Program Manager Supply Chain
Resume:
Bruce E. Plott
Port Republic, MD 20676
Day Phone: 240-***-****
Cell Phone: 410-***-****
Email: *****.*****@*******.*** *****.*****@******.***
Security Clearance
Active Top Secrete Clearance (2024/2025) (TS refresher training 2025)
Secrete Clearance (1999 until 2024) (Secrete refresher training 2023)
Certifications & Training
Active Top Secret Clearance (2024–2025)
Federal Acquisition Certification – COTR Level III, NOAA (2015)
Certified in Risk and Information Systems Control (CRISC), ISACA (since 2011)
Certified Ethical Hacker (CEH), EC-Council (since 2016)
Certified Network Defense Architect (CNDA), EC-Council (since 2016)
CompTIA Security+ (since 2019)
Secret Clearance (1999–2024)
Technical Skills
Platforms: Linux, UNIX (HP-UX, Debian-based UNIX, IRIX, AIX, Solaris), Ecos (Embedded Configuration OS), Novell, Windows, Virtualized Environments (VMware, Hyper-V)
Tools: Tivoli, Cuadra Star, ZOS, TCP/IP, Wireshark, Splunk, MATLAB/SSTK
Technologies: LAN/WAN, Routers, Firewalls, IDS/IPS, VPNs, Cloud Architectures (AWS, limited)
Databases: Relational Databases (SQL, Oracle), Configuration Management Systems
Programming Languages: Python, Shell Scripting, COBOL, Fortran, Pascal, SQL, RTOS (Real-Time Operating System)
Security Tools: Nessus, Jack the Ripper, Cain and Abel NMAP, Snort, SIEM solutions (Splunk, QRadar)
Senior IT Security Manager / Program Manager Summary Statement:
Seasoned IT Security Manager and Architect with extensive experience in leading large-scale cybersecurity initiatives, managing network architecture, and driving risk management and compliance across the federal, defense, and commercial sectors. Highly skilled in program and portfolio management, ensuring the successful execution of IT security and infrastructure projects while aligning them with organizational objectives. Expertise in the full RMF lifecycle, including system categorization, continuous monitoring, risk assessment, and authorization, ensuring compliance with federal security standards such as NIST 800-53, FISMA, DoD STIGs, and FedRAMP.
Strong background in DevSecOps, Zero Trust frameworks, and cloud security (AWS, Azure) solutions, with a deep focus on driving security compliance through strategic governance, risk, and compliance (GRC) initiatives. Adept at integrating cybersecurity controls within enterprise environments to meet the security needs of mission-critical systems, with specialized experience working with NOAA, Space Force, and NASA to implement compliance-driven security strategies.
Proven ability to lead cross-functional teams across federal, commercial, and defense organizations to implement high-availability, scalable solutions while ensuring secure, resilient operations. Skilled in agile project management, financial management, and portfolio planning, driving innovation and ensuring all projects are completed on time, within scope, and in adherence to budget. Seeking a senior leadership role in IT security architecture and program management to leverage my expertise in enhancing the security posture and operational resilience of complex, high-security environments.
Education:
Management Concepts: Project Management & Program Management Master Tracks Program (Dual Certificates, 2018)
University of Maryland Global Campus: B.S. in Economics (1994)
Prince George’s Community College: A.A. in Marketing Management (1992), A.A. in Business Management (1992)
Professional Experience:
DOC/NOAA/DOUS/Office of Space Commerce – Suitland, MD
Network/Software Lead
02/2024 – 02/2025
As the Network/Software Lead at NOAA’s Office of Space Commerce (OSC), I led the secure architecture, integration, and lifecycle implementation of the Traffic Coordination System for Space (TraCSS), a FISMA High-rated system designed to support the national space traffic management mission. This program included coordination across interagency stakeholders—NOAA, NASA, the U.S. Space Force—as well as commercial entities such as SpaceX and other satellite operators.
I managed system development and operational planning in alignment with NIST SP 800-53, 800-160, and 800-171, ensuring compliance and risk mitigation across all phases of the system engineering lifecycle. My responsibilities spanned requirements analysis, secure network design, DevSecOps integration, and cloud/hybrid infrastructure management.
Using tools such as JIRA, Confluence, Microsoft Visio, and Microsoft Project, I supported end-to-end program oversight, including requirements tracking, architectural design documentation, and milestone-driven project planning. I developed detailed program plans and work breakdown structures (WBS), maintained risk and issue logs, and monitored deliverables and contractor performance across a complex stakeholder environment.
As Product Owner for the DevSecOps team, I led the adoption of infrastructure-as-code practices (Terraform), CI/CD pipelines, and automated vulnerability scanning tools to streamline secure system deployment. I also led the creation and management of RMF artifacts including SSPs, POA&Ms, and Continuous Monitoring (ConMon) packages to support and sustain ATO status.
Throughout the effort, I collaborated with engineering, cybersecurity, and acquisition professionals to align program goals with national policy and emerging commercial needs. I also mentored junior staff and contributed to enterprise-level architecture discussions in support of digital modernization and strategic readiness.
Led end-to-end program management and cybersecurity oversight for the TraCSS (Traffic Control and Surveillance System) network infrastructure, ensuring full compliance with FedRAMP, NIST 800-53, and DoD STIG requirements for secure, cloud-based mission systems.
Directed the integration of cybersecurity controls and technical standards across NOAA, NASA, and Space Force projects—aligning interagency strategic goals with evolving federal mandates.
Oversaw the full project lifecycle, including planning, coordinating, and managing a portfolio of cross-agency IT initiatives; proactively identified optimization opportunities to reduce risk, improve performance, and ensure mission success.
Developed and executed program management plans, defined work breakdown structures (WBS), and created detailed schedules to track milestones, dependencies, and deliverables.
Monitored and tracked all program performance, subcontractors, risks, costs, and schedules, ensuring initiatives remained on-time, within scope, and under budget.
Led as Product Owner for the DevSecOps team—driving the adoption of CI/CD pipelines, automated vulnerability scanning, and enhanced deployment frameworks that improved system security and operational resilience.
Oversaw Salesforce Financial Services Cloud (FSC) implementation for cross-agency CRM and case management solutions.
Led requirements gathering and sprint coordination for Salesforce-based automation projects in FSI-aligned environments.
Directed integration of Salesforce with legacy financial platforms, ensuring continuity and compliance with FISMA and SOX.
Supervised access controls and audit trails using Salesforce Shield to meet federal data governance standards.
Managed vendor engagements and AppExchange solutions for financial workflow optimization in Salesforce.
Supported risk mitigation planning and compliance alignment for cloud-based Salesforce deployments.
Collaborated with financial analysts and system owners to modernize reporting dashboards and customer engagement portals.
Conducted ongoing risk assessments, compliance monitoring, and vulnerability mitigation to ensure all systems aligned with federal cybersecurity frameworks.
Provided strong, assertive leadership to multidisciplinary teams, delivered high-quality deliverables, and responded quickly to mission-critical needs. Escalated unresolved issues appropriately and ensured continuous forward progress.
Managed program financials by tracking actual vs. planned expenditures and implementing corrective actions where necessary to address variances.
Guided the successful completion of complex, FISMA High–rated programs including the TraCSS network and security modernization, functioning in both a leadership and technical architect role.
Developed and applied advanced engineering solutions to high-availability infrastructure supporting secure space situational awareness operations for NOAA, NASA, and Space Force.
Oversaw full system lifecycle activities from modeling and simulation to deployment, maintenance, and sustainment.
Led CI/CD automation efforts and system design across AWS and Azure, integrating advanced security protocols.
Created and maintained engineering documentation, SOPs, and risk management plans to support continuous monitoring and accreditation.
Acted as consultant across program portfolios and coached junior engineers to align efforts with long-term modernization strategies.
Key Achievements:
Led the portfolio management of the program, overseeing multiple parallel initiatives, ensuring timely project delivery, and meeting key performance indicators (KPIs) for security compliance.
Enhanced cloud security by optimizing AWS, Azure, and hybrid infrastructures, ensuring high availability, scalability, and regulatory compliance.
Increased efficiency by implementing Kubernetes and Appgate ZTNA, improving both system performance and security controls while minimizing risks from unauthorized access.
Technical Expertise:
Program & Portfolio Management: Managing large-scale IT initiatives, optimizing resource allocation, and ensuring timely delivery of cybersecurity projects.
Compliance & Security: FedRAMP, NIST 800-53, DoD STIGs, Zero Trust Architecture, RMF lifecycle
DevSecOps & Cloud: AWS, Azure, Terraform, Ansible, Kubernetes, GitLab CI/CD
Cybersecurity & Threat Mitigation: Security automation, vulnerability scanning, SIEM solutions, Appgate
Agile Project Management: Managing project sprints, backlog, and feature deployments using Jira.
Calvert County Government – Prince Frederick, MD
11/2022 – 11/2024 Calvert County Government Records Manager
Developed and implemented a county-wide records management program aligned with Maryland State Archives retention schedules and state laws such as the Maryland Public Information Act (MPIA) and Personal Information Protection Act (PIPA). Incorporated federal records management standards per NARA guidance including 36 CFR Subchapter B, NARA’s General Records Schedules (GRS), and OMB/NARA Memorandum M-19-21.
• Led the digitization and scanning program for physical records, ensuring compliance with NARA Bulletin 2015-04 and Bulletin 2019-01. Scanned documents met standards for long-term legal retention, using PDF/A, OCR indexing, and appropriate metadata tagging for searchability and archival accuracy.
• Designed and managed a secure records disposal program with full compliance to both Maryland state requirements and federal regulations. Oversaw shredding and incineration of expired records, ensuring destruction methods met legal and environmental standards. Documented disposal using retention verification logs, certificates of destruction, and audit-ready metadata for each record series.
• Conducted legal retention reviews and managed the complete life cycle of 12 record categories, ensuring appropriate scheduling, disposition authority, and destruction processes per Maryland GRS and NARA’s approved records schedules.
• Developed an outreach program in collaboration with the Maryland State Archives to implement standardized data governance practices and renew outdated records formats across Calvert County departments. This initiative promoted uniform retention scheduling, improved metadata tagging, and enhanced the long-term preservation and accessibility of electronic and physical records.
• Supervised a team of department liaisons and trained over 100 employees across multiple departments in state and federal records requirements, classification, access controls, and retention.
• Supported legal holds and litigation readiness by implementing defensible disposal strategies and coordinating with legal counsel and state archivists to prevent unauthorized deletion of records under investigation or audit.
• Developed a cross-agency outreach campaign with MACo and Maryland State Archives to promote best practices in digital governance, records lifecycle compliance, and public records accessibility.
• Deployed a secure, cloud-based document management system, integrating record classification, retention schedules, and access logging features to streamline document governance. Provided strategic leadership across business development, capture management, and program execution for enterprise software and network initiatives, including early-stage mission startup. Spearheaded beta user group engagement to shape solution requirements, refine product-market fit, and establish stakeholder alignment, integrating marketing management principles to drive adoption and inform go-to-market strategies.
• Conducted annual assessments of records and data systems in alignment with internal policy and external compliance mandates, including verification of COOP (Continuity of Operations) compliance and secure data backups.
Key Achievements:
• Spearheaded the digitization of over 100,000 records, reducing physical storage costs, improving information retrieval speed, and ensuring legal validity of digital surrogates.
• Achieved full compliance with NARA, OMB A-130, and Maryland retention and destruction guidelines, verified through internal audits and documentation.
• Established an automated compliance monitoring system to manage retention triggers and disposal eligibility, reducing manual intervention and increasing efficiency.
• Initiated and led regular record destruction cycles using approved vendors, maintaining accountability with documented chains of custody and NA-13001-equivalent approvals.
• Strengthened information governance posture through training, policy development, and department collaboration, aligning Calvert County practices with both state and federal expectations.
Technical Expertise:
• Records Compliance & Governance: MPIA, PIPA, Maryland Archives Retention, NARA GRS, 36 CFR §1220–1239
• Digitization Standards: NARA Bulletins 2015-04 and 2019-01, metadata tagging, PDF/A, OCR indexing
• Secure Document Disposal: Certified shredding, incineration protocols, chain of custody, NA-13001 guidance
• Cloud-Based Document Management: Digital storage, access control, automated retention scheduling
• Compliance & Audit Monitoring: Records lifecycle tracking, COOP planning, destruction verification systems
• Cross-Agency Coordination & Training: Collaboration with MACo, Maryland Archives, and department stakeholders
DOC/NOAA/NESDIS/OSPO – Suitland, MD
Network Manager & System Owner
01/2016 – 02/2024
Served as the lead Network Manager and System Owner overseeing complex, mission-critical satellite communications systems and IT infrastructure across NOAA’s OSPO operations. Brought over 10 years of IT and systems engineering experience, including more than 6 years supporting Department of Defense (DoD) and Intelligence Community (IC) projects. Applied in-depth knowledge of the DoD/IC acquisition lifecycle, the Planning, Programming, Budgeting, and Execution System (PPBES), and system engineering best practices to advance strategic modernization efforts.
• Directed portfolio management of multiple high-availability, secure satellite systems—ensuring compliance with NIST 800-53, FISMA, and mission assurance standards while maintaining continuity of operations for assets such as GOES-R, EWS-G, and DSCOVR.
• Led enterprise-wide network modernization efforts, deploying VLANs, WAN optimization, and service-oriented architectures across a global communications framework.
• Applied advanced systems engineering methodologies throughout the full lifecycle—including requirements definition, architecture design, implementation, validation, and sustainment—for hybrid on-prem/cloud environments.
• Successfully implemented Zero Trust Architecture across satellite support systems, introducing automated incident response, security hardening, and continuous monitoring.
• Collaborated with the U.S. Space Force, NASA, and interagency mission partners to ensure system resilience, enterprise scalability, and alignment with evolving federal mandates.
• Demonstrated over 6 years of experience using the Department of Defense Architecture Framework (DoDAF) to design, model, and validate system-of-systems (SoS) integrations.
• Applied Model-Based Systems Engineering (MBSE) practices and digital engineering principles, enhancing traceability, configuration management, and architecture modeling in complex environments.
Led the network modernization program, overseeing the integration of VLANs, WANs, and advanced traffic management techniques for global satellite communication systems, including EWS-G and GOES-R.
Implemented a Zero Trust security framework across federal satellite systems, overseeing the deployment of both security automation and incident response strategies to address evolving security threats.
Engaged with internal stakeholders, including the Space Force, and NASA, to ensure system resilience and meet regulatory compliance across cross-agency initiatives.
Utilized systems engineering and configuration management tools such as JIRA, Confluence, Visio, and Microsoft Project to support requirements tracking, architectural design, documentation, and project lifecycle oversight in support of large-scale, mission-critical systems.
Delivered complex, mission-critical technology solutions supporting Intelligence Community (IC) stakeholders through multi-agency satellite operations, ensuring secure, high-availability network infrastructure and alignment with evolving IC security requirements, system engineering practices, and data dissemination protocols.
Led and mentored cross-functional technical teams composed of federal staff and contractors, ensuring consistent delivery of mission-critical objectives across satellite communications, cybersecurity, and infrastructure modernization projects.
Demonstrated in-depth understanding of Intelligence Community (IC) and federal acquisition processes; successfully managed contract performance, compliance, and funding execution within programs governed by complex IC contract requirements.
Applied deep technical expertise in enterprise architecture, cloud integration, cybersecurity (Zero Trust, NIST RMF), and large-scale network infrastructure, supporting high-assurance mission systems and continuity of operations for classified and unclassified networks.
Communicated complex technical issues and strategic plans to diverse audiences, including senior NOAA leadership, Space Force stakeholders, and external mission partners, using formal briefings, architecture diagrams, and project dashboards.
Built trusted working relationships across technical, acquisition, and leadership teams by aligning enterprise-level strategy with operational requirements, fostering collaboration, transparency, and shared accountability.
Navigated complex federal and IC environments with agility, overcoming organizational and technical challenges by aligning architecture, budget, and governance frameworks to enable modernization efforts under tight deadlines and shifting priorities.
Key Achievements:
Program & Portfolio Management: Managed concurrent satellite communication system initiatives, ensuring systems were secure, scalable, and within budget.
Cybersecurity & Risk Management: Integrated Zero Trust principles into network security frameworks, improving access control and data integrity.
System Security Optimization: Streamlined network operations, reducing latency, and improving the scalability of satellite communication systems for global use.
Technical Expertise:
IT Security & Risk Management: FISMA, NIST 800-53, Zero Trust Architecture, compliance management
Network Infrastructure Management: High-availability architectures, optimization, and global connectivity
Agile Project Management: Cross-functional team leadership, agile frameworks, and stakeholder communication.
DOC/NOAA/NESDIS/OSPO – Suitland, MD
IT Administrator
01/2011 – 01/2016
As IT Administrator for the NOAA/NESDIS Office of Satellite and Product Operations (OSPO), I led enterprise-level cybersecurity operations and lifecycle systems administration for 12 FISMA-reportable systems, including 8 designated as FISMA High—classified as National Critical Systems supporting global weather, environmental, and climate monitoring. I served as the primary technical and programmatic lead for all IT security and compliance activities, supporting the SES-level Director and reporting directly on posture, risk, and strategic investment.
I supervised a team of 8 Information System Security Officers (ISSOs) and coordinated daily with system administrators, program managers, and mission stakeholders to ensure system integrity, availability, and compliance. My leadership included full accountability for ATOs, annual assessments, and POA&M management across a hybrid federal-contractor workforce and multi-agency environments. I authored and maintained critical documentation such as System Security Plans (SSPs), Business Continuity Plans (BCPs), and Incident Response Procedures under the Risk Management Framework (RMF), using guidance from NIST SP 800-53, 800-161 (Supply Chain Risk Management), and 800-82 (Industrial Control Systems).
In support of NESDIS’ enterprise cybersecurity posture and digital modernization efforts, I served as Chair of the IT Risk Management Advisory Council (IRMAC) for 8 years. In this leadership role, I reviewed and approved all NESDIS security and architecture-related funding and investment proposals, ensuring alignment with strategic goals, federal compliance mandates, and evolving threat landscapes. I also advised senior leadership on governance strategies, enterprise risk posture, and digital architecture modernization.
My role demanded close coordination with internal audit teams, OIG, DHS, and external partners such as NASA, DoD, and intelligence agencies. I played a critical role in security engineering reviews, integration of new satellite assets into the enterprise architecture, and the modernization of legacy systems to meet evolving NIST and OMB requirements.
Through a blend of technical depth and executive-level program management, I ensured mission success, minimized operational risk, and established repeatable processes for long-term sustainment and continuous improvement across NOAA’s most critical IT systems.
Managed a portfolio of high-profile, mission-critical systems under FISMA and NIST compliance, ensuring continuous performance optimization and minimizing downtime.
Developed risk management frameworks, creating Standard Operating Procedures (SOPs) and IT governance policies for NOAA’s satellite operations, providing the structure to drive strategic IT projects while minimizing security risks.
Led capital planning and provided guidance on budget allocation, identifying risks and opportunities to support long-term agency objectives.
Led efforts in disaster recovery planning, business continuity solutions, and cross-agency collaboration to ensure critical NOAA assets remained secure, operational, and compliant. Supervised 8 Information System Security Officers (ISSOs), system administrators, and support staff to maintain secure operations across a hybrid enterprise environment.
Managed the execution of continuous monitoring and annual FISMA assessments, ensuring all systems met NIST SP 800-53, 800-161 (supply chain risk), and 800-82 (industrial control systems) compliance requirements.
Maintained and reviewed documentation for 12 FISMA systems, including System Security Plans (SSPs), Risk Assessments, and Security Assessment Reports (SARs).
Oversaw and ensured timely completion of key activities such as annual security reviews, penetration testing, Business Impact Assessments (BIAs), and COOP exercises.
Directed security posture evaluations through automated scanning tools, threat modeling, and integration of POA&M tracking for vulnerability remediation.
Ensured IT assurance and compliance with NOAA, NESDIS, and federal standards, aligning continuous monitoring practices with agency policy and OMB A-123 guidelines.
Served as Chair of the NESDIS IT Risk Management Advisory Council (IRMAC) for 8 years, approving security-related funding and advising on enterprise architecture enhancements.
Led cross-agency coordination with DHS, NASA, and DoD entities to align risk management activities, optimize resource use, and support mission continuity.
Key Achievements:
Developed and enforced compliance tracking mechanisms, streamlining the risk assessment and FISMA compliance processes.
Oversaw the successful transition of legacy systems to modern cloud-ready architectures, improving scalability and reducing costs.
Technical Expertise:
IT Security & Compliance: FISMA, NIST 800-53, NOAA/NESDIS security frameworks
Capital Planning & Risk Management: IT budgeting, portfolio management, risk mitigation
IT Infrastructure & Governance: Cloud migration, systems administration, and IT strategy
Additional Roles (Summarized)
Due to the historical timeframe of these positions, the following roles have been summarized. Further details can be provided upon request.
Unix/Security Administrator
QSS Group Inc. & Westover Consulting, Suitland, MD (2004 – 2006)
Supported secure big data distribution systems at NOAA’s Environmental Satellite Processing Center (ESPC) and the National Ice Center (NIC).
Oversaw IT security operations for NOAA’s ESPC Data Distribution System and National Ice Center, ensuring compliance with federal cybersecurity mandates.
Managed continuous monitoring and security posture for NOAA’s critical distribution systems at ESPC and NIC.
Directed compliance and risk assessment activities for mission-critical systems, including the ESPC and National Ice Center infrastructures.
Ensured FISMA and NIST compliance for NOAA’s Data Distribution Systems supporting ESPC and the National Ice Center.
Integrated and tested software upgrades, ensuring system security and compliance with organizational policies.
Managed Unix-based environments, overseeing security hardening, patch management, and access controls.
Conducted vulnerability assessments and penetration testing to identify and remediate security risks.
Systems Administrator
Isys Technologies, Annapolis Junction, MD (5-2004 - 12-2004)
Diagnosed system failures and developed corrective action plans to restore critical IT services.
Provided Tier 2 and Tier 3 technical support, troubleshooting network and system performance issues.
Assisted in the migration of legacy infrastructure to updated architectures, improving overall system efficiency.
Senior Associate
PricewaterhouseCoopers LLP, Washington, DC (2-2004 - 5-2004)
Conducted security evaluations of enterprise IT environments, ensuring compliance with regulatory frameworks.
Led initiatives to streamline mainframe operations, optimizing resource allocation and workload efficiency.
Provided advisory services on IT governance, risk management, and cybersecurity best practices.
Performed penetration testing (UNIX) and led the white team testing to assess security vulnerabilities and strengthen system defenses.
Contributed to contract proposal writing, supporting business development efforts and strategic planning for IT security initiatives.
Team Lead & IT Administrator
BAE Systems & ManTech, Lexington Park, MD (1999 – 2004)
Supervised Unix teams responsible for maintaining secure, high-performance computing environments.
Managed multi-site Tivoli backup solutions, ensuring data integrity and disaster recovery readiness.
Designed and implemented automated monitoring and alerting systems to proactively address potential infrastructure issues.
Senior Systems Engineer
ManTech Systems Engineering Corporation / Management Technologies Lexington Park, MD, (06/1999 - 10/2000)
Placed on the Naval Air Systems Command (Code 3.6.2.2), working in the Naval Aviation Data Analysis section.
System Administrator for the Configuration Management Information System (CMIS).
Wrote UNIX/AIX scripts as required, documented and maintained AIR-3.0 firewall requirements.
Installed and configured several AIX applications.
Supervisor: Karla Mathews 301-***-****)
Principal Systems Engineer
Intellisource Information Systems, College Park, MD (01/1999 - 06/1999)
Assigned to the United States National Archives contract.
Promoted to Unix Team Lead, overseeing 24 Unix Servers and 12 NT Servers.
Managed a team of seven Engineers and ten Technicians.
Led security planning, database management, network infrastructure, and primary IT operations.
Performed all Unix Systems Admin and post-Database Administrator activities.
Supervisor: Joe Verguese
Senior Systems Engineer
RMS Information Systems, Inc. College Park, MD, United States (02/1997 - 01/1999)
Promoted on the United States National Archives contract.
Database Administrator for five UNIX Servers.
Managed Cuadra Star relational databases containing over 400 individual datasets per server, implementing strict security perimeters.
Supervisor: Joe Verguese
Technical Support Engineer
American Technical Resources, Inc., Washington, DC, United States (07/1996 - 02/1997)
Worked on the JCON contract for the United States Department of Justice.
Provided multi-tiered user HELP Desk support as Senior UNIX Engineer and maintained UNIX/Windows 95 network environments.
Created UNIX accounts,
Contact this candidate