Federal Reserve Bank of Richmond (Federal Reserve IT), Richmond, VA, 2010 – Present
Information Security Product Manager, National IT Treasury Services Division, Dec. 2017 – Present
- Establish and maintain the security strategy spanning on-premise and cloud General Support Systems supporting Critical Infrastructure Protection (CIP), High Value Assets (HVAs), and High/Moderate FISMA systems
- Plan the security product and service enhancement budget
- Leverage NIST CyberSecurity Framework (CSF) to manage a comprehensive view of risk and capabilities
- Partner with Architecture and Engineering to establish well-defined epics for Product Increments
- Partner with Architecture and Engineering on prototyping, use cases and product selection
- Establish priorities, features and services to achieve and comply with HSPD-12, Zero Trust Architecture (ZTA), Executive Orders (e.g. Executive Order 14028: Improving the Nation's Cybersecurity), OMB Memos (e.g., M-21-31), CISA Binding Operational & Emergency Directives (BOD/ED) (e.g., BOD 22-01), and FISMA requirements from NIST (e.g., Risk Management Framework, 800-53 (Rev. 4 and Rev. 5)
- Engage Cloud Service Providers (CSPs) on their service roadmaps, FedRAMP authorizations, and Shared Security Responsibility Model (SSRM)
- Support audits, independent assessments, annual accreditation processes and/or additional Governance Risk & Compliance (GRC) activities
- Engage stakeholders (customers, Security & GRC operational resources) to identify product enhancements, to participate in pilots, and to gather feedback
- Participate in Executive and Governance meetings to ensure alignment and communication with stakeholders
Enterprise Program Manager, National IT Enterprise Program Management 2010 – 2012; OCISO National Information Security Programs 2012 – 2017; National IT PMO 2017 (reorganizations)
- Responsible for the full lifecycle of and/or recovery of mission critical, enterprise projects and Programs for the Federal Reserve System to deliver benefits for the System. Managed and developed geographically dispersed, matrixed- and direct reporting team members ranging from 6 to 20 resources.
- Responsible for facilitating Cybersecurity resiliency and maturity risk assessments for the CISO using FFIEC, NIST CSF, and CERT CRR frameworks. Assessments leveraged a hybrid methodology combining peer reviews and Scrum, ranging from 5 to 12 scrum teams.
- Responsible for the credentialing initiative for the US Department of Treasury Fiscal Service as part of HSPD-12. The Program established an outsourced service, enrolled over 1,000 Applicants, and deployed required software and hardware to Subscribers and Local Registration Authorities. This Program also integrated PIV and PIV-I credentials with multiple authentication platforms.
- Recovered and delivered a Program to design and implement a single standardized access model with reporting and re-certification capabilities to complement an automated build and configuration drift recovery across multiple platforms.
- Responsible for the concurrent Web Access Management and Directory Services platform technology refresh and modernization for a mission critical system while maintaining operational and market stability.
- Recovered and delivered a Program to implement a new Certificate Authority compliant with NIST guidance, an Identity middleware platform and provisioning capabilities integrated into the Business Line’s application providing the enrollment for Depository Institutions.
- Recovered and delivered the organization’s #1 IT Priority in response to the Credit Market Crisis and Board of Governors (BoG) policy. The Program integrated data from existing applications and business lines spanning 5 Reserve Banks.
Gartner, Inc., Arlington, VA, 2003– 2010
Associate Director, Consulting
- Executive / Management Partnership
Provided strategic assessments and recommendation of critical initiatives for Federal CIOs, CFOs, and/or Senior Executive Staff (SES). The partnership model enabled a deep understanding of core business functions and issues, allowing an understanding of the true issues (people, process, and politics) to provide context-based added-value recommendations to address the customer’s specific needs.
- Architecture and Technology
Provided IV&V services for a global classified Command and Control system supporting 46,500 users integrating email and cables/telegrams within a COTS-based distributed architecture leveraging TCP/IP and XML. Considerations included project management, solution architecture, as well as sustainability against baseline staffing.
- Business Development
Wrote responses to Federal procurements (e.g., RFI, RFQ, BPA, IDIQ) to receive awards on contracts ranging from $4.5M to $25M ceiling.
Alloy Online, Inc., Centreville, VA, 2000– 2003
Led CIO’s initiative to integrate and standardize application technologies, frameworks, resources and processes from a series of acquisitions into a cost-effective enterprise application platform. Team varied from 5 to 10 staff ranging from junior to senior software development skillsets.
Products: eStudentLoan.com, AbsolutelyScholarships.com
- Recovery Time Objective (RTO) / Recovery Point Objective (RPO)
- Systems Development and Integration
- E-Commerce Platform Replacement
- Development Process Standardization and Automation
Georgetown University, The McDonough School of Business, Washington DC, 1995– 1999
Webmaster and Database Administrator
Created the organizational structure, trained and mentored 3 full-time and 7 part-time resources, and implemented systems and processes for in-house database and Internet support for the school, its programs, faculty, staff and students.
- Oracle RDBMS and Forms
- Novell Netware
- HTTP and FTP