Cybersecurity Project Manager with Clearances
Resume:
Fredericksburg, Virginia *****
TRAVIS WILSON ***************@*****.***
Cybersecurity Project Manager
Project Management Risk Assessments IT Governance Source Code Analysis Security Design and Baselines NIST Cybersecurity Framework ACAS and Nessus Vulnerability Scanning STIG’s/SRG’s/SCAP Scanning Escalation Management Technical Writing and Documentation Organizational Leadership Highly analytical, solutions-focused, and astute professional, with extensive IT experience and proven expertise in cybersecurity project management involving security assessment and authorization; risk assessment; access control; vulnerability assessment; and incident response administration.
Known for strategic and consultative leadership approach in developing and completing various cybersecurity programs, projects, and assigned tasks simultaneously, as well as the leading implementation of monitoring solutions focused on threat detection of critical business processes. Adept at performing risk assessments and audits, as well as configuring and implementing risk management framework and system security solutions to drive and guarantee high availability and optimum performance. Effective at building consensus, providing technical guidance to senior management, as well as leading and motivating teams to ensure project success. Currently has Top Secret/Sensitive Compartmented Information Eligibility Security Clearance. Bachelor of Science in Computer Science (Information Assurance) Norfolk State University, Norfolk, VA 97 Credits Acquired
— Project Management Professional (PMP)
— Certified in Risk and Information Systems Control (CRISC)
— CompTIA Security+
— CompTIA Network+
— Navy Qualified Validator (NQV) Level II
— Certified Ethical Hacker (CEH)
— Certified Information Systems Security Professional (CISSP Project Management: Project Management Integration Project Scope Management Project Schedule Management Project Resource Management Project Communications Management Project Risk Management Project Stakeholder Management
Frameworks: Federal Risk and Authorization Management Program (FedRAMP) National Institute of Standards and Technology (NIST) Risk Management Framework COBIT 5 Assessment &
Authorization:
Plan of Action and Milestones (POA&M) Risk Assessment Reports (RARs) Security Assessment Reports (SARs) System Life Continuous Monitoring (SLCM) Hardware/Software Listing Policy Creation
Software/COTS/GOTS: Nessus/Assured Compliance Assessment Solution (ACAS) Enterprise Mission Assurance Support Service (eMASS)/Host Based Security System (HBSS) Security Technical Implementation Guides
(STIG’s)/Security Requirement Guides (SRG) Security Content Automation Protocol (SCAP) Group Policy/Registry
Operating Systems: Unix Linux Windows
Direct Defense Security Solutions, ARLINGTON, VA
Cyber Security Project Manager. Sept 2023 – Present o Exemplify industry expertise in serving as an SME in the DISA Cloud Computing Program Office (CCPO) for the ongoing implementation of RMF for multiple commercial cloud-based systems (Microsoft Azure, Amazon AWS, Oracle, and Google Cloud Platform).
o Function as a senior cyber security technical advisor for the government in charge of overseeing the DoD wide-cloud effort. o Chair technical discussions with government and contracted personnel from disparate backgrounds, while communicating the department-wide goals and strategy into actionable requirements. o Implements Agile-Scrum Development methodologies for project management. o Initiate an Agile approach to instigate RMF and FedRAMP requirements against approved commercial clouds environments, such as SaaS, PaaS, and IASS.
o Contribute to the analysis and documentation of market research materials, and provide recommendations for project success.
EDUCAT I ON
CER TI FI C A TI O N S
PRO F E S S I O N A L EXPE RI E N CE
Fredericksburg, Virginia 23320
TRAVIS WILSON ***************@*****.***
Cybersecurity Project Manager
2 P a g e
o Steer efforts in integrating new plans, designs, and systems into ongoing DevSecOps environments. o Enabled the AWS Security Hub and Microsoft Defender for Cloud across all operational environments such as US Gov East, West and South. Enabled multiple frameworks such as CIS benchmark, NIST 800-53 Rev4/5, AWS foundational best practices benchmark, and PCI requirements which provided an overall security score for the operational environments. o Provided solutions to improve the overall security score by remediating open security findings across all operational environments. KONIAG, INC., ARLINGTON, VA
Senior Risk Management Specialist/Subject Matter Expert Jul 2021- Sep 2023 o Exemplify industry expertise in serving as an SME in the DISA Cloud Computing Program Office (CCPO) for the ongoing implementation of RMF for multiple commercial cloud-based systems (Microsoft Azure, Amazon AWS, and Google Cloud Platform).
o Function as a senior cyber security technical advisor for the government in charge of overseeing the DoD wide-cloud effort. o Chair technical discussions with government and contracted personnel from disparate backgrounds, while communicating the department-wide goals and strategy into actionable requirements. o Implements Agile-Scrum Development methodologies for project management. o Initiate an Agile approach to instigate RMF and FedRAMP requirements against approved commercial clouds environments, such as SaaS, PaaS, and IASS.
o Contribute to the analysis and documentation of market research materials, and provide recommendations for project success.
o Steer efforts in integrating new plans, designs, and systems into ongoing DevSecOps environments. BOOZ ALLEN HAMILTON, INC., DAHLGREN, VA
Client: Naval Surface Warfare Center Dahlgren Division (NSWCDD) V – Department Senior Cyber Architect and Engineer/Navy Qualified Validator II Sep 2019–Jul 2021 o Oversaw deadlines and schedule completion dates for the V-Department Risk Management Framework (RMF) packages. o Delivered cybersecurity testing and security control validation for the Naval Surface Warfare Center Dahlgren Division
(NSWCDD) V-Department.
o Performed security controls analysis in accordance with the security assessment plan and the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev4 assessment procedures. o Prepared the required deliverables to formulate a security authorization package, such as the Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment Report (RAR), and the Plan of Action and Milestones (POA&M). o Designed architectural and technical documentation measuring the actual accreditation boundary. o Earned a collective ingenuity award through the successful acquisition of two authorities to operate (ATOs) for the V- Department within the most difficult working environment and limitations due to Covid-19. Client: Navy Expeditionary Combat Command N7, Norfolk, VA Senior Cyber Architect and Engineer/Navy Qualified Validator II Apr 2018–Aug 2019 o Led the implementation of the RMF for multiple systems, which involved evaluating the past performance of a DoD contract proposal.
o Expertly handled the Navy Expeditionary Combat Command (NECC) N7 RMF project by creating the project charter, which defined the problem statement, project goals, funding, period of performance, client, deliverables, project milestones, scope, assumptions, risks, and dependencies.
o Managed all stakeholders and planned engagements to enable access to the client and provide updates on the progression of the project.
o Facilitated high-level briefs for the client interpreting the cyber security deficiencies and delivered direction for improvement. o Organized biweekly briefs and monthly status reports defining the current goals and progress of four of the weapon training systems that underwent the assessment and authorization (A&A) process under RMF. o Spearheaded project tasking and project knowledge that involved defining activities from sequenced to estimated activity durations.
o Determined project risks during the period of performance by creating responses to decisions, support, and risk affecting the progression of the project.
o Analyzed security requirements and established assessment objectives using manual and automatic testing tools such as Security Technical Implementation Guides (STIGs), Security Requirements Guide (SRG), Enterprise Mission Assurance Support Service
(eMASS), and Nessus/Assured Compliance Assessment Solution (ACAS) to identify open findings and areas of non-compliance. o Demonstrated adeptness in successfully completing the project and delivering satisfaction to the clients with the best results, while developing a lasting impression with all stakeholders; attaining an ATO during the period of performance. NETWORK SECURITY SYSTEMS (NSS) PLUS, FORT LEE, VA
Information Systems Security Manager Jul 2017–Apr 2018 o Led the development and implementation of the Defense Contract Management Agency (DCMA) IA program, while providing information security technical support in the area of cybersecurity and assessment and authorization (A&A) to high-level government officials.
Fredericksburg, Virginia 23320
TRAVIS WILSON ***************@*****.***
Cybersecurity Project Manager
3 P a g e
o Rendered security oversight for four programs within DCMA and subordinate commands, and assisted with DCMA security measures, analysis, periodic testing, evaluation, verification, accreditation, and the review of information system installations. o Administered approximately 30 to 400 assets across all four programs. o Played a key role in ensuring all Information System Security Officers (ISSOs) received the necessary technical or management cybersecurity training, education, and certifications required to carry out their respective duties. o Maintained system users in compliance with DoD 8570 compliant and ensured completion of training and certifications for DCMA cybersecurity workforce personnel.
o Acted as a member of the Change Advisory Board (CAB), in charge of guaranteeing the requirements for change were met and well documented according to DCMA policies and procedures. o Prepared reporting procedures and ensured security violations and incidents were properly reported to the Computer Security Service Provider (CSSP) and the appropriate DoD reporting chain, as required. o Formulated security solutions and offered countermeasures to mitigate risks caused by technical, policy, or procedural shortcomings.
JACOBS TECHNOLOGY, CHINA LAKE, CA
Navy Qualified Validator II Jul 2016–Jul 2017
o Contributed to the development of a proposal for a DoD contract that was up for recompete. o Displayed competency in delivering cybersecurity analyst support for the Naval Air Warfare Center Weapons Division
(NAWCWD), while collaborating with various clients and the Command Information System Security Manager (ISSM) to strengthen new cybersecurity policies, disciplines, and practices required by the Navy and DoD. o Developed written Risk Management Framework (RMF) validation strategies in support of NAWCWD using acceptable practices, processes, and approaches based on NIST Special Publication (SP) 800-53A. o Thoroughly examined the security posture of classified and unclassified Information Systems (IS) using a variety of automated tools, such as Assured Compliance Assessment Solution (ACAS) and Vulnerator. o Completed A&A test plans and validation procedures, and analyzed validation results, findings, and weaknesses for Risk Assessment Report (RAR), Security Assessment Report (SAR), and Plan of Action & Milestone (POA&M). Computer Network Defense Specialist II Jul 2016–Oct 2016 o Exemplified skills in evaluating, tracking, and scanning Research, Development, Test, and Evaluation (RDT&E) networks for Communication Tasking Order (CTOs) and Information Assurance Vulnerability Management (IAVM) compliance. o Determined adverse network trends, ineffective practices or procedures, and equipment shortcomings. o Demonstrated adeptness in formulating, engineering, and executing cybersecurity solutions which enhanced security posture while adhering to all applicable rules, regulations, procedures, and policies. Information Assurance Security Specialist Apr 2015–Jul 2016 o Maintained all Army command systems in accordance with higher authority regulations. o Developed and administered security requirements based on the analysis of policies, Army regulations, and DoD requirements. o Executed Independent Verification and Validation (IV&V) of Army test labs, and formulated test plans to conduct vulnerability testing, analysis, and remediation of Army tactical information systems and applications throughout all phases of the system development life cycles.
o Instigated Security Content Automation Protocol (SCAP) compliance auditing and analysis including vulnerability analysis using Nessus, Assured Compliance Assessment Solution (ACAS), and Fortify. o Provide technical support in arranging and validating security rollups disc for various system administrators including the latest Security Technical Implementation Guides (STIGs).
NORFOLK STATE UNIVERSITY, NORFOLK, VA
Washington Baltimore Hampton Roads (WBHR), Louis Stokes Alliance for Minority Participation (LSAMP) Paid Research Intern Jun 2013–Jan 2014
o Worked on a project that consisted of a taxonomy that demonstrated steganography and steganalysis methods for classified environments.
o Designed taxonomy based on techniques, strengths, and weaknesses of steganography and steganalysis tools to hide and retrieve secret data in different file formats (e.g., audio, video, and/or images). NORFOLK STATE UNIVERSITY, NORFOLK, VA
Paid Research Intern, STARS-PLUS
Paid Research Intern, WBHR, LSAMP
Paid Research Intern/Computer Lab Technician
EAR L I E R CAR E E R
Contact this candidate