Overview
Work History
Timeline
Generic
Michael E. Stephens

Michael E. Stephens

White Plains,MD

Overview

21
21
years of professional experience

Work History

Information Systems Security Manager

Booze Allen Hamilton
Ft. Meade, MD
11.2024 - Current
  • Provided support as the Information System Security Manager for the PEO Transport Organization at DISA, Ft. Meade, MD.
  • Manage and support the Configuration Control Borad (CCB) efforts, with respect to creating the CCB Charter and voting on specific Configuration Change Requests.
  • Overseeing and managing ISSO projects and the overall RMF ATO process for re-accreditation of systems within my area of my responsibility.
  • Provide support in mentoring and guiding ISSOs in the RMF process for the reaccreditation of systems that may be expiring.
  • Implement security policies, advising leadership on cyber threats, and oversee incident response when security violations occur.

Sr. Cybersecurity Consultant/ Technical Program Manager

StepTech LLC
Suitland, MD
09.2022 - 10.2024
  • Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing / enforcing security policies for all three security domains (NIPRnet, SIPRnet and JWICS).
  • Provides senior-level Information Assurance support as the Subject Matter Expert for N33-ACINT Reconstruction, Measurement, Analysis and Data Archival (ARMADA) Program Office.
  • Served as the Senior Cybersecurity Consultant/ Security Manager for ONI/N-32’s ORCA/ELCA program. This program provides for next generation Docker, Kubernetes, and AWS cloud-based machine-to-machine transfer of IMD and Modeling and Simulation data providing digital threat support for Navy Operations.
  • (Subcontractor for WILLCOR)

Lead Information System Security Officer for the Office of the Chief Information Officer (OCIO) Enterprise Applications

StepTech LLC
Suitland, MD
12.2021 - 09.2022
  • Performed duties to include support to the Information System Security Manager (ISSM) for the Cybersecurity Assurance Branch, Mr. Arthur Baylor.
  • Served as the Lead ISSO for all subcontractor ISSO’s on the IronVine and ECS Tech contractor team.
  • Primary ISSO support for the Associate Directorate for Demographic Programs (ADDP) and for the Office of the Chief Information Officer (OCIO) Enterprise Data Lake.
  • Responsible for performing System Impact Analysis’ on all System Baseline Change Requests and System Reaccreditations.
  • Experienced using JIRA for bug tracking, issue tracking and agile project management.
  • Performed in-depth editing of technical documents and IA briefings; responsible for performing final security checks before products are delivered to the customer; guidance to include writing styles, naming conventions, references, and terminology to be used in all documents and briefings.
  • Duties also consisted of developing, reviewing, and maintaining security policies and standards for Windows, Linux, and Cloud environments.
  • Provided ISSO support for both Amazon Web Services (AWS) and Microsoft Azure.
  • Provided advice and technical guidance to Census programs regarding system requirements related to Security Assessments for new and existing systems.
  • Responsible for executing and reviewing vulnerability scans using Tenable Nessus, implementing system hardening using CIS Benchmarks and/ or DISA System Technical Implementation Guides (STIGS).
  • Created Plan of Actions and Milestones (POA&Ms), documented the system’s Security Controls and Security Control Implementation Statements within the Department of Commerce’s Governance Risk Compliance (GRC) tool: Cyber Security Assessment Management (CSAM).
  • Conducted Ongoing Authorization Assessment briefings in support of each system’s reaccreditation.
  • Provided technical and management guidance for mid-level cybersecurity analysts.
  • (Subcontractor for ECS Tech)

Fully Qualified Navy Validator (FQNV) – Level III/ Information System Security Officer (Lead)

StepTech LLC
Suitland, MD
06.2017 - 12.2021
  • Performing duties to include support to the Information System Security Manager (ISSM) as well as serve as Certified Navy Validator for the Farragut Technical Analysis Center at Office of Naval Intelligence (ONI) National Maritime Intelligence Center (NMIC).
  • Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing and enforcing security policies for all three networks (NIPRNET, SIPRNET and JWICS) for the Acoustics Intelligence Division (ACINT).
  • Serves as the senior IA consultant for the Acoustics Intelligence Division (ACINT).
  • Direct and provide guidance in the development of all Assessment and Authorization (A&A) artifacts to government Information Assurance Officers (IAOs), where necessary.
  • Perform in-depth editing of draft documents and IA briefings; make the final check before products are delivered to the customer; guidance to include writing styles, naming conventions, references, and terminology to be used in documents and briefings.
  • Duties consist of developing, reviewing, and maintaining security policies and standards for Windows and UNIX environment.
  • Provide advice and technical guidance to ACINT on system requirements related to security certification and accreditation for new and existing systems.
  • Responsible for executing and reviewing vulnerability scans using ACAS and SCAP Benchmarks.
  • Currently using SCAP to assess STIG compliance.
  • Assess compliance based on DOD, DODIIS, DCI, DON and Intelligence security policies and corresponding security tests and evaluation procedures.
  • Created reports for ONI ISSM and provide briefings on the results of the evaluation.
  • Provides Information Systems Security (INFOSEC) Management and IA program support to the ISSM in several areas from Certification and Accreditation (C&A) using the DIACAP framework to ICD-503 using the Risk Management Framework (RMF) related information from project managers, CCB's and technical personnel, and complete contract deliverables by updating the DODIIS site accreditation documents (ONI Site Security Architecture and ONI Concept of Operations (CONOPS).
  • (Subcontractor for CACI)

Fully Qualified Navy Validator (FQNV)/Information Security Lead

CACI (formerly L-3 NSS)
Suitland, MD
05.2014 - 05.2017
  • Performing duties to include support to the Information System Security Manager (ISSM) as well as serve as Certified Navy Validator for the Farragut Technical Analysis Center at Office of Naval Intelligence (ONI) National Maritime Intelligence Center (NMIC).
  • Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing and enforcing security policies for all three networks (NIPRNET, SIPRNET and JWICS) for the Acoustics Intelligence Division (ACINT).
  • Serves as the senior IA consultant for the Acoustics Intelligence Division (ACINT).
  • Direct and provide guidance in the development of all C&A artifacts to government Information Assurance Officers (IAOs), where necessary.
  • Perform in-depth editing of draft documents and IA briefings; make the final check before products are delivered to the customer; guidance to include writing styles, naming conventions, references, and terminology to be used in documents and briefings.
  • Duties consist of developing, reviewing, and maintaining security policies and standards for Windows and UNIX environment.
  • Provide advice and technical guidance to ACINT on system requirements related to security certification and accreditation for new and existing systems.
  • Responsible for executing and reviewing vulnerability scans using ACAS and SCAP Benchmarks.
  • Currently using SCAP to assess STIG compliance.
  • Assess compliance based on DOD, DODIIS, DCI, DON and Intelligence security policies and corresponding security tests and evaluation procedures.
  • Create reports for ONI ISSM and provide briefings on the results of the evaluation.
  • Provides Information Systems Security (INFOSEC) Management and IA program support to the ISSM in several areas from Certification and Accreditation (C&A) using the DIACAP framework to ICD-503 using the Risk Management Framework (RMF) related information from project managers, CCB's and technical personnel, and complete contract deliverables by updating the DODIIS site accreditation documents (ONI Site Security Architecture and ONI Concept of Operations (CONOPS).

Fully Qualified Navy Validator (FQNV)/ Security Controls Assessor Rep.

Leidos, LLC
Suitland, MD
12.2013 - 05.2014
  • Performed duties to include support to the Information System Security Manager (ISSM) as well as serve as an Information Assurance (IA) Security Specialist for the Office of Naval Intelligence (ONI) National Maritime Intelligence Center (NMIC).
  • Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing and enforcing security policies for all three LANS (NIPRNET, SIPRNET and JWICS).
  • Currently using SCAP to assess STIG compliance, but training on ACAS, as it will be the DoD tool of choice.
  • Duties consist of developing, reviewing and maintaining security policies and standards for Windows and UNIX environment.
  • Provide advice and technical guidance to ONI command on system requirements related to security certification and accreditation of new and existing systems.
  • Assess compliance based on DOD, DODIIS, DCI, DON and Intelligence security policies and corresponding security tests and evaluation procedures.
  • Created reports for ONI ISSM and provided briefings on the results of the evaluation.
  • Provides Information Systems Security (INFOSEC) Management and IA program support to the ISSM in several areas from Certification and Accreditation (C&A) using the DIACAP framework to ICD-503 using the Risk Management Framework (RMF) related information from project managers, CCB's and technical personnel, and complete contract deliverables by updating the DODIIS site accreditation documents (ONI Site Security Architecture and ONI Concept of Operations (CONOPS).
  • Perform in-depth editing of draft documents and briefings; make the final check before products are delivered to the customer, guidance will include writing styles, naming conventions, references, and terminology to be used in documents and briefings.

Fully Qualified Navy Validator (FQNV)

Watershed Security, LLC
Dahlgren, VA
11.2013 - 06.2016
  • Providing contract support as Sr. Validator for NAVSEA’s RDT&E systems.
  • Assist the government by providing: Input/instructions/guidance as needed for the creation of RMF accreditation package artifacts.
  • Evaluate IA discrepancies and recommend mitigation measures for reducing or eliminating specific risk items.
  • Engage the Navy CA Liaisons, AODR Reviewers, and ODAA Action Officers (AO) to discuss and obtain mitigation guidance.
  • (part-time evenings)

Function Expert/ SME

Function Expert/ SME
Washington Navy Yard, DC
01.2013 - 11.2015
  • Primarily served as a Certification & Accreditation Subject Matter Expert to assist the Military Sealift Command’s (MSC) Information System Security Manager.
  • Provided assistance in drafting mitigation statements for Plan of Actions and Milestones (POA&M).
  • Reviews and analyzes Retina Vulnerability scans for NIPRNET/ SIPRNET Ashore and Afloat systems assigned to the MSC.
  • Provided network and system monitoring support for the Enterprise Network Operations Center (ENOC).
  • Provided basic UNIX and Cisco helpdesk support for the ENOC.

Fully Qualified Navy Validator (FQNV)/ Security Controls Assessor

L-3 (Stratis) Communications
Suitland, MD
12.2012 - 10.2013
  • Performed duties to include support to the Information System Security Manager (ISSM) as well as serve as an Information Assurance (IA) Security Specialist for the Office of Naval Intelligence (ONI) National Maritime Intelligence Center (NMIC).
  • Responsible for developing and maintaining a formal Information Systems (IS) Security Program and implementing and enforcing security policies for all three LANS (NIPRNET, SIPRNET and JWICS).
  • Currently using SCAP to assess STIG compliance, but training on ACAS, as it will be the DoD tool of choice.
  • Duties consist of developing, reviewing, and maintaining security policies and standards for Windows, UNIX, and Apple environments.
  • Provided advice and technical guidance to ONI command on system requirements related to security certification and accreditation of new and existing systems.
  • Created reports for ONI ISSM and provide briefings on the results of the evaluation.
  • Provides Information Systems Security (INFOSEC) Management and IA program support to the ISSM in several areas from Certification and Accreditation (C&A) using the DIACAP framework to ICD-503 using the Risk Management Framework (RMF) related information from project managers, CCB's and technical personnel, and complete contract deliverables by updating the DODIIS site accreditation documents (ONI Site Security Architecture and ONI Concept of Operations (CONOPS).
  • Perform in-depth editing of draft documents and briefings; make the final check before products are delivered to the customer, guidance will include writing styles, naming conventions, references, and terminology to be used in documents and briefings.

ISSM Representative

James Secure Solutions (JSS)
Alexandria, VA
04.2012 - 12.2012
  • Provided support as the Information System Security Representative (ISSR) for the FBI Information System Security Unit.
  • Providing technical oversight of information technology systems for the Information System Security Officers (ISSOs).
  • Responsible for creating and maintaining certification and accreditation packages with strong attention to detail; creates the System Requirements Traceability Matrix (SRTM).
  • Creates the Plan of action and Milestones (POA&M); Risk Management Matrix and the Risk Management Plan based upon findings in the Vulnerability Assessment.
  • Reviews and suggests implement improvements on the IAS’s continuous monitoring plan, using NIST 800-37 as a roadmap.
  • Ensures compliance with information assurance guidance and directives for Enterprise-level TS/SCI systems.
  • Responsible for identifying, assessing and resolving security-related issues affecting the accreditation of Department of Justice (DOJ) systems and networks.
  • Conducted risk assessments and produces site interviews and site inspection reports in accordance with the site accreditation schedule approved by the government.
  • Works directly with client senior management officials and information technology staff in support of DOJ security and network policies and procedures.
  • Also provides site accreditation training to the field office ISSOs.
  • Provide advice and guidance on complex and unique IT issues to junior level personnel.
  • Responsible for providing technical briefings and presentations to senior-level staff with respect to the overall security posture of related accredited FBI systems.
  • Committed to providing sound judgments, recommendations and quality technical information security support for the client.

Security Consultant

IT Coalition, Inc.
Alexandria, VA
01.2012 - 03.2012
  • Served as the company’s Principal Security Analyst; primarily responsible for providing proposal assistance for several Information Assurance (IA) opportunities: DHS S&T, DCWASA.
  • Provided advice and guidance for complex and unique IT issues in efforts to assist with technical proposal submissions.
  • Responsible for providing strategic direction for the company’s efforts in IT Security.
  • Works directly with client senior management officials and technical staff to provide sound technical decisions related to pursuing future IA opportunities.
  • Conducted senior-level briefings and presentations, when required to provide status, present technical recommendations or address customer concerns related to a process or procedure.
  • Performed one-off vulnerability and risk assessments for Commercial and Federal customer accounts utilizing eEye Retina, DISA Gold Disk scans, DISA STIGS, and DISA SRR scripts for UNIX systems.
  • Provided thorough attention to detail with respect to network and security policies, as defined by all Department of Defense Directives and Federal guidelines.
  • Utilized NIST and DIACAP IA Controls for Security Test & Evaluation.
  • Developed and coordinated new testing methodologies based on DITSCAP/ DIACAP guidelines.
  • Planned and implemented Symantec Endpoint Manager as an Antivirus solution for the company.

Information System Security Officer

Data Tactics
Mclean, VA
09.2011 - 12.2011
  • Supported DARPA and Data-Tactics as the Information Systems Security Officer.
  • Provided thorough attention to detail with respect to network and security policies, as defined by DARPA.
  • Provided expertise in network and security-related IT products and services.
  • Responsible for creating and maintaining all C&A documentation for unclassified and classified systems accredited through DIACAP and DCID 6/3.
  • Also responsible for documenting all approved hardware and software products using Xacta IA Manager.
  • Responsible for providing senior-level presentations and technical forums for training, address customer concerns or providing situational awareness.
  • Conducted and analyzed vulnerability assessments using eEye Retina, DISA Gold Disk, SRR scripts, UNIX Security Scanner (SECSCAN), and Windows Automated Security Scanning Program (WASSP).
  • Responsible for identifying, assessing and resolving security-related findings.
  • Responsible for initiating and updating Anti-Virus scans using Symantec Endpoint Protection and MacAfee.
  • Also responsible for documenting all approved hardware and software products using Xacta IA Manager.

Senior Security Engineer

SAIC
Washington Navy Yard, D.C.
04.2006 - 09.2011
  • Supported SAIC’s Naval Strike and Intelligence Division as DIACAP Consultant for the Tomahawk Command and Control System (TC2S).
  • Conducted program security inspections to assist in preparation for general IT security audits.
  • Provided C&A support for all Low and High-side accreditations.
  • Provided vulnerability assessments using eEye Retina, DISA Gold Disk, WASSP, and SRR Scripts.
  • Monitored and evaluated system compliance in accordance with DISA STIGS.
  • Communicates with Echelon II, Navy CA, the ODAA rep, and the Office of Naval Intelligence (ONI) for all SCI-level accreditation efforts.
  • Collaborated across divisions and program management offices to build strategic relationships to assist in meeting customer expectations.
  • Providing technical oversight as the Technical C&A lead for the Military Sealift Command Headquarters, in support of all AFLOAT and ASHORE systems.
  • Responsible for identifying, assessing and resolving security-related issues affecting the accreditation of Department of Navy (DON) systems and networks.
  • Lead the technical direction of the Information Security Analyst Staff and was actively engaged in identifying unique system characteristics; interviewed key organizational personnel (technical, administrative, and executive).
  • Interpreted existing IT policies and guidelines to assist in developing functional requirements.
  • Worked with the accreditation team to compose requisite documentation (security categorizations, risk assessments, contingency planning, etc.); and mapped complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices.
  • Provided vulnerability assessments using eEye Retina, DISA Gold Disk, Manual DISA STIGS, and DISA SRR Scripts.
  • Supported O/S to include Windows, UNIX and Apple Macintosh systems.
  • Assisted the Military Sealift Command by maintaining and documenting FISMA compliance for TRANSCOM.

Network Security Architect

Dynamic Research Corp
Vienna, VA
12.2004 - 04.2006
  • Supported Air National Guard Readiness Center (ANGRC) as the Network Security Architect for the GUARDIAN Program Management Office.
  • Responsible for providing technical briefings and presentations to senior-level staff with respect to the overall security posture of Air National Guard Readiness Center (GUARDIAN systems).
  • Responsible for all DITSCAP/C&A support for all GUARDIAN systems and networks in the Vienna, VA office and at Andrews AFB (including SSAA and appendices creation, ST&E, Certificate to Operate (CTO) documentation, and vulnerability assessments).
  • Provided all System Test & Engineering (ST&E) support for the ANGRC GUARDIAN project.
  • Utilized NIST standards for assigning IA Controls.
  • Knowledge of NIST 800-53, 800-37, 800, and 800-18 standards.
  • Helped implement the GUARDIAN CERT.
  • Provided guidance to senior management on all DoD security policies and Air Force instructions.
  • Served as C&A Team Lead for all accreditation documentation and testing efforts.
  • Provided all ST&E support for JEOD during testing phase.
  • Provided vulnerability assessments using eEye Retina and DISA Gold Disk scans.
  • Provided initial DITSCAP/C&A consulting to the Navy in support of the Joint Explosive Ordnance Disposal Network (JEODNET) implementation.

Information System Security Engineer

DigitalNet
Rosslyn, VA
06.2004 - 12.2004

Timeline

Information Systems Security Manager

Booze Allen Hamilton
11.2024 - Current

Sr. Cybersecurity Consultant/ Technical Program Manager

StepTech LLC
09.2022 - 10.2024

Lead Information System Security Officer for the Office of the Chief Information Officer (OCIO) Enterprise Applications

StepTech LLC
12.2021 - 09.2022

Fully Qualified Navy Validator (FQNV) – Level III/ Information System Security Officer (Lead)

StepTech LLC
06.2017 - 12.2021

Fully Qualified Navy Validator (FQNV)/Information Security Lead

CACI (formerly L-3 NSS)
05.2014 - 05.2017

Fully Qualified Navy Validator (FQNV)/ Security Controls Assessor Rep.

Leidos, LLC
12.2013 - 05.2014

Fully Qualified Navy Validator (FQNV)

Watershed Security, LLC
11.2013 - 06.2016

Function Expert/ SME

Function Expert/ SME
01.2013 - 11.2015

Fully Qualified Navy Validator (FQNV)/ Security Controls Assessor

L-3 (Stratis) Communications
12.2012 - 10.2013

ISSM Representative

James Secure Solutions (JSS)
04.2012 - 12.2012

Security Consultant

IT Coalition, Inc.
01.2012 - 03.2012

Information System Security Officer

Data Tactics
09.2011 - 12.2011

Senior Security Engineer

SAIC
04.2006 - 09.2011

Network Security Architect

Dynamic Research Corp
12.2004 - 04.2006

Information System Security Engineer

DigitalNet
06.2004 - 12.2004

Similar Profiles

  • Jeremy McIntyreJeremy McIntyre

    Cyber Assessment Lead at Booze Allen HamiltonCyber Assessment Lead at Booze Allen Hamilton

  • Gary WilliamsGary Williams

    Senior Consultant at Booze Allen HamiltonSenior Consultant at Booze Allen Hamilton

  • Gary WilliamsGary Williams

    Senior Consultant at Booze Allen HamiltonSenior Consultant at Booze Allen Hamilton

  • Mike MaloneMike Malone

    Program Management Support Specialist at Booze Allen HamiltonProgram Management Support Specialist at Booze Allen Hamilton

  • Loce HillLoce Hill

    Help Desk Support Specialist at Atollo Technology SolutionsHelp Desk Support Specialist at Atollo Technology Solutions

CREATE PROFILE
Michael E. Stephens