Summary
Overview
Work History
Education
Skills
Certification
Timeline
Clearances
Generic

Don McCoy

Crownsville,MD

Summary

Over 20 years of experience in Commercial and Federal IT systems. This expertise includes the ability to solve highly complex challenges and apply effective solutions through the identification of inefficiencies to align solutions with business and compliance goals. This experience provides a clear understanding of FedRAMP, FISMA, CMMC, and other Risk Management Framework requirements with demonstrated achievements in developing security plans, policies, procedures, and implementing controls for cloud systems including IaaS and SaaS on AWS / Azure.

Overview

12
12
years of professional experience
8
8

Cyber Security and Project Management Certifications

Work History

Sr. Cyber Security Consultant / Owner

Interactive Cyber Solutions, LLC - Self Employed
Crownsville, MD
08.2023 - Current
  • Provide advisory services for several CSPs entering the FedRAMP ready and in-process status ensuring compliance with NIST 800-53 R5 and the latest FedRAMP System Security Plan and attachments. All work conducted remotely.
  • Advisory services included implementation of compliant controls on both AWS and Azure clouds.
  • Recently prepared a CSPs for their FedRAMP ATO Assessment from start to assessment within less than six months.
  • Drafted initial required FedRAMP documentation: System Security Plans, policies, procedures, and other related documentation including the Incident Response Plan, Configuration Management Plan, Contingency Plan, and related attachments. Advised on the implementation of these controls as well as completing the final documentation.
  • Advise on architecture diagrams, implementation, and processes to validate FedRAMP compliance and align with controls.
  • Provide compliance assessments and artifact collection assistance.
  • Improved client satisfaction by effectively managing multiple projects and consistently meeting deadlines.
  • Collaborated with cross-functional teams to successfully deliver comprehensive solutions for clients.
  • Identified areas of improvement for clients'' operations, implementing targeted solutions to increase control implementation and meeting compliance goals.

Sr. FedRAMP Lead Assessor - Principle Consultant

NCC Group
New York, NY
06.2022 - 08.2023
  • Responsible for Risk Management Group 3PAO FedRAMP Assessments (full, annual, and readiness) to include interviews, documentation, and customer relationships. All work conducted remotely.
  • Assessment of SaaS systems hosted on AWS and Azure cloud platforms.
  • Provide Cybersecurity and Compliance advisory services supporting multiple frameworks (FedRAMP, NIST, HITRUST, HIPAA, CMMC, CMS) as required to support customer requirements. The advisory services also included SaaS clients hosted on AWS and Azure clouds.
  • Streamlined assessment processes for increased efficiency by implementing advanced software tools and innovative methodologies.
  • Improved property valuation accuracy by conducting thorough research and analysis of market trends, sales data, and local regulations.
  • Skilled at working independently and collaboratively in a team environment.

Sr. Cyber Cloud Authorization Analyst

Take2 IT
Vienna, VA
03.2022 - 05.2022
  • Technical lead working with the Joint Cyber Operations and Integration Center (JCOIC) new interfaces team supporting the Veterans Administration (VA) Electronic Health Records Modernization (EHRM) Program. All work conducted remotely.
  • Supported the Department of Defense Joint Civilian Orientation Conference (JCOIC) team with compliance reviews of Authority to Connect (ATC) packages for multiple vendors needing to securely connect with the VA EHRM systems.
  • FedRAMP SME supporting VA EHRM program with FedRAMP Agency ATOs.

Chief Information Security Officer (CISO)

CyLogic
Chevy Chase, MD
01.2020 - 02.2022
  • Responsible for the security and compliance program for CyLogic Cloud Infrastructure as a Service (IaaS); both Federal and Commercial. All work conducted remotely or at the data center hosting the equipment.
  • Monitor security and compliance of data centers, oversee Cloud IaaS, and manage all aspects of personnel security and training, leading daily technical and security meetings to assess/mitigate risks and vulnerabilities.
  • Confirm ongoing compliance of VMware deployments and perform comprehensive vulnerability scanning of infrastructure and in-scope assets providing solutions using Active Directory, firewalls, VMware cloud builder, vCenter, SDDC manager, etc. to confirm assets are properly patched and adhere to strict POAM management.
  • Track security compliance and provide monthly reports to maintain FedRAMP status and report to the FedRAMP PMO.
  • Executed FedRAMP FISMA HIGH System Security Plan, Policies and Procedures, and associated compliance documentation and implemented continuous monitoring and timely resolution through the ticketing system
  • Enhanced the system’s security posture by leading technical operations teams in mitigating risk and developing business processes for continuous monitoring and maintenance.
  • Skilled at working independently and collaboratively in a team environment.
  • Self-motivated, with a strong sense of personal responsibility.
  • Used critical thinking to break down problems, evaluate solutions, and make decisions.

Sr. Cyber Security Consultant – Owner

Interactive Tech Solutions
Crownsville, MD
06.2018 - 01.2020
  • Delivered consulting services to Ostendio Government, Risk, and Compliance team. All work conducted remotely or with occasional work from the Ostendio corporate office in Reston, VA.
  • Ostendio offers a compliance platform (MyVCM) for compliance frameworks such as SOC 2, HIPAA, HITRUST, NIST 800-53, GDPR and other frameworks
  • Independently managed multiple clients preparing them for their third party audits.
  • Advised and assisted clients in the creation of audits, tasks, security documentation, control mapping and configured platforms for capturing their solutions compliance.
  • Assisted clients in navigating complex challenges, offering expert guidance and strategic recommendations.

Program Manager

Constellation Inc
Washington, DC
05.2017 - 09.2018
  • Provided Program Management support for Customs and Border Protection and U.S Border Patrol mobile device program supporting the mobile communications and computing assets for all field offices nation wide. All work on-site at the Ronald Regan building.
  • Managed deployments and logistics of mobile devices for all field offices nationwide.

Sr. Cloud Program Manager - Cloud ISSO

Clear Government Solutions
Beltsville, MD
06.2013 - 01.2017
  • Led the planning, coordination, documentation, compliance, and dissemination of the FedRAMP Security Authorization Package associated with the FedRAMP P-ATO awarded by the Joint Authorization Board (JAB) comprised of DHS, DOD and GSA All work conducted remotely or as needed at the data center.
  • This includes updating the System Security Plan, Policies, Procedures, and other required plans (CONOPS, Disaster Recover, Configuration Management, and Business Continuity) per NIST SP 800-53 r3 to NIST SP 800-53 r4 including the FedRAMP additional controls
  • These plans, policies, and procedures became the core focus of the business’ mission goals and aligned with Federal Agencies’ missions
  • Led on-going risk analysis and risk assessment with the technical teams to ensure the integrity of the system’s security posture
  • Implemented business process to ensure security posture was continuously monitored, maintained and enhanced
  • Held daily technical and security meetings with staff to ensure risks or vulnerabilities were assessed and mitigated as quickly as possible
  • Led Change Authorization Board (CAB) ensuring the systems integrity and validating planning, implementation and testing of system changes, patches, updates and enhancements
  • Weekly CAB meetings included the identification of the current system state and planning for future technologies to improve performance and security
  • Led planning coordination and successful implementation of System Security Policies, Plans and Procedures for the entire System Engineering Lifecycle
  • Held scheduled technical interchange meetings with Customers, FedRAMP ISSO, JAB and FedRAMP PMO
  • Coordinated integration of IT Security requirements necessary to migrate to secure cloud infrastructure
  • Facilitated migration planning from As-Is to the To-Be architectures, conducting vulnerability analysis and continuous monitoring activities
  • Ensured security tools were up-to-date and developed plans and procedures to align new technologies with security tools and techniques
  • Managed the POA&M from vulnerability scan results obtained using the vulnerability scanning tools and other documents required for the monthly Continuous Monitoring process and deliver to FedRAMP
  • This requires tracking new, closed, inventory baselines, and Deviation Requests (DR)
  • Responsible for daily supervision of all IT Staff to include ensuring information security was continuously maintained
  • Trained staff as appropriate by providing annual Security Awareness Training and as needed role-based security training
  • Member of the internal Change Authority Board (CAB) and fully involved in all change control activities (Change request submission, planning, approval, implementation, review, testing and close-out)
  • Managed multiple concurrent programs composed of cross-functional and geographically dispersed teams.
  • Managed cross-functional teams for successful project completion within deadlines and budgets.

Test Director

Constellation, Inc
Washington, DC
10.2012 - 06.2013
  • Maintained the FEMA Test & Evaluation Management Plan keeping it current with new releases of the Logistics & Supply Chain Management System (LSCMS). All work conducted remotely on on-site at FEMA headquarters for monthly status meetings.
  • Maintained the Integrated Master Schedule to ensure vendor deliverables met program milestones and resources were available for User Acceptance Testing, transfer to operations and operational testing.

Director of Managed Hosting

Computer Technology Consultants
Greenbelt, MD
11.2011 - 12.2012
  • Directed the Hosting Division's staff, budgets, programs, customer relations, technical teams, and day-to-day operations. All work conducted on-site at the CTC office.
  • Provided daily supervision of technical and security teams
  • Managed concurrent and planned future programs with a strong focus on the technical and security requirements to ensure CTC and customer mission/goals/needs were met
  • Authored and completed three separate System Security Plans with corresponding Policies and Procedures following FedRAMP -NIST SP 800-53 guidance for FedRAMP authorization
  • Directed a third-party assessment team and the technical team ensuring FedRAMP - NIST SP-800-53 control documentation and implementation
  • Directed the division's design, implementation, and maintenance of the Managed Hosting and Cloud Services, consisting of over 100 servers and 500+ websites, employing a mixture of VMWare and Xen servers
  • Responsible for ensuring the security controls were implemented to meet 800-53 guidance and the mission/business goals of CTS as well as the Department of State
  • Directed a global team of System Administrators and a 24/7 Help Desk providing full life cycle support of Hosted systems on physical and virtual servers for the division
  • Developed strategic relationships, with specific Service Level Agreements (SLAs), with hosting providers to sustain Managed Hosting solutions and Cloud Services
  • Managed system deployment through the SELC and into the Operation and Maintenance Phase
  • Participated in the Configuration Control Board to ensure that system upgrades, bug fixes, patches, and enhancements conformed to functional, technical, and security-related specifications/guidance
  • Directed day-to-day operations and interfaced with the customers under the Department of State (DOS) Networks contract
  • This team was responsible for all the DOS websites including hosting, operations, and maintenance
  • System maintenance was coordinated with Government officials to ensure that maintenance was tested before implementation as well as to ensure it was within scope and budget
  • Worked with multiple Government teams to accomplish work under various IT task orders.

Education

Bachelor of Science - Electronic Engineering Technology

Siena Heights University
Adrian, MI
06.1984

Skills

  • Cybersecurity
  • Cloud Computing
  • Regulatory Compliance (FedRAMP, NIST, HITRUST, HIPAA, CMMC, CMS)
  • Data Center Security
  • NIST 800-53 R5
  • IaaS, PaaS, SaaS

Certification

  • Certified Information System Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Security Manager (CISM)
  • Certificate of Cloud Security Knowledge v4 (CCSK)
  • CompTIA Security +
  • CompTIA Cloud +
  • Project Management Professional (PMP)
  • Baltimore Cyber Range (BCR), FedRAMP - September 2023

Timeline

Sr. Cyber Security Consultant / Owner

Interactive Cyber Solutions, LLC - Self Employed
08.2023 - Current

Sr. FedRAMP Lead Assessor - Principle Consultant

NCC Group
06.2022 - 08.2023

Sr. Cyber Cloud Authorization Analyst

Take2 IT
03.2022 - 05.2022

Chief Information Security Officer (CISO)

CyLogic
01.2020 - 02.2022

Sr. Cyber Security Consultant – Owner

Interactive Tech Solutions
06.2018 - 01.2020

Program Manager

Constellation Inc
05.2017 - 09.2018

Sr. Cloud Program Manager - Cloud ISSO

Clear Government Solutions
06.2013 - 01.2017

Test Director

Constellation, Inc
10.2012 - 06.2013

Director of Managed Hosting

Computer Technology Consultants
11.2011 - 12.2012

Bachelor of Science - Electronic Engineering Technology

Siena Heights University
  • Certified Information System Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Security Manager (CISM)
  • Certificate of Cloud Security Knowledge v4 (CCSK)
  • CompTIA Security +
  • CompTIA Cloud +
  • Project Management Professional (PMP)

Clearances

None are currently active. Previously held Secret, TS, TSSCI

Similar Profiles

  • Anthony Buono

    Anthony BuonoAnthony Buono

    VP of Sales - Defense Programs at Owl Cyber Defense Solutions, LLCVP of Sales - Defense Programs at Owl Cyber Defense Solutions, LLC

    View Profile
  • Collin Graves

    Collin GravesCollin Graves

    CEO/Owner Construction Business at -CEO/Owner Construction Business at -

    View Profile
  • Joshua Coffie

    Joshua CoffieJoshua Coffie

    Painting Experience at -Painting Experience at -

    View Profile
Don McCoy