Profiles search
Cheryl L. W.
Enterprise Risk Management/Cybersecurity, J6/CIO, The Joint Staff
United States
Details
Education:
Bachelor-level coursework
Information Technology Acquisition
Defense Acquisition University
2011 : 2012
Bachelor of Science (B.S.)
Liberal Arts and Sciences (Russian Studies)
Excelsior College
1998 : 1998
Diploma
Russian Language Basic Course
Defense Language Institute Foreign Language Center
1988 : 1989
Information Technology Acquisition
Defense Acquisition University
2011 : 2012
Bachelor of Science (B.S.)
Liberal Arts and Sciences (Russian Studies)
Excelsior College
1998 : 1998
Diploma
Russian Language Basic Course
Defense Language Institute Foreign Language Center
1988 : 1989
Experience:
Serves as Chief, Cybersecurity Division (CSD), at the Joint Staff (J-6), responsible for component Cybersecurity Program functions and activities. Directly supports the JS Chief Information Officer, Senior Information Security Officer (SISO), and IT portfolio Authorizing Official (AO). Performs oversight of the development, implementation and evaluation of information system security program policy with special emphasis placed upon integration of existing Special Access Program (SAP) network infrastructures. Appointed as AO Designated Representative for collateral and Special Access Program (SAP) information systems. Chairs and or Co-Chairs customer and SAP community Cybersecurity working groups and participates in System Security Engineering (SSE) Integrated Product Team (IPT) reviews. Works closely with DoD SAP CIO and JS SAP Central Office. Represents the organization, JS SAP CIO and JS SISO at Federal, DoD, and cybersecurity-related senior level engagements. First and second line supervisor to a staff of up to 20 military officers, civilian members, military enlisted personnel, and contractor subject matter experts. Establishes priorities, discusses goals and objectives with Branch Chiefs, civilian members, military enlisted and contract leaders. Determines the need for contractual services, staffing needs, and initiates the task orders. Serves as Technical Advisor for multi-million dollar cyber security support contracts working closely with Contracting Officer Representative and Resource Management Office to plan for and manage task order budgeting over multiple fiscal years. Provides leadership and guidance in the continued development of Enterprise Risk Management to include support to the Combatant Commands. Provides oversight to DISA Enterprise Mission Assurance Support Service (eMASS) - Joint instances with in excess of 500 Joint Staff and Combatant Command users worldwide.
2018 : Present
United States Department of Defense
Chief, Cybersecurity/Enterprise Risk Management (Supervisory IT Specialist (INFOSEC))
As the Chief, Assessment and Authorization (A&A) Branch, at the Joint Staff, served as Security Controls Assessor (SCA) in support of Cybersecurity Division Chief, J-6 Chief Information Officer CIO) and the Joint Staff Authorizing Official (AO) Plans the work for the Branch, schedules projects and activities, establishes priorities, and discusses goals and objectives with staff. As SCA, responsible for the implementation of DoD Risk Management Framework (RMF) for mission information systems in accordance with NIST 800-37, CNSS Instructions, and DoD policy. Recognized for representation of A&A equities through 18-month effort to migrate organization data, users, and major applications to DISA as service provide. Represented organization at DoD CIO RMF Technical Advisory Group (TAG). Stakeholder for Joint instance of Enterprise Mission Assurance Support Service (eMASS) representing Joint Staff and Combatant Commands at the DISA eMASS Program Management Office Configuration Control Board.
2016 : 2018
United States Department of Defense
Chief, Assessment and Authorization Branch (IT Specialist (INFOSEC))
Deputy Project Manager for Cybersecurity Division support contract with team of 25 Information Assurance subject matter experts located at two work sites. During PM transitional period, managed taskings from military and ASG leadership for assignment to 5 teams - Certification and Accreditation (C&A), Incident Response, Public Key Infrastructure (PKI), Security Engineering and Vulnerability Management. Provided expert level consultation and technical services on all aspects of Information Security. Tracked contract spending to include travel and training. Ensure deliverables met task order expectations and timelines. Served as Certification & Accreditation Lead for Joint Staff/J6 managing team in support of the Director/Authorizing Official and Deputy Director/Senior Information Security Officer (SISO) in the transition from DoD Information Assurance Certification and Accreditation Process (DIACAP) to Risk Management Framework (RMF). Worked closely with Information System Owners, Program Managers and Information System Security Managers (ISSM) in the performance of security control assessment, verification and technical analysis to determine risk. Responsible for quarterly and annual FISMA IA Workforce Improvement Program (IA WIP) submission development and final report for government approval.
2014 : 2016
Atlantic Systems Group INC.
Senior Cyber Security Specialist
Served as Information Assurance Analyst at Army Cyber Security Directorate supporting the Chief Information Officer (CIO/G6) and Senior Information Assurance Officer (SIAO)/ Certification Authority (CA) in the implementation of the DoD Information Assurance Certification and Accreditation Process (DIACAP). Provided expert level consultation and technical services on all aspects of Information Security. Led a team of cybersecurity professionals responsible for ensuring the customer's national and international security interests are protected as acquisition systems were designed and tested. Conducted technical reviews of Classified and Unclassified Networks, Information Systems and AIS Applications within Contiguous United States (CONUS) and Outside the Contiguous United States (OCONUS) utilizing Army TdB C&A tool. Coordinated with Program Managers, System Owners and Technical Validation teams to develop and update system documentation, risk evaluation findings and mitigation strategies.
Under Joint Task Force Nation Capital Region Medical (JTF CAPMED), served as IA Team Member for Walter Reed National Military Medical Center (WRNMMC) Information Technology Department (ITD). Provided Certification & Accreditation (C&A) support, managing Plan of Action & Milestones (POA&M) for the reaccreditation of large Navy Enterprise Network (10,000 workstations). Planned for and tracked remediation activities, coordinating with Leadership, System and Network Administrators, and NAVMISSA representatives for resolution of existing findings. Identified WRNMMC Platform Information Technology (PIT) Hardware Devices on network. Provided input on FISMA, IA WIP and NIST requirements to the IA Manager and feedback to Clinical customers regarding network connectivity and application security issues.
2012 : 2014
Excentium, Inc
Information Assurance Analyst
Served as an Information Assurance Security Officer with J-1 Civilian Personnel, Civilian Information Services Division (CISD), responsible for the component IA Workforce Improvement Program (IA WIP). Managed component information within the Army Training & Certification Tracking System (ATCTS) for component workforce. Responsible for the development of Secure Internet Protocol Routing Network (SIPRNet) accreditation and connectivity documentation submission in support of Base Realignment (BRAC) relocation of organization to Fort Belvoir. Served as PKI Trusted Agent responsible for alternate smart card logon (ASCL) tokens and soft certificates. Appointed Communications Security (COMSEC) Hand Receipt Holder and Courier responsible for the management and transport of classified and sensitive materiel. Provided input to IA Team SharePoint site to include tracking regulatory issuances for applicability to organization.
2011 : 2012
United States Department of the Army
Information Assurance Security Officer (IT Specialist (INFOSEC))
2018 : Present
United States Department of Defense
Chief, Cybersecurity/Enterprise Risk Management (Supervisory IT Specialist (INFOSEC))
As the Chief, Assessment and Authorization (A&A) Branch, at the Joint Staff, served as Security Controls Assessor (SCA) in support of Cybersecurity Division Chief, J-6 Chief Information Officer CIO) and the Joint Staff Authorizing Official (AO) Plans the work for the Branch, schedules projects and activities, establishes priorities, and discusses goals and objectives with staff. As SCA, responsible for the implementation of DoD Risk Management Framework (RMF) for mission information systems in accordance with NIST 800-37, CNSS Instructions, and DoD policy. Recognized for representation of A&A equities through 18-month effort to migrate organization data, users, and major applications to DISA as service provide. Represented organization at DoD CIO RMF Technical Advisory Group (TAG). Stakeholder for Joint instance of Enterprise Mission Assurance Support Service (eMASS) representing Joint Staff and Combatant Commands at the DISA eMASS Program Management Office Configuration Control Board.
2016 : 2018
United States Department of Defense
Chief, Assessment and Authorization Branch (IT Specialist (INFOSEC))
Deputy Project Manager for Cybersecurity Division support contract with team of 25 Information Assurance subject matter experts located at two work sites. During PM transitional period, managed taskings from military and ASG leadership for assignment to 5 teams - Certification and Accreditation (C&A), Incident Response, Public Key Infrastructure (PKI), Security Engineering and Vulnerability Management. Provided expert level consultation and technical services on all aspects of Information Security. Tracked contract spending to include travel and training. Ensure deliverables met task order expectations and timelines. Served as Certification & Accreditation Lead for Joint Staff/J6 managing team in support of the Director/Authorizing Official and Deputy Director/Senior Information Security Officer (SISO) in the transition from DoD Information Assurance Certification and Accreditation Process (DIACAP) to Risk Management Framework (RMF). Worked closely with Information System Owners, Program Managers and Information System Security Managers (ISSM) in the performance of security control assessment, verification and technical analysis to determine risk. Responsible for quarterly and annual FISMA IA Workforce Improvement Program (IA WIP) submission development and final report for government approval.
2014 : 2016
Atlantic Systems Group INC.
Senior Cyber Security Specialist
Served as Information Assurance Analyst at Army Cyber Security Directorate supporting the Chief Information Officer (CIO/G6) and Senior Information Assurance Officer (SIAO)/ Certification Authority (CA) in the implementation of the DoD Information Assurance Certification and Accreditation Process (DIACAP). Provided expert level consultation and technical services on all aspects of Information Security. Led a team of cybersecurity professionals responsible for ensuring the customer's national and international security interests are protected as acquisition systems were designed and tested. Conducted technical reviews of Classified and Unclassified Networks, Information Systems and AIS Applications within Contiguous United States (CONUS) and Outside the Contiguous United States (OCONUS) utilizing Army TdB C&A tool. Coordinated with Program Managers, System Owners and Technical Validation teams to develop and update system documentation, risk evaluation findings and mitigation strategies.
Under Joint Task Force Nation Capital Region Medical (JTF CAPMED), served as IA Team Member for Walter Reed National Military Medical Center (WRNMMC) Information Technology Department (ITD). Provided Certification & Accreditation (C&A) support, managing Plan of Action & Milestones (POA&M) for the reaccreditation of large Navy Enterprise Network (10,000 workstations). Planned for and tracked remediation activities, coordinating with Leadership, System and Network Administrators, and NAVMISSA representatives for resolution of existing findings. Identified WRNMMC Platform Information Technology (PIT) Hardware Devices on network. Provided input on FISMA, IA WIP and NIST requirements to the IA Manager and feedback to Clinical customers regarding network connectivity and application security issues.
2012 : 2014
Excentium, Inc
Information Assurance Analyst
Served as an Information Assurance Security Officer with J-1 Civilian Personnel, Civilian Information Services Division (CISD), responsible for the component IA Workforce Improvement Program (IA WIP). Managed component information within the Army Training & Certification Tracking System (ATCTS) for component workforce. Responsible for the development of Secure Internet Protocol Routing Network (SIPRNet) accreditation and connectivity documentation submission in support of Base Realignment (BRAC) relocation of organization to Fort Belvoir. Served as PKI Trusted Agent responsible for alternate smart card logon (ASCL) tokens and soft certificates. Appointed Communications Security (COMSEC) Hand Receipt Holder and Courier responsible for the management and transport of classified and sensitive materiel. Provided input to IA Team SharePoint site to include tracking regulatory issuances for applicability to organization.
2011 : 2012
United States Department of the Army
Information Assurance Security Officer (IT Specialist (INFOSEC))
Company:
United States Department of Defense
Years of Experience:
27
About
IT Governance, Risk, and Compliance (GRC) manager with over 20 years experience in the development and implementation of organization-wide Cybersecurity, Information Assurance and Information Security programs. Federal career of increased responsibilities culminating in Cybersecurity Division Chief. Army Veteran with defense contracting and private sector experience, as part of the Financial industry, resulting in a well-rounded GRC leader comfortable in any environment.
Profile Photo
