Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Timeline
Generic

Terry Lehman

Summary

Mr. Lehman is a detail-oriented team player with strong organizational cyber-security experience and an ability to handle multiple projects simultaneously with a high degree of accuracy and ready to help your team achieve company goals.

Overview

12
12
years of professional experience
1
1
Certification

Work History

5G Cyber Risk Assessor (CRA)

Modern Technology Systems, Inc. (MTSI)
06.2022 - 09.2023
  • Demonstrated experience implementing DoD and Federal IA Assessment & Authorization (A&A) Processes, IA controls and developing and maintaining associated A&A documentation IAW Risk Management Framework (RMF).
  • Championed fourteen (14) NIST 800-53r4 Control Families totaling (1190 individual 5G T-Mobile Control ID's, i.e. AC-1 Policy and Procedures, AC-2 Account Management, etc.) illustrating Security Control Prioritizing codes, Assurance requirements, as well as the identification of high impact requirements from NIST 800-53r4 SP Controls (Low, Moderate and High-Impact IS's for managing the Security of Mobile Devices in a Enterprise).
  • Created, published and maintained 1,190 Master 5G Mobile Enterprise Control requirements; Control Identifiers, Control Enhancements, Control Testing and document guidelines with IAW NIST Risk Management Framework, NIST 800-53, and DISA STIGs.

Security Control Assessor

Data Intelligence Technology (DIT)
12.2019 - 06.2022
  • Developed, and published 15 proprietary security policies, plans and procedures for organizational protection.
  • Researched and performed a DIT Procedure Gap Analysis IAW A2LA ISO IEC 17020 Compliance requirements.
  • Used critical thinking to break down problems, evaluate solutions and make decisions spanning 130 Enterprise proprietary systems utilizing RMF tools (eMASS, XACTA, etc).

Sr. Threat and Vulnerability Management Engineer

Insight Global, LLC
02.2019 - 12.2019
  • Ensure the Joint Authorization Board, DHA, GSA and FedRAMP Information System Owners, and senior management are aware of changes and modifications to enterprise services and infrastructure shared by several organizations and agencies with same policy and compliances.
  • Read and interpreted blueprints, technical drawings, schematics, and computer-generated reports to senior management and system owners for the first DHRA Federal Private Cloud system enabling ATO status with no conditions, for 3 major Enterprise systems supporting AWS GovCloud, Oracle Service Cloud and Azure Cloud systems.


Accreditation Specialist

Digital Intelligence Systems LLC (DISYS)
07.2018 - 02.2019
  • Provided US Government information assurance standards and international information technology supporting IC Standards 503-2 Categorizing and Selecting Security Controls, CNSSI 1253 v3 Security Categorization and Controls Selection for NSS, and NIST SP 800-53A rev4
  • Reviewed 150 ATO accreditation systems and evaluated compliance, identified mitigation challenges and proposed solutions.

Software Risk Assessor

TASC/Engility Inc.
09.2014 - 07.2018
  • Collaborated with Security team members and performed incident analysis and executive support responsible for decreasing the Boeing WAN connectivity down time from 3 days to less than 1 hour network recovery time increasing Award Fee to 98% with sponsor.
  • Provided guidance and direction to fellow engineers involving the delivery and creation of System Security Plans, Software/Hardware Inventory List, Cryptography Procedures, Risk Assessment Reports (RAR), Interconnectivity Agreements (ISA), Plan of Actions and Milestones (PoAM) for A&A.

Software Risk Assessor/Information Systems Security Officer

QinetiQ
09.2013 - 09.2014
  • Improved the oversight and accountability of day-to-day security operations regarding information system and coordinated the Certification & Accreditation (C&A) life cycle processes for all proprietary and classified information systems.
  • Implemented and executed ICD 503 and DCID 6/3 Risk Management Framework and the fundamental paradigm shift, and conducted assessments on all Information Technology (IT) systems to ensure that they were using the NIST-based formula.



Staff Engineer

Sotera Defense Solutions
09.2011 - 09.2013
  • Supplied the Federal Information Security Management Act of 2002(FISMA) reporting for enterprise systems and supported effective information security procedures and mitigation responses.
  • Coordinated, mitigated over 150 enterprise network programs.


Education

Master of Business Administration - Technology Management

University of Phoenix

Bachelor of Individualized Study - Networking Technology

George Mason University

Associate of General Studies in Science (Biology) -

Northern Virginia Community College

Skills

  • Decision making
  • Records Maintenance
  • Project management
  • Database Management
  • Analytical reasoning
  • Effective communication

Certification

  • CompTIA A+ CE, COMP10669683
  • CompTIA Security + CE, COMP10669683
  • CMMC-AB Registered Practitioner 2020
  • CASP + CE, COMP10669683
  • CISM- Presently In Work

Personal Information

Title: Sr. Threat and Vulnerability Management Engineer

Timeline

5G Cyber Risk Assessor (CRA)

Modern Technology Systems, Inc. (MTSI)
06.2022 - 09.2023

Security Control Assessor

Data Intelligence Technology (DIT)
12.2019 - 06.2022

Sr. Threat and Vulnerability Management Engineer

Insight Global, LLC
02.2019 - 12.2019

Accreditation Specialist

Digital Intelligence Systems LLC (DISYS)
07.2018 - 02.2019

Software Risk Assessor

TASC/Engility Inc.
09.2014 - 07.2018

Software Risk Assessor/Information Systems Security Officer

QinetiQ
09.2013 - 09.2014

Staff Engineer

Sotera Defense Solutions
09.2011 - 09.2013

Master of Business Administration - Technology Management

University of Phoenix

Bachelor of Individualized Study - Networking Technology

George Mason University

Associate of General Studies in Science (Biology) -

Northern Virginia Community College

Similar Profiles

CREATE PROFILE
Terry Lehman