Summary
Overview
Work History
Education
Skills
Educational Requirements
Skills Certifications
Clearance
Certification
Work Availability
Additional Information
Timeline
Generic

Glenn Keaveny

Kissimmee

Summary

Dynamic cybersecurity leader with extensive experience at Booz Allen Hamilton, excelling in vulnerability management and risk assessment. Proven track record in enhancing security compliance and IT governance, while fostering team collaboration. Successfully managed operations for over 1.2 million endpoints, driving significant improvements in patch management and security posture.

Overview

21
21
years of professional experience
1
1
Certification

Work History

Continuous Diagnostics and Mitigation (CDM) Operations and Maintenance Manager

Booz Allen Hamilton
McLean
04.2020 - 11.2025
  • The CDM Program is leading the effort to reduce vulnerabilities, detect malicious acts and reduce cyber risk.
  • Mr. Keaveny manages all activities for the CDM Operations and Maintenance team, a managed security service provider directly supporting Asset and Vulnerability Management activities for roughly 40% of the Federal Executive Civilian Branch, monitoring over 1.2 end points.
  • His team operates and maintains tools such as Forescout, HCL BigFix, Tenable.sc, Splunk and Elastic Dashboards at seven federal Agencies.
  • Mr. Keaveny is the lead project manager for deploying patches, and configuration updates to resolve vulnerabilities.
  • He works closely with DHS CISA and Agency Operators to ensure that federal Agencies realize the maximum benefits of the cybersecurity and vulnerability management tools and techniques available through the CDM program now and in the future.
  • He is the primary point of contact between Booz Allen and his government counterparts.

Senior Manager, Federal Reserve Bank of New York

Grant Thornton LLP
New York
08.2019 - 04.2020
  • Mr. Keaveny conducted a security analysis of the Federal Reserve Bank of New York’s Dev Ops and SSDLC processes and procedures.
  • This analysis included code reviews, application vulnerability assessments and application penetration testing.

Senior Manager, Total Administrative Services Corporation

Grant Thornton LLP
05.2019 - 04.2020
  • Mr. Keaveny developed project plans and managed a team conducting a NIST SP 800-53A Vulnerability Assessment for the systems supporting the Combined Federal Campaign System (CFCS).

Senior Manager, United States Department of Agriculture

Grant Thornton LLP
12.2018 - 04.2020
  • Mr. Keaveny managed all PMO activities and provided guidance and oversight to a team supporting the Pegasys Financial System Information System Security Officer.
  • This team supports all aspects of the Risk Management Framework cycle.

Senior Manager, State of New York, Board of Elections

Grant Thornton LLP
09.2018 - 04.2020
  • Mr. Keaveny developed project plans and managed a team of cybersecurity professionals conducting a first and only engagement of its kind teaming with the Center for Internet Security (CIS) for the State of New York’s Board of Elections conducting a comprehensive security assessment of the election infrastructure at both the state and county levels.
  • The team conducted on-site assessments and walkthroughs at each of New York’s 62 counties including the five boroughs of New York City.
  • Each assessment reviewed governance, technical, and physical controls detailed in the CIS Handbook for Elections Infrastructure Security.
  • The team leveraged analytics techniques to identify trends, vulnerabilities, as well as best practices that could be shared statewide.

Senior Manager, United States Patent and Trademark Office

Grant Thornton LLP
12.2017 - 04.2020
  • Mr. Keaveny managed a team conducting OMB A-123 financial audit readiness.

Senior Manager, Social Security Administration

Grant Thornton LLP
11.2017 - 04.2020
  • Mr. Keaveny provided oversight to a team of IT auditors focused on identifying vulnerabilities and developing corrective action plans for the administration’s resiliency programs such as disaster recovery, continuity of operations and business continuity plans.
  • He also coordinates and oversees a red team testing the agencies security controls.

Senior Manager, Center for Medicare and Medicaid Services (CMS)

Grant Thornton LLP
11.2017 - 04.2020
  • Mr. Keaveny provided guidance to a team of vulnerability and penetration testers, as well as NIST controls testers.

Director, Cybersecurity, Global Public Sector

Grant Thornton LLP
Alexandria
04.2017 - 04.2020
  • Ensured timely execution of key deliverables through effective project management oversight.
  • Fostered professional development and leadership skills by mentoring junior leaders.

Senior Manager, National Science Foundation

Grant Thornton LLP
11.2017 - 06.2019
  • Mr. Keaveny led the effort to develop and deploy a NIST cybersecurity framework-based analytics tool that enabled the foundation to visualize areas of strengths and weakness as well as maturity within their security and compliance program.
  • In parallel, he worked closely with a robotics process automation engineering team to ensure that the solution was both secure and compliant.

Senior Manager, District of Columbia Courts

Grant Thornton LLP
Washington
11.2017 - 05.2019
  • The District of Columbia (DC) Courts upgraded from a cash or check only system of payment to include payment cards.
  • Mr. Keaveny coordinated and conducted PCI vulnerability and compliance assessments and PCI compliance training for all the required organizations within the DC Courts.

Senior Manager, QuickChek Corporation

Grant Thornton LLP
04.2017 - 06.2018
  • Mr. Keaveny served as project manager for ongoing vulnerability management and Payment Card Industry (PCI) readiness efforts including annual Reports on Compliance, as well as additional cybersecurity services.
  • He coordinated and led a simulated social engineering campaign that included phishing, USB drop tests and an insider threat scenario.
  • The team successfully phished 48% of the targeted users which lead to the development of enhanced security awareness training.
  • He also led a team of incident response, disaster recovery, and contingency planning experts to assess the current contingency operations infrastructure and to develop a reconstitution and recovery plan.
  • He oversaw the team that implemented an organization contingency corrective action plan for remediating weaknesses that were discovered along with creating high level procedure documentation for data reconstitution and business continuity.
  • In addition to the recovery plan, Mr. Keaveny’s team developed a Disaster Preparedness Guide for employees to proactively mitigate the impact of potential high-risk events.

Senior Manager, Florida Agency for State Technology (AST)

Grant Thornton LLP
06.2017 - 09.2017
  • The Florida AST is responsible for hosting and managing all the IT Infrastructure for the State of Florida.
  • Mr. Keaveny served as project manager and leader of a team of cybersecurity and governance practitioners to develop asset, threat and vulnerability management standards, policies, and procedures.
  • This included but was not limited to creating the baseline change control policy, asset management policy, access control standards and guidelines, security classification policy, vulnerability management policy and risk management policy.
  • The team developed a tool that enabled AST to assign and maintain asset priority and criticality across the enterprise.
  • The team also developed custom secure baselines based on the CIS-CAT standards for every platform across the enterprise.
  • In doing so, the team increased the average CIS-CAT compliance score from 22% to 97%.

Cyber Security Senior Consultant

Xcelerate Solutions
McLean
07.2016 - 04.2017
  • Mr. Keaveny served as the Cyber Security expert in the Program Management Office (PMO) at a Department of Defense (DOD) Agency and directly supported the Information System Security Officer (ISSO) on all cyber security tasks and the NIST Risk Management Framework (RMF).
  • He provided security guidance and oversight to three geographically dispersed application support teams and integrated into the SDLC with the core development team.
  • He developed and deployed a program level governance structure, including the creation of the Program Security Strategy, and three application System Security Plans (SSP).
  • Mr. Keaveny also created the disposal plan for legacy systems, and successfully transitioned two unique applications from the DoD Information Assurance Certification and Accreditation Process (DIACAP) to RMF, while leading two Assessment and Authorization (A&A) efforts, both of which resulted in RMF Authorizations to Operate (ATO).

Manager, Security Operations/Managed Threat Services

Deloitte & Touché LLP
Mechanicsburg
09.2014 - 07.2016
  • Mr. Keaveny provided guidance and oversight to SIEM engineers to ensure all critical infrastructure assets, and endpoint log events were covered.
  • He led a team of more than 20 Security Operations Center (SOC) Analysts and Cyber Threat Hunters, providing 24x7 monitoring of SIEM, IDS, Vulnerability scanning and DLP tools for multiple public sector and commercial clients.
  • He supported client Vulnerability Management, Incident Response, Risk Management, and PCI compliance processes conducting scanning, and threat hunting as well as remediation activities.
  • He coordinated with Deloitte Threat Intelligence to provide real time intelligence and IOCs to clients and led a team to of consultants in developing a cloud-based security monitoring solution.

Manager, Security Delivery Center

Deloitte & Touché LLP
Mechanicsburg
09.2014 - 07.2016
  • Mr. Keaveny established and managed the secure software enablement service for multiple public sector and commercial clients, as well as GRC and IAM services.
  • The Secure Software Enablement Service was fully integrated into the Software Development Lifecycle (SDLC).
  • At the appropriate time in the development cycle, prior to User Acceptance Testing (UAT), HP Fortify was used to analyze source code.
  • The team leveraged threat model analysis from our Managed threat Service and OWASP top 10 to conduct vulnerability and risk analysis and prioritize remediation efforts.
  • Prior to UAT the team conducted manual validation of remediations and used HP WebInspect to further validate that potential OWASP top 10 vulnerabilities in compiled code were not exploitable.
  • Mr. Keaveny also served as the Project Manager for the deployment of an enterprise-wide Security Information and Event Management (SIEM) solution for a large agency in the Commonwealth of Pennsylvania.

Senior Manager, Information System Security Officer

Celerity
Mechanicsburg
11.2010 - 09.2014
  • Mr. Keaveny was an IAT Level II ISSO for four Enterprise Services Directorate (ESD) and 3 DISA Operations (OPS) sites.
  • He was also the alternate ISSO for DISA Field Security Operations (FSO).
  • He coordinated security efforts surrounding the first migration of a DOD application from NIPRnet to a commercial cloud provider.
  • His responsibilities included Asset and Vulnerability Management, Continuous Monitoring utilizing McAfee ePolicy Orchestrator and Splunk and development of certification documentation to include NIST compliant System Security Plans (SSP) and Continuity of Operations Plans (COOP).
  • He created and maintained Enterprise Mission Assurance Support Service (eMASS) DIACAP packages to support Certifying Authority (CA) certification recommendations and Designated Accrediting Authority (DAA) accreditation decisions, as well as supporting ESD and OPS Certification and Accreditation (C&A) activities at field locations worldwide.

Manager, Cyber Security Operational Support Team

Celerity
Mechanicsburg
11.2010 - 09.2014
  • Mr. Keaveny also managed a team of technical and security professionals supporting DISA FSO Cyber Security Readiness Inspections (CCRI), Combatant Command support and Computer Network Defense Security Provider (CNDSP) inspections.
  • In this role he designed and developed multiple database applications utilizing VBA, MS Access, and SQL to track FSO and CYBERCOM cybersecurity metrics and training, and conduct initial scoping, validation and analysis of security metrics, and coordination of all briefings and secure video conferences for roughly 200 inspections each year as the Cyber Security Manager on the CCRI support team.

Senior Managing Consultant, CMS HIGLAS

IBM
Mechanicsburg
07.2007 - 11.2010
  • CMS HIGLAS was the largest Oracle client implementations in the world for the Oracle Federal Financials Suite processing up to 700 billion dollars in Medicare claims annually.
  • Mr. Keaveny was responsible for preparing the HIGLAS system for a three-year ATO based on NIST, CMS ARS and HIPAA security controls.
  • He led a team of security experts conducting internal ST&E activities, which included running Nessus scans, the DISA Gold Disk and multiple DISA SRR scripts.
  • As a result of these efforts the final ST&E report contained no high-level findings and roughly a dozen moderate level findings which were promptly closed or mitigated.
  • At the same time, Mr. Keaveny managed daily security operations and risk management activities including Continuity of Operations (COOP), Disaster Recovery (DR), internal audit activities, vulnerability management, and ensuring that secure code reviews were integrated into the SDLC process.
  • IBM tools including AppScan were used.

Audit Team Lead

IBM
Mechanicsburg
07.2007 - 11.2010
  • Mr. Keaveny led teams of security experts conducting vulnerability assessments and penetration tests against multiple federal customers including DOD, DoL, and DoT.
  • He conducted reviews against NIST 800-53, PCI-DSS, ISO 2700 and GAO FISCAM standards.

Audit Lead, Commonwealth of PA Dept. of Labor and Industry

IBM
Mechanicsburg
07.2007 - 11.2010
  • Mr. Keaveny executed a Vulnerability Assessment of the Commonwealth’s Unemployment Compensation System environment covering Administrative, Technical, and Physical Security components.
  • He worked closely with Commonwealth personnel to identify key components of the system including Operation systems, Databases, Services, as well as network appliances; each of these key components received detailed technical attention.
  • He utilized Nessus, WebInspect, the Gold Disk, DISA SRR Scripts, as well as NISPOM, and NIST 800 guidelines to produce an actionable Vulnerability Assessment Report that was leveraged by the agency to allocate additional funds to remediate potential exploitable agency vulnerabilities.

Managing Consultant, US Navy

IBM
Mechanicsburg
07.2007 - 11.2010
  • Multiple vendors supported the US Navy’s energy management systems.
  • Mr. Keaveny developed and executed an ST&E for the latest release of one of the key components of this system including a detailed technical review of the operating system, database, web services and all other critical vendor supplied services.
  • This evaluation also included a detailed code review.
  • He utilized Nessus, FxCop, and the DISA suite of security tools including the Gold Disk, and SQL Server Scripts, and the OWASP and DISA Application Security Guidelines to produce a Security Test & Evaluation Report and recommendations that were deployed into production instances of energy management systems.

Managing Consultant, Horizon BlueCross BlueShield

IBM
Mechanicsburg
07.2007 - 11.2010
  • Mr. Keaveny coordinated with Horizon personnel to conduct penetration tests and an external vulnerability assessment to identify vulnerabilities potential intruders could find on perimeter devices.
  • He utilized Nessus and ISS and coordinated with the analysis team to produce recommendations for Horizon.

SOC Operations, DHS/USCIS

IBM
Mechanicsburg
07.2007 - 11.2010
  • Mr. Keaveny provided technical and tactical leadership for multiple teams standing up a new Security Operations Center (SOC) for the Department of Homeland Security US Citizenship and Immigration Services (DHS/USCIS).
  • In this roll he developed policies and procedures for all aspects of USCIS Security Operations, and provided Security oversight for deployment of ISS sensors and Security Center.

Manager, Team Lead/Account Manager, Defense Information Systems Agency (DISA) Field Security Operations (FSO) Team

Celerity
Mechanicsburg
07.2004 - 06.2007
  • Led a team of cybersecurity professionals to support DOD global security goals and initiatives.
  • Enforced customer service standards to resolve issues and maintain quality service.
  • Coached and mentored team members, enhancing job performance through targeted training.

Education

B.A -

Lebanon Valley College
Annville, PA
01.1992

Skills

  • Vulnerability management and cybersecurity analysis
  • Risk assessment and patch management
  • Security compliance and IT governance
  • Process improvement and team leadership

Educational Requirements

B.A, Lebanon Valley College, Annville, PA, 1992-01-01

Skills Certifications

  • Certified Information Systems Security Professional (CISSP)
  • Information Technology Infrastructure Library (ITIL)

Clearance

DoD Top Secret

Certification

Certified Information System Security Professional (CISSP)

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Additional Information

United States Army Veteran

Timeline

Continuous Diagnostics and Mitigation (CDM) Operations and Maintenance Manager

Booz Allen Hamilton
04.2020 - 11.2025

Senior Manager, Federal Reserve Bank of New York

Grant Thornton LLP
08.2019 - 04.2020

Senior Manager, Total Administrative Services Corporation

Grant Thornton LLP
05.2019 - 04.2020

Senior Manager, United States Department of Agriculture

Grant Thornton LLP
12.2018 - 04.2020

Senior Manager, State of New York, Board of Elections

Grant Thornton LLP
09.2018 - 04.2020

Senior Manager, United States Patent and Trademark Office

Grant Thornton LLP
12.2017 - 04.2020

Senior Manager, Social Security Administration

Grant Thornton LLP
11.2017 - 04.2020

Senior Manager, Center for Medicare and Medicaid Services (CMS)

Grant Thornton LLP
11.2017 - 04.2020

Senior Manager, National Science Foundation

Grant Thornton LLP
11.2017 - 06.2019

Senior Manager, District of Columbia Courts

Grant Thornton LLP
11.2017 - 05.2019

Senior Manager, Florida Agency for State Technology (AST)

Grant Thornton LLP
06.2017 - 09.2017

Director, Cybersecurity, Global Public Sector

Grant Thornton LLP
04.2017 - 04.2020

Senior Manager, QuickChek Corporation

Grant Thornton LLP
04.2017 - 06.2018

Cyber Security Senior Consultant

Xcelerate Solutions
07.2016 - 04.2017

Manager, Security Operations/Managed Threat Services

Deloitte & Touché LLP
09.2014 - 07.2016

Manager, Security Delivery Center

Deloitte & Touché LLP
09.2014 - 07.2016

Senior Manager, Information System Security Officer

Celerity
11.2010 - 09.2014

Manager, Cyber Security Operational Support Team

Celerity
11.2010 - 09.2014

Senior Managing Consultant, CMS HIGLAS

IBM
07.2007 - 11.2010

Audit Team Lead

IBM
07.2007 - 11.2010

Audit Lead, Commonwealth of PA Dept. of Labor and Industry

IBM
07.2007 - 11.2010

Managing Consultant, US Navy

IBM
07.2007 - 11.2010

Managing Consultant, Horizon BlueCross BlueShield

IBM
07.2007 - 11.2010

SOC Operations, DHS/USCIS

IBM
07.2007 - 11.2010

Manager, Team Lead/Account Manager, Defense Information Systems Agency (DISA) Field Security Operations (FSO) Team

Celerity
07.2004 - 06.2007

B.A -

Lebanon Valley College

Similar Profiles

CREATE PROFILE