Summary
Overview
Work History
Education
Skills
Websites
Training And Technical Skills
Security Clearance
Affiliations
Timeline
Generic

DAVID A. BOSWELL

Huntsville,Al

Summary

Director of Security with 20 years of experience managing investigations, personnel matters and sensitive information and intelligence. Leads, maintains and improves operations and functions of security department while effectively managing crises in fast-paced environment. Thorough knowledge of advanced security systems, computerized access control and security-related legislation and regulation.

Overview

20
20
years of professional experience

Work History

Sr. Cybersecurity Solutions Architect (Consultant)

Obsidian Global
10.2023 - 12.2023
  • Developed multiple labs focused on Vulnerability management, testing and threat research for the Airforce
  • Created and designed robust cyber security solutions tailored to the specific needs and challenges of potential customers through capture and proposal support
  • Assessing, selecting and integrating various security technologies, meeting with key stakeholders, and developing comprehensive documentation for security solutions.

Director, Security Engineering & Architecture | ISMS Manager

ECS Federal
03.2022 - 08.2023
  • Fully responsible for all administrative and operational delivery of MSP (Managed Security Provider) Security Engineering services to multiple Commercial and Government customers, examples include FBI, ITADD, PMDCO, United Nations, NBIS, CVS, J&J, Hilton
  • Work closely with clients to understand their engineering requirements and design customized engineering solutions to meet their specific needs
  • Served as a trusted advisor to clients, providing guidance on engineering best practices and recommendations for enhancing their security posture
  • Oversee a team of 30+ personnel divided into 4 operations teams
  • Re-aligned delivery structure reducing operational cost while improving overall delivery efficiency
  • Review, and approve customer SOW's as well as project plans and delivery models
  • Provide guidance, mentorship, and professional development opportunities to team members to enhance their technical expertise and career growth
  • Responsible for career development/planning, performance, and compensation discussions of team members
  • Develop and manage the annual operating budget for the Security Engineering department, ensuring appropriate allocation of financial resources to support the organization's business goals and initiatives
  • Managed customer and internal change control
  • Prepare and implement Information System Security Plans, Protection Profiles (SSPs and MSSPs)
  • Developed compliance documentation review & control cycle- to include approval board and quality review
  • Implementation resulted in passing 100% of annual audits
  • Directed IT governance and compliance requirements frameworks (e.g., ISO 9001, ISO 20000, and NIST SP 800-171, HITRUST), and contractual requirements (e.g., DFARS 252.204-7012) to align with business objectives.

Director, Cyber Services

ECS Federal
10.2020 - 03.2022
  • Primarily responsible for direct support of DOJ programs
  • Assisted in development and staffing for a new DOJ IRT to work as an expansion to the FBI's ESOC
  • Directly supported operations for the FBIs Vulnerability team (REBL)
  • Performed capture, solution development and pricing for multiple programs, assisted in review and approval of Labor Categories (LCAT)
  • Sourced, reviewed, and selected teaming partners for future bids
  • Managed teaming partners capability metrics ensuring minimal accurate teaming alignment
  • Assisted in Solutions Development for TEAMS Next proposal
  • Technical POC for teaming partners
  • DOJ/DOD customer SME, capture manager, solutions advisor, and relationship manager
  • Developed trend based behavioral analysis focused on DOJ Insider Threat (Published Whitepaper Spring 2022)
  • Ensure solid customer relationships
  • Developed known bad IOC repository used for proactive prevention
  • Additional role details available on request.

Director, Security Operations

CGI Federal
12.2019 - 10.2020
  • Managed two SOCs based out of San Antonio TX and Huntsville Al
  • Managed customer facing FedRAMP MSS, a 50+ person P&L delivering accredited security operations and response, and architecture services to federal, and state customers
  • Conducted MSS gap analysis and developed a total cost of ownership assessment
  • Restructured processes and re-aligned 25% of staff with no service impact to operate within the established investment budget
  • Brief stakeholders and law enforcement personnel and provide legal support/advisory for case litigation
  • Managed department compliance requirements: performed gap analysis, pen testing and system hardening
  • Created internal GRC team responsible for implementing compliance control automation and proactive control checks
  • Oversee Incident Response, eDiscovery, Legal Holds, Digital Forensics, Threat Hunting, Insider Threat and Threat Intelligence program capability development and delivery
  • Published comprehensive security analysis reports for customers detailing threat sources and attack; recommended technical countermeasures to improve customer security posture and policy adherence
  • Oversaw multiple high risk Insider Threat cases
  • Developed service delivery, pricing, and performance level models
  • Internal advisor for DHS CDM programs
  • Reported and briefed multiple federal agencies as required
  • Performed customer health checks focused on ensuring consistency and quality delivery.

Manager, Security Operations Center (SOC)

CGI Federal
03.2016 - 12.2019
  • Managed IT security modernization initiatives and FY budget forecasting
  • Developed new capabilities for corporate, commercial, and federal customers
  • Established 4 new lines of business in digital forensics, insider threat, threat intelligence, and malware reverse engineering, driving staff growth from 4 to 23 FTE over 16 months
  • Developed service delivery, pricing, and performance level models
  • Provided pre-sales architecture support and tactical sales resulting in over $10M of new work with existing customers
  • Functioned as a senior technical contributor to cyber proposals
  • Conducted total cost of ownership assessment for corporate SOC systems
  • Restructured processes and streamlined platform architecture to reduce operational expenditure by 10% with no service impact
  • Oversaw forensic analysis of cyber security intrusions and coordinated with law enforcement officials (LEO) and defense industrial base CIRT for the investigation of computer crimes
  • Implemented an indicator of compromise information sharing system utilizing MISP and CRITS open-source products
  • Collaborated closely with key stakeholders to define data on boarding procedures for Splunk integration and tested data inputs in sandbox environment for parsing, event breaking, masking, timestamping, and alignment with Splunk Apps; Utilized Splunk Processing Language (SPL) to display reports and visualizations
  • Developed/Managed insider threat, eDiscovery, and Legal Hold capabilities for CGI Federal corporate
  • Led Insider threat investigations and functioned as technical witness for investigation litigations
  • Transformed Red Team operations to automated solution through custom Splunk-based threat hunting development innovating vulnerability/threat identification and mitigation
  • Developed document control process/procedure
  • Designed document management, case management and chain of custody verification systems
  • Designed UBA trend-based user threat score system using Splunk
  • Designed non-attributable Threat Hunting Lab.

Lead Cyber Security Analyst / Corporate ISSM / Corporate COMSEC Manager

Camber Corporation
07.2011 - 03.2016
  • Manage corporate network IT security across thirty-two office locations
  • Acting Security Engineer responsible for the acquisition, installation, configuration, and management of corporation security technologies
  • Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
  • Perform risk assessments, vulnerability assessment, and network penetration testing
  • Recommend actions to network operations to better strengthen the network infrastructure
  • Lead Red Team Analyst responsible for performing risk assessments and remediation from identified vulnerabilities to proactively address emerging security issues
  • Internal consultant to programs relating to installing and maintaining mis-attributable systems
  • Conducted offensive security tasks to include information gathering and assessments
  • Developed cyber range used for R&D of new testing procedures
  • Managed process and acted in the lead role for Computer Incident Response Team (CIRT)
  • Perform Digital Forensics on compromised machines and networks, malware analysis and reporting relating to security incidents
  • Work directly with government law enforcement regarding cyber threats; manage DoD DIB-net partnership
  • Provide support and recommendations to HIPAA security assessment and audit
  • Draft documentation supporting ISO 9000 & ISO 20000
  • Create documentation, training, and audits for DFARS compliance using the NIST Publication 800-53/800-171
  • Developed and maintained corporate information security and privacy policies
  • Prepare and implement Information System Security Plans, Protection Profiles (SSPs and MSSPs)
  • Interface with the Defense Security Service (DSS) regarding Security Plan approvals for handling, safeguarding, transmitting, receiving, and generating classified information
  • Ensure remote ISSMs & ISSOs follow established information security policies and receive required training
  • Provide corporate guidance and training regarding maintaining security policies and programs.

Sr. System & Network Administrator / ISSO

Gleason Research Associates
05.2007 - 05.2010
  • Designed, implemented, and supported enterprise level internal network
  • Installed and configured Cisco firewalls/switches, Barracuda spam/web filters, and Dell managed switches
  • Installed, configured, and maintained various systems to include Server 2003, Exchange 2003, Blackberry Enterprise Server, Certificate Authority Server and WSUS
  • Create/perform procedures for system security audits, penetration tests, and vulnerability assessments
  • Conducted regular security audits
  • Performed cost analysis and budget predictions
  • Maintained corporate website and portal
  • Managed corporate endpoint security
  • Managed daily network operations.

Network Technician

SAIC

Network Engineer

Integration LLC

Network Engineer

eyeTsolutions Group, Inc.
04.2004 - 05.2007

Education

B.S. Management Information Systems -

Virginia College
03.2011

Associates, Network Engineering -

Virginia College
12.2004

Skills

Insider Threat/Digital Forensics

Incident Response

Network Security

Security Policies

Employee Development

Disaster Recovery

Effective leader

Compliance Management

Team Leadership

Budget Development

Websites

Training And Technical Skills

  • Networking Firewalls/VPN, Load Balancers, DNS, RADIUS, RSA, Kerberos, SSH, IPSec, PKI, IDS/IPS, LAN, WAN, Cisco, SonicWall, Dell, Palo Alto, Barracuda, FireEye
  • Security Snort, PCAP, Splunk, ArcSight, Elastic Search, Nessus, Wireshark, nmap, tcpdump, OllyDBG, EnCase, Tripwire, Carbon Black, Backtrack, Kali, CAINE, Nexpose, LOIC, Cain & Abel, Maltego CRITs, MISP, Metasploit, McAfee HBSS, Tenable, FISMA, NIST SP 800 series, FIPS, FedRAMP, CMMC
  • IT Systems VMware ESXi, Workstation, Hyper-V, Amazon AWS, MS Azure, MS Windows Desktop/Server, Linux, CentOS, RedHat, Ubuntu, SE Linux, Active Directory, Remedy, Exchange, SharePoint, MS SQL, MySQL, Python, PowerShell, MariaDB
  • Certifications/Training Bit9/Carbon Black Endpoint Security( 2014) Certified, CEH Certified Ethical Hacker (2009), A+ (2004), DSS NIPSOM Chapter 8 (2013), DOD Information Security Specialist (2013) DSS Information Security Management (2014), NSA COMSEC (2014), SANS Security Essentials (2013), SANS Information Security Fundamentals (2012), SANS Windows Forensics Analysis (2012)

Security Clearance

Security clearance details available by request

Affiliations

  • NDCA

Timeline

Sr. Cybersecurity Solutions Architect (Consultant)

Obsidian Global
10.2023 - 12.2023

Director, Security Engineering & Architecture | ISMS Manager

ECS Federal
03.2022 - 08.2023

Director, Cyber Services

ECS Federal
10.2020 - 03.2022

Director, Security Operations

CGI Federal
12.2019 - 10.2020

Manager, Security Operations Center (SOC)

CGI Federal
03.2016 - 12.2019

Lead Cyber Security Analyst / Corporate ISSM / Corporate COMSEC Manager

Camber Corporation
07.2011 - 03.2016

Sr. System & Network Administrator / ISSO

Gleason Research Associates
05.2007 - 05.2010

Network Engineer

eyeTsolutions Group, Inc.
04.2004 - 05.2007

Network Technician

SAIC

Network Engineer

Integration LLC

B.S. Management Information Systems -

Virginia College

Associates, Network Engineering -

Virginia College

Similar Profiles

CREATE PROFILE
DAVID A. BOSWELL