DR. ANTONIO SIMPSON
Fredericksburg,PA
Summary
Diligent cybersecurity professional with over 25 years of proven track record in cybersecurity consulting. Advise clients expertise to enhance security protocols and mitigate threats, ensuring robust protection for clients' digital assets. Demonstrated analytical thinking and problem-solving skills in high-pressure environments.
Professional cybersecurity expert ready to tackle complex security challenges. Known for implementing comprehensive security measures and enhancing threat detection capabilities. Committed to collaborative team efforts and delivering high-impact results. Recognized for adaptability and strong problem-solving skills.
Cybersecurity professional skilled in threat analysis, risk management, and incident response. Adept at implementing security protocols and safeguarding sensitive data. Reliable team collaborator with focus on achieving results and adapting to changing needs. Strong communication skills, problem-solving abilities, and proactive approach to cybersecurity challenges.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Cybersecurity Consultant
Missing Link Security, MLS
09.2021 - Current
- Leading customer delivery in information technology security governance, risk, and compliance activities aligned with the RMF Cybersecurity Framework within cloud computing FedRamp and on premises environments
- Develop information security strategies, policies, processes, and procedures
- Leading federal government with assessment and authorization of 3 programs and over 50 systems & applications leveraging RMF construct
- Lead & oversee the record management for over 50 systems & applications (approved & appending Aos adjudication) ATOs for each step of their respective phase of RMF within eMASS repository
- Support overall security guidance documentation for customers
- Develop customer security programs with security control assessments, policy and procedure development, documentation management, and customer liaison activities
- Develop and advise adequate RMF controls and conduct control implementation assessments for NIPRNet, SIPRNet, and JWICS
- Identify and recommend process improvements for customer security programs
- FISMA reporting lead
- Direct support to senior-leadership meetings and presentations 3+ days a week
- Spearhead and launched a technical working group that focuses on defensive and offensive operation (OCO/DCO) cyber tools, security requirements, enterprise & architecture standards (DoDAF) and IT governance
- Represent client as technical advisor during all travel engagements, conferences, and working groups
- Oversee Vulnerability Management Team – (Review and provide mitigation strategies for CAT I CAT II CAT III findings ACAS, SCAP, OpenScap, Evaluate STIG
- Responsible for tracking over 537 ongoing 227 risk acceptance POA&Ms
- Responsible for commands information assurance (IA) & incident response (IR) programs
- Evaluated 31 persistent cyber training tools & capabilities white papers
- Assist in monitoring & administering organization SharePoint site
- Support to develop and execute all program reviews
- Write and deliver EXSUMs from all attended engagements at the 3 star-level
- Provides technical advice as well as the expertise to systems development technical project groups
- Define, develop and review all existing and proposed applications for technical design plus the development of all major customer or service projects
- Coordinate technical activities amongst technicians, users, and computer along with communication networks
- Present technical assistance for applications of advanced theory, principles, concepts, and methods
- Develops and maintain strong human relations as well as convey required skills
- Research and development of strategic program management, operational plans using SCRUM agile process
- Conduct administrative and technical reviews along with funding recommendations for organization proposals
- Conduct administrative and technical reviews of continuing company projects
- Manages the coordination and administration of Configuration Management activities
- Develops, implements, and ensures compliance with plans, policies and standards
- Ensures all changes are properly documented to the production environment for brigade (Bde) managed unclassified, Secret, Top Secret, and Coalition networks
- Coordinates submission of IT requirements to meet annual Program Objective Memorandum (POM) requirements
- Prepares information for data calls, technical reports, staff studies and briefings
- Coordinates and administratively processes purchase requests
- Formulates procedures for and executes the introduction of changes to engineering documents
- Monitors the review of released engineering change data and change accounting activities to ensure adherence to Configuration Management procedures, Standard Operating Procedures (SOPs) and policies
- Ensures projects are completed on time and within budget
- Coordinates efforts of various configuration analysis tiger teams regarding projects, tasks, and operations
- Participates in new technology discussions, meetings, committees/working groups or special Information Technology (IT) projects
- Develop, implement, and enforce information systems security policies ensuring system security requirements are addressed during all phases of the acquisition and Information System (IS) lifecycle.- Conduct certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy; identify deficiencies and providing recommendations of risk mitigation to customer.- Support the Government to resolve conflicting system security engineering requirements.- Develop program technical publications such as Systems Engineering Plans (SEP), Technical Plans, Analyses and Reports, Risk Assessments, Security Concepts of Operations (SECONOP), Program Protection Plan, Anti-Tamper Plan, Cybersecurity Strategy, Technology Development Strategies, Test Plans, procedures and reports, System Security Plans and NAVAIR CYBERSAFE related documentation.
- Improved client cybersecurity posture through tailored risk assessments and mitigation strategies.
- Reduced cyber threats by implementing robust security frameworks and incident response plans.
- Achieved cost savings for clients by identifying areas for improvement in existing cybersecurity infrastructure.
- Managed third-party vendor relationships to ensure the timely delivery of high-quality cybersecurity products and services.
Team Lead
DHA, ACRO
04.2019 - 12.2019
- (Remote)
- Primary responsibility was to perform tasks related to preparing for Assessment & Authorization (A&A) within the Defense Health Agency to ensure assigned DoD systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications
- Under eMASS and SharePoint
- Conduct & briefed stakeholders on risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and cyber protection needs for all assets on behalf of the program manager
- Assisted in planning tabletop exercise for contingency planning
- Representative on the configuration charter board (CCB)
- Trained new team members by relaying information on company procedures and safety requirements.
- Promoted a positive work environment by fostering teamwork, open communication, and employee recognition initiatives.
- Coached team members in techniques necessary to complete job tasks.
- Served as a role model for the team by demonstrating commitment to excellence, professionalism, and adherence to company values at all times.
RMF Consultant/Technical Advisor
Missing Link Security
12.2016 - 05.2019
- Leading customer delivery in information technology security governance, risk, and compliance activities aligned with the RMF Cybersecurity Framework
- Develop information security strategies, policies, processes, and procedures
- Leading federal government with assessment and authorization of 3 programs and over 50 systems & applications leveraging RMF construct
- Support overall security guidance documentation for customers
- Develop customer security programs with security control assessments, policy and procedure development, documentation management, and customer liaison activities
- Develop and advise adequate RMF controls and conduct control implementation assessments for NIPRNet, SIPRNet, and JWICS
- Identify and recommend process improvements for customer security programs
- FISMA reporting lead
- Direct support to senior-leadership meetings and presentations 3+ days a week
- Spearhead and launched a technical working group that focuses on defensive and offensive operation (OCO/DCO) cyber tools, security requirements, enterprise & architecture standards (DoDAF) and IT governance
- Represent client as technical advisor during all travel engagements, conferences, and working groups
- Oversee Vulnerability Management Team – (Review and provide mitigation strategies for CAT I CAT II CAT III findings ACAS, SCAP, OpenScap
- Responsible for 29 + POA&Ms
- Responsible for commands information assurance (IA) & incident response (IR) programs
- Evaluated 31 persistent cyber training tools & capabilities white papers
- Assist in monitoring & administering organization SharePoint site
- Support to develop and execute all program reviews
- Write and deliver EXSUMs from all attended engagements at the 3 star-level
- Provide technical advice as well as the expertise to systems development technical project groups
- Define, develop and review all existing and proposed applications for technical design plus the development of all major customer or service projects
- Coordinate technical activities amongst technicians, users, and computer along with communication networks
- Present technical assistance for applications of advanced theory, principles, concepts, and methods
- Develop and maintain strong human relations as well as convey required skills
- Research and development of strategic program management, operational plans using SCRUM agile process
- Conduct administrative and technical reviews along with funding recommendations for organization proposals
- Conduct administrative and technical reviews of continuing company projects.
- Evaluated client needs and expectations, establishing clear goals for each consulting engagement.
- Liaised with customers, management, and sales team to better understand customer needs and recommend appropriate solutions.
Cyber Team Lead/SCA
RMantra
01.2018 - 09.2018
- R
- Primary role- Manage and review of various JSP (253) information system's RMF Assess and Authorize (A&A;) packages, Access Only (AO), and Approval To Connect (ATC) in eMASS including security control test results, System Security Plan (SSP), Plan of Action and Milestones (POA&M;), accreditation boundary diagrams, and Security Assessment Report (SAR) at JSP Headquarters
- Level on behalf of the SCA-A; render initial ATO recommendation for the information system to the SCA-A; provide guidance to various System Owners, Program Management Offices, Organizational ISSMs, and ISSOs on RMF A&A; processes and structure; have working knowledge of NIST RMF process, FIPS 199 & 200, CNSS1253 NIST SP 800-53 security controls, DoDI 8510
- 01
- Report to JSP’s AODR (Department Chief) on any issues regarding security and safeguards for systems within my purview to include any recommendations that go before the AO to suspend operation of systems based upon the impact of the security deficiency
- Works intimately with the ISO, ISSO, ISSM, ISSE, developers, and blue team to ensure all systems are continuously at a low risk during its ATO
- Develops and updates network accreditation documentation as required
- Performs analysis of critical mission functions and business processes
- Identifies gaps in brigade policy through interpretation or lack of policy and prepares guidelines to meet Commanders intent
- Coordinates the development of architectures by translating command strategic capability needs from command strategic guidance, combat operators, and business managers into an enterprise strategy leading to architectural solutions
- Ensure that an established set of procedures and methods are in place to measure the effectiveness and responsiveness of IT Architecture both in sanctuary operations and in deployed Areas of Responsibility (AOR).
- Promoted a positive work environment by fostering teamwork, open communication, and employee recognition initiatives.
DIA Sr, Assurance/Cyber Security/RMF Consultant
CTGi
06.2015 - 12.2016
- IASSE)
- Develop and manage required RMF security policies & procedures documentation to comply with IT Governance i.e., FISCAM (FIAR), ICD -503 ICD-527, NIST 800-37, NIST 800-53 Rev
- 3 &4 (RMF)
- Artifacts, committee on national security systems (CNSS-1253) federal information process standards (FIPS 199, 200, 140-2 encryption) and POAM’s for (3) applications and (1) system
- Advise leadership/stakeholders with overall risk/vulnerabilities to the financial integration (FI) applications weekly via metric and pie chart reporting
- Conduct weekly technical audits with Splunk SIEM tool
- Review SCAP & ACAS Scans and provide remediation and mitigation strategies
- Assist managing Change Management activities
- Managing efforts to remediate or provide mitigation strategies through a form of test od designs (TOD) and/or test of effectiveness (TOE) for over 400 application security findings
- Assist in partner engagement by providing technical advice to the client when to assist, avoid, mitigate, or transfer risks
- Conduct security assessments under NIST 800-53, NIST 800-37, and STIG requirements
- Partnership with CIO “Certify Testing Authority” when applications are going through security testing, functional testing, user acceptance testing, and interoperability testing
- Oversee Incident Response Handling (CAT 0-6)
- Manage all C&A artifacts via XACTA, Trusted Foundation System (TFS), iCRM, and FISCAM dashboard
- Backup for managing federal information security management act (FISMA) artifacts
- Validates STIG compliance using STIG viewer
- Evaluated client needs and expectations, establishing clear goals for each consulting engagement.
Sr. Information Assurance Team Lead
ZolonTech
08.2014 - 06.2015
- Maintain current system accreditation under Risk Management Framework (RMF) DIACAP within EMASS & Army Tracking database (TdB)
- Assisted in the plan for the transition from DIACAP to RMF
- Author, manage, and maintain certification and accreditation effort for OCTO systems (NIPRNet, SIPRNet, and JWICS
- Design, configure, and secure distributed CISCO and Nutanix switches network architecture
- Conduct vulnerability assessment of OCTO systems utilizing DoD approved IA tools (SCAP, ACAS, SCC, Retina, Gold Disk, Nessus, etc.) and DISA STIGs/SRRs
- Research, remediate, mitigate, and report metrics on IAVA vulnerabilities
- Generate various C&A & technical documents and operating procedures as required by customer
- Provide system administration support to Windows 2008 R2, 2012, 2012 R2 domain environment (DNS, Active Directory, WSUS, etc.)
- Review documents, workflow and plans for implementation with customers/vendors
- Coordinate and track new implementations projects
- Installing and configuring interface software
- Troubleshoot and resolve complex implementation issues in regards to interface and information exchanges
- Providing interface and related workflow solutions within the guidelines of the interface team’s procedures
- Demonstrate leadership to define requirements for project risk
- Develop solutions with the latest tools
- Research, interpret, and provide technical policy guidance pertinent to OMB-A130 circular, DoD 8500.00, 8510.01, 8500.02, Army Regulation 25-1 & 2, DoD 8570.01 DCID 6/3, ICD 503 & Army information and system security
- Maintain & Monitor all POA&M activities
- Member of Technical Control Board & Change Management Board
- Conduct annual enterprise, enclave, and system self assessments for HQ and remote sites
- Information Assurance Training Officer
- Created and maintained all Oracle databases required for development, testing, education and production usage
- Performed the capacity planning required to create and maintain the databases
- Worked closely with system administration staff because computers often have applications or tools on them in addition to the Oracle Databases
- Performed ongoing tuning of the database instances
- Installed new versions of the Oracle RDBMS and its tools and any other tools that access the Oracle database
- Planned and implemented backup and recovery of the Oracle database
- Controlled migrations of programs, database changes, reference data changes and menu changes through the development life cycle
- Implemented and enforced security for all of the Oracle Databases i.e., STIGS
- Performs database re-organizations as required to assist performance and ensure maximum uptime of the database
- Performed reviews on the design and code frequently to ensure the site standards are being adhered to
- Evaluated releases of Oracle and its tools, and third-party products to ensure that the site is running the products that are most appropriate.
Education
Ph.D. - Information Assurance & Security
Capella Education Company
02-2020
Master of Science - Networkand Communication
Keller Graduate School of Management
03-2013
Master of Science - Management Information Systems
Keller Graduate School of Management
03-2013
Bachelor of Science - Technology Management
DeVry University
10-2011
Skills
- Vulnerability assessment
- Social engineering
- Security auditing
- Security analytics
- NIST frameworks
- Identity management
- Threat intelligence
- Privacy regulations
- Encryption technologies
- Mobile security
- SIEM management
- Wireless security
- Application security
- Secure coding
- Disaster recovery
- Incident response
- Compliance management
- DDoS mitigation
- Data protection
- Network security
- Configuration management
- IoT security
- HIPAA compliance
- Security policy development
- Cybersecurity frameworks
- DevSecOps integration
- Patch management
- Access control
- Cloud security
- Network security management
- Disaster recovery planning
- Business continuity planning
- Risk assessment
- Security planning
- Information governance
- Security metrics
- Information protection
- Developing security plans
- Problem-solving
- Time management
- Teamwork and collaboration
- Active listening
- Effective communication
- Excellent communication
- Reliability
Accomplishments
- Resolved product issue through consumer testing.
- Supervised team of 12 staff members.
- Achieved over 70 Assess and Authorization ATOs and 30 Assess Only ATOs by completing RMF requirements with accuracy and efficiency within each information system (IS) integrated master schedule.
- Achieved efficient results by introducing evaluate STIG, and SCAP compliance to allow integrators to automate and expedite hardening respective STIGs/SRGs in a timely manner.
- Documented and resolved system findings which led to maintaining all system security postures at minimal risk..
Affiliations
- United States Navy Veteran
Certification
- Certified Ethical Hacker (CEH) - EC-Council. Expires June 07 2025 #ECC979864
- CompTIA Security+ April 18 2025 #COMP001011009399
- CompTIA CASP April 18 2025 #COMP001011009399
Languages
English
Full Professional
Software
EMASS
Timeline
Cybersecurity Consultant
Missing Link Security, MLS
09.2021 - Current
Team Lead
DHA, ACRO
04.2019 - 12.2019
Cyber Team Lead/SCA
RMantra
01.2018 - 09.2018
RMF Consultant/Technical Advisor
Missing Link Security
12.2016 - 05.2019
DIA Sr, Assurance/Cyber Security/RMF Consultant
CTGi
06.2015 - 12.2016
Sr. Information Assurance Team Lead
ZolonTech
08.2014 - 06.2015
- Certified Ethical Hacker (CEH) - EC-Council. Expires June 07 2025 #ECC979864
- CompTIA Security+ April 18 2025 #COMP001011009399
- CompTIA CASP April 18 2025 #COMP001011009399
Ph.D. - Information Assurance & Security
Capella Education Company
Master of Science - Networkand Communication
Keller Graduate School of Management
Master of Science - Management Information Systems
Keller Graduate School of Management
Bachelor of Science - Technology Management
DeVry University
Similar Profiles
Jamie AldermanJamie Alderman
Owner/VP of Operations at Heathrow Security/Missing Link SecurityOwner/VP of Operations at Heathrow Security/Missing Link Security
Thomas MorellThomas Morell
Field Supervisor at Missing Link SecurityField Supervisor at Missing Link Security
James ZhangJames Zhang
Senior Sales Operations Executive at The Missing LinkSenior Sales Operations Executive at The Missing Link