Christopher Carter
HAMPTON
Summary
Results-driven Information Security Manager and CMMC Certified Assessor (CCA) with 8+ years of progressive experience in cybersecurity governance, risk management, and compliance. Proven expertise in conducting comprehensive CMMC Level 2 assessments, implementing enterprise security frameworks, and leading cross-functional teams to achieve organizational security objectives. Skilled in NIST SP 800-171, DFARS 252.204-7012, and federal compliance requirements with a track record of reducing security incidents by 70% while ensuring continuous regulatory compliance. U.S. Citizen with active Tier 3 suitability determination.
Overview
11
11
years of professional experience
1
1
Certification
Work History
INFORMATION SYSTEMS SECURITY MANAGER
USAF
03.2020 - Current
- Designed and implemented enterprise-wide information security framework aligned with NIST SP 800-171, ISO 27001, and federal compliance requirements, reducing security incidents by 45% and achieving 100% compliance audit pass rate within 14 months
- Conducted 50+ comprehensive risk assessments and vulnerability evaluations across diverse infrastructure environments, identifying 4,200+ security gaps and establishing remediation plans that achieved 90% closure rate within 6 months
- Managed a secure IT program for 250 units, maintaining encryption systems supporting ISR operations.
- Developed and delivered security awareness training program to 8,000+ employees across 12 facilities, reducing phishing click-through rates by 64%, lowering security incident reports by 51%, and achieving 87% annual training completion rate.
- Conducted pre-assessment gap analyses for 8 federal contractors seeking CMMC compliance, identifying 340+ control implementation gaps and developing prioritized remediation roadmaps that reduced time-to-certification by an average of 18 weeks
- Led comprehensive CMMC Level 2 certification assessment for five Defense Industrial Base contractors, evaluating compliance across all 14 NIST SP 800-171 domains and documenting 847 evidence items, resulting in three organizations achieving Level 2 certification with 110/110 scores
- Developed and delivered security awareness programs for over 8,000 employees, reducing phishing click-through rates by 64% and enhancing organizational readiness
- Championed the shift to zero trust network architecture, resulting in a 55% decrease in lateral movement during red team exercises and improved threat isolation.
- Performed detailed gap analysis against NIST SP 800-171 and DFARS 252.204-7012, identifying 120+ deficiencies and supporting remediation efforts resulting in 100% audit readiness
- Authored and maintained comprehensive System Security Plans (SSPs), updating documentation to reflect evolving regulatory requirements and achieving 98% first-pass audit acceptance
- Led development of Plan of Action & Milestones (POA&M) to track compliance remediation progress, driving 85% closure rate on non-conformities within six months
- Conducted quarterly risk assessments for cloud and on-prem environments, assessing impact to Controlled Unclassified Information (CUI) and recommending controls that improved organizational security posture by 40%
- Facilitated internal and external audits with C3PAO and regulatory agencies, addressing findings and documenting corrective actions for successful compliance certification.
- Created and delivered targeted cybersecurity awareness training, reducing policy violations by 55% and improving compliance knowledge across all departments
- Drove enterprise-wide adoption of advanced GRC platforms and workflow automation, streamlining evidence collection, accelerating compliance reporting cycles by 40%, and delivering real-time, audit-ready dashboards that empowered executive leadership with actionable compliance insights
CYBERSECURITY COMPLIANCE ANALYST
USAF
01.2015 - Current
Education
BACHELORS DEGREE - NETWORK OPERATIONS & SECURITY
Skills
- Cybersecurity Audits
- NIST SP 800-171 Compliance
- NIST SP 800-53 Compliance
- CMMC Assessment
- CMMC Readiness
- Risk Management
- Risk Mitigation
- System Security Plan Development
- Identity Management
- Access Management
- Vulnerability Assessment
- Vulnerability Remediation
- Security Awareness Programs
- Training Programs
- Zero Trust Architecture
- Threat Intelligence
Certification
- CCNA CyberOps
- Project+
- CySA+
- A+
- Network+
- Security+
- CCP
- CMMC CCA
Timeline
INFORMATION SYSTEMS SECURITY MANAGER - USAF
03.2020 - Current
CYBERSECURITY COMPLIANCE ANALYST - USAF
01.2015 - Current
Western Governors University - BACHELORS DEGREE, NETWORK OPERATIONS & SECURITY