Summary
Overview
Work History
Education
Skills
Certification
SECURITY CLEARANCE
Timeline
Generic

JEROME F. CRUZ

Apple Valley,CA

Summary

Accomplished Information System Security Officer (ISSO) with 15+ years of experience supporting DoD and federal agencies. Expert in Risk Management Framework (RMF) lifecycle, system authorization (ATO), vulnerability management, and compliance audits. Skilled in NIST SP 800-53 (Rev 4 & 5), JSIG, Army Regulations (AR), and federal cybersecurity standards. Proficient with ACAS/Tenable, SCC, eMASS, Evaluate-STIG, Elastic, Kibana, HBSS/AESS, PKI token management. Demonstrated ability to train personnel, lead compliance initiatives, and mitigate cybersecurity risks proactively.

Overview

17
17
years of professional experience
1
1
Certification

Work History

Information System Security Officer (ISSO)

Naval Surface Warfare Center Corona Division
NSWC Corona, CA
08.2025 - Current
  • - The ISSO will work directly with the Navy Qualified Validator and site Information Systems Security Manager (ISSM) to analyze complex and unique technical support assignments and collaborate with other cyber security engineers, system administrators, and program analysts within a scaled agile environment. The ISSO will work directly to support and manage all eMASS packages in the NSWC Corona portfolio. This position is 100% onsite. Responsibilities Support all RMF packages for the NSWC Corona - Corona Division. Support site Information Systems Security Manager (ISSM) in compliance reviews of systems. The ISSO may be called on to author, review and critique perspective artifacts and required RMF documentation Work with ISSM to support all cybersecurity actions for division. Contribute to the development of cybersecurity policies and procedures. Responsible for reviewing and assessing cybersecurity risks. Responsible for the management of Risk Management Framework (RMF) best practices to attain/ maintain continuous Authority-to-Operate (ATO) capability. Ensure the cybersecurity posture of assigned systems. Research National Institute of Standards and Technology (NIST), DoD and Navy Guidance on Cybersecurity and related topics in response to requests for data or information related to cybersecurity topics, posture, impacts, or issues and reviews. Review architectures and designs for cybersecurity compliance and provide recommendations. Ability to perform and troubleshoot security measures including analysis, periodic testing, evaluation, verification, accreditation, and review of information system installations at appropriate classification levels. Review results in a cybersecurity impact assessment report when required. Compile, review, and manage system POA&Ms. Other duties as assigned. Qualifications Bachelor of Science degree in Information Systems, Engineering, Computer Science, or Business or similar field (MS preferred) Minimum of seven (7+) years of experience to include the following: Nessus/ACAS Scanner Experienceo ACAS dashboard, setup, ability to run scans, ability to troubleshoot scanner and scanner results NIST/STIG Experienceo Experience with STIG Viewer/validation/analyzing and compiling results into a POA&M RMF Experience
  • Experience with eMASS, Artifacts, Test Plans, Control Assessments, and compiling tools to process and collate test results Security + (IAT Level II Certified) SECURITY CLEARANCE REQUIREMENTS: Must currently hold a security clearance at the minimum Secret level. Physical Demands: Must be able to lift up to 25 pounds Must be able to stand and walk for prolonged amounts of time Must be able to twist, bend and squat periodically #LI-MN1

Information System Security Officer (ISSO)

Intelligent Waves
Edwards AFB, CA
04.2024 - 07.2025
  • - Worked directly with the ISSM in meeting their duties and responsibilities. My primary function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, primarily the United States Air Force and the US Navy with guidance from the Joint Program Office (JPO). Prepared and reviewed Standard Operating Procedures (SOP's) IAW the Risk Management Framework (RMF) NIST 800-53 to ensure procedures are compliant. Reviewed and edited System Security Plans (SSP) to update the systems Authorization To Operate (ATO).
  • - Evaluated audit records and collected, reviewed system logs using system log tools like eLASTIC IAW the Joint Special Access Program (SAP) Implementation Guide (JSIG). Validated that audit records are collected, reviewed, and documented using eLASTIC. Execute the cyber security portion of the self-inspection, to include provide security coordination and review of all system assessment plans.
  • - Proficient in conducting and managing the vulnerability management plan using the vulnerability tool, Tenable Security Center (ACAS), to perform vulnerability scans, prepare custom executive summary reports and analyze anomalies within the network. Conducted ACAS scans to identify vulnerabilities and implemented remediation steps to address them promptly.
  • - Proficient with DISA's SCAP Compliance Checker (SCC) and the Navy's Evaluate-STIG to conduct compliance audit scans. Prepared SCC tool with DISA's benchmarks then scanned systems which included operating systems such as Windows 10/11, Windows Server 2019/2022 and Linux systems. Provided xccdf files and report summaries for remediation team to correct. Assited the team with using the Security Technical Implementation Guide Viewer to address all open findings and how to properly evaluate a "not reviewed" VUL-ID and either mark it as "not a finding" and mark as completed, or mark as 'not applicable. Prepared an SOP for the Navy's Evaluate-STIG then taught new personnel how to use the tool and prepare reports for compliance.
  • - Proficient with creating both vulnerability, compliance and physical security Plan of Action Milestone (POAM's). On occasion I would teach the team the importance of properly creating a POAM which included ensuring a proper mitigation statement, effective recommendations, and provide milestones with realistic completion dates. Then once a month revisit the POAM and either update or close out findings.
  • Korey Kilgore ISSM

Information System Security Officer (ISSO)/Cyber Defense Analyst

Department of Defense
Ft. Irwin, CA
09.2010 - 04.2024
  • - Information System Security Officer (ISSO): As the ISSO I aided the ISSM ensuring that the NEC and all units on NTC/Fort Irwin were in full compliance for RMF and CCRI inspections and assessments. STIG Compliance Review: Reviewed all requirements and provided updated information to the ISSM pertaining to STIG compliance and outdated information, POAMs, and SOPs that are required to be reviewed annually. Supported and maintained the Risk Management Framework (RMF) program as one of the subject matter experts for RMF programs, functions, and tasking. Evaluated and performed self-assessment with eMASS and created POAM's and workflows for site accreditation using NIST SP 800-53 and Army Regulations.
  • - ACAS Administrator: Created, launched and analyzed all IAVA scanning and reports for potential vulnerabilities using Tenable ACAS. Managed the vulnerability management program to ensure all systems on the Network (computers, MFDs, Servers, etc., to include PM systems) are compliant to be on the network. Created automated vulnerability reports which included all CVE's, which are then forwarded to the remediation team for action.
  • - HBSS/AESS Administrator: Acted as the primary point-of-contact of the Army Endpoint Security Solution (AESS) site reviewer and POC for all Endpoint Security (ENS) Products implemented on systems throughout the Ft Irwin NIPR/SIPR ICAN. Conduct maintenance to ensure compliance of all ENS products implementation and other software that are under Cyber's control Responsible for producing, and analyzing results from AESS scans and providing reports interface for endpoint security deployment of AESS products between organizations and subordinate units.
  • - TYCHON/KIBANA Analyst: Executed Army Cyber Operational Orders and Cybersecurity Tasking Orders that addresses and reports 100+ vulnerabilities and threats for 4000+ endpoints. Enforced and supported all quarantine and troubleshooting efforts for non-compliant endpoints. Analyzed and collaborated mitigation and risk management strategies to maintain overall network security.
  • - Enhanced Trusted Agent: Served as the primary point-of-contact as the NIPR and SIPR PKI token management system, processing and maintenance in support of the multi-factor authentication (MFA) requirements and policies. Appointed as the enhanced trusted agent (ETA) and processed over 1000+ NIPR and SIPR PKI token requests. Provides PKI technical support and maintenance of all troubleshooting, pin resets, revocation and issuance records.
  • April Denton: ISSM

Desktop Support Technician

Department of Defense
04.2009 - 09.2010
  • - Analyzed computer and network threats from customer systems that are at risk and escalating to cyber security team for further analysis and threat prevention.
  • - Verified customer information in Active Directory services to review account access, security issues, and necessary checks for compliance with information security requirements.
  • - Maintained confidentiality, integrity, authenticity, and nonrepudiation best practices using encryption methods for sending controlled unclassified information through Army email system in accordance with applicable standards.
  • - Ensured quick response to VIP customer and fix of critical issues with their accounts and computing assets.
  • - Performed remote access to servers to troubleshoot customer issues, install drivers, and ensure appropriate updates are pushed to mitigate vulnerability issues, quarantine systems, and system unavailability.
  • - Provided local touch labor services to include installation, troubleshooting, repairing, and software updates, security updates, vendor patches (service packs, service releases), etc., when electronic application means do not exist.
  • - Monitored emails and notified users of suspected phishing attempts and provided education on how to spot malicious emails.
  • X-tc2-color: Brandon Stephenson : Cybersecurity Division Chief

Education

Computer Science

Community College of the Air Force
05.1990

Skills

  • Security & Compliance Tools: ACAS/Tenable Security Center, SCAP Compliance Checker, Evaluate-STIG, eMASS, Elastic, Kibana
  • Operating Systems: Windows 10/11, Windows Server 2019/2022, Linux (Red Hat/CentOS)
  • Frameworks & Standards: RMF, NIST SP 800-53, JSIG, Army Regulations
  • Network & Endpoint Security: HBSS/AESS, TYCHON, PKI Token Management, MFA Enforcement
  • Cybersecurity Operations: Vulnerability Management, POA&M Development, SOP Creation, STIG Compliance, Audit Log Analysis, Incident Response
  • Other: Active Directory Administration, Cyber Operations Coordination, Staff Training & Mentorship

Certification

  • Certified Ethical Hacker (CEH) – EC-Council | Issued Jun 2012 (Expired)
  • CompTIA Security+ CE – CompTIA | Issued Sep 2010 (Valid through 08 Jan 2029)
  • CompTIA A+ CE – CompTIA | Issued Sep 2010 (Valid through 08 Jan 2029)
  • ACAS Operator & Supervisor Course | 14 Nov 2021
  • EMASS Computer Based Training | 6 Jun 2017
  • McAfee Endpoint Security ENS 10.7 | 23 Feb 2022

SECURITY CLEARANCE

TOP SECRET/SCI (Active)

Timeline

Information System Security Officer (ISSO)

Naval Surface Warfare Center Corona Division
08.2025 - Current

Information System Security Officer (ISSO)

Intelligent Waves
04.2024 - 07.2025

Information System Security Officer (ISSO)/Cyber Defense Analyst

Department of Defense
09.2010 - 04.2024

Desktop Support Technician

Department of Defense
04.2009 - 09.2010

Computer Science

Community College of the Air Force
JEROME F. CRUZ