Darryl Gay
Northport
Summary
U.S. Army veteran and Senior Information Security Analyst with extensive experience in managing security compliance projects and implementing NIST and FISMA frameworks. Successfully led initiatives that secured thousands of devices and achieved a 40% reduction in non-compliance. Aiming to leverage these skills in a CISO role to enhance security posture and operational efficiency.
Overview
21
21
years of professional experience
1
1
Certification
Work History
Senior Information Security Analyst
9th Way Insignia
11.2022 - 01.2026
- Demonstrated working knowledge of the Federal Risk Management Framework (RMF) and NIST Security Engineering Standards for on-premises as well as cloud systems (FedRAMP), aligning with FISMA and NIST SP 800-53 requirements.
- Conducted comprehensive Risk Assessments by researching, documenting, and verifying hundreds of data points to determine overall system compliance, aligning with risk management best practices.
- Tracked and reported A&A (Assessment and Authorization) process status for hundreds of assigned ATOs (Authority To Operate) across Pre-Authorization, Assessment, and Sustainment Lifecycles, ensuring regulatory compliance.
- Leveraged VA systems of record and near real-time automated dashboards to report ATO Status, effectively supporting the liaison role between technical teams and compliance authorities.
- Tested, validated, and reviewed controls for thousands of systems and reported compliance status to VA management; communicated findings to system teams and coordinated remediation efforts, contributing to a 40% reduction in non-compliance.
- Streamlined data validation for over 70 documents per assigned system in ATO process, saving hundreds of man-hours and supporting accurate security documentation lifecycle management.
- Prepared quarterly presentations and training materials for senior leadership and stakeholders, improving understanding of IA services, ATO submission processes, and compliance reporting.
Cybersecurity Engineer/Regional Assistant
MKS2 Technologies
12.2019 - 10.2022
- Conducted ethical hacking tests using vulnerability assessment tools to identify weaknesses on servers and collaborated with site teams to implement approved controls, reinforcing cybersecurity standards.
- Applied industry-standard frameworks, including NIST 800, FISMA, HITRUST, ISO 27000, and PCI-DSS to harden servers, ensuring compliance with established IT security policies.
- Conducted forensic analysis for 10 server security breaches, identifying root causes and recommending countermeasures to enhance security posture and improve remediation tracking.
- Led a specialized VA enterprise project to reconfigure thousands of out-of-band devices to current industry security standards, thereby supporting sustained security compliance.
- Coordinated with regional teams to ensure patch installations across nearly 1000 servers, emphasizing continuous security vulnerability management.
- Supported Regional Team Lead in decision-making to uphold VA security policies and mandates, serving as liaison between technical teams and compliance authorities.
Senior System Security Network Administrator
Tetra Tech
11.2015 - 11.2019
- Ensured enterprise-level compliance with security policies for Windows servers (2019, 2016, 2012R2, and 2008R2), strengthening the overall security compliance posture.
- Implemented VA configuration management controls to ensure systems maintained current security baselines and up-to-date vulnerability and firmware patches, supporting continuous compliance efforts.
- Coordinated and configured network port settings on Cisco switches and routers, ensuring alignment with security policies to enhance network security.
- Configured port security on Cisco switches by resetting VLAN configurations per VA mandates, reinforcing compliance with security controls.
Chief Information Security Officer
Journey InMotion
Tuscaloosa
12.2010 - 10.2015
- Developed and implemented a comprehensive information security program, reducing security incidents by 60% and lowering successful phishing click rates by 72%.
- Designed and tracked security metrics, KPIs, and critical success factors, improving executive visibility and thereby reducing mean time to detect (MTTD) by 70% and mean time to respond (MTTR) by 55%.
- Architected security strategies for virtualization and cloud initiatives, decreasing deployment security exceptions by 45% and accelerating secure project delivery by 30%.
- Created and enforced policies, standards, and controls aligned with regulations, achieving 98% compliance across audited areas and SOC 2 readiness within 9 months.
- Established risk management, disaster recovery, and business continuity programs, reducing planned recovery time by 40% and business-impact incidents by 50%.
- Managed budgeting, staffing, and resource planning, reducing security operating costs by 25% while increasing coverage and reducing open security tasks by 65%.
- Orchestrated vendor and internal audits, closing 90% of high/critical findings through effective remediation within 60 days.
- Implemented access control improvements and continuous monitoring, reducing unauthorized access attempts by 80% and improving privileged account reviews to 100% monthly compliance.
- Launched company-wide security awareness and training, increasing reported suspicious activity by employees by 300% (improving detection) and achieving 95% training completion rates.
Security Network Administrator/Team Lead
Inteva Products
Cottondale
03.2005 - 11.2010
- Executed penetration tests to identify infrastructure vulnerabilities, rated risks, and recommended actionable plans to enhance security posture and ensure continuous compliance.
- Led investigations following 8 security incidents; provided impact analyses and mitigation strategies that successfully prevented reoccurrences, in line with incident response best practices.
- Engineered virtual switches, ports, and port groups with Layer 2 security policies for virtual networks supporting the MES system and backend SQL database, aligning with overall security architecture objectives.
- Directed on-site IT support team of 3, managing task assignments, schedules, and escalations to minimize IT downtime and ensure compliance with security protocols.
- Researched and tested upgrades for IBM WebSphere MQ Series, ensuring secure communication with external customers to meet product build requirements.
- Collected and evaluated internal customer data to identify system and network infrastructure requirements, enhancing customer satisfaction.
- Developed SQL Server scripts to modify application database tables and records for external customers, ensuring data integrity and adherence to security standards.
Education
Bachelor of Science - Mathematics minor in Computer Science
University of Alabama
Tuscaloosa, ALSkills
- Cybersecurity Experience
- Security Architecture
- Vulnerability Assessment
- Penetration Testing
- Ethical Hacking
- Incident response
- Threat Management
- Risk management
- Security compliance
- Identity and Access Management
- Data protection
- API Security Management
- Cloud Security
- POA&M Management
- Security frameworks
- FISMA
- NIST SP 800-53
- Regulatory Compliance
- POA&M Management
- Vulnerability assessment
- SIEM
- Threat intelligence
- Malware analysis
- Intrusion detection
- User awareness training
- Social engineering awareness
- Phishing detection
- Patch management
- Firewall management
- Endpoint security
- Security audits
- Disaster recovery
- Security analysis
- Data loss prevention
- Forensic analysis
- Security protocols
- Secure coding practices
- Secure Software Release
- Web application security
- Mobile security
- Zero-day exploit prevention
- SIEM tools
- Log analysis
- DDoS prevention
- Anomaly detection
- Security Metrics Analysis
- GRC Tools Familiarity
- Technical writing
- Complex Problem Solving
- Problem resolution
- Stakeholder communication
- Team collaboration
- Leadership
- Business continuity
- Identity management
- Access management
- IT infrastructure knowledge
- Network monitoring
- System hardening
- Virtual private networks
- Threat hunting
- Cybersecurity experience
- Scripting languages
- Intrusion test oversight
- Security operations center
- Cryptography knowledge
- Encryption technologies
- Secure network design
- Encryption algorithms
- Malware Reverse Engineering
- Physical security
- Social engineering prevention
- Wireless security
- Disaster recovery planning
- Incident Forensics
- Complex Problem Solving
- Risk assessment
- Two-factor authentication
- Security architecture
- Ethical hacking
- Security operations center
- Cryptography knowledge
- Encryption algorithms
- Secure coding
- Web application security
- Zero-day exploit prevention
- Malware analysis
- Information security policies
- Data protection
- App security
- Mobile security
- Identity Verification Solutions
- Encryption technologies
- Cloud security
- Secure Software Release
Clearance
Secret Clearance
Certification
- Security+ SYO-701, 06/01/26
- CISSP (Certified Information Systems Security Professional), 09/01/26
Core Competencies
Cybersecurity Experience, Vulnerability Assessment, Security Architecture, Penetration Testing, SQL, Server Installation and Configuration, Ethical Hacking, Network Protocols and Networking Tools, Identity and Access Management, FISMA, NIST SP 800-53, Regulatory Compliance, POA&M Management, Risk Assessment and Management, Threat Management, Complex Problem Solving, Public Trust Eligibility, GRC Tools Familiarity, Cost-Benefit Analysis, Implementation Effort Estimation, Microservices Architecture
Professional Development
- Security+ SYO-701, VetsInTech, 03/01/26
- Python Fundamentals, VetsInTech, 03/01/26
Timeline
Senior Information Security Analyst
9th Way Insignia
11.2022 - 01.2026
Cybersecurity Engineer/Regional Assistant
MKS2 Technologies
12.2019 - 10.2022
Senior System Security Network Administrator
Tetra Tech
11.2015 - 11.2019
Chief Information Security Officer
Journey InMotion
12.2010 - 10.2015
Security Network Administrator/Team Lead
Inteva Products
03.2005 - 11.2010
Bachelor of Science - Mathematics minor in Computer Science
University of Alabama