• Home
• Experience
• Education
• Certifications
• Contact

Experience

Federal Reserve Bank of Richmond (Federal Reserve IT), Richmond, VA, 2010 – Present

Information Security Product Manager, National IT Treasury Services Division, Dec. 2017 – Present

• Establish and maintain the security strategy spanning on-premise and cloud General Support Systems supporting Critical Infrastructure Protection (CIP), High Value Assets (HVAs), and High/Moderate FISMA systems
• Plan the security product and service enhancement budget
• Leverage NIST CyberSecurity Framework (CSF) to manage a comprehensive view of risk and capabilities
• Partner with Architecture and Engineering to establish well-defined epics for Product Increments
• Partner with Architecture and Engineering on prototyping, use cases and product selection
• Establish priorities, features and services to achieve and comply with HSPD-12, Zero Trust Architecture (ZTA), Executive Orders (e.g. Executive Order 14028: Improving the Nation's Cybersecurity), OMB Memos (e.g., M-21-31), CISA Binding Operational & Emergency Directives (BOD/ED) (e.g., BOD 22-01), and FISMA requirements from NIST (e.g., Risk Management Framework, 800-53 (Rev. 4 and Rev. 5)
• Engage Cloud Service Providers (CSPs) on their service roadmaps, FedRAMP authorizations, and Shared Security Responsibility Model (SSRM)
• Support audits, independent assessments, annual accreditation processes and/or additional Governance Risk & Compliance (GRC) activities
• Engage stakeholders (customers, Security & GRC operational resources) to identify product enhancements, to participate in pilots, and to gather feedback
• Participate in Executive and Governance meetings to ensure alignment and communication with stakeholders

Enterprise Program Manager, National IT Enterprise Program Management 2010 – 2012; OCISO National Information Security Programs 2012 – 2017; National IT PMO 2017 (reorganizations)

• Responsible for the full lifecycle of and/or recovery of mission critical, enterprise projects and Programs for the Federal Reserve System to deliver benefits for the System. Managed and developed geographically dispersed, matrixed- and direct reporting team members ranging from 6 to 20 resources.
• Responsible for facilitating Cybersecurity resiliency and maturity risk assessments for the CISO using FFIEC, NIST CSF, and CERT CRR frameworks. Assessments leveraged a hybrid methodology combining peer reviews and Scrum, ranging from 5 to 12 scrum teams.
• Responsible for the credentialing initiative for the US Department of Treasury Fiscal Service as part of HSPD-12. The Program established an outsourced service, enrolled over 1,000 Applicants, and deployed required software and hardware to Subscribers and Local Registration Authorities. This Program also integrated PIV and PIV-I credentials with multiple authentication platforms.
• Recovered and delivered a Program to design and implement a single standardized access model with reporting and re-certification capabilities to complement an automated build and configuration drift recovery across multiple platforms.
• Responsible for the concurrent Web Access Management and Directory Services platform technology refresh and modernization for a mission critical system while maintaining operational and market stability.
• Recovered and delivered a Program to implement a new Certificate Authority compliant with NIST guidance, an Identity middleware platform and provisioning capabilities integrated into the Business Line’s application providing the enrollment for Depository Institutions.
• Recovered and delivered the organization’s #1 IT Priority in response to the Credit Market Crisis and Board of Governors (BoG) policy. The Program integrated data from existing applications and business lines spanning 5 Reserve Banks.

Gartner, Inc., Arlington, VA, 2003– 2010

Associate Director, Consulting

• Executive / Management Partnership

Provided strategic assessments and recommendation of critical initiatives for Federal CIOs, CFOs, and/or Senior Executive Staff (SES). The partnership model enabled a deep understanding of core business functions and issues, allowing an understanding of the true issues (people, process, and politics) to provide context-based added-value recommendations to address the customer’s specific needs.

• Architecture and Technology

Provided IV&V services for a global classified Command and Control system supporting 46,500 users integrating email and cables/telegrams within a COTS-based distributed architecture leveraging TCP/IP and XML. Considerations included project management, solution architecture, as well as sustainability against baseline staffing.

• Business Development

Wrote responses to Federal procurements (e.g., RFI, RFQ, BPA, IDIQ) to receive awards on contracts ranging from $4.5M to $25M ceiling.

Alloy Online, Inc., Centreville, VA, 2000– 2003

IT Director

Led CIO’s initiative to integrate and standardize application technologies, frameworks, resources and processes from a series of acquisitions into a cost-effective enterprise application platform. Team varied from 5 to 10 staff ranging from junior to senior software development skillsets.

Products: eStudentLoan.com, AbsolutelyScholarships.com

Relevant Work:

• Recovery Time Objective (RTO) / Recovery Point Objective (RPO)
• Systems Development and Integration
• E-Commerce Platform Replacement
• Development Process Standardization and Automation

Georgetown University, The McDonough School of Business, Washington DC, 1995– 1999

Webmaster and Database Administrator

Created the organizational structure, trained and mentored 3 full-time and 7 part-time resources, and implemented systems and processes for in-house database and Internet support for the school, its programs, faculty, staff and students.

Representative Technologies:

• Oracle RDBMS and Forms
• Novell Netware
• PERL
• Linux
• HTTP and FTP

© 2023 Waehner.com. All Rights Reserved.