Alex-Michael Eddings

Served as an IT Consultant specializing in NIST and RMF compliance within Azure cloud environments, supporting clients across DoD, Federal, and Commercial sectors. Led the development of Authority to Operate (ATO) packages in the cloud, executing thorough risk assessments, policy configurations, and security compliance evaluations. Created an organizational process that reduced ATO package creation time by up to 50% and increased success rate. Established an in-house training program to promote knowledge transfer and consistent ATO support across teams. Leveraged extensive expertise with Azure tools and Azure FedRAMP documentation to ensure effective control inheritance and compliance.

Managed Special Access Program (SAP) security for compliance with NIST 800-53 Rev 4 and JSIG. Successfully researched, configured, and implemented a cost-effective SIEM system for centralized logging and event management. Developed and delivered comprehensive SAP training programs to site personnel, ensuring both technical and non-technical staff maintained compliance awareness. Authored organizational policies, architectural documentation, and project tracking tools to streamline RMF and project compliance efforts.

Proficient Information Assurance Engineer with extensive experience managing security operations and ensuring regulatory compliance. Fine-tuned and maintained an IBM QRadar SIEM for over 1,000 hosts, enhancing threat detection and response capabilities. Developed a comprehensive Organizational Contingency Plan and coordinated an enterprise-wide functional exercise in line with NIST 800-37, reinforcing organizational resilience. Conducted detailed reviews of NIST 800-53 Rev 4 controls for compliance, and performed system hardening and technical security assessments across Windows 10, Windows Server 2016, and Red Hat Enterprise Linux environments. Leveraged advanced Excel power queries and macros to streamline data analysis for more efficient decision-making.

Performed over 30 Authority to Operate (ATO) audits for Department of Defense (DoD) System raging in Security Classifications. Conducted in-depth technical configuration reviews of over than 500 devices, including workstations, servers, and networking equipment, to validate security posture and compliance. Diligently assessed organizational policies, such as Incident Response, Continuity of Operations, and System Security Plans (SSPs), for risk and adherence to standards. Evaluated system and architectural documentation to ensure security accuracy and operational effectiveness, and produced management reports detailing risks and recommending mitigation actions.

Conducted comprehensive RMF Security Assessments and authored Security Assessment Reports (SAR) for over 18 DoD enterprise systems and networks. Utilized Security Content Automation Protocol (SCAP) and Secure Technical Implementation Guidance (STIG) standards to enhance security across multiple platforms, including Windows workstations and servers, McAfee Host-Based Security System (HBSS), Layer 2/3 network infrastructure, and SQL/Oracle databases. Provided on-site support to OCONUS clients and delivered high-level security briefings to executive leadership.

Served as the primary security officer for multiple networks across various classification levels, ensuring comprehensive security management and compliance. Developed critical documentation, including network architecture diagrams, Memorandums of Understanding (MOU), Functional Support Agreements (FSA), Memorandums for Record (MFR), and Plan of Action and Milestones (POA&Ms), to accurately represent and maintain the security posture of Information Systems (IS) and networks. Configured, updated, and managed the vulnerability management program using Assured Compliance Assessment Solution (ACAS) to identify and mitigate security risks. Acted as Alternate Network Administrator, supporting System Administrators with technical tasks and network maintenance as needed.

Conducted Certification and Accreditation (C&A) activities in alignment with NIST 800-37 standards for multiple systems, utilizing Governance, Risk, and Compliance (GRC) Tools like Xacta to streamline compliance processes. Responded promptly to Information Security Vulnerability Management (ISVM) notifications, ensuring that information systems adhered to TSA and DHS MD 4300 IT policies. Developed detailed architectural diagrams in accordance with DHS guidelines to accurately represent system security configurations. Collaborated with third-party service providers and leveraged FedRAMP standards to ensure compliance of cloud services, enhancing the overall security posture of the organization.

Served as the Senior ISSO and Network Administrator for the Battle Lab at Fort Huachuca, overseeing the security and operational integrity of network systems. Configured and managed various Cisco switches and routers, implementing VPNs, VTP, ACLs, VLANs, DHCP, multicast, port security, and routing protocols (EIGRP/OSPF). Utilized tools such as Wireshark and Multicast Hammer to analyze and inspect network traffic effectively. Acted as the incident response manager, conducting Continuity of Operations (COOP) and incident response training and exercises to prepare teams for potential security incidents. Led a team of seven ISSOs, providing guidance, mentorship, and oversight to ensure compliance with security standards and consistency across operations. Played a pivotal role in the acquisition of multiple Authorities to Operate (ATOs), significantly enhancing the organization’s security posture.

Conducted automation systems support for the 80th Training Command, ensuring the seamless operation of information technology systems. Supervised, installed, operated, and performed unit-level maintenance on multi-functional and multi-user information processing systems, as well as peripheral equipment and associated devices in both mobile and fixed facilities. Simultaneously executed analyst and information assurance functions to maintain system integrity and security. Deployed and redeployed system images in accordance with the Army Gold Master program, ensuring compliance with Army standards. Analyzed unresolved trouble tickets to identify and resolve system problems effectively. Managed over 800 information systems valued at more than $860,000 in Active Directory, demonstrating strong responsibility for critical IT assets.