Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Work Availability
Work Preference
Timeline

Brian Cunningham

Sterling

Summary

Experienced cybersecurity and IT professional with over 15 years of leadership in government and media industries. Blending technical expertise with strategic business acumen to drive enterprise-wide security improvements. Proven success in developing and implementing strong cybersecurity strategies, building high-performing teams, and aligning with corporate risk, compliance, and operational goals. Skilled in managing large projects, improving incident response capabilities, and navigating complex regulatory frameworks.

Overview

15
15
years of professional experience
4
4
Certification

Work History

Director of Information Security

Radio Free Asia (RFA)
11.2022 - Current
  • Executive leader overseeing all cybersecurity and IT operations for a global news organization in a high-threat environment.
  • Developed and executed RFA’s enterprise-wide cybersecurity strategy, aligned to NIST CSF and ISO 27001, strengthening the organization’s overall security posture and ensuring regulatory alignment.
  • Increased Cyber Insurance Score by 20+ points in one year, reducing organizational risk and premium costs.
  • Appointed Acting CTO during executive absences — advising senior leadership on enterprise IT strategy, security investment planning, and operational resilience.
  • Briefed RFA Board of Directors and C-suite executives quarterly regarding current and future cyber security and IT activities.
  • Vice Chair of Radio Free Asia Security Council
  • Designed and implemented 3-year cybersecurity and IT modernization roadmap, aligned with executive risk tolerance and operational growth.
  • Onboarded critical enterprise capabilities including Single Sign-On (SSO) and Managed Detection & Response (MDR), reducing time-to-detect by 40%.
  • Directed incident response efforts across the organization, reducing dwell time and improving mean-time-to-respond by 35%.
  • Spearheaded the overhaul of network architecture and physical infrastructure — resulting in 99.9% uptime, enhanced segmentation, and improved access control.
  • Led cross-departmental risk assessments and governance efforts, driving security culture and awareness training programs that improved staff phishing test performance by 60%.
  • Established organization-wide "Do Not Buy" list and Approved Technology Inventory, mitigating supply chain risks.
  • Oversaw policy lifecycle management and risk reporting to executive leadership, aligning operational risk to RFA’s strategic goals.
  • Led the integration of cloud platforms (AWS and Google Private Cloud) into the organization's IT infrastructure, resulting in a 70% improvement in system efficiency and scalability.
  • Technical and Cybersecurity Lead on AI/ML systems evaluation and integration.
  • Enhanced company-wide security by developing and implementing comprehensive information security programs and strategies.
  • Championed information security culture throughout the organization through regular presentations, workshops, and internal marketing campaigns.
  • Liaised with other departments to minimize network interruptions and possible downtimes.
  • Wrote strategic business plans outlining need for departmental information technology resources.
  • Oversaw development and implementation of improvements to support network operations.
  • Coordinated secure system access of users to various department systems and platforms.
  • Analyzed network security and current infrastructure, assessing areas in need of improvement.
  • Implemented and maintained technology and software budget.
  • Optimized budget allocation for information security projects by prioritizing initiatives based on risk levels and potential impact on business operations.
  • Led cross-functional teams in addressing complex security challenges, fostering an environment of collaboration and innovation that drove continuous improvement in information security processes.
  • Strengthened the organization''s security posture with thorough risk assessments, identifying potential threats and vulnerabilities.
  • Spearheaded vendor risk management initiatives by evaluating third-party providers'' security controls to protect sensitive company data effectively.
  • Streamlined communication channels between departments regarding information security issues and incident updates, fostering a collaborative environment.
  • Stayed current with emerging trends in cybersecurity through active participation in industry conferences, webinars, networking events, and research publications sharing insights within the team as well as contributing to thought leadership pieces in external forums.

Deputy Chief of Operations / Deputy Branch Chief (Acting)

Defense Information Systems Agency (DISA)/ Joint Forces Headquarters - Department of Defense Information Network (JFHQ-DODIN)
06.2022 - 11.2022
  • Team Leader responsible for security, operation, and defense of the DODIN in support of combatant command, service, agency, and field activity missions.
  • Lead team of cyber analysis, intel specialists, and technical experts.
  • Collects and aggregate information, conduct analyze, recommend mitigation strategies, direct actions, track results
  • Brief results and analysis to senior leadership.
  • Framing threats, vulnerabilities, and information in terms of risks to the mission.
  • Developed input into various daily, weekly, monthly, and quarterly briefings
  • Directed coordination and collaboration across all DODIN J-codes and the other 45 DoD organizations.
  • Supports crisis action planning by providing situational information awareness environment with a primary focus on contingency operations
  • Oversee approximately 30 civilian, military, and contractor personnel.
  • Hosted meeting across multiple organizations with various leadership level engagement.
  • Monitored daily functions of security operations center watch floor.
  • Established strong working relationships with external partners for successful collaboration on joint initiatives.
  • Optimized workflow processes by identifying bottlenecks and implementing innovative solutions that improved overall operational effectiveness.

IT Specialist (InfoSec) / Information System Security Manager

Defense Information Systems Agency (DISA)
08.2019 - 11.2022
  • Fosters awareness of security issues among senior leadership and ensuring thorough security principles are reflected in DISA’s National Leadership Command Capability (NLCC) Services and Infrastructure Office (NSIO) visions and goals.
  • Develop and update business continuity (BC), continuity of government (COG), continuity of operations (COOP) and disaster recovery (DR) plans
  • Insured systems within purview complied with all relevant TASKORD, OPORD’S, STIGs, and IAVM
  • Confirms the confidentiality, integrity, and availability of systems, networks, and data. This includes verifying compliance with assessment and authorization standards and procedures along with oversight of planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
  • Provides technical, and analytical advice to the staff and mission support partners
  • Develops, updates, and implements policies and procedures to ensure information systems reliability and accessibility, and to prevent and defend against unauthorized access to systems, networks, and data.
  • Conducts routine risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs, in accordance with NIST 800-53 Rev. 4, DISA STIG, FISMA, FIPS, CNSSI 1253, ICD 705, and ICD 503 guidelines
  • Created Plans of Actions and Milestones (POA&M’s) for tracking timeline of accreditation process status
  • Approving participant in the change management process and assess security impact of proposed changes.
  • Develops risk analysis for new and current information systems and networks to identify risks inherent in the design and countermeasures installed or required.
  • Provides technical reports to management that illustrate the status of the security products of systems under evaluation.
  • Coordinate Independent Verification and Validation (IV&V) activities for systems in my purview
  • Confirmed all information systems (IS) are maintained, operated, and disposed of in accordance with (IAW) JAFAN & JSIG policy
  • Active experience in PL-3 and PL-4 environments
  • Information Assurance/ Technical Lead for Insider Threat / User Activity Monitoring capability, and validate compliance with DoDI 5240.26.
  • Assisted in sustainment of ongoing User Activity Monitoring solution across the NSIO portfolio resulting in improved security posture.
  • Incident response and management
  • Drove root cause analysis (RCA) and remediation plans based on notifications of incidents and events
  • Utilize ITIL Process Management for execution and planning of cyber and IT improvements
  • Recommend information security solutions to support customers’ requirements
  • Routinely utilize NIST 800-171 and ISO 27001/2 standards as part of daily job duties
  • Understanding of DFARS 252.204-7012 and Cybersecurity Maturity Model Certification (CMMC) in relation to contract requirements development
  • Provides technical leadership to mission support and partners
  • Lead, manage and distribute workflows for supporting contractor staff
  • GG-13 (This is a federal job)

Information Security Specialist, Senior / Information System Security Manager

ManTech International Corporation
05.2018 - 08.2019
  • Confirms the confidentiality, integrity, and availability of systems, networks, and data. This includes verifying compliance with assessment and authorization standards and procedures along with oversight of planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
  • Provides technical, and analytical advice to the staff and mission support partners
  • Develops, updates, and implements policies and procedures to ensure information systems reliability and accessibility, and to prevent and defend against unauthorized access to systems, networks, and data.
  • Conducts routine risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs, in accordance with NIST 800-53 Rev. 4, DISA STIG, FISMA, and FIPS.
  • Created Plans of Actions and Milestones (POA&M’s) for tracking timeline of accreditation process status
  • Approving participant in the change management process and assess security impact of proposed changes.
  • Coordinate Independent Verification and Validation (IV&V) activities for systems in my purview
  • Develops risk analysis for new and current information systems and networks to identify risks inherent in the design and countermeasures installed or required.
  • Coordinate Independent Verification and Validation (IV&V) activities for systems in my purview
  • Fosters awareness of security issues among senior leadership and ensuring thorough security principles are reflected in DISA’s National Leadership Command Capability (NLCC) Services and Infrastructure Office (NSIO) visions and goals.
  • Provides technical reports to management that illustrate the status of the security products of systems under evaluation.
  • Confirmed all information systems (IS) are maintained, operated, and disposed of in accordance with (IAW) JAFAN & JSIG policy
  • Active experience in PL-3 and PL-4 environments
  • Source of knowledge for network technologies and protocols, this fostered better understanding of networking with fellow information security colleges.

Network Engineer

CACI International Inc.
09.2017 - 05.2018
  • Team lead for upgrades and decommissioning
  • Upgraded and/or replaced State Army National Guard telecommunications systems with Cisco
  • Decommission Avaya, Nortel, and other various legacy PBXs
  • Configured and installed Cisco 4300 series routers and Analog Voice Gateway (VG350, VG310)
  • Took all upgraded devices to STIG compliance requirements
  • Upgraded Cisco Call Manager (CUCM) from prior version to version 11.5
  • Upgraded Cisco Unity Connection (CUC) from prior version to version 11.5
  • Built virtualized instances of CUCM and CUC per requirements of work using VMware 6.0 or 6.5
  • Configured routers for PSTN circuits (PRI, T1, SIP, analog, FXO, FXS)
  • Cut over PSTN circuits
  • Knowledge of Voice protocols H.323/SIP/MGCP/SCCP

Network Technician, Mid. Site Lead

AT&T Global Business - Public Sector
09.2016 - 09.2017
  • Managed a team of 10 spread across multiple high visibility sites
  • Appointed as a temporary regional lead in times of their absence
  • Supported 50 Navy site, approximately 35,000+ users
  • Provide solutions for complex problems utilizing expertise
  • Primary point of contact NMCI Network for Washington Navy Yard
  • Read DIACAP and RMF packages for new site and buildings activations
  • Conducted periodic reviews of equipment to insure NIST SP 800-53, FIPs and FISMA compliance
  • Provide frequent written and oral reports to senior leadership and customers
  • VoIP system server centralization and large-scale migration project site contact
  • Oversee network and equipment upgrades to include IOS and configuration changes
  • Analyzed expanding network, and implemented wireless communication
  • Experience in troubleshooting various protocols used in network connectivity such as MPLS, BGP, OSPF, EIGRP, TCP/IP, VPN’s, DNS and VLAN
  • Cisco VoIP Call manager and Unity server system management
  • Daily VoIP user management for 800+ users
  • Continued support of Navy NGEN/ NMCI network contract

Network Technician, Site Lead

AT&T Global Business - Public Sector
12.2015 - 09.2016
  • Lead and managed team of four (4)
  • Training of less experienced employees and new hires
  • Managed a team of three spread across multiple sites
  • Oversaw migration of WAN links to new service provider
  • Mentor junior team members in handling daily work tasks.
  • Assists in the development and maintenance of network communications
  • Supported 40 Navy site, approximately 20,000+ users
  • Continued support of Navy NGEN/ NMCI network contract

Network Technician, Junior

AT&T Global Business - Public Sector
05.2015 - 12.2015
  • Supported Navy NGEN/ NMCI network
  • VoIP system management
  • Troubleshoot fiber and Cat5e/6
  • Wireless Lan site surveys
  • Support problem, change, and availability management
  • Responds for requests for new or expanded network services
  • Support implementation and maintenance of network design
  • Repair, and/or reconfiguring network services
  • Create new and modifying existing network interfaces
  • Cisco Router, Cisco Switch and Brocade switch configuration

Network Technician, Junior

INSIGHT GLOBAL
03.2015 - 05.2015
  • Supported Navy NGEN/ NMCI network
  • Collaborated with AT&T on network issues
  • Support problem, change, and availability management
  • Responds for requests for new or expanded network services
  • Repair, and/or reconfiguring network services

Education

Master of Science - Cybersecurity

University of Maryland Global Campus, Adelphi, MD
05.2016

Bachelor of Science - Interdisciplinary Studies

Virginia Polytechnic Institute And State University, Blacksburg, VA
12.2008

Minors: Business, Psychology

Skills

  • Executive-level security oversight
  • Cybersecurity risk management
  • Strategic planning
  • Strategic policy creation for enterprises
  • Incident management expertise
  • Supplier risk evaluation
  • FISMA, CMMC, GDPR, and HIPAA compliance
  • Cost optimization strategies
  • Cloud and infrastructure protection
  • Contract negotiation
  • Cybersecurity planning
  • Threat data assessment
  • Cybersecurity awareness education
  • Business continuity strategy

Accomplishments

Led a comprehensive 3-year cybersecurity and IT modernization initiative that included overhauling the organization’s secure media distribution systems

Certification

  • CompTIA CASP+, Security+, Network+, A+
  • Cisco Certified Network Associate (CCNA) – Expired

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Work Preference

Work Type

Full TimeContract Work

Work Location

HybridRemoteOn-Site

Timeline

Director of Information Security - Radio Free Asia (RFA)
11.2022 - Current
Deputy Chief of Operations / Deputy Branch Chief (Acting) - Defense Information Systems Agency (DISA)/ Joint Forces Headquarters - Department of Defense Information Network (JFHQ-DODIN)
06.2022 - 11.2022
IT Specialist (InfoSec) / Information System Security Manager - Defense Information Systems Agency (DISA)
08.2019 - 11.2022
Information Security Specialist, Senior / Information System Security Manager - ManTech International Corporation
05.2018 - 08.2019
Network Engineer - CACI International Inc.
09.2017 - 05.2018
Network Technician, Mid. Site Lead - AT&T Global Business - Public Sector
09.2016 - 09.2017
Network Technician, Site Lead - AT&T Global Business - Public Sector
12.2015 - 09.2016
Network Technician, Junior - AT&T Global Business - Public Sector
05.2015 - 12.2015
Network Technician, Junior - INSIGHT GLOBAL
03.2015 - 05.2015
University of Maryland Global Campus - Master of Science, Cybersecurity
Virginia Polytechnic Institute And State University - Bachelor of Science, Interdisciplinary Studies

Similar Profiles

CREATE PROFILE
Brian Cunningham