Joshua Styan, MS, CISSP, CISM
Summary
With a proven track record at NIWC Atlantic, I excel in leading cybersecurity initiatives, ensuring regulatory compliance, and enhancing security postures. My expertise in risk management and exceptional communication skills have significantly mitigated vulnerabilities, achieving a notable improvement in audit outcomes. I adeptly balance project planning with governance, driving operational excellence in high-stakes environments.
Overview
14
14
years of professional experience
5
5
Certifications
Work History
Identify and Protect Chief, GS-13
NIWC Atlantic
10.2024 - Current
- Responsible for monitoring all TASKORDs released by Joint Force Head Quarters Department of Defense Information Network (JFHQ-DODIN) and US Cyber Command for dissemination across a wide array of teams to ensure compliance
- Tracks cybersecurity tool deployment across the enterprise for compliance with all regulations
- Enters, votes on, and addresses risks that are identified within the enterprise; both technical and managerial in nature
- Advises senior leadership of current issues and potential need for escalation for noncompliance
- Long-standing resource during triannual Electronic Scoring Metric (ESM) and Cyber Operational Readiness Assessment) audits, both internally and externally
- Exceptional written and verbal communication skills with attention to detail
Service Delivery Manager
NIWC Atlantic
01.2022 - 10.2024
- Leads multiple teams spanning a diverse skill set to ensure the defense of critical IT systems for our subscribers
- Oversees all operations related to vulnerability scanning (Tenable Assured Compliance Assessment Solution), endpoint protection (McAfee Endpoint Security Solutions), Incident Response, Insider Threat Monitoring, and all subscriber engagement efforts
- Works closely with Defense Information Systems Agency (DISA) to track and implement countermeasures against the latest security threats through patching, asset removal, or plan of action and milestones
- Ensures all client expectations are clear and being met through routine calls, emails, and meetings as requested
ACAS & ESS Team Lead
NIWC Atlantic
01.2019 - 12.2021
- Directed a team of ACAS, ESS, and Burp Suite Subject Matter Experts in scheduled or ad hoc tasking to provide a high level view of a network's security posture
- Metrics were analyzed weekly, quarterly, and annually
- Conducted weekly reporting for Information Assurance Vulnerability Alerts (IAVA) across the Department of Defense's Defense Health Agency (DoD DHA)
- Tracks STIG and overall patch compliance across 10,000 assets
- Performed reviews on Plan of Action and Milestone (POAM) documentation for current vulnerabilities
- Assesses severity and CVSS score based on ease of exploitation, attack vectors, remediation, and business justification for ongoing review
- Supported Ports, Protocols, and Services Management (PPSM) and the DOD DMZ Whitelist program, which provides implementation guidance on the use of IP Protocols, applications, systems, and data services that traverse DOD networks
Cybersecurity Analyst II
ASM Research
02.2017 - 01.2019
- Developed comprehensive approved and unapproved software lists and enforced baseline configurations using Technical Reference Model (TRM)
- Provided professional recommendation to approve, deny, or divest software in question
- Scanned, identified, and remediated existing vulnerabilities through use of BDNA, SCCM (System Center Configuration Manager) and NVD (National Vulnerability Database)
- Conducted annual review of various software to ensure no new vulnerabilities are present, patches are being applied, and systems are following federal regulations
- Removed long-standing material weaknesses for annual Federal Information Systems Controls Audit Manual (FISCAM) found in the previous year
Cybersecurity Compliance Analyst
Benefitfocus
11.2015 - 01.2017
- Facilitated SOC and PCI audits across the entire organization
- Annual audit covers suite of web based software offered by Benefitfocus
- Interviewed control owners over the course of the audit to collect necessary artifacts
- Identified gaps in change management procedure and provided suggested resolutions to management
- Audited potential business partners prior to giving recommendation for upper management; over 200 per year
- Generated risk acceptance memos to address outstanding findings
- Addressed privacy incidents according to client agreements, state, and federal laws
- Reviewed incidents and compared exposed PII and PHI against HIPAA regulations
- All associates involved were investigated to determine remediation which ranged from internal reports to external communications with client and media if necessary
- Utilized NIST SP 800-53, 800-88 (media sanitation) framework and DISA STIGs: Apple OSX, Windows 7, Microsoft Windows Server 2012, iOS 9 Interim Security Configuration Guide to expand existing security controls
Support Analyst
Blackbaud
08.2014 - 11.2015
- Troubleshot and addressed concerns related to firewall connectivity, ports, SSL certificates, software updates, patching and IIS web servers
- Worked with local network administrators to determine root cause and ensure uninterrupted service
- Cataloged software bugs to be addressed by engineering
- Less critical bugs followed SDLC
- Wrote knowledge base articles to assist clients and team members
- Articles ranged from application installation and configuration to patching, security vulnerabilities, and best practices
Tech Support Coordinator I
Verizon Wireless
11.2010 - 07.2014
- Reviewed data, text, and call logs for failure pointing to potential outages across Verizon's network
- Contacted clients to confirm issues in their immediate area
- Troubleshot device, location, account access, and provided recommendations based on current issue
- Utilized proprietary software to monitor communications, provision services, and remotely access user devices
- Events ranged from excessive data usage, dropped calls or text messages, international use, potential MEID cloning and fraud
- Generated network trouble tickets system for outages and monitored progress
- Persistent issues were escalated to the Network Operations Center on a national level
Education
Master of Science - Cybersecurity
St. Leo University
01.2017
Bachelor of Science - Computer and Information Science
ECPI University
01.2010
Skills
- Risk Management
- Project planning
- Security operations
- Regulatory frameworks
- Compliance management
- Audits management
- Conflict resolution
- Vulnerability management
- Governance
- Written and verbal communication
Certification
- Certified Information Systems Security Professional (CISSP), ISC(2)
- Certified Information Security Manager (CISM), ISACA
- Certified Ethical Hacker, EC Council
- Security+, CompTIA
- Network+, CompTIA
Clearance
Active Top Secret SCi Clearance
Timeline
Identify and Protect Chief, GS-13
NIWC Atlantic
10.2024 - Current
Service Delivery Manager
NIWC Atlantic
01.2022 - 10.2024
ACAS & ESS Team Lead
NIWC Atlantic
01.2019 - 12.2021
Cybersecurity Analyst II
ASM Research
02.2017 - 01.2019
Cybersecurity Compliance Analyst
Benefitfocus
11.2015 - 01.2017
Support Analyst
Blackbaud
08.2014 - 11.2015
Tech Support Coordinator I
Verizon Wireless
11.2010 - 07.2014
Master of Science - Cybersecurity
St. Leo University
Bachelor of Science - Computer and Information Science
ECPI University
Similar Profiles
Jessica SoliceJessica Solice
Procurement Manager/Administrative Clerk at NIWC AtlanticProcurement Manager/Administrative Clerk at NIWC Atlantic
Travis SimmonsTravis Simmons
ADMINISTRATIVE ASSISTANT at NAVAL INFORMATION WARFARE CENTER-ATLANTIC (NIWC-LANT)ADMINISTRATIVE ASSISTANT at NAVAL INFORMATION WARFARE CENTER-ATLANTIC (NIWC-LANT)
Timothy D. CarterTimothy D. Carter
Project Manager at Government Contractor (NIWC)Project Manager at Government Contractor (NIWC)
Zofia WhitmanZofia Whitman
Chief, Financial Management Section, GS-13 at US Army Corps of EngineersChief, Financial Management Section, GS-13 at US Army Corps of Engineers
Lisa SawyerLisa Sawyer
Contract Specialist (1102 Series, GS 9- GS 13) at Department of Labor & Bureau of Labor StatisticsContract Specialist (1102 Series, GS 9- GS 13) at Department of Labor & Bureau of Labor Statistics