Calvin Pan

Deliver advanced cybersecurity solutions for federal agencies in implementing and maturing CDM, end-to-end, with implementation solutions, ensuring proper integration of security tools, and validation of data ingestion pipelines from sensors to dashboards. Manages cross-functional teams to deliver asset management, vulnerability scanning, NAC, and IdAM capabilities to align with DHS/CISA requirements. Provides technical oversight for Treasury, HHS, and VA programs, bridging tool deployment with operational security needs to meet RFS deliveries.

Delivered Projects:

National Institutes of Health (NIH) - Asset Management Analysis of Alternatives (AoA)

• Supported the National Institutes of Health (NIH) in conducting an enterprise-wide analysis of alternatives (AoA) to evaluate potential replacement options for existing asset management tools and business processes. Interviewed and collaborated with various participating Institutes and Centers (ICOs) to document operational requirements and identify pain points. Conducted a comparative analysis of alternative solutions, assessing them against the current capabilities, interoperability, and cost-benefit factors.

Department of Health and Human Services (HHS) - CDM Program Gap-Filled

• Task 2: Federal Information Security Modernization Act (FISMA) Boundary Association. Align identified assets and their attributes as part of the Master Device Record (MDR) with the agency's appropriate FISMA system boundary to ensure that assets are aligned with authorized systems and effectively communicate risks to system owners.

Defense Information Systems Agency (DISA) - SASE Client Integration / DoD IPv6 Modernization

• Researched and tested client provisioning and conditional access for DISA's SASE edge deployment using Versa Networks. Evaluated zero-trust capabilities, including device posture verification, geo-based restrictions, and session timeout configurations, to ensure compliance with DoD STIG requirements. Developed PowerShell scripts to automate and validate provisioning processes.
• Researched and mitigated critical risks in the DoD's IPv6 modernization, focusing on Flow Label vulnerabilities for secure IPv6 implementation.

Department of Veterans Affairs (VA) - FISMA Containerization

• Performed assets discovery, analysis, and recommending automated solutions for real-time risk visibility while ensuring compliance with federal mandates. Aligned over 2 million assets, and exceeded the 85% metric.

Department of the Treasury - CDM Program Maturation:

• RFS-DEFEND_005: Focuses on Network Access Control (NAC), which includes the discovery, design, and deployment of basic NAC.
• RFS-DEFEND_006: Focuses on "What is on the network" Asset Management capability domain that covers HWAM/SWAM, CSM, VUL, and EMM.
• RFS-DEFEND_007: Addresses “Who is on the Network” with IdAM capabilities to manage users and accounts, which comprises four components of TRUST, BEHAVE, CRED, and PRIV.

Protected critical county infrastructure and sensitive data as Loudoun County's Information Security Engineer by implementing comprehensive cybersecurity capabilities across asset management, vulnerability assessment, network access control (NAC), continuous monitoring, incident mitigation, and firewall management domains.

• Established and maintained a complete asset inventory with risk-based categorization, enabling prioritized vulnerability scanning, and patch management across all networked systems.
• Designed and enforced NAC policies to segment and secure county networks, while managing next-generation firewall configurations to block emerging threats.
• Developed a continuous monitoring program using SIEM analytics and log correlation to detect real-time anomalies. Led rapid incident response operations, from the initial event through root cause analysis, and mitigation.

Supported Chesterfield County's IT operations and security infrastructure by delivering comprehensive asset management solutions. Addressed hardware/software issues and network connectivity challenges while implementing enterprise-wide system upgrades that improved operational efficiency.

• Contributed significantly to cybersecurity enhancements through disciplined patch management cycles, enterprise endpoint protection deployment, and system hardening that reduced vulnerabilities.
• Played a vital role in the successful county-wide Windows 10 migration by performing standardized system imaging, assisting with access control implementation, and validating post-deployment security configurations.
• Worked collaboratively with IT teams to maintain 99.9% system availability, while establishing protective measures that safeguarded sensitive government data and complied with security policies.