John Brown is a Security Subject Matter Expert with a history of delivering complex security projects that consistently ...
J OHN W. B ROWN Miss ou ri C it y, T e xa s P h: 7 0 3 .7 9 8 .0 5 4 5 ♦ E ma il :
[email protected] www.linkedin.com/in/jwbrown/
INFORMATION TECHNOLOGY, SECURITY & RISK MANAGEMENT EXECUTIVE Security Subject Matter Expert with history of delivering complex security projects that consistently solve variety of corporate and government security challenges including threat resistance, system integrity, risk management, disaster recovery and continuity planning. Skilled in developing comprehensive security plans, leading risk assessments and managing security control implementations that reduce system vulnerabilities and cyber threats while improving overall security integrity. Possess integrated understanding of technical, liability, vulnerability and compliance/control perspectives related to managing IT security and risk issues. Proven ability to apply technology initiatives to broad range of business operatives through understanding of how technology solutions drive business results. Possess hands-on leadership strengths that consistently implement positive change by providing motivation, key performance strategies, spirit of teamwork and accountability; able to assemble talented teams that work cohesively to attain goals. Unique ability to communicate on business and technology issues, bridging the comprehension gap between business people and technologists. Reputation for producing results despite challenges, intense commitment to customer needs, ability to thrive in any situation and wide range of technical and procedural expertise.
SECURITY-SPECIFIC, TECHNOLOGY & MANAGEMENT PROFICIENCIES
Security & Risk Management Threat & Risk Assessment Policy / Standards Implementation Relationship Building Intrusion Detection Capacity / Contingency Planning
Project Management Client/Server Architecture Vulnerability Assessments Incident Response Reporting Productivity Improvement Security Monitoring
Performance Analysis Business Continuity Planning Disaster Recovery Compliance Analysis Systems Administration Network Activities
CAREER & ACHIEVEMENT SUMMARY INDEPENDENT CONSULTANT - Missouri City, TX Provider of Information Technology, Cybersecurity, Information Assurance, and Risk Management Services to the Federal Government
Information System Security Officer (1.2015 to Present) Hired to provide information security SME support services to include management of security, vulnerability and risk and implementation and testing of management, operational and technical controls for U.S. Secret Service Infrastructure; coaching younger members of ISSO team. Provided comprehensive IT security consulting to system owners regarding security incident reports, equipment/software inventories, operating instructions, asset management, technical vulnerability management and contingency plans. Authored System Security Plans and Contingency Plans, reported status of compliance actions and collaborated with system owners to develop plan of action to mitigate any vulnerabilities.
TISTA SCIENCE AND TECHNOLOGY – Rockville, MD Leading Provider of Program Management, Information Technology, Cybersecurity, Information Assurance, Application Development and Financial Management Services to the Federal Government
SECURITY ENGINEER / INFORMATION SYSTEM SECURITY OFFICER (1.2014 TO 12.2014) Hired to serve as Security Policy Subject Matter Expert with responsibility for developing and maintaining the Security Reusable Program Level Requirements database including building database to map the Internal Revenue Service’s security controls to the FISMA/NIST SP 800-53 R4 controls. Following assignment to the USSS contract, daily activities included management of security, vulnerability and risk and implementation and testing of management, operational and technical controls for U.S. Secret Service Infrastructure; coaching younger members of ISSO team. Provided comprehensive IT security consulting to system owners regarding security incident reports, equipment/software inventories, operating instructions, asset management, technical vulnerability management and contingency plans. Authored System Security Plans and Contingency Plans, reported status of compliance actions and collaborated with system owners to develop plan of action to mitigate any vulnerabilities. Proactively assumed leadership role on the project with the IRS. Developed an executive level briefing to promote usability of teams to work in other departments. Completed the update of the Security Reusable Program Level Requirements database that merged the security requirements from the Federal level with the IRS requirements. Database had 1500 security requirements.
John W. Brown, Page Two
Consistently maintained customer confidence in teams’ ability to produce results by effectively managing customer relations and delivering all work products on time, with attention to quality. Saved users numerous hours of reviewing each requirement and deciding its applicability to their systems above by facilitating greater usability of database through development of questionnaire to be presented to each user once database was open. Reassigned as a senior Information System Security Officer to help the US Secret Service rebuild its security compliance team. Defined procedures for capturing asset inventory information and for identifying vulnerabilities and mitigation strategies. Developed test strategies for testing security controls of a new application and oversaw writing of System Security and Contingency Plans.
MERLIN INTERNATIONAL Inc. – Vienna, VA Veteran-owned Government Contracting Company engaged in areas of Cyber Security, Network Performance Management, Cloud System Deployment and Application Development/Deployment
SENIOR SECURITY ENGINEER (10.2012 TO 10.2013) As Information Assurance SME, and expertise in security assessments, certification and accreditation, charged with managing establishing governance, risk and compliance (GRC) security components for the U.S. Department of Veteran’s Affairs (VA) Office of Information Technology. Tracked budgeted vs. billed project expenses, supervised hardware installation, setup and configuration, overseeing all support issues. Supervised team of 10 including two subcontractors
Delivered critical Veteran’s Affairs project, a deployment of a Governance, Risk and Compliance (GRC) tool, RiskVision, on time and within budget. Oversaw staff of ten, ensured project deliverables were submitted on time while meeting quality standards. Improved VA’s Security Authorization assessments by authoring number of project deliverables including Service Level agreement, Help Desk Plan/Procedures and Escalation plan, utilizing MS Project for project planning and tracking activities. Maintained project productivity by establishing Service Management Plan and Procedure based on combination of Information Technology Library and Microsoft Operation Framework Guidelines and creating ticketing procedures using Computer Associates Service Desk Manager. Enabled capturing of asset and vulnerability information and ability to perform continuous assessment of their information systems – 400,000 assets and 600 systems. Personally completed the implementation of the contract’s required 24x7 help desk support / call center despite lack of funding by negotiating for less coverage, establishing staggered work schedule to address prime coverage. Funds subsequently reimbursed when it was determined that center was key to continued work on contract.
EXALT INTEGRATED TECHNOLOGIES – Roswell, GA Government Contracting Company, a Veteran-owned business providing Cyber Security, Network Performance Management, Cloud System Deployment and Application Development/Deployment INFORMATION SYSTEM SECURITY PROGRAM MANAGER (4.2010 TO 10.2012) Retained to help establish formal Security Management program for Departmental Management (DM), one of the U.S. Department of Agriculture’s agencies. Advised and coached government counterpart in all essential duties of a Security Program Manager, with accountability for security compliance, vulnerability management and risk management of all DM system consisting of two general support systems and 18 major applications.
Delivered comprehensive Security Management Program covering asset management, change management, business continuity and disaster recovery planning, vulnerability management and risk management. Led security assessment of several cloud-based systems including Amazon Web Services and Salesforce Cloud Services, both hybrid Cloud implementations that where part Infrastructure as a Service (IaaS) and Software as a Service (SaaS). Provided recommendations for data encryption and operational security to comply with Federal security policy. Wrote all System Security and Contingency plans as well as Configuration Management Plans for all systems, collaborating daily with Cyber security team. Instrumental in reducing vulnerabilities, implementing new systems and evaluating new technologies by overseeing all aspects of the Information System Security Program. Provided security compliance, vulnerability management and risk management for all DM systems, consisting of two general support systems and 18 major applications.
John W. Brown, Page Three
Successfully brought all systems into compliance, updated their documentation, reduced vulnerabilities and reaccredited all systems. Program included approximately 20 applications including three General Support Systems, with the rest being Major Applications. GSS accounts for 40,000 assets across 19 locations and process involved establishing an effective account management procedure and all system accounts. Established vulnerability assessment procedure, mitigation process, patch management process and change management process which was updated to include security review and risk assessment procedure. Maintained business continuity in case of failure by creating Business Impact Assessment before developing allencompassing contingency plans to address all scenarios such as natural disasters, accidents, human errors or hardware failures. Effectively maintained and managed Contingency Plans by leading a Business Impact Assessment (BIA) prior to writing the CP, including plans which called for high availability which meant there was instant failover in case of an outage with no loss of service to business or customer and systems with low availability that could sustain a small period of time without service with minimal impact to user community. Successfully completed security assessment and authorization of 20 systems, maintaining compliance with FISMA, the Federal Information Security Management Act.
EARLY CAREER PROGRESSION Information System Security Officer – Knowledge Consulting Group (KCG) – City, State (2008 to 2010)
Hired as part of Transportation Security Administration (TSA group) following departure of previous ISSO during company’s rebuilding process to address backlog of security issues. Directed all phases of TSA’s most complex system including the wide area network, local area network, windows infrastructure and end-user devices. Significantly reduced over 400 action plans to a manageable few in just eight months including consolidation of all 440 remote operations ensuring physical and technical controls were up to TSA’s standards; first agency up and running in the new Department of Homeland Security Data Center. Awarded ISSO of the year by the Department of Homeland Security. Served as active member of Change Control Board with voting rights on any system changes such as firewall rules, configuration files and hardware changes.
Vice President of Operations – JAD Corporation, Norcross, GA (2003 to 2009)
Assigned to the National Guard Bureau (NGB) as their Project Manager during company’s conduction of an asset inventory of all NGB IT assets across the 50 states and four territories. Facilitated interface with the inventory team and NGB. Played key role in deciding to store data collected into searchable online database; once database deployed, ensured that system was documented and accredited by developing all necessary documentation required. Acted as Principal writer of security documentation and “building” a small business practice to offer security assessment services to other groups such as the Department of Agriculture and the National Geological Survey, which led to company’s diversification and development of Managed Services offering for small-to-medium businesses that included a security operations center providing 24/7 client monitoring.
Owner – NTSim – Alexandria, VA (1999 to 2003)
Launched this startup that developed a simulation modeling tool that predicted response times and resource utilizations in a MS Active Directory Network; joint venture included team of developers from the U.K. and a directory services company from Phoenix, while personally serving as simulation modeling SME. Coordinated all team components to ensure optimum system functionality.
John W. Brown, Page Four TECHNICAL INVENTORY Software: Microsoft Office, Microsoft Project, Microsoft Visio, LogRythm, SolarWinds, OpNet, RiskVision, CSAM, Qualys Guard, Nessus, McAfee Vulnerability Manager, Service Desk Manager, Tivoli, BMC Remedy, SalesForce, McAfee ePO Hardware: Dell Servers and laptops, HP Servers and laptops Programming: Visual Basic Operating Systems: Windows Servers 2003/2008/2012, Windows 98/2000/ME/XP/Vista/7 and 8, Apple iOS Data Management: SQL, DB2, Oracle CompTIA Security+ Certification Currently Matriculating at American Military University – Major BS in Information Security/Enterprise Security Expected graduation – May 2016.