IT Support, Information Security, IT Professional and Manager

Richard Dentler

Beaverton, OR *****

E-mail: ********@*****.*** Phone:360-***-****

https://www.linkedin.c om/pub/richard- dentler /40/389/832 EXECUTIVE SUMMARY

More than 30 years of experience in a management role leading, guiding, and supervising staff to align provided services with the organization’s strategic plan. Able to efficiently lead the organization through change and evolving technology via superior business relationship management, leadership, interpersonal, and technical skills to meet both long term and daily operational challenges. PROFESSIONAL EXPERIENCE

Supervisory IT Specialist, Portland Veteran Benefit Administration / Healthcare System, May 2023 to Present GS-13, 40 hours / week

- Direct supervisor for eight employees providing IT support services at the VA Portland Regional Office and Health Care System, which is composed of two medical centers, ten community outpatient clinics across a diverse geographic area, one National Cemetery and a Veteran’s Benefits Administration. Frequently serves as Acting Area Manager (AM) in his absence and fulfilled a temporary promotion for 120 days while current AM was away on official VA detail.

- Research, test, and plan for the integration of new and emerging information technologies as key components of the enterprise architecture.

- Review, analyze, and evaluate vendor proposals to determine appropriateness of potential technology and technical service acquisitions. Review local and regional hardware and software scans: NESSUS, SCCM, CMBC, IBM BigFix, Splunk, Wireshark and other IDS/IPS systems. Maintain numerous dashboards to monitor compliance and to implement and manage plans to mitigate risk or generate risk-based decision recommendations for the Area Manager.

- Outstanding communication skills allows successful professional interaction with top administration and hospital executives, end users, and OIT staff.

- Collaboratively, work with the Information Systems Security and Privacy Officers in maintenance of the area Governance, Risk, and Compliance program for the protection of agency information and tracking all security controls, Control Correlation Identifiers and POA&Ms within the Enterprise Mission Assurance Support Service cloud platform validating compliance with NIST 800-53 standards and renewal for expiring Authority to Operate.

- Responsible for the implementation, evaluation, and development of process improvement and refinement of IT processes and technology in accordance with IT management priorities and objective. Manage activities to ensure projects activities maintain schedule.

- Review and update organizationally required documentation such as annual Information Security Contingency Plan, Disaster Recovery Plan, Incident Response and System Security Plan.

- . Develop responses to outside entities such as the Office of Inspector General or other visits for Office of Information Technology Portland. Key player in latest OIG FISMA assessment with positive results. Work daily using Risk Management Framework for information systems with the collection and analyzing of data for Performance Based Checks to maintain compliance posture with security controls and strengthening the areas that need it.

Information Security Specialist (INFOSEC), Bonneville Power Administration, Jan 2023 – May 2023, 40 Hours / Week.

- Perform technical risk and vulnerability assessments of relevant technology focus areas including local computing environment, network and infrastructure, supporting infrastructure, and applications.

- Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions.

-Analyze vulnerabilities to appropriately characterize threats and provide remediation recommendations. Identify critical flaws in applications and systems that cyber attackers could exploit within all control center technologies.

- Develop and draft Transmission Operations Standard Operating Procedures (SOPs), checklists, guides, best practices and procedures for conducting vulnerability assessments. Information Systems Security Program Manager, Health Share of Oregon, June 2022 – Jan 2023, 40 Hours / Week.

- Ensures Health Share’s information security posture is complete and robust to support its approximately 65 staff members and 400,000 healthcare recipients through coordinated care with five major Integrated Delivery Systems

/ Integrated Care Networks spanning three major counties in Oregon. Partners with business leaders across the enterprise to oversee and mature information systems (IS) security policies and processes. Assesses and monitors internal IS teams and external technology partners for security risk and compliance.

- Design, implement, and oversee an effective IS Security Program ensuring information system security objectives are met and aligned with applicable regulations, such as SOC2, HIPAA / HITRUST and NIST SP 800- 53. Perform formal internal and external assessments of security controls against cybersecurity best practices to identify gaps, generate reports on assessment findings and participate in the development and support of required corrective action plans. Maintains the Information Security Roadmap and reports its progress to IS department leaders and Health Share’s executives.

- Provides ongoing oversight of the IS Incident Response Plan, coordinate training for participating teams and lead the design and execution of periodic testing of the IS Disaster Recovery Plan.

- Ensure information security awareness training content is current and comprehensive and all Health Share staff successfully complete the required annual training. Routinely runs internal phishing attack simulations.

- Investigates IS security incidents and leads a vulnerability management program to prioritize remediation efforts with other teams to document and track program effectiveness. Continuously assess endpoint security control coverage; escalating gaps to appropriate teams for corrective action required.

- Monitor partners and third parties for compliance with Health Share security policies, contracts, and government regulations by performing audits, IS delegation and vendor security oversight. Information System Security Manager, Northern California VA Healthcare System, Sept 2019 – June 2022 GS-14, 40 hours / week

- Responsible for multi-faceted cybersecurity operations. The importance of encompassing Cybersecurity, people, network, systems, etc. is crucial to the security of customer’s personal and health data.

- Supervise thirteen Information System Security Officers (ISSO)s that manage the confidentiality, integrity and availability of healthcare and personal information for four Veteran Affairs (VA) Healthcare Systems to include two overseas areas and four Northern California VA medical centers, their associated Community Based Outpatient Clinics, National Cemeteries, Veterans Benefit Administrations and local Veteran Centers. This is accomplished through planning, organizing, and supervising the activities of a geographically dispersed workforce of ISSOs, ensuring that each area of responsibility within their assigned geographical area complies with legal and regulatory requirements and meets customer needs.

- Utilizes the Risk Management Framework (RMF) for the identification, application, and management of security controls for VA information technology (IT) systems to mitigate IT security risk.

- Manages Governance Risk and Compliance (GRC) system, Enterprise Mission Assurance Support Service

(eMASS) for the above areas to support the Authority to Operate. All four Area Boundary information systems have been compliant with requirements and authorized to operate.

- Provide leadership, advice, and support for Office of Inspector General (OIG), Federal Information Security Management Act (FISMA), Federal Information System Controls Audit Manual (FISCAM) for all managed systems and a variety of IT security issues, policies, standards, and guidelines, and apply them to the operational environment by conducting analyses and recommending resolution to complex issues affecting security. Supervisory IT Specialist, Portland VA Healthcare System, December 2015 to September 2019 GS-13, 40 hours / week

- Supervise fourteen employees, providing IT support services at the VA Portland Health Care System, which is composed of two medical centers, ten community clinics across a diverse geographic area, one National Cemetery and a Veteran’s Benefits Administration.

- Ensure hardware and software support, including installation, configuration and troubleshooting, system integration, IT Project execution for approximately 7000 users and 5500 endpoints, and inventory compliance for over 20,500 items meeting organizational expectations.

- Manage responses for helpdesk tickets, with an average of over 1660 monthly tickets. Research, test, and plan for the integration of new and emerging information technologies as key components of the enterprise architecture.

- Review, analyze, and evaluate vendor proposals to determine appropriateness of potential technology and technical service acquisitions. Review local and regional hardware and software scans: NESSUS, SCCM, CMBC, IBM BigFix, Splunk and other IDS/IPS systems. Maintain numerous dashboards to monitor compliance and to implement and manage plans to mitigate risk or generate risk-based decision recommendations for the Area Manager. Frequently serves as Acting Area Manager his absence.

- Maintain active membership on various cross-functional teams such as Capital Equipment Committee, Space and Move Committee, Activation Project Committee and District Leadership Team. Possess excellent communication skills which allows me to successfully interact professionally with top hospital executives, end users, and OIT staff.

- Collaboratively, work with the Information Systems Security Officers, Privacy Officers and the Freedom of Information Officer in the protection of agency information. Responsible for the implementation, evaluation, and development of process improvement and refinement of IT processes and technology in accordance with IT management priorities and objective. Manage activities to ensure projects activities maintain schedule.

- Manage Governance, Risk, and Compliance (GRC) software platforms, tracking all security controls and POA&Ms.

- Review and update organizationally required documentation such as annual Information Security Contingency Plan and Disaster Recovery Plan. Develop responses to outside entities such as the Office of Inspector General or other visits for Office of Information Technology Portland. Work daily using Risk Management Framework for information systems with the collection and analyzing of data for Performance Based Checks to maintain compliance posture with security controls and strengthening the areas that need it. Adjunct Faculty Member, DeVry University, Twentynine Palms, CA, February 2015 - December 2015 6 hours / week

- Developed lesson plans to facilitate instructional curriculum to include instructional aids. Developed instructional material from approved curriculum in accordance with assigned schedule to ensure student achievement. Provide feedback to students to gauge comprehension. Counseled students on matters relating to academics, behavior, and attendance. Used eCollege learning portfolio management system. Chief Information Officer (CIO), Naval Hospital, Twentynine Palms, CA - April 2014 to December 2015 O-3E, 40 hours / week

- Technical supervisor for the Information Management Department. Responsible for delivery of effective and efficient utilization of all information resources in direct support of the organization’s strategic plan. Led an Information Management Department for a 24-bed hospital providing care for over 20,000 beneficiaries while supporting over 800 staff spanning 19 local and remote locations. Locations included three remote health clinics spread over three counties.

- Developed, sustained, and advanced an information infrastructure in support of clinical and administrative information systems by involving healthcare providers and administrative staff. Served as a member of the Executive Steering Committee. Developed strategic planning by establishing both short- and long-term goals within the IT framework for the organization.

- Established robust security posture for the organization by creating, updating and enforcing local security policies and procedures and ensuring that all IT equipment met organizational security policies, procedures, and guidelines established by the Department of Defense (DoD), Department of the Navy, Bureau of Medicine & Surgery, and other government entities. Attained numerous accomplishments through knowledge of principles and practices related to the management of healthcare delivery systems including how various systems interact to provide patient care.

- Managed departmental budget and equipment valued at approximately two million dollars.

- Coordinated upgrade of organizational security and vulnerability scanning software and policies that mitigated more than 5000 vulnerabilities. Further security posture enhancements obtained though policy changes such as implementing two-factor authentications for access to the entire organizational network, implementing port security, GPO updates, enforcement of configuration standards for DoD Information Assurance (IA) and IA- enabled devices/system through implementation of Security Technical Implementation Guides (STIGs) and performing agency wide end user training on information assurance guidelines and expectations.

- Managed Memorandums of Understanding with local agencies. Examples are the Army G6 fiber connection to the hospital, Dental Clinic use of the Navy Medicine Network and Cooper Mountain College Certified Nurse Assistant student work-study access and identity management for using the Navy Medicine network.

- Led a diverse staff of 18 to include different disciplines of information management including helpdesk, networking, virtualization, information assurance, program of records, cybersecurity, compliance, software and hardware, infrastructure and ancillary services support. Implemented a standardized helpdesk trouble ticketing system and trained helpdesk staff lowering average IT trouble tickets by 88%.

- Collaborated with key stakeholders in development and implementation a regional telemedicine pilot program which yielded a cost avoidance that saved financial resources which otherwise would have been lost; while increasing efficiency of programs and customer satisfaction. Manpower Analyst, Bureau of Medicine & Surgery - Bethesda, MD – May 2010 to June 2012 O-3E, 40 hours / week

- Personnel advisor to Bureau of Medicine and Surgery (BUMED), Chief of the Dental Corps, Officer Community Manger, Navy Personnel Command, and 17 Dental Specialty Leaders in managing over 1,000 Navy Dental Officers. Key player in supporting Navy Medicine’s mission by determining the appropriate mix of high-quality medical department officers through analyzing Navy Medicine’s current and future personnel needs and develop plans designed to meet those needs including personnel plans (strength, promotion, accession, training, and re- designation). Retrieved, processed, and interpreted raw data from a variety of sources; prepared substantive reports based upon interpretation of findings. Computed monthly, quarterly, and ad hoc Medical Department reports; ensured accurate and current data are maintained in the database systems in use. Prepared and analyzed statistics on the Medical Department for use in oral and written reports to Congress, various federal government agencies, the Department of Defense, and the Department of the Navy. Conducted audits on Medical Department officer personnel transactions and orders as they affect the processes of promotion, augmentation, training, obligated service, extensions of active duty, and gains and losses to the Navy Medicine active-duty list. Served as Legal Officer and Command Ethics Officer for Navy Medicine Manpower, Personnel, Training and Education. Direct representative, and advisor, to the Corporate Executive Officer on all legal matters for all employees of the company. Processed all charges and prepared all paperwork for legal issues regarding employee violations of compliance and ethical standards. EDUCATION & IT CERTIFICATIONS

Certified Information Systems Security Professional (CISSP) September 2014 - Present Fellow, American College of Healthcare Executives November 2008 – April 2018 Master of Science Network Operations and Technology, Naval Postgraduate School, Monterey, CA - 2014 Master of Healthcare Administration, Baylor University - San Antonio, TX - 2007 Bachelor of Science in Healthcare Management Southern Illinois University, Carbondale, IL - 2003

Contact this candidate