Michael Johnson
Gaithersburg,MD
Summary
Cyber Professional and Navy Veteran with robust experience in information security and team leadership. Proven track record in risk assessment and vulnerability management, leading to a measurable reduction in security incidents. Expertise in managing security frameworks and mentoring teams to enhance operational efficiency.
Overview
8
8
Certification
19
19
years of professional experience
Work History
Information System Security Officer
Gemini Industries Inc
04.2025 - Current
- Oversee SAP account authorization, creation, and management.
- Monitor SAP, SAPCA operating environments, developing and updating security plans, managing configuration, and assessing security impacts of changes.
- Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).
- Creation and management of Interconnection Security Agreements (ISA)
- Track vulnerabilities by creating Plan of Action and Milestones (POA&M)
- Led a team of 12 security professionals, mentoring and developing junior staff, resulting in increased team efficiency and morale
- Demonstrate a detailed ability to prepare reports identifying the results of compliance and performance tests.
- Developed and implemented a risk assessment program, identifying and mitigating potential threats to IT infrastructure, leading to a 10% reduction in security incidents
- Test and evaluate cyber security controls within SAP environments to ensure the confidentiality, integrity, and availability of classified information
Information System Security Engineer (ISSE)
CFocus Software
02.2024 - 04.2025
- Verified data security access controls based on Joint Special Access Program Implementation Guide (JSIG) to ensure compliance with security protocols.
- Verify data security access controls and assign privileges based on need-to-know.
- Manage the configuration and documentation contained in the program's instance of Enterprise Mission Assurance Support Services (XACTA).
- Develop and implement information assurance/security standards and procedures.
- Established information assurance and security requirements through analysis of user, policy, regulatory, and resource demands to enhance security posture.
- Creation and management of Interconnection Security Agreements (ISA)
- Demonstrate a detailed ability to prepare reports identifying the results of compliance and performance tests.
- Supported customers in developing and implementing doctrine and policies, facilitating alignment with security objectives.
Information System Security Engineer (ISSE)
AT&T
01.2022 - 02.2024
- Verify data security access controls based on the Joint Special Access Program Implementation Guide (JSIG).
- Verify data security access controls and assign privileges based on need-to-know.
- Creation and management of Interconnection Security Agreements (ISA)
- Track vulnerabilities by creating Plan of Action and Milestones (POA&M)
- Manage the configuration and documentation contained in the program's instance of Enterprise Mission Assurance Support Services (eMASS).
- Demonstrate a detailed ability to prepare reports identifying the results of compliance and performance tests.
- Develop and implement information assurance/security standards and procedures.
- Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
- Supports customers at the highest levels in the development and implementation of doctrine and policies.
Information System Security Manager (ISSM)
AKIMA Solutions
03.2021 - 01.2022
- Understanding of the infrastructure to include security device configurations and Zone guidelines as outlined in DISA’s Enclave Test and Development STIG.
- Develop new documents and processes to support the development and deployment of new architectures on the enterprise platform, ensuring the deployed architecture complies with DoD directives.
- Prepare accreditation documents for the Authorizing Official’s review.
- Prepare Memorandums of Understanding (MOU) documents with agency partners.
- Coordinate with vendors who provide custom-developed applications to ensure the applications are developed and maintained in accordance with DoD policies and procedures.
- Update Risk Management Framework accreditation documents as appropriate and ensure the Continuous Monitoring Process is implemented and maintained.
- Coordinate engineering discussions with application developers to determine the best architecture to support the deployment of the new application on the infrastructure which complies with DoD guidelines related to production and Zone DoD guidelines.
- Coordinate with the appropriate team members to determine the applicable STIGs for the new system – and deliver the STIG lists to the system developers.
- Assist with documenting the Risk Assessment Report for new applications based on scan results from the IA team.
- Discuss system details with the Authorizing Official’s (AO’s) representatives, specifically detailing potential risks introduced by any new applications along with associated mitigations.
Sr. Security Engineer (Contract)
Northrup Grumman
Quantico, Virginia
01.2019 - 04.2021
- Generated and maintained cyber security reports for annual testing operations.
- Formulated and implemented cyber security policies and controls
- Vulnerability management tools, including Qualys, Nessus, and Retina
- Data loss prevention tools, including McAfee, Symantec, Websense, and Verdasys
- IAM risk analytics tools
- Network vulnerability assessment
- Review ACAS scans results and improve network security
- Ensure compliance to government security standards and policies.
- Monitor IPS and IDS servers on ESM and NSM
- Add and remove IPS and IDS servers to ESM and NSM
- Linux Run Daily checks on the IPS and IDS servers
- Physical handling and troubleshooting of the IPS Servers
- Monitored SIEM and logging environments and McAfee suite from security events and alerts to threats, and compromise
Information System Security Officer (ISSO)
AKIMA Solutions
06.2020 - 03.2021
- Experience with creating security baselines and DoD STIG and CIS
- Xacta for continuous security risk assessment and compliance automation and management.
- Develop Tactics, Techniques, and Procedures (TTPs) regarding how to analyze data, detect anomalies, recommend mitigation strategies, and report
- Provide senior level hands on monitoring/administration of network monitoring and modernization efforts
- Risk Management Framework (RMF) Using NIST 800-37 as a guide, assessments and Continuous Monitoring: Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
- Security Documentation: Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs).
- POA&M Remediation: Performed evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits.
- Provided services as security controls assessors (SCAs) and perform as an integral part of the Assessments and Authorizations process to include A&A scanning, documentation, reporting and analysis requirements. Analyzed current threats to information security and systems. Analyze security findings and data. Published reports and keeps metrics for client systems.
Information Assurance Analyst
Northrup Grumman
Annapolis, Maryland
01.2019 - 07.2019
- Xacta for continuous security risk assessment and compliance automation and management.
- Xacta for continuous security risk assessment and compliance automation and management.
- Nessus Professional Vulnerability Scanners Monitoring: Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
- Developed Tactics, Techniques, and Procedures (TTPs) for data analysis, anomaly detection, and mitigation strategy recommendations to improve incident response.
- Executed senior-level monitoring and administration of network systems to enhance security posture and modernization efforts.
- Managed IP address configuration and allocation within network infrastructure to ensure optimal resource utilization.
- Install Patch and STIG’s
- Xacta for continuous security risk assessment and compliance automation and management.
- Splunk Forwarder
- Utilized Linux commands for efficient system administration and troubleshooting.
- RMF Framework Work
Cyber System Engineer
Apex Systems
07.2018 - 01.2019
- Risk Management Framework (RMF) through Xacta for continuous security risk assessment and compliance automation and management.
- System security auditing and Cybersecurity tools in support of monitoring and assessing systems.
- Managed security profiles to control user interactions and data access within SAP system.
- Configure and manage user accounts, including assigning roles and permissions to ensure users have the appropriate access levels.
- Installed and configured Linux operating systems while providing support and implementing security measures for services like DHCP, SSH, and SCP.
- Executed SSL certificate installation on Linux servers to ensure secure data transmission and improve overall security posture.
- Documented daily data communication transactions, issues, repairs, and installation activities for operational transparency.
- Led technology implementation projects from initiation to execution, ensuring alignment with organizational goals.
Information Technology Specialist
U.S. Navy Reserves
01.2007 - 01.2019
- Provide information security Cybersecurity support.
- Risk Management Framework (RMF) for federal information systems in line with NIST 800-53
- System security auditing and Cybersecurity tools in support of monitoring and assessing systems.
- Oversee the RMF program management, ensuring alignment with the Enterprise Cybersecurity program goals.
- Develop, implement, and assist in planning, directing, executing, and overseeing RMF activities.
- Provide overall program management, including tracking, mitigating, and reporting on risks.
- Manage cross-functional teams and ensure adherence to federal government IT security requirements.
- Oversee the development, maintenance, and optimization of RMF processes, templates, and procedures.
- Support the transition of Cybersecurity Assurance from current to future state.
- Ensure all RMF work products and deliverables meet the highest quality standards and align with the Enterprise Cybersecurity Program requirements.
Cyber System Engineer
General Dynamics
12.2017 - 07.2018
- Served various computer hardware by diagnosing, repairing, rebuilding, and refurbishing PCs, laptops, monitors, servers, and other IT equipment to ensure operational readiness
- Managed imaging and preparation of new computers for deployment.
- Documented daily data communication transactions, issues, repairs, and installation activities to maintain accurate records and facilitate troubleshooting
- Dismantled, packed, and transported equipment to set up on-site installations.
- Install, troubleshoot and repair printers
- Tested functionality and supported end users to resolve issues and enhance user experience
- Provide frequent and effective communication with ticket submitters
- Take responsibility for technology implementation projects and carry them out
System administrator
Amtrak
02.2015 - 09.2017
- Managed Linux installation, configuration, support, and security implementation for services including DHCP, SSH, and SCP, strengthening system reliability and security.
- Linux Installation of operating system and system updates, patches, version upgrades per vendor recommendation
- Utilized Active Directory to build user network profiles, reset passwords, and unlock accounts, enhancing user accessibility and security.
- Provided PC and mobile support, diagnosing, troubleshooting, and resolving client issues related to hardware maintenance, installations, and upgrades, ensuring minimal downtime.
- Administered repairs, upgrades and completed configuration of PCs and related peripherals
- Managed imaging and setup of new computers for deployment to users
- Resolved problems within Microsoft office (outlook, excel, etc.)
- Used remote desktop connections, peer to peer file sharing and other applications associated with remote IT assistance
- Provide documentation of daily data communication transactions, issues and repairs made or installation activities
Education
BS - Computer Network and Cyber Security
University Of Maryland University College
12-2020
Magruder high school
Rockville, MD01-2004
Skills
- Cybersecurity
- INFOSEC
- Risk Management
- System security auditing
- HBSS
- Nessus
- NMAP
- Wireshark
- ACAS
- EMASS
- Tanium
- Xacta
- AWS
- Linux
- Python
- Stealth watch
- Remedy
Clearance
TS/SCI CI Poly
Certification
- CompTia Security +
- AWS Certified Cloud Practitioner
- CompTIA CASP+
- NVIDIA Building LLM agents with Prompt Engineering
- CISM
- CEH Certified Ethical Hacker
Timeline
Information System Security Officer
Gemini Industries Inc
04.2025 - Current
Information System Security Engineer (ISSE)
CFocus Software
02.2024 - 04.2025
Information System Security Engineer (ISSE)
AT&T
01.2022 - 02.2024
Information System Security Manager (ISSM)
AKIMA Solutions
03.2021 - 01.2022
Information System Security Officer (ISSO)
AKIMA Solutions
06.2020 - 03.2021
Sr. Security Engineer (Contract)
Northrup Grumman
01.2019 - 04.2021
Information Assurance Analyst
Northrup Grumman
01.2019 - 07.2019
Cyber System Engineer
Apex Systems
07.2018 - 01.2019
Cyber System Engineer
General Dynamics
12.2017 - 07.2018
System administrator
Amtrak
02.2015 - 09.2017
Information Technology Specialist
U.S. Navy Reserves
01.2007 - 01.2019
BS - Computer Network and Cyber Security
University Of Maryland University College
Magruder high school