Robert James Craig
Details
Management Studies
University of Maryland University College
1990 : 1994
Associates of Science
Computer Science
Northern Virginia Community College
1988 : 1990
2016 : Present
Leidos
Senior Cybersecurity Advisor
Provides cybersecurity and insider threat program guidance to IC C-Level Executives and Counterintelligence Seniors, and directs mitigation teams across multiple agency offices providing forward-progress accomplishment of issue resolution.
Leads the strategy for implementation and compliance with Insider Threat mandates. Normalized memorandums action statements into strategic organizational tasks that resulted in clear goals for IT implementers to define tasks, track progress, and closure of identified security program weaknesses.
Shepherded acquisition through Agency processes of large dollar contracts of virtualization security products; developed requirements, responded to pilot assessments, presented options, and coordinated with vendor CTO and venture investment representatives (In-Q-Tel). Product implementation provides capabilities to enhance virtualization environment audit attribution and two-person work flow control of privileged user functions, to detect and reduce potential insider threat activities.
Responded on behalf of Agency to the White House Program Manager-Information Sharing Executive (PM-ISE) for quarterly cyber metrics and integrated the KISSI indicators into an Information Assurance-Capability Maturity Model providing Agency cyber executive’s visibility into cyber program/project progress against maturity observations.
Provided feedback and roadmap statements on Notice of Findings and Recommendations (NFRs) to Agency Office of Inspector General (OIG) conducting a Standards for Attestation Engagements (SSAE 16) audit on Agency financial systems.
Crafted Director talking points and CIO responses for House Panel Select Committee for Intelligence / House Appropriations Committee Survey and Investigations (HAC S&I) and IC-Director Executive Committee. Successful responses to inquiries eliminated need for HAC S&I to further investigate IC-Cloud investments and strategic direction/implementation plans.
2013 : 2016
CACI International Inc
Senior Executive Cyber / Insider Threat Advisor to National Geospatial Intelligence Agency CISO
The AIT CTO requested Mr. Craig’s re-assignment to the Architecture Engineering Team to provide policy analysis support the Secure Wireless Trade Study (a potential deployment of multi-level security wireless networks implementing Suite B using mobile devices to NGA). Reviewed applicable CNSS, ODNI, NGA, NIST, DoD, and DISA policies, guides, standards, and technical guides to establish security requirements and created senior-level presentations to CISO and IT Directors for project buy-in, as well as contributing to the security portions of the trade study white paper.
Team Manager for the GDIT AIT C&A Team initially consisting of 17 personnel; C&A Project Managers and Security Testers. Initial tasks were to analyze funding expenditures of AIT regarding the C&A Team and perform personnel assessments in regards to team re-sizing. Through attrition, counseling, and personnel turnover, the team was reduced to 11 personnel, a more sustainable size in alignment with funding. Other tasks were to track and report on over 60 C&A efforts and continue track current status, as well as interfacing with NGA Program Management Office and Senior GDIT Management. Provided ECP input with respect to C&A man-hours, and analyzed past ECPs to re-capture work performed by AIT but not properly funded by customer. Provided team mentoring to the team leads (PMs and Sr. Tester Lead) and refocused the team on communication, schedule performance/analysis and completion of tasks.
Charlottesville, VA
* TASC StartX : Mr. Craig performed certification activities andcreated detailed project plan (down to WBS levels 4 and 5) based upon the DJSIG, August 2011, that incorporates the ICD-503 RMF. He also combined the DJSIG selected controls for Common, Hybrid, and System with C/I/A of H/H/H with the April 2013 release of version 4 of NIST Special Pub. 800-53; reviewed all controls to create a tailored control / requirement set for the system.
2011 : 2013
FGM, Inc.
Senior Information Assurance Advisor to CTO-NGA / Senior Risk Management Consultant-DIA
IA Stragegist/IC IA Liason for the Chief / Infrastructure Services Group supporting all customers on the Liberty Crossing Compound. Represents the C/ISG to the IC in support of ISG projects and customers. Manages all aspects of the IA program including technical work, programmatic deliverables, and personnel.
Review and engineers network architecture and system solutions to ensure information is handled, processed and stored in compliance with Intelligence Community (IC) and DoD Information handling regulations for information ranging from unclassified up to the sensitive SCI levels.
Handles negotiations with other information system security specialists throughout the IC and DoD for ODNI programs. .
2007 : 2011
Van Dyke Technology Group
Intelligence Community Cybersecurity Liaison, Senior IA Advisor to ODNI Chief of Infrastructure
Mr. Craig organized and conducted bi-weekly Intelligence Community (IC)-wide Information Security meeting to coordinate IT infrastructure and IC-member connectivity issues and concerns. He established a project tracking process; compiled deliverables listings; provided follow-up to IC IA group, and conducted individual ODNI-IC member IA meetings.
Mr. Craig was a member of the DNI CIO FISMA Tiger Team; he assisted with the draft IC Policy Guidance (ICPG) relating to IC compliance with FISMA requirements.
He facilitated the Government to corporate officers/VP communication relating to periods of performance, annual reviews, expanding contracting support, contract rates, and support to the Pyramid proposal, and analysis of government needs and requirements.
He tracked the Certification and Accreditation status of ODNI systems. He coordinated and led project meetings to define requirements, testing methodologies, expectations, remediation efforts, and outlined the process for government and contractor teams. Data points were consolidated within a tracking database that was modified to support FISMA reporting requirements. The modifications streamlined ODNI’s Security and added the capability for instantaneous FISMA reports generation.
During a period of reduced staffing on the ISSM Team, all INFOSEC duties were performed by Mr. Craig and Deputy ISSM. A list of common tasks was defined for the new ISSM and delegated to specific personnel as the team grew. Within first month on-site, Mr. Craig modified the Systems Security Plan Community Management System database, to support the new ODNI organization and created Lotus Notes data displays that were easily exportable to the IC IT Registry (used for IC FISMA reporting) to enable streamlined quarterly and annual reporting.
2006 : 2007
SGIS
Senior Principal Security Engineer / Cybersecurity Rep. for ODNI InfoSys Security Manager (ISSM)
Skills
Accreditation, CEH, CISSP, Compliance, Computer Forensics, Computer Security, Cyber Security, DCID 6/3, Defense, DIACAP, DoD, Enterprise Architecture, Ethical Hacking, FIPS, Government, Hardening, IDS, Information Assurance, Information Security, Information Security Management, Information Security Policy, Information Technology, Integration, Intelligence, Intrusion Detection, Malware Analysis, Nessus, Networking, Network Security, NIST, Penetration Testing, Policy, Program Management, Risk Assessment, Security, Security , Security Assessments, Security Audits, Security Clearance, Security Engineering, Security Management, Security Policy, Systems Engineering, U.S. Department of Defense, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning
About
Decisive leader, visionary strategist, and inclusive team builder. Mr. Craig is a recognized cyber security and assurance leader having advised senior corporate and federal leadership. Experienced in developing, implementing and monitoring IT security requirements, policies and controls at large organizations. Called upon by high-performing organizations for his ability to achieve, and drive security mitigation objectives during rapid technological integration efforts. Mr. Craig has advised clients across several spectrums to assist them in understanding their risk posture and to develop proactive security strategies and programs resulting in clear alignment of security investments to corporate strategy.
As a PYRAMID Program Manager (ODNI) he provided corporate financial reporting on Period of Performance funding, revenue earned, future funding requirements, estimating to completion, productive labor utilization variances, and project P&L for $3 million Base & Option year. He has shepherded cybersecurity acquisition through Agency processes, coordinating with Contracting Officers by providing requirements for and assistance on Justifications of Acquisition (J&A) for the successful acquisition of $3.5 million of virtualization security products; responded to pilot assessments, presented options, and coordinated with vendor CTO and venture investment representatives of In-Q-Tel. Mr. Craig crafted Director talking points and CIO responses for House Panel Select Committee for Intelligence (HPSCI) / House Appropriations Committee Survey and Investigations (HAC S&I) and IC-DEXCOM (Director Executive Committee) / IC CIO discussion topics. Successful responses to inquiries eliminated need for HAC S&I to further investigate IC-Cloud investments and strategic direction/implementation plans. Submitted, on behalf of Agency CISO, input for Cybersecurity $30million budget portion of Agency Congressional Budget Justification Book (CBJB).
Profile Photo
