Information Systems Security Officer
Resume:
LAVELL C. SPENCER
ACTIVE TS/SCI
******.*******@*****.***
PROFESSIONAL SUMMARY
Dynamic cybersecurity executive with 17+ years of leadership in risk management, governance, and IT security across DoD, federal contracting, and military environments. Proficient in orchestrating strategic Assessment & Authorization
(A&A) activities under NIST RMF, managing ATO for SAP, Collateral, and SCI networks, and driving compliance with industry-leading standards, including NIST 800-37/53 and DoDM 8140.03. Renowned for translating complex frameworks into actionable security strategies, mentoring specialized teams, and collaborating with senior stakeholders to reduce enterprise cyber risk by over 25%. Extensive expertise in vulnerability management, continuous monitoring, incident handling, and process optimization—all while future-proofing organizational security posture. Holds active TS/SCI clearance and multiple IAM III/IAT III certifications.
Risk Management Framework
Xacta/eMASS
Security Impact Assessments
Stakeholder Engagement
Governance, Compliance & Audit
Readiness
Security Documentation
POA&M Management
Vulnerability Assessment
Incident Handling
Continuous Monitoring
Database Management
Configuration & Change
Management
PROFESSIONAL HISTORY & VALUE IMPACT
ITI Solutions Inc. – Lackland AFB, San Antonio, TX Aug 2025 – Present Security Engineer Data Security Analyst IV
Provided advanced cybersecurity engineering support to 16th Air Force (IS3), executing Risk Management Framework
(RMF) assessments and security authorization processes for Air Force Intelligence Community (AF IC) systems. Applied NIST 800-series standards and DoD cybersecurity policies to protect classified networks and ensure continuous authorization in dynamic operational environments.
Executed end-to-end RMF processes using Xacta and eMASS platforms, managing A&A workflows for systems operating in Collateral, SCI, and SAP environments to maintain continuous ATO compliance.
Developed Risk Assessment Reports (RARs), Plan of Action and Milestones (POA&Ms), and security control implementation guidance aligned with NIST 800-37 Rev 2 and NIST 800-53 Rev 5.
Conducted vulnerability assessments and security scans using AF IC-approved tools, analyzing system architectures across Windows, Linux, and DoD Cloud environments to identify and remediate security gaps.
Authored and maintained A&A documentation packages, including assessment methodologies, Interim Authorization to Test (IATT), Critical Design Review (CDR), Continuous Monitoring Review (CMR), and ATO packages for inspection readiness.
Collaborated with cross-functional teams to implement security controls addressing confidentiality, integrity, and availability requirements, reducing risk exposure through systematic vulnerability remediation and patch management.
Supported global assessment missions, providing on-site security engineering expertise and RMF evaluation services to geographically dispersed AF IC units.
Software Engineering Services (SES) – Lackland AFB, San Antonio, TX Mar 2025 – Aug 2025 Information System Security Officer (ISSO) RMF Lead Lead execution of Risk Management Framework (RMF) processes for DoD networks to attain and sustain Authorization to Operate (ATO) across Cloud and on-premises environments. Oversee creation and continuous maintenance of ATO packages, System Security Plans (SSP), and documentation in alignment with NIST SP 800-37, NIST SP 800-53A Rev 5, Cloud Security Requirements Guide (SRG), and DoDM 8140.03.
Document security controls and implementation evidence in SSPs per NIST SP 800-53A, ensuring traceability and audit readiness for inspections and accreditations.
Develop, validate, and manage ATO packages, including vulnerability and risk assessment analysis, and risk-based mitigation strategies to support system accreditation and continuous monitoring.
Perform technical assessments and utilize multiple information system inspection tools to audit networks, analyze vulnerabilities, and recommend effective mitigation approaches.
Lead Security Impact Assessments (SIA) for hardware/software changes, collaborating with Information System Security Managers (ISSMs), Authorizing Officials (AOs), and cross-functional teams.
Author and review all RMF documentation—including SOPs, After-Action Reports, policy/procedure guides—and ensure accuracy and compliance within eMASS and Xacta platforms.
Conduct system design evaluations to ensure security integration in architecture, focusing on network topology, system security boundaries, and data flow diagrams in complex classified environments (Collateral, SCI, SAP).
Support incident handling, compliance tracking, and continuous vulnerability remediation efforts, achieving measurable reductions in enterprise risk exposure.
Stay current on Security Technical Implementation Guides (STIGs), DoD/IC policy, National Institute of Standards and Technology (NIST) guidance, and emerging cloud security best practices. ITI Solutions Inc. – Lackland AFB, San Antonio, TX Jul 2024 – Mar 2025 Cybersecurity Training Manager Senior Technical Trainer Designed and delivered advanced cybersecurity training programs for ISSOs and ISSMs, ensuring compliance with NIST RMF and ISO 27001 standards. Focused on enhancing team readiness, improving compliance metrics, and reducing cybersecurity risks in classified and unclassified environments.
Developed training for ISSOs/ISSMs across SAP/SCI systems, aligning with RMF and ISO 27001 standards.
Delivered 50+ multimedia modules and live instruction, improving compliance by 30% and readiness by 25%.
Integrated advanced threat analysis and vulnerability management into SAP-focused training.
Achieved 100% audit compliance in classified environments through proactive education and awareness. Valdez International Corp. – Lackland AFB - San Antonio, TX Mar 2022 – Jul 2024 Enterprise Governance Enterprise Information Technology Specialist Managed IT governance and compliance projects to align operational objectives with organizational goals. Enhanced cybersecurity resilience and efficiency through strategic planning, policy development, and stakeholder collaboration.
Supported enterprise IT governance and compliance for DoD programs, ensuring audit readiness for SAP-related operations.
Standardized vendor security compliance protocols, achieving zero critical findings during inspections.
Conducted configuration management reviews and third-party risk assessments, cutting onboarding delays by 25%.
Briefed senior leadership on cyber risk posture, driving secure cloud migrations that cut costs 15%. UNITED STATES ARMY – Various Global Locations Jun 2008 – Mar 2022 IT & Cybersecurity Supervisor Network and Computer Systems Administrator Supervised IT and cybersecurity operations for mission-critical systems, ensuring network stability and security compliance. Led training programs to enhance team proficiency and implemented cybersecurity measures to safeguard sensitive data.
Read into SAP; managed daily security operations for mission-critical DoD systems.
Supervised 42-member IT/cyber team, achieving 99% readiness and reducing downtime by 15%.
Conducted compliance inspections aligned with RMF and DoD standards, sustaining 99% mission readiness.
Led vulnerability assessments, cutting critical failures by 25% and enhancing operational reliability.
Delivered cybersecurity and awareness training to 40+ personnel, improving cyber defense proficiency by 30%. EDUCATION / CERTIFICATIONS
Bachelor of Science, Cybersecurity & Information Assurance Western Governor’s University Master of Business Administration, Information Technology Management Western Governor’s University (In Progress) Certified Information Security Manager (CISM) (IAT/IAM Levell III) CompTIA Advanced Security Practitioner (CASP+/SecurityX) certification (IAT Level III) Other CompTIA certifications: CySA+ Sec+ Project+ Net+ A+ Pen+
Contact this candidate