Profiles search

Benjamin Hill, CISSP

Data Security & Governance Specialist
Arlington, VA, United States

Details

Education: Master of Science (M.S.)

Information Technology

University of North Carolina at Charlotte

2006 : 2007

Bachelor of Science (B.S.)

Computer Science

University of North Carolina at Charlotte

2003 : 2005
Experience: Contract :

• U.S. Securities and Exchange Commission

Notable Accomplishments :

• Creation of a Zero Trust data flow architecture for the agency data tagging and tracking solution.

• Creation of a Zero Trust data tag schema for the agency data tagging and tracking solution.

• Developed an initial cloud controls baseline for the data tagging solution for the agency.

• Ran two short term project teams (3-5 members) on the development of proof of concepts to update infrastructure/applications to incorporate Zero Trust data requirements.

Responsibilities :

• Advise the Chief Data Officer (CDO) on data security and governance concerns.

• Advise the Enterprise Data Architect on data security and governance matters.

• Lead Zero Trust efforts for the Office of the Chief Data Officer (OCDO); With a priority on researching and piloting an automated enterprise AI/ML solution to categorize and tag all sensitive agency data.

• Drive agency data governance priorities of the Office of the CDO (OCDO) forward throughout the enterprise.

• Conduct interviews, and information sessions, with division and office leadership on further harmonizing data practices, processes, and policy in the agency.

2021 : Present

Metric5

Senior Information Security Consultant

Contract :

• U.S. Securities and Exchange Commission

Notable Accomplishments :

• Worked with executive management, senior officers, and C-Suite staff of all divisions/offices of the agency to create an enterprise-wide data security policy. **

• Creation and implementation of an agency standard for data security classifications and categorizations.

• Restructured the agencies old data governance bodies (boards, working groups, etc.) with the Chief Data Officer (CDO) into a new consolidated implementation where agency leadership could receive consolidated feedback from across the enterprise in one forum.



Responsibilities :

• Advise the Chief Data Officer on data security and governance matters.

• Drive agency data governance priorities and standards, by way of the Office of the CDO (OCDO), through the enterprise.

• Coordinate OCDO data governance discussions, meetings, and progress across two dozen offices and divisions within the agency.

• Conduct interviews, information sessions, and working groups with division/office stakeholders on further harmonizing data governance processes and policy in the agency.

** Worked with executive management, senior officers, and C-Suite staff of all divisions/offices of the agency to create an enterprise-wide data security policy. This includes data sensitivity classifications, criteria for each sensitivity, guidelines for moving data between sensitivities, and best practices for handing of various security functions (access, usage, sharing, etc.). Creation and coordination of policy information involved over two dozen interviews with senior officials (C-Suite Executives, Directors, Assistant Directors, Senior Officers). This effort also included as part of the creation process half a dozen knowledge sharing sessions with external parties (Universities and Commercial) to gather feedback regarding successes and failures of best practices implementation.

2019 : 2021

Chevo Consulting, LLC

Senior Information Security Consultant

Contract :

• National Science Foundation

Responsibilities :

• Oversee agency IT account management metrics for internal and external reporting purposes (multiples avenues of reporting)

• Assist the NSF DIS IT Security Policy and Plan Leads with annual FISMA, A-123, Financial Statement and IT control audits.

• Planning and preparation for coordination with external auditors, NSF Office of Inspector General (OIG), and other NSF staff.

• Coordinate meetings requested by external auditors & OIG with NSF personnel (e.g. system walk-throughs, security control reviews).

• Support IT Security Policy and Planning Leads at meetings with prepared research.

• Briefs IT management personnel at relevant meetings regarding Cybersecurity Risk Management and Policy.

• Conduct quality control of audit artifacts (review, update, and coordination) for delivery to auditors.

• Track audit-related performance metrics (e.g. level of effort, cost, audit requests) for compliance and process/ program improvement.

2017 : 2019

General Dynamics Information Technology

Senior IT Security Specialist

Contract :

● FBI - Vulnerability Assessment & Testing Team

Notable Accomplishments :

● Configured, analyzed and tracked over 350 vulnerability scans from Oct ’16 through Jan ’17

● Created half a dozen SOP’s for team procedures lacking documentation

Responsibilities :

● Provide Nessus vulnerability scanning guidance/training to FBI enterprise staff.

● Monitor ongoing enterprise vulnerability scans for errors/problems and troubleshoot as needed.

● Perform analysis of completed vulnerability scan data for critical issues that need to be addressed immediately.

● Prepare department and enterprise vulnerability reports for information systems.

● Brief enterprise information system owners and system managers on security vulnerabilities found and remediation options.

2016 : 2017

ManTech International Corporation

Senior Information Security Specialist

Contract :

● FBI - Vulnerability Assessment & Testing Team

2016 : 2016

Hewlett Packard Enterprise

Senior Information Security Specialist
Company: Metric5
Years of Experience: 12

Skills

Active Directory, Artificial Intelligence (AI), Artificial Intelligence for Business, CISSP, Cloud Security, Computer Forensics, Computer Security, Data Management, Enterprise Architecture, FISMA, Incident Response, Information Assurance, Information Security, Information Security Management, Information Technology, Integration, IT Management, Machine Learning, Management Consulting, Nessus, Networking, Network Security, Program Management, Python (Programming Language), Security, Security Clearance, Security Policy, Software Documentation, System Administration, U.S. Federal Information Security Management Act (FISMA), Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning, Windows Server, Zero Trust

About

• Certified Information System Security Professional (CISSP)

• Cloud Certified Security Professional (CCSP)

• 14+ years in Information Security & 16+ years with Information Technology over all

• Experience working with over a dozen organizations & government agencies

• Masters (MS) in Information Technology



Highly adaptable, critical-thinking problem solver with a drive to learn as much as possible. I have worked with many different IT technologies and have focused my attention on the challenges of information security for the last 14+ years. I bring to all my work a balance of high adaptability, technical experience, organizational awareness, and management knowledge. Where many may only bring one of those traits, I bring all, allowing me to provide an invaluable level of insight to everyone I work with and polish to all projects I am a part of.