Profiles search

Mike Stoner

Chief Information Security Officer, Federal Housing Finance Agency Office of Inspector General
Washington D.C., DC, United States

Details

Experience: 2016 : Present

FHFA OIG

Chief Information Security Officer

- Provided leadership with a focus on the core operational mission of providing security operations support and proactive prevention, detection, and response to computer security incidents targeting IRS’ enterprise IT assets

- Managed the deployment, integration, operation, and maintenance of the security tools and applications supporting the IRS security operations center and cyber incident response capabilities

2008 : 2016

Internal Revenue Service

Associate Director, Cybersecurity Technical Operations

- Provided project management and IT security support for the reconciliation and improvement of IT asset inventory data

- Analyzed existing organizational security policies, standards, controls, and business processes and recommended improvements for the protection and management of personally identifiable and other sensitive information

- Led the development of recommended changes to enterprise management, operational, and technical policies, processes, and controls to mitigate identified risks and bring agency into compliance with Office of Management and Budget requirements for the protection of sensitive agency information

2007 : 2008

Deloitte & Touche, LLP

Audit & Enterprise Risk Services Manager, Security Services Group

- Provided security engineering, analysis, and planning to facilitate and attain adequate security controls to protect sensitive information from unauthorized access, disclosure, modification, or destruction

- Led an effort to draft new and update existing security policies, standards, guidelines, requirements, and operational manuals to align IT security policies and processes with emerging technology areas

- Supported the review and evaluation of methodologies and alternatives for vulnerability analysis, assessment, and identification of threats to organizational assets, resources, and related infrastructure

- Provided support to enterprise-wide security auditing strategy, compliance reporting, and delivery of specialized security training to ensure individual accountability for data, information, and other IT resources

- Performed risk-based security analyses of systems to evaluate security controls, identify risks, and determine risk management and mitigation strategies

2001 : 2007

Booz Allen Hamilton

Management and Technology Consulting Associate
Company: FHFA OIG

About

- Certified Information Systems Security Professional (CISSP), GIAC Security Leadership Certification (GSLC), and Project Management Professional (PMP) with over 20 years of professional experience leading and implementing information technology and security programs for federal government agencies

- Experience in a number of information technology areas with a concentration in risk management, system security engineering, incident response, and security policy development and compliance

- Extensive knowledge and experience with National Institute of Standards and Technology (NIST) guidance, the Federal Information Security Management Act (FISMA), and other federal laws and regulations to ensure agency-level security integration at both program and system levels

- Security leadership, planning, analysis, and implementation through the delivery of security solutions, support, and guidance to facilitate and attain appropriate security controls to protect sensitive information from unauthorized access, disclosure, modification, or destruction

- Review, evaluation, and implementation of methodologies and alternatives for risk and vulnerability management, assessment, and identification of logical, operational, and functional threats to agency assets, resources, and data

- Author of multiple publications on cyber security topics and previous member of the International Information Systems Security Certification Consortium (ISC)2 Government Advisory Council



Specialties: IT security engineering, security policy development, project management, incident response, directory services, logical and physical access controls, identity management, public key infrastructure, security awareness and training, information system auditing and compliance, certification and accreditation, vulnerability assessment and remediation, database systems, networking, web server technology, and computer hardware including micro-architecture design, instruction sets, and storage design