Project Manager Incident Response

NOMAR E. DELGADO GRANT M.Sc.

Active Top Secret/SCI Clearance with CI polygraph

**********@*****.*** · 850-***-****

PROFESSIONAL SUMMARY

Cybersecurity Project Manager and Cyber Operator with over a decade of experience supporting Department of Defense and civilian agencies. Specialized in incident response, cyber threat hunting, training development, and operations planning. Adept at managing large-scale cyber training events, automating security processes, and building resilient cyber programs. Proven ability to lead cross-functional teams, ensure 508 compliances, and deliver actionable insights through technical reports and live instruction.

TECHNICAL SKILLS

Cybersecurity Strategies Cyberspace Operations Planner VMWare Engineer

Mainframe Servers Administrator Database Administration Ivanti Administrator

Threat Intelligence Platforms Incident Response Operator Cisco Administrator

OPSEC Deployment Coordinator PowerShell Automation Splunk Administrator

Network Statistical and Data Analysis Learning Management Systems Linux Pen Testing

Domain Administrator Virtualization ACAS Analysis

EXPERIENCE

PROJECT MANAGER – CYBERSECURITY TRAINING & OPERATIONS

Centers for Medicare & Medicaid Services, October 2023 – Present

Tampa, FL

Lead the planning, development, and execution of cybersecurity training programs and strategic engagement efforts to strengthen CMS’s organizational resilience.

Directly train and support Information System Security Officers (ISSOs) through customized bootcamps, scenario-based learning, and role-specific guidance aligned with NIST and FISMA requirements.

Spearheaded CyberWorks 2024, CMS’s flagship hybrid cybersecurity event, coordinating 20+ presenters, 500+ attendees, and multiple expert-led sessions focused on emerging threats and best practices.

Manage the ongoing Cyber360 Snack & Share monthly series, facilitating expert knowledge sharing and workforce-wide cybersecurity awareness.

Developed the CMS FISMA Continuous Tracking System and Cyber360 training curriculum using Agile and Scrum methodologies to ensure iterative improvement and alignment with federal cybersecurity standards.

Designed onboarding and coaching programs to accelerate participant readiness and long-term retention of cybersecurity policies, controls, and procedures.

Created multimedia-rich training content—including video, audio, and interactive elements—ensuring 508 compliance and accessibility for all learners.

Established repeatable, metrics-driven review processes for training materials to ensure content stays current, effective, and aligned with evolving agency priorities.

Maintained strong collaboration with subject matter experts and agency leaders to ensure stakeholder alignment and high-impact training outcomes.

Authored monthly articles for CMS staff highlighting current cybersecurity threats, social engineering tactics, and actionable defense strategies.

Utilized Python to automate phishing detection workflows and ingest threat intelligence feeds for enhanced situational awareness.

Used Python to build automation scripts for phishing simulations and report parsing in support of security awareness and compliance initiatives.

LEAD CYBERSPACE EXERCISE PLANNER

U.S. Central Command, June 2021 – October 2023

Tampa, FL

•Orchestrated and managed the formulation of cyber training goals, exercise scenarios, and content for the U.S. Central Command's staff command post exercises, encompassing bilateral, multilateral, and combined operations.

•Conducted needs analysis and consultations with coalition partners to determine instructional goals and develop tailored eLearning strategies.

•Developed and implemented innovative eLearning modules and training materials using Articulate Storyline and Adobe Captivate.

•Directed cyber working groups and conferences, presenting strategic plans and expected outcomes to high-ranking military officials and civilian leaders.

•Guided the creation of cyber strategic objectives and roadmaps, leveraging an in-depth understanding of DoD Cyber Security directives, policies, and procedures.

•Facilitated Cybersecurity Security Cooperation initiatives with over 10 U.S. Central Command Coalition Partners, ensuring robust collaboration and communication.

•Pioneered the establishment of a novel USCENTCOM deployable Cyber Academics Environment, worth over $25K, to significantly advance cyberspace training capacities.

•Innovated a fully deployable kit, constructing a versatile “Sandbox” environment for U.S. Forces and Coalition Partners to augment their Cyberspace Skills and prepare for all U.S. Central Command Multi-Lateral Exercises.

•Led the Cyberspace Working Group for the U.S. Central Command's most extensive Training Exercise, effectively integrating Cybersecurity into Intelligence, Special Operations Forces, Force Protection, and Command and Control.

•Implemented the USCYBERCOM Persistent Cyberspace Training Environment within USCENTCOM, providing a cloud-based cyber range for hands-on operational training exercises.

•Employed statistical analysis for the development of Cyberspace Operations guidelines, including Rules of Engagement, Collateral Effects Estimates, and Collateral Damage Estimates, to minimize risks and prevent vulnerabilities.

•Spearheaded the planning, coordination, and management of training initiatives for the Persistent Cyberspace Training Environment (PCTE) during USCENTCOM coalition partner exercises.

•Ran Nessus scans to assess vulnerabilities across operational networks, developing tailored remediation reports and tracking organizational risk posture.

•Implemented cloud security best practices in AWS and Azure environments, aligning configurations with NIST SP 800-53 and FedRAMP Moderate controls. Contributed to multiple ATO packages by assessing and remediating security posture gaps.

•Applied cloud security controls in support of deployed cyber training environments and simulations, ensuring secure operation of virtualized platforms.

•Focused on the vulnerability and testing side of the development process, identifying potential weaknesses and supporting secure configuration validation.

SENIOR COMPUTER NETWORK DEFENSE ANALYST

Naval Network Warfare Command, December 2020 – June 2021

Springfield, VA

•Established procedures to conduct CND analysis, to include analyst workflows, in accordance with client service agreements.

•Automated log extraction and data scrubbing of the network using PowerShell, reducing the time for analysis workflow completion by 40%.

•Led the creation of policy and strategy documents that align with National Institute of Standards and Technology (NIST) frameworks and Department of Defense (DoD) cybersecurity policies, establishing consistent, secure operational standards across networks.

•Supervised and cross trained newly indoctrinated analysts on SIEM tools and reporting procedures to meet client requirements.

•Allocated specific roles and tools to analysts to prevent redundancy in work; optimized the analytical process through effective division of labor.

•Produced detailed reports with precision signatures for network alerts; resulting in a stronger and more accurate User Behavioral Analysis database, reducing false positives by 20%.

•Provided oversight for and certified daily analysis reports generated; guaranteed they met the standards and policies of the organization and clients.

•Worked with the client to create a plan of action, addressing the scope and timely execution of projects to satisfy their CND needs.

•Created action plans to maintain accountability of team’s progress on deliverables and milestones to managers and clients; supported strong client relationships and lines of communication.

•Developed Risk Management Framework (RMF) assessment packages and associated work products, contributing to robust security assessments.

•Utilized Security Technical Implementation Guides (STIG) to implement secure information system baselines, enhancing system security.

•Supervised and mentored a team in cybersecurity best practices and incident handling.

•Developed PowerShell scripts to automate log extraction and system compliance tasks, reducing manual workload and increasing analysis speed by over 40%.

•Supported internal assessments using Nessus for FISMA-based system evaluations and continuous monitoring initiatives.

•Conducted internal web application assessments using Burp Suite to identify injection flaws, broken authentication, and session misconfigurations.

•Used Fortify to perform static code analysis on new applications in secure test environments, helping verify software integrity prior to deployment.

•Collaborated with DevSecOps teams during cyber training and assessment efforts, providing security guidance and supporting risk mitigation across cloud-based and virtualized environments.

•Leveraged Qualys to conduct compliance scans and produce executive dashboards for continuous monitoring of CMS system vulnerabilities.

•Supported security compliance efforts and vulnerability reviews in AWS and Azure environments by assisting with configuration assessments, interpreting scan results, and aligning cloud practices with NIST-based controls.

COUNTER PURSUIT CYBER OPERATOR

National Security Agency, February 2015 – February 2021

FT Meade, MD

•Orchestrated cyber education and testing for new recruits, employing simulation techniques based on CompTIA and SANS methodologies.

•Designed and developed custom eLearning solutions for various operations, focusing on interactive and engaging content.

•Regularly updated and maintained eLearning materials, ensuring relevance and alignment with current industry standards and technologies.

•Led a team of seven service members in redesigning a cutting-edge computer lab, creating a multi-level Intranet Capture the Flag scenario using various VMs and Operating Systems, catering to skill levels from Beginner to Black Hat.

•Performed comprehensive evaluations of team members' performance, generating detailed statistical reports to track and demonstrate progress over time.

•Executed Agency Network Incident Reports as a Counter Pursuit Operator, effectively countering cyber threats from malicious entities.

•Played a key role in the inaugural Cyber Common Technical Course, graduating in the top 5%, identifying curriculum gaps, and formulating essential tasks for training.

•Assisted in teaching the third iteration of the Cyber Common Technical Course, contributing to a 6% increase in the course's pass rate.

•Conducted in-depth analysis of USAFRICOM's remote cyber operations across Europe, pinpointing and recommending enhancements to network security.

•Advanced CPB Incident Response Team methodologies by implementing and refining the use of Windows and Linux native tools, reducing reliance on third-party software.

•Led the CPT host analyst team, providing specialized training in PowerShell, Splunk, Google Rapid Response, and Host-Based Security Systems.

•Streamlined vulnerability scanning, network mapping, and logging processes, utilizing PowerShell for efficient host configuration and automation.

•Successfully managed Operation Security for over 10 critical international missions, ensuring incident-free execution.

•Used PowerShell extensively to automate system hardening, threat detection, log parsing, and inventory tasks, supporting both tactical and enterprise cybersecurity operations.

•Employed Bash scripting in Linux-based simulation environments to automate exercises, streamline forensic log analysis, and manage containerized training labs.

INFORMATION TECHNOLOGY SPECIALIST

Inter American University, December 2012 - October 2014

San Juan, PR

•Oversaw operations at the Center of Information and Technology computer lab, ensuring efficient management of resources and facilities.

•Supervised a team of 10 work-study program employees, providing guidance and leadership to maintain high standards of performance.

•Administered and maintained the campus mainframe servers, ensuring optimal performance and reliability.

•Directed maintenance and troubleshooting for network and cabling issues, ensuring swift resolution of technical problems.

•Implemented various hardware and software upgrades to enhance overall business productivity and efficiency.

•Served as a Tutor and Teaching Assistant for Computer Science and Math majors, aiding students in developing their computer skills, including proficiency in the Microsoft Office Suite.

•Designed, implemented, and managed systems and processes for identity and access management to enhance security protocols and operational efficiency across the organization's IT infrastructure.

•Oversaw user provisioning, authentication, authorization, and access control, ensuring a secure and efficient IT environment.

•Performed Active Directory duties, including the configuration, maintenance, and troubleshooting of Active Directory environments to ensure system integrity and reliability.

•Demonstrated proficiency in Active Directory, with a strong understanding of Domain Controller operations such as promotion or demotion, along with familiarity in troubleshooting replication issues using appropriate tools.

CERTIFICATIONS

Joint Cyber Analysis Course - Information Warfare Training Center

Security+ - CompTIA COMP001020998899

Cyber Common Technical Core - Cyber Center of Excellence

Institute Spanish Level 3 - Defense Language Institute

Joint Cyberspace Operational Planner Course – USCYBERCOM

EDUCATION

Master in Science - INFORMATION SECURITY

Inter American University of Puerto Rico, November 2018

Bachelor in Science - COMPUTER SCIENCE

Inter American University of Puerto Rico, November 2014

Contact this candidate