Profiles search
John B.
Chief Cybersecurity Architect at Richard S. Carson & Associates
Baltimore, MD, United States
Details
Education:
Bachelor of Science
IT Networking
Strayer University-Maryland
1999 : 2003
Associates of Science
Human Resources Management/Personnel Administration, General
Community College of the Air Force
1994 : 1996
Associates of Science Degree
Aerospace System Technologies
Community College of the Air Force
1992 : 1994
Patterson High School
Master's degree
Infomration Security
University of Maryland University College
IT Networking
Strayer University-Maryland
1999 : 2003
Associates of Science
Human Resources Management/Personnel Administration, General
Community College of the Air Force
1994 : 1996
Associates of Science Degree
Aerospace System Technologies
Community College of the Air Force
1992 : 1994
Patterson High School
Master's degree
Infomration Security
University of Maryland University College
Experience:
2022 : Present
Richard S. Carson & Associates
Chief Cybersecurity Architect
As the Enterprise Compliance Manager and Chief Information Security Officer I was responsible for leading a team of knowledgeable, highly skilled, and diverse Cybersecurity and audit readiness professionals in efforts to protect the data stored, processed and transmitted by Navy's Enterprise Business Information systems. My team and I ensured that the systems remain compliant with FISMA, NIST, DoD, SECNAV, FISCAM and other directives, instructions, standards, and guidance. I applied my knowledge and skills related to the aforementioned criteria as well as my knowledge of and experience with cybersecurity tools, cloud computing, virtualization and penetration testing, gained over 20 years of serving clients in the commercial and government sectors. While serving in this role I served as the architect of a new organizational structure to achieve Navy business systems financial auditability and control cyber-risk. This new architecture included the integration cyber-operations capabilities and an OMB A-123 based Manager's Internal Controls Program (MICP) at the program level focused on the Navy's most significant financially relevant business systems.
2012 : 2022
US Navy
Enterprise Compliance Manager/Chief Information Security Officer (CISO)
Performed as the IT Security Program Manager for up to 12 cybersecurity projects simultaneously. Provides full scope security support services for a broad base of government and commercial clients. Acts as a working manager capable of leading and performing a wide variety of tasks including, security course development and delivery, network and application level penetration testing and vulnerability scanning, A&As, annual security controls testing, policy development, contingency and disaster recovery planning and testing, etc. I am accomplished at assessing, developing, and enhancing both federal agency and commercial information security programs. I lead and perform annual FISMA audits on behalf of several federal agency Inspector Generals. Maintains and grows client relationships through developing an understanding their needs and by providing creative and fully compliant solutions, at the right price, to solve their information security issues. I am skilled at crafting security related responds to government solicitations and in delivering oral presentations as requested. I have developed and delivered security related courses that speak to integrating security into the SDLC, how to conduct system assessments as well as others. I filled a key leadership roll in developing the risk management framework and continuous monitoring strategies for several federal agencies. By combining the knowledge gained through 12 years of supporting and developing federal security programs, designing, building and managing cyber-security operations centers and the in-depth knowledge of the tools commonly used in operations centers and penetration testing I am able to effectively guide and manage the development and implementation of fully NIST compliant continuous monitoring program that gathers relevant, repeatable, and actionable metrics on which to base risk-based security program and business decisions.
2003 : 2012
Richard S. Carson & Associates
Program Manager, Information Security
Led various cybersecurity projects in support of the National Science Foundation (NSF), the Architect of the Capitol (AoC) as well as other federal agencies. Served as the NSF CIO's primary Cybersecurity advisor; providing the expertise needed to shape the agency's security program while serving as a member of the NSF CIO's security advisory counsel. Also led the completion of multiple C&As, contingency plan development and testing, penetration testing engagements, as well as other information assurance related efforts. As a result of these efforts the NSF's Putnum security score climbed from a F rating to an A.
2001 : 2003
SAIC
Project Manager. Information Security
Led the design, construction, and day-to-day operations of one of three globally dispersed Security Operations Centers (SOC) responsible for providing the management and monitoring for over 3000 firewalls and IDS protecting 43 of the world’s most significant financial institutions. Authored and implemented all IT and security operations center process employed to provide the security services required to comply with the stringent alerting and escalation service level agreement criteria. These processes and associated documents served as the model for all other UBIZEN SOCs.
2000 : 2001
Ubizen, Inc.
U.S. Director of Managed Security Operations
Richard S. Carson & Associates
Chief Cybersecurity Architect
As the Enterprise Compliance Manager and Chief Information Security Officer I was responsible for leading a team of knowledgeable, highly skilled, and diverse Cybersecurity and audit readiness professionals in efforts to protect the data stored, processed and transmitted by Navy's Enterprise Business Information systems. My team and I ensured that the systems remain compliant with FISMA, NIST, DoD, SECNAV, FISCAM and other directives, instructions, standards, and guidance. I applied my knowledge and skills related to the aforementioned criteria as well as my knowledge of and experience with cybersecurity tools, cloud computing, virtualization and penetration testing, gained over 20 years of serving clients in the commercial and government sectors. While serving in this role I served as the architect of a new organizational structure to achieve Navy business systems financial auditability and control cyber-risk. This new architecture included the integration cyber-operations capabilities and an OMB A-123 based Manager's Internal Controls Program (MICP) at the program level focused on the Navy's most significant financially relevant business systems.
2012 : 2022
US Navy
Enterprise Compliance Manager/Chief Information Security Officer (CISO)
Performed as the IT Security Program Manager for up to 12 cybersecurity projects simultaneously. Provides full scope security support services for a broad base of government and commercial clients. Acts as a working manager capable of leading and performing a wide variety of tasks including, security course development and delivery, network and application level penetration testing and vulnerability scanning, A&As, annual security controls testing, policy development, contingency and disaster recovery planning and testing, etc. I am accomplished at assessing, developing, and enhancing both federal agency and commercial information security programs. I lead and perform annual FISMA audits on behalf of several federal agency Inspector Generals. Maintains and grows client relationships through developing an understanding their needs and by providing creative and fully compliant solutions, at the right price, to solve their information security issues. I am skilled at crafting security related responds to government solicitations and in delivering oral presentations as requested. I have developed and delivered security related courses that speak to integrating security into the SDLC, how to conduct system assessments as well as others. I filled a key leadership roll in developing the risk management framework and continuous monitoring strategies for several federal agencies. By combining the knowledge gained through 12 years of supporting and developing federal security programs, designing, building and managing cyber-security operations centers and the in-depth knowledge of the tools commonly used in operations centers and penetration testing I am able to effectively guide and manage the development and implementation of fully NIST compliant continuous monitoring program that gathers relevant, repeatable, and actionable metrics on which to base risk-based security program and business decisions.
2003 : 2012
Richard S. Carson & Associates
Program Manager, Information Security
Led various cybersecurity projects in support of the National Science Foundation (NSF), the Architect of the Capitol (AoC) as well as other federal agencies. Served as the NSF CIO's primary Cybersecurity advisor; providing the expertise needed to shape the agency's security program while serving as a member of the NSF CIO's security advisory counsel. Also led the completion of multiple C&As, contingency plan development and testing, penetration testing engagements, as well as other information assurance related efforts. As a result of these efforts the NSF's Putnum security score climbed from a F rating to an A.
2001 : 2003
SAIC
Project Manager. Information Security
Led the design, construction, and day-to-day operations of one of three globally dispersed Security Operations Centers (SOC) responsible for providing the management and monitoring for over 3000 firewalls and IDS protecting 43 of the world’s most significant financial institutions. Authored and implemented all IT and security operations center process employed to provide the security services required to comply with the stringent alerting and escalation service level agreement criteria. These processes and associated documents served as the model for all other UBIZEN SOCs.
2000 : 2001
Ubizen, Inc.
U.S. Director of Managed Security Operations
Company:
Richard S. Carson & Associates
Years of Experience:
47
Skills
Application Security, Business Continuity, C&A, CEH, CISM, CISSP, Computer Forensics, Computer Security, DIACAP, Digital Forensics, Disaster Recovery, Encryption, Enterprise Architecture, Firewalls, FISMA, Governance, Identity Management, IDS, Incident Response, Information Assurance, Information Security, Information Security Management, Information Technology, Intrusion Detection, ISO 27001, IT Audit, IT Operations, Malware Analysis, Nessus, Network Security, NIST, PCI DSS, Penetration Testing, PKI, Risk Assessment, Security, Security+, Security Architecture Design, Security Audits, Security Management, Security Operations, Security Policy, Social Engineering, TCP/IP, VPN, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning, Web Application Security, Wireless Security
Profile Photo
