Ethan Cottle

Seasoned leader with extensive experience in directing comprehensive cybersecurity programs, managing RMF Assessment and Authorization (A&A) processes, and safeguarding sensitive information systems across diverse industries. Expertise in developing and enforcing security policies, conducting in-depth vulnerability assessments, and ensuring compliance with NIST, PCI, HIPAA, FISMA, and other regulatory frameworks. Proven track record in mitigating cybersecurity risks, fortifying system defenses, and securing critical system authorizations, such as ATO and IATT. Adept at collaborating with cross-functional teams, enhancing system resilience, and delivering strategic guidance on information assurance, incident response, and risk management. Recognized for proactive leadership in addressing evolving cybersecurity threats and assuring continuous system accreditation compliance.

Seasoned cybersecurity leader with extensive experience managing Risk Management Framework (RMF) processes and directing comprehensive cybersecurity programs. Developed and enforced security policies while ensuring compliance with NIST, PCI, HIPAA, and FISMA. Successfully mitigated risks, fortified defenses, and secured critical authorizations, enhancing system resilience and incident response.

Dynamic cybersecurity professional with a proven record in leading RMF Assessment and Authorization teams to achieve first-ever ATO for 137 medical systems. Expertise in developing robust security policies and conducting comprehensive vulnerability assessments. Recognized for proactive risk mitigation and effective compliance management, driving organizational security posture and operational excellence.

Leadership in cybersecurity encompasses directing RMF processes, developing security policies, and ensuring regulatory compliance. Achievements include obtaining critical system authorizations and enhancing system defenses through thorough vulnerability assessments. Track record of collaborating with cross-functional teams to address security challenges and strengthen incident response strategies across diverse environments.

Highly-motivated employee with desire to take on new challenges. Strong work ethic, adaptability, and exceptional interpersonal skills. Adept at working effectively unsupervised and quickly mastering new skills.

Hardworking employee with customer service, multitasking, and time management abilities. Devoted to giving every customer a positive and memorable experience.

Outgoing student pursuing flexible part-time employment with weekend and evening shift options.

An organized and motivated individual, eager to utilize time management and organizational skills across diverse settings. Seeking entry-level opportunities to enhance abilities while contributing to company growth.

• ISACA Certified Information Security Manager CISM Cert.
• CompTIA Advance Security Practitioner (CASP) Cert.
• AWS Cloud Practitioner certification

• Security Steward/Consultant, MKS2, Austin, TX, 01/01/21, Present, Direct Risk Management Framework (RMF) Assessment and Authorization (A&A) team for creating and managing a comprehensive cybersecurity program and policies, securing necessary approvals from authorizing offices., Ensure compliance with security standards by establishing precise configuration of domain/local policies and enforcing adherence to information system security procedures., Review audit reports regularly by swiftly identifying and resolving security issues, improving overall system security., Coordinate with CPSO to gain approval for external information systems, contributing to secure operations., Delivered expert guidance on system operation to users, strengthening security posture across systems., Provide critical insights on component classification, enhancing secure data management practices., Verify ongoing system accreditation by evaluating and adapting to system changes, maintaining compliance., Maintain accurate system diagrams per control board directives for driving effective system documentation., Mitigate system vulnerabilities through proactive monitoring, preventing potential attacks., Combined 137 Medical systems across the VA into one system boundary completing all RMF steps leading to obtaining systems first ever ATO., Created 17 control Policies and procedures for VA deemed critical controls that were approved., Assessed over 379 controls wrote test results uploaded evidence and wrote corresponding POAM’s in the event one was needed., Completed PIAs and PTA’s and had them approve for two major systems Special Purpose and Medical systems., Combined 137 Special Purpose systems across the VA into one system boundary completing all RMF steps leading to obtaining systems first ever ATO.
• Information System Security Officer/Security Analyst, Senture, LLC, London, KY, 01/01/21, 01/01/23, Direct Risk Management Framework (RMF) Assessment and Authorization (A&A) team for creating and managing a comprehensive cybersecurity program and policies, securing necessary approvals from authorizing offices., Ensure compliance with security standards by establishing precise configuration of domain/local policies and enforcing adherence to information system security procedures., Review audit reports regularly by swiftly identifying and resolving security issues, improving overall system security., Coordinate with CPSO to gain approval for external information systems, contributing to secure operations., Deliver expert guidance on system operation to users, strengthening security posture across systems., Provide critical insights on component classification, enhancing secure data management practices., Verify ongoing system accreditation by evaluating and adapting to system changes, maintaining compliance., Maintain accurate system diagrams per control board directives for driving effective system documentation., Mitigate system vulnerabilities through proactive monitoring, preventing potential attacks., Strengthened system security through thorough vulnerability assessments by utilizing DISA STIGS, Checklists, Retina Security Scanner, Nessus, and SCAP benchmarks., Presented weekly IA risk score reviews for over 35 IT assets, providing detailed analysis to Tier 1 & Tier 2 personnel., Acted as liaison between Cosmic AES and government authorities for enabling alignment with system security requirements., Activated Cyber Incident Response Plan procedures during security incidents for administering critical documentation., Demonstrated mastery of FISMA, FIPS 140-2, NIST SP 800-53, 800-63, 800-171, FIPS 199, HIPAA, and PCI DSS for regulatory compliance., Collaborated with program managers, IT, and security staff to ensure effective cybersecurity practices across stakeholders., Developed and headed Lynx OS scanners for strengthening security protocols., Enhanced system defense by expertly configuring and maintaining Host-Based Security System (HBSS).
• Information System Security Officer ISSO, Advanced Information Technology Concepts (AITC), San Antonio, TX, 01/01/20, 01/01/21, Executed in-depth security analyses on client networks and systems for offering strategic guidance, training, research, and tailored recommendations., Led internal security audits, risk assessments, and evaluations for complex operational systems, enhancing security posture., Oversaw security and internal control reviews for sensitive systems, ensuring compliance and operational integrity., Applied extensive expertise in NIST, PCI, and HIPAA frameworks to align systems with stringent security standards., Assessed and authorized applications and systems managing sensitive information, defining secure requirements for procurement, systems development, and encryption methods., Developed and maintained critical IT security documentation, including system security plans, risk assessments, POA&M, contingency, and incident response plans., Managed comprehensive system records within Enterprise Mission Assurance Support Service (eMASS) tool for assuring accurate tracking and compliance., Streamlined Authority to Operate (ATO) processes by producing key artifacts, control implementation details, and POA&Ms for verifying compliance with security frameworks., Coordinated with system stakeholders to resolve security issues efficiently and effectively., Leveraged in-depth knowledge of NIST security controls, GRC security documentation tools, and RMF for driving robust compliance processes., Facilitated meetings to analyze authorization documents, identify gaps, and establish schedules to meet outstanding authorization requirements.
• Cyber Security Consultant, Lexland Systems, Crystal City, VA, 01/01/18, 01/01/20, Supported classified information systems security by applying Information Assurance (IA) policies, principles, and techniques., Maintained detailed records of system upgrades for workstations, servers, routers, firewalls, intelligent hubs, and network switches, ensuring seamless operations., Preserved operational security posture by safeguarding information systems and program integrity., Developed and curated Authorization and Accreditation (A&A) documentation in full compliance with policies and procedures., Crafted and regularly updated system security plans and IA documentation to enable alignment with security protocols., Administered Configuration Management (CM) for critical software, hardware, and firmware, enhancing system security., Directed daily security operations for information systems for robust system protection., Spearheaded information assurance programs for organizations, systems, and enclaves, strengthening overall security framework., Allocated system packages to team members based on skillsets, optimizing efficiency and outcomes., Instructed team members and government officials in proficient RMF package assessments, bolstering team capabilities., Maintained documentation for introduction of new networks, systems, and technologies into SIE, supporting security efforts., Established and implemented processes to mitigate vulnerabilities in software and hardware deployment, enhancing system protection., Conducted risk and vulnerability assessments of IT and IS systems for delivering detailed risk reports as Security Controls Assessor (SCA)., Assisted USSOCOM, Component Commands, and deployed forces in enforcing A&A and connection standards, ensure secure operations., Directed Control/Continuous Monitoring (Step 6) of RMF and reaccreditation efforts, ensuring ongoing compliance., Evaluated cybersecurity posture of SIE networks and systems, securing ATO, IATT, or ATC authorizations., Monitored and reported cybersecurity compliance to higher headquarters, such as USCYBERCOM and DIA., Validated system patching, conducted scanning, and created POA&Ms, ensuring compliance with regulatory standards., Contributed expert insights on security designs and architectures, improving system resilience.