David Clark

Work History

Information Systems Security Officer (ISSO)

United States Department of the Interior

Bristol, TN

12.2022 - Current

Company Overview: One of the Federal Government's premier shared services providers, delivering high-value HR IT services for over 2.5 million end users in over 15 departmental-level and over 50 federal agencies.
Primary cybersecurity GRC manager delivering Continuous Monitoring (CONMON) and cybersecurity oversight for up to 13 Human Resources Management, and Federal Personnel and Payroll Systems.
Temporary promotion to Associate Privacy Officer for the DOI's Office of the Secretary, responsible for privacy program execution, compliance, and oversight.
Improved security posture for five independent systems through rewriting over 1,500 control implementation statements.
Delivers key Authorization to Operate (ATO) documentation, including System Security and Privacy Plan (SSP/SSPP), POA&Ms, Privacy Threshold Analysis, Privacy Impact Analysis, and Security Impact Analysis.
Provides continuous governance, risk, and compliance management of assigned systems throughout the DevSecOps lifecycle.
Collaborates across multiple lines of business, building and maintaining trust-based relationships with clients, cohorts, and leaders.
Evidence collection and deliverables for FIMSA, FedRAMP, SOC 2, A123, and other regulatory audits.
Perform system risk assessments and control testing as part of the DOI Continuous Monitoring program.
Expert in the NIST Cybersecurity Framework.
Collaborated with system owner teams on compensating control alternatives and implementation.
Trained and experienced in FedRAMP ATO development, supporting PaaS and SaaS government initiatives.
Vulnerability management for hosted applications on Windows, Linux, z/OS, and containerized cloud environments.
Ports, protocols, and services management.
Hardware and software inventory management.
System interconnections inventory management.
GRC management using Telos' Xacta 360.

Information Systems Security Manager (ISSM)

United States Navy

Norfolk, USA

07.2020 - 12.2022

Company Overview: Military Sealift Command, Integrated Business Systems Program Management Office.
Performing as the Senior Cybersecurity Manager / Information Systems Security Manager / Cybersecurity Risk Manager for Military Sealift Command Business Systems.
Governance, risk management, compliance, vulnerability, and patch management for 15 information systems that process over $1.7BN in annual financial transactions.
Cybersecurity management of AWS GOVCLOUD and AWS CIVCLOUD IaaS, PaaS, SaaS, and Hybrid cloud architectures.
Develops IT Policies and procedures for the establishment, implementation, mitigation assessment, and deployment evaluation of major administrative and technical IT controls.
Oversight, quality assurance, and compliance auditing of NIST SP 800 SP series control application.
Assess, prioritize, identify, and document internal and external cyber threats, and communicate the potential business impacts to senior management.
Manages the performance of over ten contract personnel from four separate support vendors.
Works with DevSecOps teams to ensure automated systems are secure from unauthorized use.
Cloud Migration Risk Management and compliance oversight migrating multiple high-visibility systems.
Collaborated with multiple MSC departments/business units to establish a strong risk-awareness culture.
Provides cybersecurity expertise, training, and leadership to mission owners, product leads, contract support, and development team leads.
Identifies goals, metrics, and appropriate analytics to measure the performance of Cybersecurity teams.
Primary POC for Cybersecurity reporting to Assistant Secretary of the Navy, Financial Management & Comptroller Office.
Military Sealift Command, Integrated Business Systems Program Management Office.

Information Systems Security Officer

United States Navy

Norfolk, USA

10.2016 - 07.2020

Company Overview: Military Sealift Command, N6 Cybersecurity Branch.
Directly assisting MSC Command Security Management team in the governance, risk, and compliance management of traditional, Cyber, and physical security controls.
Temporarily performed the MSC Command Information Systems Security Manager (ISSM) function.
Program management oversight for Information Assurance (IA)/Information Security.
Direct oversight for the Information Assurance Vulnerability Management process.
MSC Command-level Cyber Security training development and delivery for New Employee Orientation.
As MSC's Change Management Cybersecurity reviewer, utilized expert knowledge to assess new IT developments.
Participating in the investigation of IT security violations.
Developed MSC's Incident Tracking dashboard and Dormant Account Tracker.
Reviewed plans and processes for vulnerabilities and compliance with existing IT security plans and policies.
Completed the Department of Homeland Security's ICS-CERT Cybersecurity 301, DISA ACAS 5.4.x Administration.
Military Sealift Command, N6 Cybersecurity Branch.

Computer Network Incident Handler and Analyst

United States Navy

Suffolk, USA

07.2014 - 10.2016

Company Overview: Navy Cyber Defense Operations Command.
Provided direction and management of the successful mitigation of over 500 security events and incidents.
Provide direct global subscriber support in all phases of incident management for over 800,000 end-users.
Considered a subject matter expert in IT and Computer Network Defense principles.
Displayed expert knowledge and skill in applying information assurance and information security policies.
Effectively employed knowledge of principles and practices of Information Operations (IO).
Navy Cyber Defense Operations Command.

Adjunct Professor of Computer Networking and Cybersecurity

ITT Technical Institute

Norfolk, USA

12.2013 - 12.2015

Instructed over 25 separate classes covering more than 10 subject areas to over 250 students.
Analyzed, designed, and developed instructional materials.
Transformed an exclusively in-seat learning experience into a hybrid learning environment using Blackboard online.

Computer Network Forensics Analyst

United States Navy

Suffolk, USA

12.2011 - 01.2014

Company Overview: Navy Cyber Defense Operations Command.
Network Forensics and Countermeasures analyst for the Navy's Tier II Computer Network Defense Service Provider.
Monitored and reviewed alerts from over 125 tactical and strategic sensors.
Oversight of up to 24 military and civilian personnel monitoring and reporting on logged events.
Developed, configured, and managed the Host-Based Security System signature development laboratory.
Provided ‘on-the-wire' forensic analysis of TCP/IP packets.
Navy Cyber Defense Operations Command.

Electronics Technician First Class

United States Navy

09.1995 - 04.2006

Variety of assignments including USS NIMITZ (CVN-68), Shore Intermediate Maintenance Activity, Norfolk, VA, USS DWIGHT D. EISENHOWER (CVN-69), and Naval Communications and Telecommunications Master Area Station, Atlantic (NCTAMS LANT), Norfolk, VA.

Summary

Overview

Work History

Information Systems Security Officer (ISSO)

Information Systems Security Manager (ISSM)

Information Systems Security Officer

Computer Network Incident Handler and Analyst

Adjunct Professor of Computer Networking and Cybersecurity

Computer Network Forensics Analyst

Electronics Technician First Class

Education

Master of Network and Communications Management -

Bachelor of Science - Technical Management

Skills

Certification

References

Timeline

Similar Profiles

Lori RaugustLori Raugust

TREVOR FOTITREVOR FOTI

Alshana JohnAlshana John

Lisa MorrellLisa Morrell

Elizabeth MurrayElizabeth Murray