Samuel Aldrich
Gainesville,VA
Summary
I am Cybersecurity professional that has a TS/SCI Security Clearance with a Counterintelligence (CI) Polygraph extensive experience in the DoD & Federal Government, specializing in directing Policy & Cybersecurity Frameworks. I've 15 years of experience managing multiple large teams across various specialties and backgrounds, nationalities, branches of the military, and Intelligence Community agencies located around the world.
I bring specialized experience with Confidentiality, Integrity, and Availability (CIA), NIST SP-800 series, ICD 503, CNSSI 1253, National Reconnaissance Office (NRO)/U.S. Air Force (USAF) cybersecurity policies, and three Risk Management Framework accreditation tools. I've attained a Security+ and currently maintain a Certified Information System Security Professional (CISSP).
Overview
11
11
years of professional experience
1
1
Certification
Work History
Senior Information System Security Engineer
Vertekal
05.2024 - Current
- Manage RMF accreditation packages for a software development pipeline, enforcing SAST, container scanning, and others by conducting reviews of CVEs or other vulnerabilities during software merges.
- Building Security Testing for new Features and implementing RMF security control requirements into the software being developed.
- Working in AWS GovCloud, coordinating implementation of NIST 800-53 Security Controls, CIS Benchmarks, AWS Best Practices, STIGs, and Vulnerability/CVE remediation in an Agile team environment with Developers and System Engineers through Jira ticketing and documentation within Confluence.
- Conducting Continuous Monitoring through the use of ACAS Security Center, Splunk, AWS Guard Duty, AWS CloudTrail, AWS Inspector, and AWS SecurityHub.
Directorate Information System Security Manager (ISSM)
National Reconnaissance Office (NRO)
09.2021 - 05.2024
- Led a team of 13 members responsible for RMF cybersecurity governance, assessment, and accreditation (A&A) against NIST SP 800-53 on 390+ IT Systems across 3 classification domains.
- Provides Technical guidance and Site Inspections to 80+ Industry Partner teams on NRO Instructions, Policies, and Directives to achieve an Authority-To-Operate (ATO).
- Implements Enterprise Cybersecurity initiatives, Security Information and Event Management (SIEM) tools such as Splunk & ACAS, and influences/develops NRO security policy guidance.
- Recent efforts include building Agile DevSecOps Continuous Integration/Continuous Delivery (CI/CD) pipeline security policies and participating in Intelligence Community (IC) and Department of Defense (DoD) Software Bill of Materials (SBOM)/Supply Chain Risk Management (SCRM) policy working groups.
Director - IT Operations
U.S. Air Force
12.2020 - 08.2021
- Led 14 work centers with 74 members across Network Administration, Client Services, IT Asset Management, Mobile Satellite Communications, Radio Operations, System Administration, Tier 1 & 2 Help Desk, Cyber Blue Team, VOIP & POTs, and Cable Transport.
- Coordinated with Major Command (MAJCOM) HQ to build/install IT infrastructure through installations of servers, clients, phones, copper/fiber network cabling, and power backup systems to bed down 2 new F-35 Fighter Squadrons.
- Providing high level IT status briefs to Base Commanders and Directors on project progress, personnel status, and MAJCOM cybersecurity inspections.
Director - IT Security & Plans
U.S. Air Force
05.2018 - 11.2020
- Led a team of 21 personnel across IT Plans/Programs, Cybersecurity Office, Communications Security & Records Management
- Headed the administration of the Risk Management Framework (RMF) documentation into eMASS to include System Security Plans (SSP)s, Continuity Of Operations Plans (COOP), ACAS Vulnerability Scanning, Communications Security (COMSEC), TEMPEST Inspections, and Records Management.
- Governed Risk Management network accreditation, auditing, SCIF TEMPEST inspections, and developing/implementing future IT projects, FOUO requests, and coordinating accrediting agency inspections for the network across 3 classification domains.
Cybersecurity Section Manager
U.S. Air Force
06.2017 - 04.2018
- Led a 6 member team responsible for developing RMF accreditation documentation, system auditing, security configuration, user training, vulnerability management, and overall cybersecurity policy for 7 Top Secret IT systems used by 18 IC agencies and the lead Air Force Intelligence, Surveillance, and Reconnaissance (ISR) Operations Center.
- Provided oversight of network circuits and critical systems while providing briefs to top Air Force leadership, including the Chief of Staff of the USAF.
- Developed Authority-To-Operation (ATO) accreditation documentation per ICD 503 and NIST SP 800-53 to take 2 systems through 6 steps of the RMF. RMF packages lauded by the accreditation team as the "benchmark" for similar AF and IC systems.
Information System Security Officer
U.S. Air Force
06.2014 - 05.2017
- Achieved Interim Authority-To-Operate (IATT) & subsequent ATO for 7 Top Secret Systems by writing policy & implementation for 3,000+ security controls in SSPs.
- Maintain A&A through the Xacta RMF tool by auditing, providing account management, and overall information assurance & ATO documentation for 7 Top Secret IT systems utilized by the U.S. Intelligence Community.
- Implemented a data transfer program between JWICS, SIPRNet, NIPRNet domains
- Coordinated Security Clearance renewals, site visits requests, and physical security inspections as a Facility Security Officer for a unit of 84 personnel.
Education
Associate of Science - Logistics/Business Administration
Community College of the Air Force
100 S. Turner Blvd, Montgomery AL 3611405-2016
Associate of Science - Information Systems Management
Community College of the Air Force
100 S. Turner Blvd, Montgomery AL 3611405-2016
Bachelor of Arts - Business Administration
University of Arizona - Global Campus
180 South Arizona Avenue, Chandler AZ, 8522509-2012
Skills
- Risk Management Framework (RMF) and Cybersecurity Frameworks
- GRC Tools ServiceNow, Xacta, & eMASS
- Policy Development
- Software Lifecycle Security - DevSecOps
- Risk Assessments
- System Security Plan (SSP) Development
- Vulnerability Management
- Governance & Compliance
- Configuration Management
Certification
Certified Information System Security Professional (CISSP) ISC2 ISC2 Member ID535431 - Attained April 2016
Software
eMASS
Xacta
ServiceNow (SNOW)
Assured Compliance Assessment Solution (ACAS)
Confluence
JIRA
SharePoint
Custom Section
Top Secret/SCI with Counter-Intelligence (CI) Polygraph
Timeline
Senior Information System Security Engineer
Vertekal
05.2024 - Current
Directorate Information System Security Manager (ISSM)
National Reconnaissance Office (NRO)
09.2021 - 05.2024
Director - IT Operations
U.S. Air Force
12.2020 - 08.2021
Director - IT Security & Plans
U.S. Air Force
05.2018 - 11.2020
Cybersecurity Section Manager
U.S. Air Force
06.2017 - 04.2018
Information System Security Officer
U.S. Air Force
06.2014 - 05.2017
Associate of Science - Logistics/Business Administration
Community College of the Air Force
Associate of Science - Information Systems Management
Community College of the Air Force
Bachelor of Arts - Business Administration
University of Arizona - Global Campus
Similar Profiles
Samuel RiveroSamuel Rivero
Employee at Valentino's PizzaEmployee at Valentino's Pizza
Madison Mano'oMadison Mano'o
LifeCafe Supervisor at Lifetime Fitness CafeLifeCafe Supervisor at Lifetime Fitness Cafe
Ayana OldsAyana Olds
Bartender at Buffalo Wild WingsBartender at Buffalo Wild Wings
Joshua GrimsleyJoshua Grimsley
Journeyman Inside Wireman at IBEW Local 26Journeyman Inside Wireman at IBEW Local 26
Kevin JacksonKevin Jackson
Senior Information System Security Engineer at United States ArmySenior Information System Security Engineer at United States Army