Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

BRIAN DIAZ

Chelmsford,MA

Summary

Executive information security professional with experience as a federal Security Control Assessor, Cybersecurity Site Lead within the defense industrial base, and in military IT system communications as a U.S. Marine Officer. Trained as an expeditionary strategic planner in IT operations, and technical network architecture implementation within the military communications field. Result oriented problem solver with a proven record of flexibility and adaptability in either a tactical or administrative capacity. Capable of executing a myriad of assignments. Proven track record of managing and leading diverse teams, including overseeing cyber and IT professionals supporting over 4,000 users, and directly leading over 150 personnel in both military and private sector.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Chief Information Security Officer (CISO)

Specter Aerospace
Greater Boston, MA
12.2022 - Current
  • Developed and established both information security and industrial security programs from the ground up, ensuring tailored protection across the enterprise and collateral environments
  • Established all corporate cybersecurity and industrial security policies, procedures, and System Security Plans that a to include all NIST 800-53 rev 4, Rev 5, NIST 800 171, CMMC Level 2 and 32 CFR Part 117 NISPOM requirements
  • Developed a Security Operations Center capability to ensure internal and external monitoring and incident response is executed
  • Oversee all security incidents, threat intelligence, and vulnerability management programs
  • Developed the company’s security training program and established a baseline that fosters a culture of security awareness across all levels of staff
  • Collaborate daily with senior staff or stakeholders within the company to establish a strategic security program outlook that align to business objectives and goals
  • Work directly with engineering staff to enable innovation while remaining compliant and implementing security best practice to maintain a high-level security posture
  • Manage all efforts to procure, migrate, and integrate cybersecurity software solutions for both enterprise and collateral environments, to include Rapid7, Palo Alto, Microsoft GCC High, and Jira, to enhance the organization's security posture and capabilities
  • Managed the company’s continuous monitoring strategy for both enterprise and collateral secret environments
  • Manage all cybersecurity budget and resources for the organization
  • Communicate all security risks to executive and senior management
  • Manage and led all government cybersecurity and industrial assessments which resulted in obtaining successful accreditations in both information security and an open storage area
  • Oversaw and led the corporate facility relocation, security construction, and IT infrastructure build with a staff of IT engineers
  • Engage with internal and external stakeholders to conduct comprehensive IT security assessments, ensuring ongoing compliance and risk management
  • Manage all security risk profiles and align it to business and program goals and objectives
  • Serve as the Information System Security Manager (ISSM) and Facility Security Officer (FSO) in managing all compliance and government related objectives within the NISPOM
  • Worked with the Cognizant Security Office or assessment teams to establish security in depth, NISP, and NIST RMF compliance for the organization
  • Established and managed the organization’s insider threat program and established a risk profile for potential threats

Owner, Principal Advisor

Ascend Compliance Solutions LLC
MA, NH, ME, RI
01.2023 - Current
  • Founded and operate Ascend Compliance Solutions, providing specialized consulting in NIST RMF, NISPOM, and CMMC compliance to defense contractors and organizations in the Defense Industrial Base (DIB)
  • Develop and implement tailored security programs to meet client needs, including building and supplementing policies, procedures, and technical controls to align with regulatory requirements
  • Deliver Compliance-as-a-Service (CaaS) solutions, ensuring clients maintain continuous compliance with evolving federal mandates and industry standards
  • Advise C-level executives on strategic security initiatives, aligning business objectives with compliance and risk management strategies to enhance organizational resilience
  • Prepare companies for DCSA inspections, conducting mock inspections, addressing deficiencies, and ensuring readiness for government reviews and audits
  • Serve as a liaison between government compliance teams and companies, streamlining communication, resolving compliance issues, and ensuring alignment with regulatory expectations
  • Guide clients through system security design and risk management, leveraging expertise in NIST frameworks to implement RMF lifecycle steps and achieve Authorization to Operate (ATO) for client systems
  • Build and oversee robust industrial security programs, ensuring adherence to NISPOM guidelines and support for secure facility operations, including SCIF/SAPF advising and construction compliance
  • Lead clients through CMMC readiness and certification processes, identifying gaps and implementing controls to secure sensitive data and achieve compliance objectives
  • Provide end-to-end support for IT security governance, from policy creation to security equipment integration, insider threat program establishment, and data recovery solutions
  • Offer expert training and advisory services, equipping client teams with skills to manage risk, respond to threats, and maintain compliance in dynamic security environments
  • Cultivate strong client relationships through clear communication, tailored solutions, and consistent delivery of high-value services, resulting in repeat business and positive client referrals

Project Lead Advisor/Advanced Capabilities Branch

United States Marine Corps Reserves
Newburgh, NY
10.2024 - Current
  • Collaborate with U.S
  • Marine Corps Headquarters IC4 to enhance the Marine Corps compliance program and strengthen Risk Management Framework (RMF) and security practices, improving the protection of warfighters' technical boundaries and systems
  • Lead efforts to revamp the Marine Corps Information System Security Manager (ISSM) training program, equipping uniformed personnel with advanced compliance skills to better manage and secure mission-critical systems
  • Develop and implement innovative compliance strategies and frameworks to standardize RMF processes across the Marine Corps, reducing vulnerabilities and ensuring alignment with DoD cybersecurity policies
  • Spearhead initiatives to modernize cybersecurity training and awareness programs, fostering a culture of proactive risk management and compliance throughout the organization
  • Drive collaboration between various Marine Corps entities to streamline compliance procedures, enhancing operational security and readiness across multiple units and domains

Cyber Systems Officer

United States Marine Corps Reserves
Camp Smith, HI
10.2021 - 10.2024
  • Support Marine Forces Pacific Command during fleet level training exercises
  • Established controls and worked on continuous monitoring
  • Coordinate and plan operations with Defense Cyber Operations group at MARFORPAC G-6
  • Support ISSM on all Risk Management Framework related operations which include policy writing, ATO submissions, and inspection prep
  • Support in integrating Cybersecurity Work Framework model DoDD 8140.01
  • Reviewed program of record software packages to ensure proper risk assessments and authorization to operate

Information Systems Security Professional/Security Control Assessor

Defense Counterintelligence and Security Agency
Greater Boston, MA
06.2022 - 12.2022
  • Performed and observing assessment/inspections/reviews at contractor facilities in accordance with established DoD policies that include industrial security procedures, systems, standards, and regulations governing the safeguarding of classified information in IS utilized by contractors functioning in the NISP
  • Reviewed A&A packages in accordance with NIST 800 53 controls
  • Developed guidelines, instructions, methodologies, techniques, and standards for the analysis, testing, and evaluation of contractor information systems security controls
  • Provided guidance and technical assistance to Industrial Security Representatives and contractors on DoD and DCSA IS industrial security requirements
  • Advised and assisted the Industrial Security Representatives in conducting facility inspections or visits to assure contractor compliance with established DoD and DCSA IS security policy
  • Analyzed, evaluated, and verified contractor security plans for computer systems, networks, IS, and telecommunications systems within established timelines to ensure protection of classified information in accordance with DoD and DCSA requirements
  • Evaluated contractor certification and DCSA accreditation and recommends the approval or disapproval to operate an IS in eMASS

Principal, Site Information Systems Security Manager

Raytheon Technologies
Andover/Woburn, MA
07.2019 - 06.2022
  • Cybersecurity Site Lead with cognizance of 43 collateral and federal information systems onsite per Commercial and Government Entity (CAGE) code
  • Conducted strategic risk management and implementation of security controls for information systems within the business and local to the CAGE
  • Coordinated self-inspection and DCSA security assessment preparation activities assigned for the Woburn Facility
  • Weekly interactions with DCSA SCA/ISSP to track items including ATO submissions, new technologies solutions, and onsite assessment and authorizations
  • Developed, maintained, and update in coordination with all system stakeholders, applicable site milestones in order to identify system weakness, mitigating actions, resources, and timelines for corrective actions
  • In conjunction with the Information Systems Security Managers (ISSMs) and Information Systems Security Officers (ISSOs), responsible for conducting comprehensive assessment of implemented controls and control enhancements to determine effectiveness of the controls
  • Coordinate data spills and incident response for the Woburn facility
  • Assisted in hiring and training ISSMs and ISSOs within the Woburn facility
  • Certified IT systems in accordance with DCSA Authorization and Assessment Process Manual (DAAPM)
  • Conducted self-inspections, audit trail review of all IT systems to include Andover SIPRNet circuit
  • Delivered information systems security education and awareness which include privilege user briefing
  • Executed Assessment and Authorization (A&A) activities in documentation preparation, system configuration/validation, and certification testing in order to submit Authorize to Operate (ATO) requests
  • Monitored security sustainment activities including hardware change management, software change management, account management, media protection, user interface, file transfers for over 15 systems within the Andover facility
  • Managed IA incident responses as well as interfaces with other IA team members, other security disciplines including industrial security, physical security, and special programs security
  • Answered over 1600 test results and 300 controls in accordance with NIST 800-53, DAAPM, and IA SOP
  • Validated certificate of volatility on multiple systems to determine proper handling and sanitization of system components

S-6 Communications Officer

United States Marine Corps Reserves
Ft Devens, MA
10.2019 - 10.2021
  • Managed, led, trained, supervised, mentored and facilitated the professional development for over 70 Marines ensuring that they are tactically, administratively, and medically ready for deployment as a S-6 Platoon Commander
  • Supervised and coordinated all aspects of the planning, installation, operation, displacement in maintenance of data, telecommunication, satellite, and computer systems
  • Built communications plan that includes a network architecture, use spectrum planning, and implement satellite communications
  • Adjusted communications requirements, and direct cybersecurity operations to ensure the readiness of communications networks

IT Communications Officer/Marine Officer-Active Duty

United States Marine Corps
NC, CA, VA
06.2015 - 07.2019
  • Managed an enterprise IT service desk comprised of 9 Data Systems Administrators, 2 ISSMs, and 1 ISSO to resolve incidents in accordance with ITIL practices for more than 5000 users
  • Responded Hurricane Florence Infrastructure outages and rebuild
  • Managed all Network Operations activity and monitoring within 2d Marine Logistics Group which consisted of over 80 facilities on base
  • Enforced information technology (IT) policies, standards compliance, and accreditation documentation for accessing services on all government owned classified and unclassified networks
  • Supervised network and security equipment installations in support of enterprise network architecture
  • Unit Account Manager for AT&T Cellular Service plans which consist over 500 cellular devices
  • Monitored and controlled network outages, planned and unplanned, as well as network recovery efforts
  • Created and implemented a standardized IT Service Desk SOP in a new service desk decentralization
  • Managed and construct unit’s SharePoint portal using workflows, Microsoft InfoPath, SharePoint Designer and Visio
  • Provided risk assessments on cyber security vulnerabilities, while implementing corrective actions and remedial training
  • Coordinated and approved all IT procurement request, and assisted the unit Supply Officer in calculating funding
  • Led, trained, mentored and facilitated the professional development of 48 Marines, ensuring that they were tactically, administratively and medically ready for deployment in support of all missions within the 2d MLG
  • Led the planning, deployment, and management of tactical communication systems, ensuring reliable and secure voice, data, and radio communications for Marine Corps operations
  • Ensured adherence to Marine Corps orders and directives for handling, storing, and transporting unit Controlled Cryptographic Items (CCI)
  • Oversite of all technical training of Marines on proper network and wire equipment, operating procedures, troubleshooting steps, and network establishment
  • Planned, organized, and executed mission to provide local and wide-area data communications support to deployed headquarters element and major subordinate units, delivering secure/non-secure web access, email, video teleconferencing, IT help desk, and messaging services for over 600 users
  • Charged with oversight, accountability, serviceability, and maintenance of all networking and fiber equipment worth $4M
  • Directed the setup, configuration, and maintenance of LAN/WAN networks, satellite communications, and IT infrastructure
  • Conducted risk assessments and implemented information assurance measures to comply with DOD cybersecurity standards (e.g., RMF, STIGs)
  • Prepared and delivered comprehensive after-action reports (AARs), identifying communication gaps and implementing process improvements for future missions
  • Trained as a newly commissioned officer in the high standards of professional knowledge, esprit-de-corps, and leadership to prepare them for duty as company grade officers in the operating forces, with particular emphasis on the duties, responsibilities, and warfighting skills required of a rifle platoon commander
  • Trained in individual events according to training and readiness manual standards for the operation and maintenance of Marine Corps communications systems in order to enable Marine Commanders the ability to command and control across the full range of military operations
  • Trained over 70 Marine Officers in Marine Corps Martial Arts as an instructor

Corporate Security Supervisor

Northeast Security, Inc
Boston, MA
06.2013 - 06.2015
  • Supervised and managed corporate security systems, including access control, video surveillance, and alarm systems, ensuring comprehensive protection across multiple sites
  • Trained and supervised a team of security personnel, fostering a culture of vigilance and ensuring adherence to security protocols
  • Managed security equipment installation projects, from procurement to deployment, including access control panels, badge readers, and surveillance cameras
  • Conducted risk assessments and vulnerability analyses to identify security gaps, recommending and executing mitigation strategies
  • Responded to security incidents, conducted investigations, and prepared comprehensive reports for executive leadership and law enforcement as needed

Education

Master of Science - Cybersecurity

Boston College
Chestnut Hill, MA

Master of Arts - Security Studies-Homeland Defense

University of Massachusetts Lowell
Lowell, MA

Bachelor of Science - Criminal Justice and Criminology-Homeland Security

University of Massachusetts Lowell
Lowell, MA

Skills

  • NIST Risk Management Framework
  • CMMC
  • Risk Management & Remediation
  • Information Security Governance
  • Cybersecurity Strategy
  • Budget Management & Cost Optimization
  • Leadership and Staff Development
  • Project Management
  • Stakeholder Collaboration
  • Policy Writing and Review
  • NIST SP 800 37, 53, 161, 171
  • Cybersecurity Training Program
  • NISPOM
  • Incident Management
  • Business Transformation & Strategy
  • Security Review and Assessments
  • Incident Response
  • Governance, Risk, Compliance Tools
  • Continuous Monitoring Implementation
  • EMASS
  • Industrial Security Program
  • DISS, NBIS, NISS, SWFT

Certification

  • ISACA Certified Information Security Manager (CISM), DoD 8570 IAM Level III
  • CompTIA Security+ CE, DoD 8570 IAT Level II
  • OCEG Governance Risk Compliance Professional (GRCP)
  • Clearance Level: TS/SCI

Timeline

Project Lead Advisor/Advanced Capabilities Branch

United States Marine Corps Reserves
10.2024 - Current

Owner, Principal Advisor

Ascend Compliance Solutions LLC
01.2023 - Current

Chief Information Security Officer (CISO)

Specter Aerospace
12.2022 - Current

Information Systems Security Professional/Security Control Assessor

Defense Counterintelligence and Security Agency
06.2022 - 12.2022

Cyber Systems Officer

United States Marine Corps Reserves
10.2021 - 10.2024

S-6 Communications Officer

United States Marine Corps Reserves
10.2019 - 10.2021

Principal, Site Information Systems Security Manager

Raytheon Technologies
07.2019 - 06.2022

IT Communications Officer/Marine Officer-Active Duty

United States Marine Corps
06.2015 - 07.2019

Corporate Security Supervisor

Northeast Security, Inc
06.2013 - 06.2015

Master of Science - Cybersecurity

Boston College

Master of Arts - Security Studies-Homeland Defense

University of Massachusetts Lowell

Bachelor of Science - Criminal Justice and Criminology-Homeland Security

University of Massachusetts Lowell

Similar Profiles

  • Steven Ludwig

    Steven LudwigSteven Ludwig

    Senior Test Engineering Technician at Collins Aerospace/UTC Aerospace SystemsSenior Test Engineering Technician at Collins Aerospace/UTC Aerospace Systems

  • Andrew Lees

    Andrew LeesAndrew Lees

    Talent Lead & Strategic Projects at Collins Aerospace (HS Marston Aerospace)Talent Lead & Strategic Projects at Collins Aerospace (HS Marston Aerospace)

  • Roslene A. Manipis

    Roslene A. ManipisRoslene A. Manipis

    Engineering Supervisor - Galleys at RAYTHEON TECHNOLOGIES Former Collins Aerospace , Rockwell Collins and B/E AerospaceEngineering Supervisor - Galleys at RAYTHEON TECHNOLOGIES Former Collins Aerospace , Rockwell Collins and B/E Aerospace

  • CAROLYN KEENAN WRIGHT

    CAROLYN KEENAN WRIGHTCAROLYN KEENAN WRIGHT

    MTSS and 504 Coordinator at Collegiate Charter School Of LowellMTSS and 504 Coordinator at Collegiate Charter School Of Lowell

  • Ashley Notto Greco

    Ashley Notto GrecoAshley Notto Greco

    Reimbursement Specialist II at NovocureReimbursement Specialist II at Novocure

CREATE PROFILE
BRIAN DIAZ