Business-To-Business Information Security
Resume:
David A. Abdo
703-***-**** January *, ****
OBJECTIVE: Continue my professional career in Security Governance and Risk, Fraud Investigations, and Information/Cyber Security disciplines. I continue to provide my expertise to Government and Commercial entities in obtaining CMMC, FedRAMP, physical security and system certifications and authorizations. I am an expert in many much-needed cybersecurity and compliance skills required by organizations and businesses today. I have personally conducted hundreds of Risk Assessments throughout my career. I am currently a licensed and bonded Compliance Officer and Private Investigator for the Department of Criminal Justice Services (DCJS) in Virginia. As a previous business owner, I am available to assist businesses in achieving their goals for success.
PROFESSIONAL EXPERIENCE:
05/09/2022 to
November 2023 Contractor Analyst, Security Information Security Issues Management professional for NFCU.
• Worked in the Security Risk and Governance Section o Investigated Internal Fraud activities.
o Developed and reviewed Suspicious Activity Reports (SAR) o Security Analyst in Information Security Issues Management (SIM)
• Expert in the NFCU Logic Manager Platform
• Aided business units in understanding security issues management.
• Conducted annual cybersecurity evaluations, reviewed the evaluation results with staff, and reported on performance.
• Conduct periodic risk assessments of information assets as part of a risk management program.
• Implement policies and procedures based on risk assessments to secure information assets.
• Establish a security management structure to assign explicit individual roles, responsibilities, authority, and accountability.
• Developed remediation and action plans.
10/01/2020 to
Present Created a new start-up company (Cavalier Security Services, LLC) to provide cyber- security, fraud, and compliance consulting services to Government and Commercial Clients.
• Provided Security Manager services to MW industries to prepare them and their over 100- Government supply line contractor/vendors in preparation for CMMC certification.
• Provided various consulting tasks on behalf of 3 GC Pandoblox, LLC a Los Angeles, CA based company to include:
o Cybersecurity Program Risk Assessments
o Policy and Procedure Reviews
o Incident Response
o Virtual Chief Information Security Officer (CISO) o Customer Security Training
o Risk Analysis
• Licensed Private Investigator
Senior Private Investigator 2006 – 2024
• Conducted data-driven investigations on 90+ fraud cases per year, fully substantiating claims and recovering over $21M+ in misused funds.
• Streamlined surveillance operations by leveraging modern tech tools, achieving a thirty five percent increase in efficiency and 30% in cost savings.
• Established an effective internal process for evidence collection; Reduced case resolution time by 20% without compromising quality.
• Led a multidisciplinary team of eight investigators, achieving a 98% success rate in skip tracing operations.
• Developed and presented 55+ detailed reports to clients highlighting findings, contributing significantly to a 90% client retention rate.
• Testified in court trials/hearings on behalf of client attorneys.
• Conducted over 650 comprehensive background checks for multiple clients, for potential hires, and criminal backgrounds, maintaining 100% accuracy and improving the hiring process for the clients.
• Managed extremely sensitive investigations into intellectual property rights, safeguarding company ideas and patent rights.
• Implemented robust security operations protocols, reducing incidents by 70% and improving overall safety.
• Worked with local authorities, supporting and carrying out criminal investigations.
• Contributed to fact-finding for 80+ case files all within legal guidelines. 1993 to CEO/OWNER
9/30/2020 Missing Link Communications, LLC. 13241 Woodland Park Road Suite 500 Herndon, VA 20171.
• Driven by enterprising spirit, established and managed Missing Link Communications, LLC, a Service-Disabled Veteran Owned Small Business (SDVOSB)
• Managed teams of Cybersecurity experts at DOJ, DHS, FBI, DOE, DOD and other Federal agencies.
• Operational Risk Management Framework (RMF) – Performs Operational Risk assessments to determine the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, and includes Legal and Reputational Risk.
• Expert in CMMC Framework preparation and obtaining certification.
• Expert in FedRAMP certifications and creating a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
• Performs Risk Analysis, Risk Management, Vulnerability Assessments, Security Posture Evaluations, and Security Assessments & Authorization SA&A.
• Develop Security Plans, Disaster Recovery Plans, and develop Security Policy and Procedures for Government and Commercial customers.
• Performs Privacy Impact Assessments (PIA)
• Performs System and Facility Certification & Accreditation (C&A) activities utilizing DCID 6/3, DITSCAP, DIACAP, NIACAP and NIST Guidelines
• Physical Security Expert – Certifies and Accredits Data Centers, Special Compartmented Information Facilities (SCIFs), and other “Information Facilities.”
• Develops Trusted Facility Manuals (TFM), Security Features Users Guides, (SFUG), Test Plans, and other documentation in support of C&A and SA&A activities.
• Conducts Security Awareness training, Risk Management and “How to Write” Security Policy Seminars for Government and Commercial clients. Served as the company Facility Security Officer (FSO) from 1999 to 2018 where I managed, administered and coordinated the DOD and the industrial security program to ensure compliance with government and company security policies and procedures. Processed and reviewed personnel security clearances and maintained all security documentation, files, and clearance and suitability rosters in accordance with government requirements. Over 30 years of experience utilizing the NISPOM and other Industrial security requirements for DOD and other Federal agencies.
• Built two SCIF’s, certified/accredited, and maintained accreditation on both facilities.
• Managed and maintained the company Facility Clearance (FCL) in accordance with DSS requirements.
• Developed annual refresher training preparing necessary documentation in support of the DSS audits.
• JPAS and DISS (Replaced JPAS)
• Scattered Castles Personnel Security Database for Intelligence Community (IC) Additional
Experience Principal Computer Security Analyst and Certification Team Lead at the Federal Bureau of Investigation working on a Sub-contract to Missing Link (December 2001 – 2009)
As Team Lead of 9 contractors and 1-Government employee on the New Systems Certification Unit
(NSCU), provided Information Security Services and Assistance in support of the Federal Bureau of Investigation (FBI), on-site at the JEH Building, Washington, D.C., and Quantico VA to include:
• Providing secure investigative information systems that directly support the FBI's mission with new technologies to assist investigations and prepare for litigation, where the integrity, availability and security of the information is essential.
• Conduct Certification and Accreditation (C&A) evaluations; apply DCID 6/3, DITSCAP and NIACAP standards to computer systems and provide information security support to the FBI as required.
• Security Certification Officer (SCO) for the first eight deployments of the Joint Terrorism Task Force (JTTF) Information Sharing Initiative (ISI) offering the first ever information sharing effort of its kind for the bureau providing information output to investigators and analysts in key JTTF locations around the country. The key to success for this data warehouse project was balancing the compliance with federal, state, and local laws, rules, and protocols with respect to privacy, security, and integrity of the data contained within the warehouse.
Senior INFOSEC Analyst and Consultant for Cameron Consulting Group, (CCG) McLean VA
As Program Manager, provided Information Security Services and Assistance in support of CCG for the Defense Security Service (DSS).
Senior INFOSEC Analyst & Consultant for DCS Corporation Alexandria, VA Provide guidance and direction to certify and accredit (C&A) existing and proposed Data Centers
(Systems and Facilities) for DCS’s customers meeting the criteria defined in the DITSCAP and User Agency regulations. The evaluations included recommendations for what may have to be done and how long it will take to meet the criteria set up for NIST/NSA conformance for a data center. Senior INFOSEC Analyst and Consultant for Integrated Technologies, Inc (ITEQ) Silver Spring MD
Provided Information Security Services and Assistance in support of ITEQ for the Defense Information Systems Agency (DISA) Project Eagle Security Transition task to include: Senior INFOSEC Analyst and Consultant for Information Technology Management, Inc (ITM) Alexandria, VA
Provided Information Security Services and Assistance in support of ITM for the Health Resources Services Administration (HRSA), Health and Human Services (HHS) and the Ricky Ray Program to Include:
Senior INFOSEC Analyst and Consultant for Fannie Mae Corporate Headquarters, Washington, DC
Provided Information Security Services and Assistance to Fannie Mae Corporate Information Security Management Office to Include Risk Assessments and Physical Security Inspections of Fannie Mae Critical Applications and key Fannie Mae Business Offices. Senior INFOSEC Analyst and Consultant for Emerson Electric CO. Corporate Division, St. Louis
Prepared Emerson Electric's Corporate Internet and E-Commerce Policies for use by all offices worldwide.
Senior INFOSEC Analyst and Consultant for Logicon Inc., a Northrop Grumman Company Conducted a vendor Multi-Level Security (MLS) Capability Analysis that included an independent assessment of how the DOD and U.S. Government view multiple vendors MLS capabilities and or plans.
Senior INFOSEC Analyst and Consultant for Corbett Technologies Inc Performed on-site Security Test and Evaluation (ST&E) of the Environmental Protection Agency
(EPA), Washington Information Center (WIC).
Senior INFOSEC Analyst and Consultant for TROY Systems, Inc Program Manager for all INFOSEC Projects in support of the Nuclear Regulatory Commission
(NRC)
Senior INFOSEC Analyst and Consultant for General Research Corporation International, Inc. (GRCI)
Performed on-site Certification & Accreditation activities to include Performing Risk Analysis, Developing Security Test & Evaluation Documentation and System Test Plans for Blue Cross Blue Shield of South Carolina (BCBSSC). INFORMATION SECURITY AND RISK MANAGEMENT CONSULTANT Norman Data Defense Systems, Inc.
Performed multiple on-site Risk Analysis providing clients with Vulnerability Assessments, Risk Management, Security Plans, Disaster Recovery Plans, System and Facility Accreditation, Security Policy and Procedures.
SECURITY CONSULTANT - EDS CORPORATION
• Performed Certification & Accreditation activities to include Performing Risk Analysis, developing Security Plans, System Test Plans and Evaluation Reports, Trusted Facility Manuals (TFM), and Security Features User Guides (SFUG).
• Developed and conducted formal Security Awareness Training program for EDS and contractor personnel.
• Selected to be a member of the Technical Consulting Team (TCT) for Corporate EDS. AIS SECURITY ANALYST AND COMMUNICATIONS SPECIALIST Data Systems Analysts (DSA)
• Created Local Area Network (LAN) and Wide Area Network (WAN) contingency plans, and system security plans for B2 and C2 Accreditation.
• Performed risk analysis surveys to provide disaster recovery alternatives for DOD LAN and WAN Network Managers.
COMMUNICATIONS AND SECURITY MANAGER
Office of the Asst. Secretary of the Air Force, Pentagon, Wash DC
• Managed a worldwide secure communications system in support of high priority, national level, and Special Access Required (SAR) projects.
• Directed operational commands in project implementation, user training, and logistics and communications systems maintenance.
• Managed an annual communications budget of $3 million.
• COMSEC Responsible Officer (CRO) for a worldwide account with over 2200-line items. Reutilized "Program" assets by transferring Top Secret Cryptographic equipment, saving over $1.2 million in communications funds.
• SCI Facility manager for “Special Projects” community. Responsible for the renovation of Pentagon SCIFs and "Program" SCIFs throughout the country. EDUCATION: Master of Science Degree - Computer Information Systems LaSalle University
Contact this candidate