Summary
Overview
Work History
Education
Skills
Timeline
Generic

Todd Sternberg

Security Architect
Prattville,AL

Summary

Ambitious Senior Security Cloud Architect committed to formulating innovative solutions to challenges while optimizing processes. Polished in developing and implementing security plans and procedures and developing strategies to respond and recover from security breaches. Logical and analytical leader familiar with security tools and technologies such as firewalls and proxy servers.

Overview

34
34
years of professional experience

Work History

Senior Principal Security Architect

Capitis Solutions
08.2021 - Current
  • Conducting threat-based security assessments of C2IE information assets.
  • Worked with business partners to balance requirements, security and risk reduction.
  • Engaged business and technology stakeholders to gather goals and requirements.
  • Translated strategy into solutions and operating models by leading or managing others,
  • Liaised with third parties to respond to security events and understand threat landscape.
  • Used critical thinking to break down problems, evaluate solutions and make decisions.
  • Advising and mentoring security assessment and incident response personnel
  • Managing special projects and the accreditation paths for success
  • Developed security metrics and technical analysis to give insight into performance and trends.

Senior Security Cloud Architect

Capitis Solutions, LLC
08.2021 - Current
  • Supporting Capitis Solutions customers with vulnerability assessments using the C2VS tool for AWS, Google Cloud, and Azure
  • Validating Security Groups, NACL’s, and IAM Polices.
  • SECCM and P2P Risk assessments
  • Implementing NIST 800-53, 800-171, CIS Benchmarks, STIGS, ICD-503, HIPAA, SOX, and other federal regulations and requirements.
  • Performed network troubleshooting to isolate and diagnose common problems.
  • Developed security metrics and technical analysis to give insight into performance and trends.

Senior Technologist

Harmonia Group, LLC
02.2019 - 07.2021
  • Trusted technical adviser for Federal clients working with Harmonia
  • Security subject matter expert supporting literature, diagrams, write-ups, responses, and presentations for U.S.
  • Acted as expert in field of Cyber Security technology, presenting leading research at industry conferences and events.
  • Census Bureau, Consumer Financial Protection Bureau (CFPB), Small Business Administration (SBA) Internal Revenue Service (IRS), and U.S
  • Managed disaster recovery efforts following catastrophic failure due to natural disasters (Hurican).
  • Department of Agriculture (USDA)
  • Provide expertise in new cutting-edge cyber tools for applicability for federal customer needs in regards of Sarbanes Oxley and HIPAA
  • These tools include:
  • Zero Trust
  • Deception as a Service (DaaS)
  • Spatial computing, (Collaboration)
  • DevSecOps
  • Keyless Signature Infrastructure (KSI)
  • Controlled Interfaces for Secure Bidirectional Communications
  • Code Review (C2VS)

Principal Solutions Architect

Verizon, Public Sector Security Solutions
04.2018 - 01.2019
  • Managed support for the federal sales team for Verizon federal utilizing Sales Force to track $2.4 billion in sales
  • Trusted technical adviser for Federal clients under the Enterprise Infrastructure Solutions (EIS) Master Service Agreement (MSA) contract, and other large non-EIS Federal contracts and opportunities
  • Acted as the technical solutions lead for internal and external solution development by putting together solutions across multi-towers (Cloud, Security, Networking, Voice, Universal Custom Code (UCC), Contact Center, Wireless, Internet of Things (IoT)), supporting literature, diagrams, write-ups, responses, and presentations for DHS, IRS, U.S
  • Air Force, Energy, and NOAA
  • Provide expertise in new cutting-edge cyber tools for applicability for federal customer needs.
  • Contributed heavily to product development lifecycle of both back-end and customer-facing.
  • Deception as a service
  • Spatial computing, (Collaboration)
  • Network monitoring tools and techniques that reduce the amount of storage required for logging
  • Financial Audits
  • Worked with developers and engineers to realize technological solutions.
  • solutions.

Information Assurance Subject Matter Expert

Triangle Experience Group, Inc, TEG
11.2015 - 04.2018
  • Supported the Air Force Innovations Integration Office (A2I) in deploying and accrediting the Advanced Collaboration Enterprise Services (ACES) into Joint Collaboration Cell (JCC) in the National Reconnaissance Operations Center (NROC)
  • Led the Intelligence Community Directive (ICD) 503, 500-27 accreditation effort and was responsible for testing and documentation required to achieve and maintain an authority to operate (ATO)
  • Supported teams in continuous delivery of quality products and services, enhancing usage and introducing new features.
  • Analyzed business problems, identifying root causes and developing robust solutions.
  • Led teams in scheduled and unscheduled equipment maintenance to optimize readiness.

Senior Security Engineer/ Project Manager

ActionNet
07.2014 - 11.2014
  • Sternberg supported the JC3 Department of Energy customer as a team lead member of the JC3 Security Operations Center (SOC) senior security engineering staff.
  • Conducting threat-based security assessments of JC3 information assets.
  • Advising and mentoring security assessment and incident response personnel.
  • Providing technical subject matter expertise for Cyber Kill Chain (CKC) analysis.
  • Documenting best practices and standard operating procedures for SOC and CSIRC activities in support of projects.
  • Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.

Senior Security Engineer/ Team Lead

SRC Inc, (ICE SOC)
07.2013 - 07.2014
  • Supported the DHS ICE customer as a team lead member of the DHS ICE Security Operations Center (SOC) security engineering staff.
  • Conducting threat-based security assessments of DHS ICE information assets.
  • Advising and mentoring security assessment and incident response personnel.
  • Implemented necessary controls and procedures to protect information system assets from intentional or inadvertent modification, disclosure or destruction.
  • Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
  • Providing technical subject matter expertise for Cyber Kill Chain (CKC) analysis
  • Documenting best practices and standard operating procedures for SOC and CSIRC activities in support of projects.
  • Managing personnel schedules and staffing levels for SOC shifts.
  • Compliance Acceptance Team

Project Manager

SRC (CAT)
06.2012 - 10.2013
  • Supported an SRC government customer as a member of a Compliance Acceptance Team (CAT)
  • Monitored project performance to identify areas of improvement and make adjustments.
  • Planned, designed, and scheduled phases for large projects.
  • He conducted acceptance testing of ICD503, NIST 500-27, and NIST 800-53 standards for government’s implementation and adherence
  • Verified that cyber intelligence concepts and implementation were being properly utilized
  • Also provided situational awareness in support of training of ISSOs, ISOs, and stakeholders in regard to threat trends and security protection tools and techniques
  • Received a meritorious unit citation from Director of Agency
  • Received Meritorious Unit Award, for the Joint Biological Standoff Detection System effort in support of the Joint Program Executive Office for Chemical and Biological Defense (JPEO-CBD) and the Joint Project Manager - Nuclear Biological Chemical Contamination Avoidance (JPM NBCCA)
  • Responsible for communication between the SESI's Fluorescence Portable Digital LIDAR (FPDL) sensor (Miltop) and the Overwatch software via CASI encrypted wireless private network
  • Program Manager for the Joint Biological Standoff Detection System effort in support of the JPEO for Chemical and Biological Defense (JPEO-CBD) and the Joint Project Manager - Nuclear Biological Chemical Contamination Avoidance (JPM NBCCA)
  • Project Manager for all Vulnerability Assessments, C&A, and System Test and Evaluation in the Intelligence and Security Operations Directorate.

Senior Information Assurance Officer/ Team Lead

Raytheon
11.2010 - 06.2012
  • Guided the National Geospatial-Intelligence Agency (NGA) Acquisitions branch through the Certification and Accreditation (C&A) process of deployable systems in Xacta
  • Responsible for achieving and maintaining ATO as well as verify the successful closure of all plan of action and milestones (POA&M) for 200+ systems
  • Also attended meetings with senior leadership representing the Office of the Chief Information Officer (OCIO) and provided guidance on how to proceed with the deployment of a fully accredited system
  • Achieved the first For Official Use Only (FOUO) Wireless ATO in NGA history
  • Achieved an ATO in record time at NGA by receiving a three-year ATO in just two weeks and thus guiding a path for agile accreditation.
  • Worked with other teams to enforce security of applications and systems.
  • Investigated and resolved incidents of unauthorized access to sensitive information.

Information Assurance Principal

Juniper Strategy LLC
01.2008 - 10.2010
  • Guided the Print industry and the U.S Census Bureau through all of the government guidance (e.g FIPS-2, NIST SP 800 Series, FISMA, etc.) to successful completion.
  • C&A packages for the Decennial Census 2010 Print contract, Quality Information for Successful Printing II (QUISP II), and Advanced Letter and Reminder Postcard contracts.
  • Assisted the Bureau with compliancy and successful C&A packages for the American Community Survey division
  • Obtained the ATO for Juniper’s customers, and advised on architectural system designs, implementations, and daily system administration.
  • Provided continuous monitoring services as well as maintained their accreditation status and planned the successful decommission of all IT systems
  • Decommissioned the print systems 2010 once printing activities concluded
  • Decommissioned the QUISP II system in 2012 once all printing information had been successfully obtained
  • For U.S. State Depart, Achieved three ATOs for tracking systems for the building of Afghanistan and Iraq embassies.
  • Proposed development and testing improvements to positively impact usability, function and performance.
  • Produced and maintained technical documentation for project reference.

Senior Security Engineer

Camber Corp
03.2004 - 12.2007
  • Responsible for vulnerability assessments and subsequent remediation, design, implementation of intrusion detection systems and firewalls, and technical information regarding security including assessing/ensuring compliance with published standards
  • Toolkit included LC5, StealthWatch, Zenoss, Snort, Nessus, nmap, Enterprise Security Manager, and a host of lesser-known tools
  • Project Manger for the explore McCain 2008 campaign, responsible for setting up and supporting the campaign headquarters as well as remote sites in several key states, including voice over IP phones and faxes, and purchasing computers, handheld devices, and existing devices on a secure smartcard enabled network
  • In addition, supported blogs, e-mail, streaming media, and high-end internet use while maintaining a high level of support and security.
  • Implemented necessary controls and procedures to protect information system assets from intentional or inadvertent modification, disclosure or destruction.
  • Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.

Senior Security Engineer

EWA IIT
02.2002 - 03.2004
  • Served as a senior security engineer within the EWA Vulnerability Assessment and Penetration Group.
  • This group provided security consulting and assessment solutions that enhance the security of client systems and information assets.
  • The group is primarily responsible for vulnerability assessments and penetration testing of client's networks.
  • These assessments are run internally and externally using a methodology that incorporates environmental analysis, network device assessment, exploit research and use of both commercial tools and manual scripts in order to identify vulnerabilities that can be corrected before unwanted parties. detrimentally exploit them
  • Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
  • Implemented necessary controls and procedures to protect information system assets from intentional or inadvertent modification, disclosure or destruction.
  • Performed vulnerability assessments and penetration tests on client networks using an internal methodology and ‘Rules of Engagement' approach
  • Used commercial off the shelf (COTS) and freeware utilities to scan targeted resources for vulnerabilities and to then to engage the target by using exploit code derived from the hacker underground
  • Architected, set up and managed both the Surface Transportation Information Sharing and Analysis Center (ST-ISAC) and the Water Information Sharing and Analysis Center (H2O-ISAC).

Senior Information Assurance Consultant

EDS Corp
06.1999 - 02.2002
  • Performed root cause analysis to identify and resolve quality issues and defects.
  • Conducted risk assessments to identify and mitigate potential quality issues.
  • Assessed product quality by monitoring quality assurance metrics, reports and dashboards.
  • Conducted process and system audits to identify areas of improvement and enforce compliance with industry standards.
  • Implemented new quality assurance and customer service standards.
  • Monitored staff organization and suggested improvements to daily functionality.

Hardware Engineer

Unisys Corp
06.1998 - 06.1999
  • Conducted platform development, design, and certification testing of high-end multiprocessor servers to run NT, NetWare, UNIX, and Win2000 operating systems
  • Other duties were as follows:
  • Tested, integrated, debugged, and troubleshot a voluminous amount of peripherals and adapters
  • Used Microsoft NT expertise to configure network and enterprise servers to run value-added packages that featured Advanced Server Management (CA TNG, and 'out of band' devices) and advanced RAID, fiber, and hybrid storage solutions
  • Designed test to verify Hot Swap Plug-and-Play I/O and other emerging technical advances
  • Intimate familiarity with Microsoft and Intel development architectures
  • Lead representative to coordinate with other departments involved with the certification and qualification of systems under test and development.
  • Researched complex technical issues and provided resolutions.
  • Traveled to customer sites to provide prompt resolutions to issues.

Test Technician/Engineer

Honeywell Corp
02.1997 - 06.1998
  • Responsible for writing testing and manufacturing procedures and instructions on the Advanced Flight Management Computer (AFMC) production line
  • Tested, troubleshot, and performed the final test, and was responsible for writing testing and manufacturing procedures and instructions on the Advanced Flight Management Computer (AFMC) production line
  • Tested, troubleshot, and repaired integrated circuit boards used in the AFMC and in support systems as well.
  • Performed work according to project schedules and high quality standards.
  • Troubleshot and resolved engineering issues to reduce delays and achieve project milestones.

Communications Specialist

United Stated Marine Corps
02.1990 - 10.1992
  • Defense Message System Specialists work in vital message and communication centers in the FMF and at bases, posts and stations.
  • Duties include operating teletypewriters, optical character readers, tape transport, and terminal consoles, as well as correcting, retrieving, and logging in messages.
  • The SHF satellite communications operator-maintainer PMOS identifies Marines who emplace, interconnect, energize, and verify the operation of SHF satellite terminal equipment.
  • Create a satellite communications section bill of materials, conduct a site survey, determine satellite access request requirements, perform proper generator power-up procedures, supervise satellite communications terminal preventative maintenance.
  • Install a satellite communications antenna, operate a satellite communications terminal, operate the secure mobile anti-jam reliable tactical terminal, complete satellite communications terminal preventative maintenance.


Education

BS - EET

DeVry Institute of Technology
6.1998

Skills

  • Security Team Leadership
  • Certification and Accreditation
  • Network and Database Security
  • Third-Party Systems Integration
  • Risk Mitigation Recommendations
  • Policy and Control Implementation
  • Infrastructure Planning and Design
  • Business Operations Management
  • Responding to Security Breaches
  • Security Best Practices
  • Penetration Testing
  • Security Assessments
  • Vulnerability Management
  • Security Infrastructure Architecture
  • Cloud Security Strategy
  • Websense Data Loss Prevention
  • Hardening (STIGS)/(SNAC),
  • Business Continuity
  • Web Applications
  • Computer Security Incident Response
  • Change Management
  • Supply Management
  • Strategic Plans
  • Source Code Review
  • Wide Area Network (WAN)
  • Computer Network Defense
  • Security Information and Event Management (SIEM)
  • Cloud Architecture
  • Industry Best Practices
  • Threat Analysis
  • Risk Management Strategies

Timeline

Senior Principal Security Architect

Capitis Solutions
08.2021 - Current

Senior Security Cloud Architect

Capitis Solutions, LLC
08.2021 - Current

Senior Technologist

Harmonia Group, LLC
02.2019 - 07.2021

Principal Solutions Architect

Verizon, Public Sector Security Solutions
04.2018 - 01.2019

Information Assurance Subject Matter Expert

Triangle Experience Group, Inc, TEG
11.2015 - 04.2018

Senior Security Engineer/ Project Manager

ActionNet
07.2014 - 11.2014

Senior Security Engineer/ Team Lead

SRC Inc, (ICE SOC)
07.2013 - 07.2014

Project Manager

SRC (CAT)
06.2012 - 10.2013

Senior Information Assurance Officer/ Team Lead

Raytheon
11.2010 - 06.2012

Information Assurance Principal

Juniper Strategy LLC
01.2008 - 10.2010

Senior Security Engineer

Camber Corp
03.2004 - 12.2007

Senior Security Engineer

EWA IIT
02.2002 - 03.2004

Senior Information Assurance Consultant

EDS Corp
06.1999 - 02.2002

Hardware Engineer

Unisys Corp
06.1998 - 06.1999

Test Technician/Engineer

Honeywell Corp
02.1997 - 06.1998

Communications Specialist

United Stated Marine Corps
02.1990 - 10.1992

BS - EET

DeVry Institute of Technology

Similar Profiles

  • Jon FitzHenry

    Jon FitzHenryJon FitzHenry

    Real Estate Agent at Capitis Real EstateReal Estate Agent at Capitis Real Estate

  • Amanda Burns

    Amanda BurnsAmanda Burns

    Administrative & Marketing Assistant at Capitis Real EstateAdministrative & Marketing Assistant at Capitis Real Estate

  • Elizebeth Ghilbert

    Elizebeth GhilbertElizebeth Ghilbert

    Sr Software Engineer at P Square Toll Solutions India Pvt Ltd / Seeroo IT Solutions (P Square Solutions LLC – Contractor)Sr Software Engineer at P Square Toll Solutions India Pvt Ltd / Seeroo IT Solutions (P Square Solutions LLC – Contractor)

  • Meagan Tuck

    Meagan TuckMeagan Tuck

    High-Dosage Tutor at Tutor.comHigh-Dosage Tutor at Tutor.com

  • Kara Green

    Kara GreenKara Green

    Front Office Manager at Auburn University at MontgomeryFront Office Manager at Auburn University at Montgomery

CREATE PROFILE
Todd SternbergSecurity Architect