Christopher S.
Details
Provide collaboration and strategic guidance on Partner Nation best practices to associate cybersecurity activities that reach agreed-upon standards and operational and strategic objectives.
Participates in identifying, developing, and selecting Mission Partner Environment (MPE) Information Exchange Requirement (IER)
Assist the Romanian Ministry of Defense Cyber Operations Command and Ministry of Defense Cyber Advisor on program enhancement, practices, and processes.
Provides guidance and technical assistance on developing, implementing, and sustaining federal and international cybersecurity policy.
Examines, develops, and tailors Operational View (OV-1), Schematic View (SV-1), and Physical and Logical Diagrams
Advises case on implementing Cross Domain Solutions (e.g., Enterprise, Command and Control, Point 2 Point (P2P).
Conducts gap analysis to identify cybersecurity hygiene capability gaps in support of Maritime Operations and guides information papers (White Papers)
Attends and prepares presentations on C51 Security Cooperation Working Groups, cybersecurity auditing, and system accreditation.
Performs hardware/software (trade-off) cost-benefit analysis and articulates benefits to customer operations
2023 : Present
QBE LLC
Cybersecurity Policy SME Consultant
Prepared OIR for Command Cybersecurity Readiness Inspections (CCRI), performed audits on Commercial Internet Service Provider (CISP) enclave and tracked compliance metrics regarding Army Training Certification Training System (ATCTS) for the technical workforce.
•Established strict program control processes to ensure mitigation of risks and support obtaining assessment and authorization of PIT Systems supporting Command and Control Operations.
•Assisted with preparing and inspecting Command Cyber Readiness Inspection heavily focused on Traditional Security.
•Provided CJTF-OIR leadership with programmatic cyber-centric acquisition consultation regarding procurement and establishing forward operating data centres.
•Assisted the CENTCOM Foreign Disclosure Office with providing Foreign National Accounts by ensuring strong justification of logical system access to controlled unclassified information and classified military information.
•Supported process improvement, analysis, coordination, security certification test, security documentation, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits.
•Provided oversight and guidance of IA personnel performing system analysis looking for patterns of non-compliance; ensured appropriate administrative or programmatic actions, which minimized security risks and insider threats.
2023 :
Trace Systems Inc.
ISSM
Managed Platform IT Assessment & Authorization (A&A) packages, System Security Plan (SSP), prepared organization for Command Cybersecurity Readiness Inspections (CCRI), performed audits on Commercial Internet Service Provider (CISP) enclave and tracked compliance metrics regarding Army Training Certification Training System (ATCTS) for the technical workforce.
• Established strict program control processes to ensure mitigation of risks and support obtaining assessment and authorization of PIT Systems supporting Command and Control Operations.
• Assisted with the preparation of CCRI audits and interviews. Focused heavily on Traditional Security.
• Provided CJTF-OIR leadership with programmatic cyber-centric acquisition consultation regarding procurement and establishment of forward operating data centers.
• Assisted CENTCOM Foreign Disclosure Office with the provisioning of Foreign National Accounts by ensuring strong justification of logical system access to controlled unclassified information and classified military information.
• Facilitated designation disclosure letters for FVEY partners. Created contact officer appointment letters. Initiated CJTF-OIR contact officer training program and designation/appointment contact officer program for CJTF-OIR directorates.
• Supported process improvement, analysis, coordination, security certification test, security documentation, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits.
• Developed and maintained a formal information security program and policies for classified systems under their purview and managed all Risk Management Framework (RMF) activities following applicable directives.
• Provided oversight and guidance of IA personnel performing system analysis looking for patterns of non-compliance; ensured appropriate administrative or programmatic actions, which minimized security risks and insider threats.
2022 : 2023
Envistacom Combined Joint Task Force -Operation Inherent Resolve CJ6
Organizational Information Systems Security Manager (O-ISSM)
I analyzed and created cybersecurity acquisitional documents to include Program Protection, Cyberwarfare, Cyber security, Critical Program Information (CPI), Anti-Tamper, Trusted Secure Networks and Supply Chain Risk, Cyber Risk, and CYBER SAFE guidelines and directives to develop technical requirements for acquisition documentation.
•Examines and modifies operational requirements, and critical design review requirements
•Defines, plans, and executes acquisition cybersecurity projects following DHS policies and procedures.
•Disseminates project data to all stakeholders- collect and report metrics
•Participated in the development of the Cybersecurity Strategy and associated requirements documentation that serves as the framework for essential engineering activities
•Responsible for conducting and coordinating Cyber Risk Assessment/analysis (CRA), vulnerability report (VAR), and providing trade-off analysis in potential solutions to minimize the system vulnerabilities and possible attack surface.
Reviews and Validates Contract Data Requirements Lists to include Concept of Operations, Integrated Support Plan, Software Acquisition, Development, and Integration Plans, Software and Hardware Requirements Specification and asset design drawings/documentation)
• Tailored FIPS 199, FIPS 200, FIPS 140-2, and 140-3 standards are applied across all configuration items
• Developed system categorization strategies of information systems under CNSS 1253 and NIST 80-60 Volume I & II
•Engineers and supports IPT projects and ensures best practices supporting IoT devices & SCADA systems
•Guides discussion and provides recommendations on the procurement of Security Information and Event Management (SIEM), intrusion detection/prevention systems (IDS/IPS), file integrity monitoring, endpoint hardening & management, vulnerability management, data loss prevention (DLP) capabilities, and solutions
2020 : 2022
Data Intelligence, LLC
NQV Level II RMF / ISSE / Cyber Aquisitions
Responsible for the execution and maintenance of the USAFCENT RMF Program. Developed 14 eMASS instances, created system categorization, selected and tailored NIST 800-53 controls, and applicable overlays. Developed Security Assessment Plan (SAP), conducted risk assessments, developed POAM and developed Security Assessment Reports (SAR). Entered Test Results into eMASS. Provided recommendation to the ISSM and AO pertaining to Authority to Operate (ATO) with a residual level of risk Developed Continous Monitoring Strategy required to audit for weaknesses and deficiencies in the overall cybersecurity posture.
2018 : 2020
Applied Insight LLC
RMF Project Manager
About
High-energy acquisitions cybersecurity resilient professional with a proven track record for stepping up to challenges and getting the job done. Possesses twelve Acquisition Cybersecurity and Risk Management Framework (RMF) experience. Well-versed in cybersecurity acquisition planning and sustainment. Expert with supply chain risk management of federal acquisition and sustainment of C5ISR information systems, ensuring milestones accomplished within budget. Developed the capability to defend against cyber threats that could degrade operational capability and appropriately prioritize recovery efforts after cyber incidents.
Over 12 years of experience in Information Technology (IT) and Cybersecurity program/project management. Leads teams in identifying Critical Program Information (CPI)/ completed Supply Chain Risk Management reviews to include collecting and ensuring suppliers had cage codes. Completed cyber tabletop (CTT), cyber risk assessments (CRA), program protection plan (PPP), cybersecurity assessment (CA), and assisted in writing some Test and Evaluation Master Plan (TEMPs). Reviews diagrams to ensure proper protections were/are implemented for the protections of the system.
Leads teams and efforts developing cyber strategies, participating in designing secure weapon system information architectures and building cybersecurity program capabilities for defense acquisition ACAT Level I through IV systems phases. Leads teams as a senior IT and Cybersecurity expert. Held positions, including SME support to Naval engineering for industrial platform systems, weapons, and aircraft.
Education
Masters of Science Information Security & Assurance (MSISA)
Western Governors University Conferred July 17, 2015
Bachelors of Science Network Administration (BS)
Western Governors University Conferred March 2013
Associates of Arts (AA)
Computer Information Systems
Hillsborough Community College Tampa, FL (May 2004)
Course Work
PCI-DSS
NIST
ITIL Frameworks
HIPPA
Vulnerability Assessment
SIEM
Awareness Training
Continuous Monitoring
RMF
Profile Photo
