Daniel Elder
Frederick,MD
Summary
A senior Cyber Security professional with a broad range of skillsets and strong technical background with 20+ years' military and government experience in the Information Technology and Cyber Security field.
Overview
20
20
years of professional experience
2
2
Certification
Work History
Sr Cyber Security Engineer
Sinclair Broadcast Group
03.2023 - Current
- Successfully built out and implemented solutions for a comprehensive Application Security Program to include implementing software to support Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA)
- Provided Sinclair leadership an effective and measurable way to analyze and improve Sinclair's Application Security Program utilizing OWASP Software Assurance Maturity Model (SAMM)
- Developed enhanced metrics and reporting mechanisms to track vulnerabilities using a custom developed weighted risk scoring and risk heat map for over 200 broadcast stations over time, supporting data-driven decision-making processes within the Sinclair Enterprise
- Contributed meaningfully towards the development of company-wide policies surrounding data privacy and information handling procedures and provided Proof of Concept (POC) and Proof of Value (POV) evaluations of software solutions needed to support ongoing initiatives
- Evaluated third-party tools and services and assisted Sinclair Governance, Risk and Compliance (GRC) department with conducting Third Party Risk Assessments (TPRA) to bolster network and application defenses proactively
- Conducted regular audits of applications and systems, ensuring compliance with industry standards and regulatory requirements
- Championed security best practices throughout the software development lifecycle, increasing protection measures across all projects consistently
- Exceeded team and individual risk reduction OKRs/KPIs by reducing total vulnerability counts by 50% over past year
- Streamlined vulnerability management processes by collaborating with cross-functional teams to establish clear lines of communication regarding security concerns and expectations.
Sr Cyber Security Engineer - DevSecOps
ManTech
06.2020 - 07.2022
- Implemented and managed automation of source code scanning within JMLFDC Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing products such as Fortify Software Security Center, Static Code Analyzers, GitBlit, Nexus3, and Jenkins build automation
- Responsible for managing, coordinating, and conducting “white box” penetration testing and Dynamic Application Security Testing (DAST) using Burp Suite Pro to identify OWASP Top 10 vulnerabilities within JMLFDC developed web applications
- Provided comprehensive reporting, and remediation recommendations to application developers
- Responsible for conducting Static Application Security Testing (SAST) of JMLFDC developed source code to ensure code quality is consistently maintained and to identify critical flaws earlier in development processes
- Responsible for automation of vulnerability and compliance scanning utilizing Assured Compliance Assessment Solution (ACAS), Nessus Network Monitor, and Nessus Agents within JMLFDC IT infrastructure
- Developed comprehensive reports and dashboards to aid Program Managers, Operations, and development teams to quickly identify and mitigate newly discovered vulnerabilities
- Participated in open collaboration between government leadership, Scrum masters, Program Managers, Engineering and Development teams to ensure Secure Software Development Life Cycle (SDLC) was being “baked” into JMLFDC development processes
- Specific contributions made included automation of source code scanning performed on nightly builds and 4 week sprints, automation of OWASP Dependency-Check with Jenkins automation, security reviews of new and existing Open Source products
- Selected for promotion to Deputy Director of Operations for exceptional performance
- Led JMLFDC command through successful Command Cyber Readiness Inspection (CCRI) performed by external auditing team
- Provided technical guidance to Information System Security Officers (ISSO) during two Certification and Accreditation (C&A) efforts resulting in multiple ATO's for systems under review.
Cyber Security Engineer
Universal Consulting Services
08.2019 - 06.2020
- Senior technical SME responsible for assessing security standards during assessment and authorization activities and keeping Information System Security Officer's (ISSO) apprised of overall posture of security
- Recommended strategic remediation measures based upon DoD Risk Management Framework (RMF), DISA Security Technical Implementation Guides, NIST guidelines, and vendor best practices
- Conducted vulnerability assessments of applications and reviewed results with government leadership, program managers and development teams
- Collaborated with web application administrators and developers to prioritize vulnerabilities and validate high risk vulnerabilities and develop remediation action plans
- Provided continuous monitoring and vulnerability analysis for all systems within the JMLFDC IT infrastructure
- Identified vulnerabilities posing a high risk and communicated them to the appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.
Cyber Security Engineer
Integration Resolve
09.2017 - 08.2019
- Responsible for Infrastructure and application vulnerability scanning and assisted in remediation efforts with system administrators and application developers
- Provided technical guidance in proper application of data encryption, key management, Public Key Infrastructure (PKI)
- Ensured all JMLFDC assets and applications were in adherence with DoD authentication policy and required STIG settings
- Responsible for the installation, configuration, and management of Cyber Security servers and application
- Managed security software such as Fortify Software Security Center, Static Code Analyzers, Burp Suite Pro, and Assured Compliance Assessment Solution (ACAS)
- Primary Cyber Security POC for assessing Commercial Off The Shelf (COTS) products that came through the JMLFDC Product Evaluation Process (PEP)
- This included initial review of known vulnerabilities associated with product, ensuring software showed no evidence of malicious behavior, and establishing baseline of products with “before” and “after” vulnerability scan results before giving recommendation for approval.
Cyber Security Engineer
CACI
02.2013 - 04.2017
- Developed customized ACAS audits based off of DISA STIGs and fully automated the manual STIG checks which resulted in a reduction of audit review time in excess of 1000% versus manual STIG review
- Scan team lead and subject matter expert in the areas of vulnerability scanning, compliance auditing, web application scanning, and database scanning
- Responsible for the implementation of the Assured Compliance Assessment Solution (ACAS) as well as App Detective within the JMLFDC organization.
Information System Security Manager
U.S. Navy - Civilian GS-13
08.2011 - 02.2013
- Provided Information Assurance oversight for Naval Medical Research Units (NMRU) worldwide
- Ensured local and remote facilities complied with DoD Information Assurance policies and met Computer Tasking Order (CTO) deadlines
- Performed stopgap duties as CIO more than a year alongside duties as the Information System Security Manager which resulted in a direct promotion of a full pay grade for accomplishments achieved during that timeframe
- Performed/oversaw the remediation of over 20,000 vulnerabilities at local and remote sites which resulted in an Authorization to Operate (ATO) for the Naval Medical Research enclave
- Developed, implemented, and maintained key IT documentation such as Disaster Recovery Plan (DRP), Incident Response Plan (IRP), Continuity of Operations Planning (COOP), Change Control Board (CCB), as well as the Information Assurance Vulnerability Management Plan (IAVM).
Education
Some College (No Degree) - Cybersecurity
University of Maryland Global Campus
Adelphi, MDSkills
- Risk Management Framework (RMF)
- Network Vulnerability Scanning
- Compliance Auditing
- Information Assurance Vulnerability Management (IAVM)
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
- Plan of Action and Milestones (POAM)
- CI/CD
- Secure SDLC
- NIST Special pubs
- DISA STIGs/CIS Benchmarks
- OWASP Top 10
- Ports, Protocols, Services Management
- Web Server/System Hardening
- Security Architecture Design
Certification
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
Security Clearance
DoD Secret (Inactive)
Timeline
Sr Cyber Security Engineer
Sinclair Broadcast Group
03.2023 - Current
Sr Cyber Security Engineer - DevSecOps
ManTech
06.2020 - 07.2022
Cyber Security Engineer
Universal Consulting Services
08.2019 - 06.2020
Cyber Security Engineer
Integration Resolve
09.2017 - 08.2019
Cyber Security Engineer
CACI
02.2013 - 04.2017
Information System Security Manager
U.S. Navy - Civilian GS-13
08.2011 - 02.2013
Some College (No Degree) - Cybersecurity
University of Maryland Global Campus