Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

Jim Koch

Marthasville,MO

Summary

Experienced technology professional with a proven track record of innovation and success. Proficient in optimizing systems to meet business goals and objectives. Demonstrated ability to lead projects from inception to completion, driving organizational growth and achievement.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Contract Site Lead/Deputy Task Lead/DAOR Functional Lead

Rividium Inc
12.2024 - Current
  • Company Overview: NGA Defender Contract
  • Responsible for overseeing and managing the contract-related aspects of the St. Louis Region for the NGA Defender Contract ensuring all parties involved are aligned towards the same goals
  • Manages Security Risk Management personnel to ensure uniformity and efficiency for the Assessment & Authorization Risk Management Framework processes for the NGA
  • Leads as a Subject Matter Expert for all Delegated Authorizing Official’s Representatives (DAOR) on the contract to move programs and systems along the A&A process into a final state of continuous monitoring

Security Control Assessor’s Representative

Amyx Inc
06.2024 - 12.2024
  • Company Overview: TRANSCOM Federal Contract
  • Independently assess the adequacy and compliance of security controls to the agency on behalf of the SCA and AO
  • Conducts independent comprehensive assessments of the management, operational, privacy and technical security controls and control enhancements employed or inherited by an IS
  • Provide SME support for RMF activities within and/or outside Enterprise Mission Assurance Support Service (eMASS) or other tool as designated by the Government.
  • Provide technical and operational analyses of supporting artifacts and provide risk analysis recommendations to the SCA.
  • Perform triage of authorization, POA&M, System Security Plan, System Categorization, and risk acceptance requests using the Govt RMF Artifact Quality Rubric.
  • Identify non-compliant submissions, document in the Package Return Report (PRR), and submit to the Government SCA for approval and signature.
  • Review security artifacts provided by program offices or other organizations and assess both technical and functional adequacy of cybersecurity/Information Assurance (IA) controls
  • Perform the Independent Verification and Validation (IV&V) role within eMASS on NIPRNet and SIPRNet, verifying that controls are in-place, operating as intended, producing desired outcomes, and providing feedback to submitters on non-compliant security controls, adequacy of artifacts, and POA&M items, and provide the required PRR as needed.

Information System Security Engineer

Paragon Technology Group
02.2024 - 06.2024
  • Company Overview: TRANSCOM Federal Contract
  • Provides technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation.
  • Responsible for designing and implementing solutions for protecting the confidentiality, integrity and availability of sensitive information.
  • Provides technical evaluations of IT systems and assists with making security improvements. Participates in design of information system contingency plans.
  • Conducts security product evaluations, and recommends products, technologies and upgrades to improve the organization’s security posture.
  • Understands Information Security Continuous Monitoring (ISCM) concepts and the employ of security automation and risk dashboarding tools and processes to more quickly identify and respond to risk and support more efficient Assessment & Authorization processes such as ongoing authorization.
  • Conducts testing and audit log reviews to evaluate the effectiveness of current security measures.
  • Expertise to develop and/or review system authorization documentation in accordance with DoD implementation of the Risk Management Framework (RMF) especially in eMASS
  • Experience performing vulnerability scans using ACAS, Nessus, and Fortify SCA, analyze outputs to identify vulnerabilities, and recommend mitigation and remediation actions
  • Experience implementing DISA STIGS and verifying application
  • Experience writing and tracking POA&Ms
  • Experience conducting and evaluating security testing activities including security assessments, audits, and penetration testing
  • Experience supporting operational security activities e.g., firewall implementation, risk mitigation, host security, encryption, intrusion detection, Virtual Private Network (VPN) implementations, and viral detections
  • Experience with security lockdown and/or hardening of servers and network devices
  • Ability to coordinate overall security strategy with multiple agencies, Authorizing Official (AO) representatives
  • Ability to coordinate with developers, vendors, and other government organizations/agencies to assess security engineering issues
  • Experience recommending changes to network and security architecture to improve security posture and meet operational performance requirements

Lead Instructor

ThriveDX
01.2022
  • Company Overview: Remote
  • Lead Instructor for Cybersecurity Bootcamp through New York University, North Carolina State University, University of Wisconsin, Kansas State University
  • Classes taught:
  • Cloud Security
  • Microsoft Security
  • Cybersecurity Infrastructure and Compliance

Advisory Project Delivery Manager

Deloitte LLC
08.2023 - 02.2024
  • Company Overview: NGA CRMA Federal Contract
  • Project Delivery Manager 1 in Risk and Financial Advisory → Cyber and Strategic Risk, Government and Public Services
  • Cybersecurity consultant- Security Risk Management
  • Leads Risk Assessment and Management team
  • Security And Risk assessment and audit
  • Security assessment reporting
  • Risk assessment reporting

Information System Security Manager

Boeing Inc
07.2022 - 07.2023
  • Company Overview: F15
  • Lead and implement the Assessment and Authorization (A&A) processes under the Risk Management Framework (RMF) for new and existing information systems.
  • Lead staff with assessments and test/analysis data to document state of compliance with security requirements
  • Manage assigned team to facilitate effective execution of RMF.
  • Lead the implementation of Continuous Monitoring (CONMON) for information systems within area of responsibility.
  • Oversee configuration management of assigned systems; auditing systems to ensure security posture integrity.
  • Conduct risk assessments and investigations, execute appropriate risk mitigations, and oversee incident response activities.
  • Perform security analysis of operational and development environments, threats, vulnerabilities and internal interfaces to define and assess compliance with accepted industry and government standards.
  • Serve as organization spokesperson on advanced projects and programs.
  • Act as advisor to management and customers on advanced technical research studies.
  • Interface with the appropriate government customers, suppliers, and company personnel to implement protective mechanisms and to ensure understanding of and compliance with cybersecurity requirements.
  • Facilitate development of Memorandums of Understanding (MOU), Interconnection Security Agreements (ISA), and Risk Acknowledgement Letters (RAL).
  • Oversee the development and deployment of program information security for all program systems to meet the program and enterprise requirements, policies, standards, guidelines and procedures.
  • Provide guidance and coaching to support team within Information Security
  • Oversee and participate in security assessments and audits.
  • Prepare, review, and present technical reports and briefings.
  • Identify root causes, prioritize threats and recommend and/or implements corrective action.
  • Explore the enterprise and industry for evolving state of industry knowledge and methods regarding information security best practices.
  • Lead development of enterprise-wide information security policies, standards, guidelines and procedures that may reach across multiple stakeholder organizations.

Lead Senior Delegated Authorizing Official's Representative

Centerpoint Inc.
04.2019 - 07.2022
  • Company Overview: NGA CRMA Federal Contract
  • Information Security Risk Management and Compliance
  • Work with internal and external customers to take their project through the Assessment & Authorization process to gain full security authorization to operate on NGA network.
  • Successfully brought over 200 programs to successful security authorization using DoD protocols.
  • Manage 4 or more DAORs.
  • Initiate A&A activities and maintain situational awareness of IS status.
  • Inform customers of A&A objectives, processes, responsibilities, dependencies, and schedules.
  • Assist customers in developing system descriptions (including system boundary).
  • Coordinate activities with applicable government and customer personnel.
  • Document the system in NGA’s system of record.
  • Categorize systems
  • Provide guidance for developing each Information System’s body of evidence
  • Select Security Controls
  • Implement Security Controls
  • Authorize Information Systems
  • Continuous Monitoring

Security Assurance Analyst

Signature Consultants/Federal Reserve Bank of St. Louis
10.2018 - 03.2019
  • Company Overview: Contractor
  • 6 month contract with Federal Reserve Bank
  • Responsible for Security Assurance for the Federal Reserve (SAFR) program for the Treasury Division
  • Internal Consultant to the Division’s technology needs regarding information security.
  • Implements and manages NIST-based SAFR lifecycle. Assesses risk and keeps compliance current.
  • Coordinates and maintains Risk Acceptance and Plans of Action and Milestones for mitigation.
  • Creates and maintains configuration management and continuous monitoring plans.
  • Coordinates software approvals.
  • Maintains information system inventories.
  • Coordinates audit activities and self-assessments.
  • Assesses and documents risk pertaining to new technology implementations and deviations.

Senior Engineer, Security Architecture & Design

Mastercard Inc.
04.2017 - 09.2018
  • Successfully implanted many architectures from vendors, mergers & acquisitions, and other banks to seamlessly integrate their systems into the enterprise.
  • Work with internal customers, M&A customers, and outside sales vendors to create security architectures and work with numerous internal departments to implement that architecture across the enterprise.
  • Ensures PCI compliance through control validation and testing.
  • Contribute to the development of standards and guidelines for security infrastructure technologies.
  • Contribute to the development of standards and guidelines for security hardening practices in regards to operating systems and network security technologies.
  • Lead Proof of Concept evaluations including vendor selection, test case definitions and scoring criteria metrics based on industry standard criteria.
  • Contribute to the analysis and design of existing and new security infrastructure technologies.
  • Provide consultation in legal, technical and regulatory areas that affect information security.

PKI Administrator/Security Control Assessor

CACI Inc/NGA Contractor
08.2016 - 04.2017
  • Cyber Security Analysis/Security Controls Assessor /PKI Engineer
  • Worked with numerous customers to assess the security of their systems and bring them to authorization.
  • Reviewed new network implementations and existing network hardware and software changes for multiple networks for NIST and federal security compliance. Performed vulnerability scans and penetration testing on multiple new and existing networks. Performed compliance and assessment scans.
  • Authenticated and issued PKI certificates on multiple networks and administered database and LDAP server repository. Identified and remedied individual PKI certificate issues to resolution as well as elevating known problems to management for widespread account resolution.

Cryptologic Language Analyst

US Army/NSA
04.2010 - 09.2016
  • Company Overview: Multiple
  • Managed from 5 to 40 soldiers in a computer network operations office.
  • Triaged, translated, processed, and reported highly technical and linguistically complex foreign language intelligence in support of the U.S. Intelligence Community, the U.S. Army, and the U.S. Government.
  • Target Analysis, reporting, research of digital network intelligence, Signals Intelligence, and Geospatial Intelligence, Including Penetration Testing, Footprinting, Digital Forensic Investigation, Red Team/Blue Team, Event Analysis and Reporting, and Security Testing.
  • Knowledge and experience with numerous commercial security applications as well as DoD/NSA specific security applications.

Education

MS - IT Management

Lindenwood University
St. Charles, MO
04.2019

BS - Cybersecurity

Lindenwood University
St. Charles, MO
12.2017

AA - Russian Language

Defense Language Institute Foreign Language Center
Monterey, CA
11.2011

Skills

  • Organizational change management
  • Security & Compliance management
  • Strategic program execution
  • Active CISM certification
  • Business continuity strategies
  • Network security oversight
  • Project management in IT
  • Cloud security assessment
  • Risk assessment expertise
  • Strategic policy development
  • Program performance analysis
  • Cybersecurity frameworks

Certification

  • Certified Information Security Manager (CISM), ISACA - 2019-Current

Languages

Russian

Timeline

Contract Site Lead/Deputy Task Lead/DAOR Functional Lead

Rividium Inc
12.2024 - Current

Security Control Assessor’s Representative

Amyx Inc
06.2024 - 12.2024

Information System Security Engineer

Paragon Technology Group
02.2024 - 06.2024

Advisory Project Delivery Manager

Deloitte LLC
08.2023 - 02.2024

Information System Security Manager

Boeing Inc
07.2022 - 07.2023

Lead Instructor

ThriveDX
01.2022

Lead Senior Delegated Authorizing Official's Representative

Centerpoint Inc.
04.2019 - 07.2022

Security Assurance Analyst

Signature Consultants/Federal Reserve Bank of St. Louis
10.2018 - 03.2019

Senior Engineer, Security Architecture & Design

Mastercard Inc.
04.2017 - 09.2018

PKI Administrator/Security Control Assessor

CACI Inc/NGA Contractor
08.2016 - 04.2017

Cryptologic Language Analyst

US Army/NSA
04.2010 - 09.2016

BS - Cybersecurity

Lindenwood University

AA - Russian Language

Defense Language Institute Foreign Language Center

MS - IT Management

Lindenwood University

Similar Profiles

CREATE PROFILE