Summary
Overview
Work History
Education
Skills
Websites
Certification
Timeline
Generic

Toyana Mosley

Land O’Lakes,FL

Summary

Highly accomplished Cybersecurity professional with 14 years of experience securing complex enterprise information systems and networks in DoD environments. Expert in Risk Management Framework (RMF) implementation, Program Protection, and Supply Chain Risk Management (SCRM). Proficient in conducting vulnerability assessments and security control validation. Proven ability to identify and mitigate cybersecurity threats, develop and review security policies, and drive organizational process improvements. Possesses a Top Secret/Sensitive Compartmented Information (TS/SCI) clearance. Excellent communication and leadership skills.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Program Protection Plan Lead-Principal Cyber Security Architectural Engineer

Apogee Engineering, Contractor Support, USSOCOM (SOF AT&L), MacDill AFB, FL
12.2024 - Current
  • Strategic Guidance: Provided strategic guidance to the Acquisition Executive and Deputy Director Acquisition through concise and insightful Program Protection status reports, enabling data-driven decision-making and ensuring that SOCOM acquisition programs were effectively protected from evolving threats.
  • Technical Advisor: Functioned as a trusted advisor to Program Executive Officers and Program Managers by providing expert program management and technical advice on cybersecurity, program protection, and risk management, optimizing the allocation of resources and minimizing vulnerabilities across SOCOM's diverse portfolio of programs.
  • Cybersecurity Policy: Led the development and revision of SOCOM-specific cybersecurity policies to align with evolving acquisition strategies, ensuring that security considerations were integrated into all phases of the acquisition lifecycle and that SOCOM maintained a cutting-edge defensive posture.
  • Process Improvement: Spearheaded critical process improvements and developed innovative digital tools for program protection and risk management, streamlining workflows, increasing efficiency, and enhancing SOCOM's ability to proactively identify and mitigate potential threats to sensitive technologies and information.
  • Technical Expertise: Applied deep technical expertise to meticulously review and improve Program Protection Plans (PPPs), Cybersecurity Strategies, Anti-Tamper plans (AT), and Security Classification Guides (SCGs), strengthening the protection of SOCOM's critical technologies and intellectual property from exploitation by adversaries.
  • Policy Development: Developed clear and concise policy and guidance documents based on expert technical knowledge to empower SOCOM personnel with the information and resources needed to effectively implement cybersecurity best practices and maintain a strong security posture, ensuring consistency and compliance across all programs.
  • SOCOM Representative: Effectively represented SOCOM AT&L at OSD working groups, advocating for SOCOM's unique cybersecurity needs and ensuring that Special Operations Forces' requirements were prioritized in the development of DoD-wide policies and standards.
  • Risk Management Framework (RMF): Provided expert guidance to Program Executive Offices in integrating Risk Management Framework (RMF) principles with Program Protection planning, ensuring a holistic, proactive, and compliant security approach that reduced vulnerabilities and protected SOCOM's critical assets throughout the acquisition lifecycle.
  • Supply Chain Risk Management (SCRM): Leveraged strong analytical and technical skills to counsel Program Managers on Supply Chain Risk Management (SCRM) and vulnerability/risk assessments, enabling the proactive identification and mitigation of supply chain vulnerabilities that could compromise SOCOM's sensitive technologies.
  • Workflow Analysis: Applied technical expertise to analyze complex workflows and system breakdown structures, proactively identifying and mitigate potential security risks that could impact SOCOM's operations, ensuring the confidentiality, integrity, and availability of critical data and systems.
  • Training Program: Developed and delivered engaging training programs to educate program managers on critical security principles for Software/Hardware Assurance, Anti-Tamper, and Trusted Systems and Networks (TSN), fostering a culture of security awareness and proactive risk management across SOCOM programs and empowering personnel to make informed security decisions.

Principal Cyber Security Engineer, Emergency Communications Network

Mission Support and Test Services, LLC, Contractor Support (DOE), Nellis AFB, NV
10.2022 - 11.2024
  • DOE Compliance: Ensured strict compliance with Department of Energy (DOE) cybersecurity regulations and policies, implementing necessary security controls and conducting regular assessments to maintain a strong security posture and protect sensitive information assets under DOE purview.
  • Cybersecurity Resilience: Contributed significantly to the overall cybersecurity resilience of the Nevada National Security Site (NNSS) by identifying and mitigating critical vulnerabilities, strengthening security controls, and fostering a proactive security culture, enabling the site to effectively fulfill its national security mission while safeguarding sensitive information and infrastructure.
  • Technical Data Analysis: Researched, compiled, and meticulously analyzed complex technical data from diverse sources, providing actionable insights that informed strategic decision-making and improved the organization's overall cybersecurity posture.
  • Zero Trust Architecture: Actively participated in a Zero Trust working group, contributing technical expertise and insights to the development and implementation of Zero Trust security architectures within ECN, enhancing the organization's ability to prevent unauthorized access and protect sensitive data in dynamic and evolving threat environments.
  • Cybersecurity Frameworks: Implemented industry-standard cybersecurity frameworks, detailed procedures, and leveraged deep technical expertise to establish a robust and secure IT environment, minimizing vulnerabilities and protecting critical assets from evolving threats.
  • Threat Intelligence: Proactively reviewed cybersecurity threat intelligence feeds and collaborated with the Incident Response Team to effectively mitigate identified vulnerabilities, minimizing the impact of potential security incidents and enhancing the organization's overall resilience to cyberattacks.
  • Policy Compliance: Diligently executed cybersecurity policy compliance tasks, ensuring adherence to all applicable regulations and standards, mitigating legal and financial risks and maintaining a strong security foundation across the organization.
  • POA&M Tracking: Routinely tracked the status of Plans of Action and Milestones (POA&Ms) for each department, providing comprehensive visibility into remediation progress and facilitating proactive risk management across all organizational units.
  • Security Test and Evaluation (ST&E): Conducted thorough Security Test and Evaluations (ST&E) of security controls in accordance with the NIST Risk Management Framework (RMF), identifying weaknesses and gaps in security implementations and providing actionable recommendations for remediation to strengthen the overall security posture.
  • System Security Plans (SSP): Developed comprehensive System Security Plans (SSPs) and security policies/documentation, clearly defining security requirements, procedures, and responsibilities to ensure consistent implementation of security controls and adherence to organizational security standards.
  • Security Control Review: Effectively managed and delegated responsibilities for security control review during authorization and accreditation (A&A) processes, ensuring thorough assessment of security posture and facilitating the timely and successful completion of accreditation efforts.
  • Network and System Architecture: Contributed to the design of secure network and system architectures, incorporating industry best practices and security principles to minimize vulnerabilities and protect critical data assets from unauthorized access and cyber threats.
  • Vendor Risk Assessment: Rigorously reviewed purchase requests and provided expert advice on vendor risk assessment, ensuring that procured technologies and services met stringent security requirements and minimized the potential for supply chain vulnerabilities.
  • FISMA Report: Prepared and submitted accurate and timely data calls, FISMA reports, and audit reports, providing key stakeholders with critical information on the organization's security posture and compliance status.

Program Protection Plan Support SME-Senior Cyber Security Architectural Engineer

Apogee Engineering, Contractor Support, USSOCOM (SOF AT&L), MacDill AFB, FL
04.2021 - 09.2022
  • Program Protection Enhancement: Contributed significantly to Program Protection enhancement by providing expert reviews of Cybersecurity Strategies, Anti-Tamper plans, and Security Classification Guides, ensuring alignment with best practices and minimizing vulnerabilities across critical programs.
  • Policy Development: Assisted in the development of impactful policy and guidance documents by researching current cyber threats, vulnerabilities, and effective security measures, ensuring alignment with DoD guidelines and industry best practices.
  • SOF AT&L Representation: Actively represented SOF AT&L at OSD working groups, contributing valuable insights and perspectives on cybersecurity and program protection, fostering collaboration and ensuring SOF requirements were effectively addressed in DoD-wide policies and initiatives.
  • RMF Integration: Assisted Program Executive Offices in integrating Risk Management Framework (RMF) principles with Program Protection planning, providing guidance and expertise that ensured a holistic approach to security and compliance across the entire program lifecycle.
  • Supply Chain Risk Management (SCRM): Contributed to enhanced Supply Chain Risk Management (SCRM) and vulnerability/risk assessments by providing informed counsel and guidance, helping identify potential weaknesses and develop effective mitigation strategies to protect critical systems from supply chain-related threats.
  • Workflow Analysis: Participated in the analysis of workflows and system breakdown structures to proactively identify and mitigate potential security risks, leveraging technical expertise and security best practices to ensure confidentiality, integrity, and availability of critical data and systems.
  • Training Program: Assisted in educating program managers on critical security principles for Software/Hardware Assurance, Anti-Tamper, and Trusted Systems and Networks (TSN) by developing engaging training materials, delivering informative presentations, and providing ongoing support, fostering a culture of security awareness and proactive risk management across SOF programs.

S3I MLRS Deputy Lead, Senior Cyber Security Engineer

SAIC, Contractor Support, Redstone Arsenal, AL
11.2019 - 04.2021
  • Program Reviews: Actively participated in program reviews, Integrated Product Team (IPT) meetings, Technical Interchange Meetings (TIMs), and stakeholder meetings, providing valuable cybersecurity insights and contributing to informed decision-making across all phases of the project lifecycle.
  • Static Code Analysis: Conducted rigorous static code analysis using industry-standard tools to identify potential security vulnerabilities and coding errors, proactively minimizing the risk of exploitable flaws and enhancing the overall security of developed software applications.
  • Product Development Management: Managed product development efforts from a cybersecurity perspective, ensuring the integration of robust security controls throughout the software development lifecycle (SDLC) and delivering secure, high-quality software products that meet stringent security requirements.
  • Product Enhancement Assessment: Conducted comprehensive assessments for proposed product enhancements, identifying potential security implications and recommending appropriate mitigation strategies to ensure that new features and functionalities did not introduce new vulnerabilities or compromise the existing security posture.
  • Cybersecurity Risk Management Framework (RMF) Assessments: Performed comprehensive Cybersecurity Risk Management Framework (RMF) Assessments, identifying potential threats and vulnerabilities, assessing the effectiveness of existing security controls, and recommending tailored mitigation strategies to minimize risk and ensure compliance with regulatory requirements.
  • Software Development Participation: Participated in software development, testing, and interoperability engineering events, providing expert cybersecurity guidance and ensuring that security considerations were integrated into all aspects of the software development and deployment process.
  • Army Regulation 25-2 Compliance: Ensured strict compliance with Army Regulation 25-2 and DoD Security Technical Implementation Guides (STIGs), implementing necessary security measures and validating adherence to established security standards, protecting Army systems and data from unauthorized access and cyber threats.

USCENTCOM Senior Cyber Security Analyst

SAIC, Contractor Support, MacDill AFB, FL
01.2019 - 10.2019
  • Cybersecurity Policy Development: Developed and meticulously reviewed cybersecurity policy documents, ensuring alignment with industry best practices, regulatory requirements, and organizational objectives, strengthening the overall security governance framework.
  • POA&M Documents: Drafted comprehensive Plan of Actions and Milestones (POA&M) documents, outlining clear remediation strategies and timelines for addressing identified security vulnerabilities, facilitating effective risk management and enabling informed decision-making by stakeholders.
  • Category Assurance List (CAL): Skillfully utilized the Category Assurance List (CAL) to rigorously assess and validate the security posture of systems and applications, ensuring adherence to established security standards and mitigating potential vulnerabilities before deployment.
  • Cybersecurity Risk Management Framework (RMF) Assessments: Performed comprehensive Cybersecurity Risk Management Framework (RMF) Assessments, identifying potential threats and vulnerabilities, assessing the effectiveness of existing security controls, and recommending tailored mitigation strategies to minimize risk and ensure compliance with regulatory requirements.
  • Cross-Domain Expertise: Provided crucial assistance with Cross-Domain Enterprise Solution (CDES) approval processes, navigating complex security requirements and facilitating the secure exchange of information between different security domains, enabling enhanced collaboration and information sharing while protecting sensitive data.
  • Technical Support: Provided expert technical expertise to stakeholders on a wide range of cybersecurity topics, including security architecture, vulnerability management, and incident response, enabling informed decision-making and improving the overall security posture of the organization.
  • USCYBERCOM Compliance: Ensured strict compliance with USCYBERCOM Tasking Orders (CTOs) and DoD Directives, implementing necessary security measures and monitoring systems for adherence, maintaining a robust security posture and protecting critical assets against evolving cyber threats.

USSOCOM Information Systems Security Manager

Federal Information Systems LLC, Independent Consultant, MacDill AFB, FL
06.2018 - 01.2019
  • Accreditation Lifecycle Management: Ensured comprehensive system support throughout the accreditation lifecycle, from initial implementation to ongoing operations and maintenance (O&M), guaranteeing consistent Information Assurance (IA) compliance and a robust security posture.
  • Technical and Administrative Security: Engineered, implemented, and rigorously enforced technical and administrative security measures, including access controls, data encryption, and security awareness training, effectively mitigating risks and protecting sensitive information assets.
  • System Security Plans (SSP) Management: Took ownership of maintaining comprehensive System Security Plans (SSPs) and meticulously updating Plans of Actions and Milestones (POA&Ms), ensuring accurate documentation of security controls, vulnerabilities, and remediation efforts for assigned systems.
  • Vulnerability and Compliance Validation: Executed ACAS and SCAP scans to conduct thorough vulnerability and compliance validation, identifying critical security flaws and misconfigurations that required immediate remediation, proactively preventing potential exploits and maintaining a high level of security hygiene.
  • Strategic Implementation of Security Policies: Collaborated in the strategic implementation and continuous maintenance of security policies, ensuring consistent application of security best practices across the organization and minimizing the risk of human error or non-compliance.
  • Cybersecurity Control Assessments: Performed meticulous cybersecurity security control assessments, leveraging industry best practices to identify vulnerabilities, assess the effectiveness of existing controls, and recommend tailored remediation strategies to strengthen the overall security posture of systems and networks.
  • Patching: Orchestrated seamless coordination with technical support teams for timely patching of identified vulnerabilities, ensuring rapid remediation of security flaws and minimizing the window of opportunity for potential attackers.
  • Environmental Monitoring: Proactively monitored computer, network, and enclave environments, leveraging advanced security tools and techniques to detect and respond to suspicious activity, effectively safeguarding critical infrastructure and sensitive data from unauthorized access and malicious attacks.

USCENTCOM Junior Cyber Security Analyst

Venatore LLC, Contractor Support, MacDill AFB, FL
09.2017 - 05.2018
  • A&A Process Management: Spearheaded the Cybersecurity Assessment & Authorization (A&A) process for assigned systems, ensuring compliance with DoD and NIST standards, resulting in the successful authorization and secure operation of critical assets.
  • Security Control Assessments: Conducted rigorous cybersecurity security control assessments using industry best practices, identifying vulnerabilities and weaknesses in system configurations and providing actionable recommendations for remediation, improving the overall security posture.
  • Confidentiality, Integrity, and Availability (CIA): Expertly categorized systems based on Confidentiality, Integrity, and Availability (CIA) impact levels in accordance with FIPS 199, enabling the implementation of appropriate security controls and protection mechanisms tailored to the sensitivity of the data processed.
  • FISMA Support: Provided critical support for Federal Information Security Modernization Act (FISMA) compliance efforts, contributing to the organization's ability to meet regulatory requirements and maintain a strong security posture.
  • A&A Package Development: Developed and maintained comprehensive Assessment & Authorization (A&A) packages in eMASS, ensuring accurate and up-to-date documentation of system security controls and compliance status, facilitating efficient audits and informed decision-making.
  • SCAP and ACAS Scan Review: Thoroughly reviewed Security Content Automation Protocol (SCAP) and Assured Compliance Assessment Solution (ACAS) scans, identifying critical vulnerabilities and misconfigurations that required immediate attention, enabling proactive risk mitigation and preventing potential security breaches.
  • Threat Intelligence Monitoring: Proactively maintained current knowledge of emerging cybersecurity threats, vulnerabilities, and exploits through continuous professional development and threat intelligence feeds, enabling rapid response to new and evolving risks.
  • Cybersecurity Deficiency Tracking: Diligently monitored and tracked cybersecurity deficiencies identified through assessments and scans, ensuring timely remediation efforts and minimizing the organization's exposure to potential threats.
  • POA&M Management: Provided timely and accurate updates to Plans of Actions and Milestones (POA&Ms) in eMASS, ensuring transparent tracking of remediation efforts and facilitating informed decision-making by stakeholders regarding resource allocation and risk acceptance.

NAVAIR Information System Security Officer

Camber Corporation, Contractor Support, Patuxent River NAS, MD
03.2017 - 08.2017
  • Security Policy Enforcement: Enforced strict adherence to established security policies and procedures across all assigned systems and networks, mitigating potential vulnerabilities and reducing the risk of unauthorized access.
  • System Security Plan (SSP) Development: Developed and implemented comprehensive System Security Plans (SSPs) in accordance with NIST guidelines, ensuring the protection of sensitive data and the secure operation of critical systems.
  • Developmental Test & Evaluation (DT&E): Conducted thorough reviews of Developmental Test & Evaluation (DT&E) documents, identifying potential security flaws and providing actionable recommendations to improve system security posture prior to deployment.
  • Security Recommendations: Provided expert security recommendations to stakeholders, influencing system design and implementation decisions to enhance overall security posture and minimize risk.
  • Integrated Product Team (IPT) Participation: Actively participated in Integrated Product Teams (IPTs), collaborating with cross-functional teams to integrate security considerations into all phases of the system development lifecycle, ensuring security was a core element of design.
  • POA&M Management: Created and maintained detailed Plans of Actions and Milestones (POA&Ms) to track and remediate identified security vulnerabilities, ensuring timely resolution and minimizing potential risks to critical systems.
  • Confidentiality, Integrity, and Availability (CIA): Expertly categorized systems based on Confidentiality, Integrity, and Availability (CIA) requirements, ensuring appropriate security controls were implemented to protect sensitive data and maintain system availability in accordance with organizational needs.
  • Security Compliance: Ensured comprehensive security compliance for NAVAIR Shipboard Launch and Land Systems, contributing to the safe and reliable operation of critical naval assets and protecting sensitive operational data.
  • Navy Qualified Validator Support: Assisted as a Level I Navy Qualified Validator, supporting the assessment and authorization process and ensuring systems met stringent security requirements before deployment, preventing potential security breaches and data compromise.

Cyber Surety

USAF, Senior Airman, Nellis AFB, NV
03.2011 - 03.2017
  • Security Policy Enforcement: Enforced NIST, DOD, and Air Force security policies, regulations and directives.
  • Information Assurance (IA) Program Management: Administered and managed information assurance (IA) programs.
  • IA Risk and Vulnerability Assessments: Conducted IA risk and vulnerability assessments.
  • Security Policy Development: Develop, maintain, and enforce security policies, procedures, and standards in accordance with applicable regulations and directives.
  • Security Documentation: Develop and maintain comprehensive security documentation, including security plans, standard operating procedures (SOPs), and risk assessments.
  • Risk Assessment: Conduct comprehensive risk assessments and vulnerability scans to identify and evaluate cybersecurity risks.
  • Risk Mitigation: Develop and implement effective risk mitigation strategies to reduce the likelihood and impact of potential threats.
  • Vulnerability Monitoring: Monitors and analyzes security vulnerabilities, providing recommendations for remediation and system hardening.
  • Security Audits and Inspections: Prepares for and participates in security audits and inspections, addressing any identified deficiencies.
  • A&A Support: Support the accreditation and authorization processes for assigned systems and networks.
  • Cybersecurity Knowledge: Demonstrate in-depth knowledge of cybersecurity principles, threats, and vulnerabilities.

Education

Master's Degree - Cybersecurity & Information Assurance

Western Governance University
Salt Lake City, Utah
03.2026

Bachelor's Degree - Information Systems Security/Cybersecurity

American Military University
Charles Town, West Virginia
08.2019

Associate’s degree - Information Systems Technology Management

Community College of the Air Force
Maxwell-Gunter, Alabama
07.2016

Skills

  • Cybersecurity Frameworks: NIST RMF, CNSSI 1253, FIPS 199, NIST SP 800-60, DoD Directives, Army Regulation 25-2, DoD STIGs, CMMC 20, FISMA, ISO 27001, NIST 800-30, NIST 800-207
  • Program Protection: Anti-Tamper, Software/Hardware Assurance, Trusted Systems and Networks (TSN), Critical Program Information (CPI), Security Classification Guides
  • Vulnerability Management: ACAS, SCAP, Static Code Analysis, Vulnerability Scanning, Mitigation Strategy
  • Risk Management: Risk Assessments, Vulnerability Assessments, Supply Chain Risk Management (SCRM), eMASS/Xacta
  • Security Engineering: System Security Plans (SSPs), Security Policy Development, Network Security Design, Cross Domain Solutions
  • Tools & Technologies: ACAS, eMASS/Xacta, SCAP, Nessus, PPSM, Microsoft 365 (Word, Excel, PowerPoint, Project, Forms, Power Automate), Visio
  • Compliance: FISMA Reporting, Continuous Monitoring, Security Audits, POA&M Management, Incident Response
  • Methodologies: Agile, Adaptive Acquisition Framework (AAF)
  • Other: Data Analysis, Systems Integration/Engineering, Project Management, Azure, Large-Language Models (LLM)

Websites

Certification

  • CompTIA Security+ CE (2023-09)
  • ISC2 Certified in Cybersecurity (2024-11)
  • CompTIA CySA+ (2025-05)

Timeline

Program Protection Plan Lead-Principal Cyber Security Architectural Engineer

Apogee Engineering, Contractor Support, USSOCOM (SOF AT&L), MacDill AFB, FL
12.2024 - Current

Principal Cyber Security Engineer, Emergency Communications Network

Mission Support and Test Services, LLC, Contractor Support (DOE), Nellis AFB, NV
10.2022 - 11.2024

Program Protection Plan Support SME-Senior Cyber Security Architectural Engineer

Apogee Engineering, Contractor Support, USSOCOM (SOF AT&L), MacDill AFB, FL
04.2021 - 09.2022

S3I MLRS Deputy Lead, Senior Cyber Security Engineer

SAIC, Contractor Support, Redstone Arsenal, AL
11.2019 - 04.2021

USCENTCOM Senior Cyber Security Analyst

SAIC, Contractor Support, MacDill AFB, FL
01.2019 - 10.2019

USSOCOM Information Systems Security Manager

Federal Information Systems LLC, Independent Consultant, MacDill AFB, FL
06.2018 - 01.2019

USCENTCOM Junior Cyber Security Analyst

Venatore LLC, Contractor Support, MacDill AFB, FL
09.2017 - 05.2018

NAVAIR Information System Security Officer

Camber Corporation, Contractor Support, Patuxent River NAS, MD
03.2017 - 08.2017

Cyber Surety

USAF, Senior Airman, Nellis AFB, NV
03.2011 - 03.2017

Bachelor's Degree - Information Systems Security/Cybersecurity

American Military University

Associate’s degree - Information Systems Technology Management

Community College of the Air Force

Master's Degree - Cybersecurity & Information Assurance

Western Governance University

Similar Profiles

  • Dayvian J. Wells

    Dayvian J. WellsDayvian J. Wells

    NA at Air Force Life Cycle Management Center ISR/SOF, FMS/SSR, Wright-Patterson AFB, OH, Department of Air ForceNA at Air Force Life Cycle Management Center ISR/SOF, FMS/SSR, Wright-Patterson AFB, OH, Department of Air Force

  • ALICE WILLIAMS

    ALICE WILLIAMSALICE WILLIAMS

    Leadership Team Member at MacDill AFB Child Development CenterLeadership Team Member at MacDill AFB Child Development Center

  • Joshua Eang

    Joshua EangJoshua Eang

    Tier 1 Support Technician at SAIC, United States Central Command, MacDill AFBTier 1 Support Technician at SAIC, United States Central Command, MacDill AFB

  • Alysa Walack

    Alysa WalackAlysa Walack

    VP Strategic Accounts at FCI BrandsVP Strategic Accounts at FCI Brands

  • Nicholas Guessford

    Nicholas GuessfordNicholas Guessford

    Fire Sprinkler Foreman at United Fire ProtectionFire Sprinkler Foreman at United Fire Protection

CREATE PROFILE