains with stakeholders.
Evaluated performance and process improvement areas, including automation of analysis and reporting for relevant cybersecurity priorities (e.g., IPv6, DNSSEC, DHS Cyber Hygiene, TIC reports).
Recommended solutions to stakeholders for transitioning to IPv6, HSPD-12, Continuous Diagnostics and Mitigation (CDM), enterprise cybersecurity monitoring and operations (ECMO), and Information Security Continuous Monitoring (ISCM).
Developed, supported, consolidated, and analyzed data call information for enterprise architecture and boundary protection efforts (e.g., IPv6 status, HSPD-12 status).
Collaborated with the Technical Information Committee and CDM Program, serving as a technical reference for HSPD-12 and providing managerial and technical assistance.
Enterprise Security Engineer, Jun 2015 – Jul 2017
Zari Technologies, LLC, Bowie, MD
Audited data content for technical security concerns, providing bi-directional flow of information and best practices to the CISO.
Led the IT Security Team in developing Threat and Vulnerability Management doctrine.
Coordinated with the Stakeholder Program Management Office to review contractor work schedules and Statements of Work tasks.
Briefed the CISO on security methodologies requiring updates and analyzed corporate policy compliance with the NIST Cybersecurity Framework (CSF) and network security architecture design.
Updated senior stakeholders on gaps between corporate policies and the NIST CSF.
Validated that stakeholder risk tolerance and vision align with NIST 800-53 r4 CSF.
Mentored junior and senior staff on FISMA requirements for Confidentiality, Integrity, and Availability (CIA) processes.
Performed independent external vulnerability assessments of public-facing systems to comply with NIST's roles of responsibility controls.
Ensured day-to-day operations, maintenance, configuration, monitoring, alerting, and support of security tools, including RSA, Mandiant, FireEye, Malwarebytes, Nexpose, Tripwire, Sourcefire, and Websense.
Consulted for a large, diverse team on enterprise security tasks, running 24/7 operations in multiple locations.
Presented reports and security matrices to stakeholders and communicated service needs back to the team.
Researched external trusted intelligence sources and leveraged Advanced Persistent Threat attack vectors to detect significant events.
Applied leading theories and concepts to the development, maintenance, and implementation of information security standards, procedures, and guidelines within the Energy Organization.
Provided forensic analysis of project documents, outlining potential delays and problems.
Enterprise Architect Systems Engineer, 02/2015 – 06/2015
C2 Solutions Group Inc – Reston, VA
Planned technical feasibility solutions for new system designs and suggested options for improving the performance of technical components.
Led the Systems Engineering team using Agile Software Development Lifecycle methodology.
Facilitated SCRUM sessions to create User Stories for SPRINT Planning as part of the Security Engineering Process, supporting a team of 20 System Architects.
Performed systems engineering tasks, scheduling, and technical activities to support software lifecycle management.
Developed Federal Enterprise Architecture Framework (FEAF) artifacts to support Veteran Administration (VA) Business Requirement Documents.
Applied systems engineering principles and Defense Acquisition University (DAU) Milestones for information systems in a heterogeneous environment, supporting VA As-Is and To-Be network architecture.
Utilized CA Rational System Architect tools to validate IT Architecture business requirements.
Information Assurance Officer, 08/2013 – 02/2015
C2 Solutions Group Inc – Reston, VA
Led the Information Assurance and Security Engineering team using Agile Software Development Lifecycle methodology within a software engineering process team.
Performed systems engineering tasks, scheduling, and technical activities to support software lifecycle management.
Developed a cybersecurity strategy for certification and self-assessment of software applications.
Investigated and resolved issues related to server hardware, HP-UX, Linux, Windows Operating System, and application software.
Managed projects and prioritized staff assignments based on stakeholder requirements, performing various security tasks in software/hardware maintenance and operational support of Unix and Windows Server systems.
Briefed stakeholders on enterprise information security requirements to be implemented throughout the SDLC, utilizing DoD Information Assurance Security Tools to analyze applications and system infrastructure cybersecurity posture.
Utilized a suite of security tools to validate the IT architecture, network, and system security posture.
Applied regulatory policies such as DoD Architecture Framework (DODAF), DoD 8500.2, and Common Criteria security policies to align organizational business goals with risk tolerance.
Senior System Engineer Staff, 01/2013 – 08/2013
Lockheed Martin – Alexandria, VA
Led Information Assurance for 23 subcontractor teams, aligning organizational business goals with cloud application security capabilities, and managed project management and systems engineering activities to enhance operations.
Conducted engineering and technical analysis to evaluate configurations and functionality, providing recommendations for increased capacity or functionality.
Planned, organized, and prioritized work, ensuring deadlines were met and managing multiple tasks in a complex, dynamic environment.
Reviewed DODAF UML architecture models at service, system, platform, and segment levels for completeness and compliance with DODAF standards.
Ensured systems capabilities were developed and operated by Intelligence Community Directive 503 (ICD-503), CNSSI 1253, and Defense Information Assurance Certification and Accreditation Process (DIACAP) security policies and procedures.
Guided application developers in complying with ICD-503, CNSSI 1253, and DIACAP certification requirements.
Provided guidance on other security disciplines and their interaction with IS security.
Developed and implemented government-approved information security procedures and plans for operating networked and stand-alone classified computers, coordinating government agency approvals.
Provided lifecycle Information Assurance (IA) support and recommendations to government, SETA, program managers, and systems engineering staff.
Generated IA assessments and developed actionable recommendations based on system analysis and findings.
Guided IA triage change requests for government review and approval.
Business Development Manager, 09/2012 – 01/2013
Zari Technologies, LLC – Bowie, MD
Identified and developed new business contract opportunities within the assigned territory through networking and cold calling efforts.
Defined prospects, scheduled appointments, and closed teaming opportunities.
Led the business development process, navigating multiple steps with various decision-makers and demonstrating the ability to influence high-level decisions.
Captured DODAF requirements, maintained proficiency in products and services, and positioned solutions against the competition.
Accurately assessed and analyzed the customer needs to identify appropriate solutions.
Prepared and delivered strategic sales presentations.
Managed and created a strategic business development plan outlining the activity level required to meet federal contract objectives.
Identified, qualified, captured, and won new business in the DoD and other federal agencies.
Worked collaboratively with line management, capture and proposal managers, program management, technical subject matter experts, contracts, procurement, and pricing personnel.
Served in both business development and capture management roles, providing consulting to potential customers.
Prepared, maintained, and executed account plans, ensuring policies reflected the priorities established in the business strategy.
Developed and maintained relationships with leaders in the DoD and federal departments, identifying the skills and capabilities necessary to support new business.
Information Assurance Manager, 06/2011 – 08/2012
C2 Solutions Group Inc – Falls Church, VA
Led the Information Assurance and Security Engineering team using the Software Development Lifecycle methodology within a software engineering process team.
Performed systems engineering tasks, scheduling, and technical activities to support software lifecycle management.
Analyzed architecture design, scoping, implementation, testing, and deployment needs to define project requirements.
Developed an Information Assurance (IA) strategy for certification and self-assessment of software applications.
Applied configuration management and change control principles, articulating their relationship with IA.
Managed and provided security reviews and self-assessment support during the development, integration, testing, and release phases of system components.
Ensured the overall contract statement of work met performance criteria.
Developed security test plans and procedures, utilizing DoD Information Assurance Security Environment tools, including security technical implementation guidance, security readiness review checklists, and network scanning tools such as Retina.
Executed the DoD Information Assurance Certification and Accreditation Process, developing the DIACAP Implementation Plan (DIP), Scorecard, and Plan of Action and Milestone (POA&M).
Director of Security Programs, Dec 2010 - Jul 2011
The Coleman Group, Inc., Greenbelt, MD
Managed the security program, ensured alignment with federal standards, and strengthened compliance measures.
Oversaw and conducted risk assessments, implemented cutting-edge security measures, and enhanced the resilience of infrastructure systems.
Led customer relations, fostering partnerships across diverse industries, and boosting satisfaction.
Developed incident response strategies, minimizing breaches and ensuring rapid resolution.
Developed staff expertise through focused training initiatives, boosting team performance and proficiency.
Led comprehensive security program development and implementation, establishing risk management protocols and coordinating with cross-functional teams
Streamlined security operations through data-driven assessments, reducing incident response time and strengthening organizational resilience.
Developed and executed strategic security initiatives, enhancing protection measures while maintaining operational efficiency
Orchestrated security training programs, fostering a culture of awareness and compliance across all organizational levels
Managed security audits and compliance reviews, implementing robust documentation systems and emergency response protocols
Led comprehensive security transformation efforts across the enterprise, seamlessly aligning federal compliance requirements with advanced threat detection strategies.
Education
BS: Workforce Education and Development, Aug 2000 - May 2002
Southern Illinois University Carbondale, Carbondale, IL
Graduated with a 3.59 GPA
Certificate - Leadership Development Program: Building Leadership Skills for Executives, Aug 2005 - Sep 2005
Eckerd College, St. Petersburg, FL
Graduated with a Certificate of Leadership
Courses
Provision and maintain ASW Resources by using CloudFormation. In-progress
Cybrary IT
Incident Response and Advanced Forensics –Jan 2022
Cybrary IT
Course Assessment – NIST 800-53 Jan 2022
Cybrary IT
Introduction to Cyber Threat Intelligence 12 2021
Cybrary IT
Certified SCRUM Master Course, Aug 2015 - Sep 2015
IT University Online
Certified Information Security Manager (CISM) Course, Sep 2016
Training Camp
DevSecOps Security Engineering Course, Apr 2019
CybaryIT
Links
LinkedIn: www.linkedin.com.
Additional information
Professional Certifications
Certified Information Systems Security Professional (CISSP)
• Certified PMG Security NetAnalyst
• Active Security Clearance
Professional Affiliations
Institute of Electrical and Electronics Engineers• Information Systems Audit and Control Association (ISACA) • International Information System Security Certification Consortium (ISC2) • System Administrator, Audit, Network Security (SANs)
Volunteer Work, Pathway to Career Decision
Teaching “Now What!” a course focusing on career guidance and passion discovery for students
References
Ernesto Moseley, Cloud Security Architect (*******.*******@*****.***, 571-***-****)
Harold Williams, National Labor Relations Board (**********@*******.***, 301-***-****)
Vera McKee, U.S. Patent and Trademark Office (*******@*****.***, +1-240-***-****)