BRIAN THELWELL
15711 Guthrie Drive, Huntersville, NC 28078
(E) thelwellba@gmail.com (C) 804.432.3254
QUALIFICATIONS
SUMMARY
10+
years of IT engineering and managerial experience
10+
years of problem solving and troubleshooting
10+ years of Certification and Accreditation
experience
TOP
SECRET SECURITY CLEARANCE
US
Passport
EDUCATION/CERTIFICATIONS
Colorado Technical University
- Colorado Springs, CO (2006)
MS in Information Systems Security
Colorado Technical University - Colorado Springs, CO
(2005)
BS in Business Administration with Information
Technology-Magna cum Laude
CISM, CRISC, CFCP, ITIL
V3 Foundations, ITILV3 Int. Service Design, Security +,
Fully Qualified Navy Validator #I0289
TECHNOLOGIES
USED
·
Hardware: CPUs, memory, printers, UPS, com
ports, cabling, network interface cards, bridges, multiplexers, switches,
routers, network storage devices, backup devices, firewalls, HAIPE, KIV-7,
KG-235, KG-250, BGAN, TacLane, PBX, CSU/DSU, VTC, T1/E1, VOIP
Software: Microsoft Office, Visio, Microsoft Project, Cisco Works, HP
Openview, Remedy, Gold Disk, Security Blanket, Wireshark, eEye Retina, DISA
STIGS, SRR scripts, Backtrack, Linux, NetStumbler, VMware, Nessus, eMass
·
Protocols: TCP/IP, STP, Telnet, FTP, SMTP,
POP3, Ethernet, Frame Relay, IS-IS, OSPF, BGP, EIGRP, RIPv2, ISDN, DSL, H323
·
Skills/Frameworks: SDLC, DLP, Endpoint
Security, Encryption, Access Controls, Incident Response Procedures, Risk
Management, Security Governance and Compliance, Vulnerability Management,
Technical writing, POA&M Management, IT Control Assessments , Guidelines
and Regulations: FISMA, NIST, FedRAMP, FISCAM, ITIL, DIACAP, COBIT,
SOX, GLBA, PCI-DSS, ISO 27001/2, HIPPA, FFIEC
PROFESSIONAL
EXPERIENCE
CommScope-Hickory, North Carolina
March 2015 – Present
Manager, Information Security
·
Directs, manages, plans and administers the operational
and administrative efforts associated with the running of the Risk and
Vulnerability Management section.
·
Manages the development, implementation, communication,
monitoring and maintenance of the information security strategy, policies and
procedures which promote secure and uninterrupted operations.
·
Manages the Risk Management processes to include the Risk
Management Framework, Security Risk Assessment, Threat Identification,
Controls, Impact and Risk Recommendations.
·
Oversees the Vulnerability Management Program including
Vulnerability Scanning and Detection along with Evaluation and Analysis in
compliance with physical and technical safeguards.
·
Directs the development of the Threat Management Program
including modeling, analytics, detection, automation and reporting.
·
Prepares activity and progress reports; develops and
implements security standards, procedures, and guidelines to prevent the unauthorized
use, release, modification, or destruction of data across multiple platforms
and environments (e.g., corporate, distributed and client server systems)
·
Participates in the establishment of the corporation's
information security policy; reviews the development, testing and
implementation of appropriate security plans, products and control techniques
·
Provides technical expertise and support to client and IT
management and staffs in risk assessment and the implementation of
appropriate data security procedures and products.
BlueCross BlueShield of South
Carolina, Columbia SC
February
2014 – February 2015 Sr. I/S Risk and Compliance Analyst
Evaluate technology and
business-related controls for integrating business and information system
security and risk mitigation efforts.
· Provide
guidance to I/S functional teams with the development, implementation,
monitoring, and reporting of control evaluation, processes, documentation,
and compliance initiatives. Act as a change agent to influence I/S and
corporate compliance culture.
· Perform
Risk documentation review and provide feedback to business unit managers and
Technology Owners
· Ensure
organizational compliance to industry and government regulations, FISMA,
HIPPA, and PCI-DSS, NIST
· Provide
posture status to executive management
· Improve
workload tracking and reporting
· Analyze
customer requirements and support relationships with key stakeholders
·
Perform Plan of Action and Milestone
tracking to key business units
Grant
Thornton LLP - Chesapeake, VA
May 2012 – January 2014
Senior
IT Security Specialist Team Lead
·
Conducted IT security controls assessments on (GSS)
General Support System and CFO designated systems in accordance with FISMA,
A-123 and annual self-assessment NIST 800-53A guidelines
·
Developed, tracked and managed POA&Ms (Plan of Action
and Milestones) in TAF (Trusted Agent FISMA) tool. Updated System Security
Plans and conducted Risk mitigation planning.
·
Experienced in development of Certification and
Accreditation/Risk Assessment documentation. Security Plans, Security
Assessment Reports, Security Assessment Plans, Contingency Plans, Contingency
Plan Tests, Privacy Threshold Analysis, Privacy ImpactRisk Threat Matrix,
POA&Ms and Risk Assessments for ATO Authority to Connect and ATC
Authortiy to Connect approvals.
·
Broad knowledge and understanding of Federal IT security
policy and guidance (OMB Circular A-123, FISMA, FIPS, and NIST-800 series
guidance.
· Experienced
in interpreting IT vulnerability scanning results from AppDetective, Nessus
and e-Eye Retina.
· Reviewed
and updated policy and procedures for media protection, access controls,
incident response, and configuration management.
· Managed
and tracked interconnection agreements, (MOAs) Memorandums of Agreement/
(MOUs) Memorandums of Understanding.
CSC
- Computer Sciences Corporation - Norfolk, VA
December 2009-May 2012
Senior
Information Security Engineer
· Instrumental
as part of a four man team preparing for a Command Cyber Readiness Inspection
(CCRI) which resulted in a 98.9% rating for the organization.
·
Develops training for technical and programmatic
assessments, evaluating engineering and integration initiatives and providing
technical support to assess security policies, standards and guidelines.
Implements, enforces and communicates security policies and/or plans for
data, software applications, hardware and telecommunications.
·
Evaluate highly complex security systems according to
FISMA and DODI 8510.01 DIACAP, DODI 8500.2 IA controls to safeguard internal
information systems and databases for ATO approvals.
·
Develops training for technical and programmatic
assessments, evaluating engineering and integration initiatives and providing
technical support to assess security policies, standards and guidelines.
Implements, enforces and communicates security policies and/or plans for
data, software applications, hardware and telecommunications.
·
Performs product evaluations, recommends and implements
products/services for network security. Validates and tests security
architecture and design solutions to produce detailed engineering
specifications with recommended vendor technologies.
· Possesses
extensive knowledge and experience with Navy Networks ONE-NET, NMCI, IT-21
performing Security Test and evaluations (ST&E) in accordance with DoD
guidelines
General
Dynamics-AIS - Suffolk, VA
June 2009-December 2009
Senior
Information Assurance Engineer
·
Developed security documentation, including security
plans, configuration management plans, and contingency plans in compliance
with DOD and local Information Assurance policy.
·
Developed verification procedures for executing risk
assessments and security test and evaluations, and conduct risk assessments
to ensure that systems are operating securely.
·
Developed DIACAP Implementation Plans (DIP) that addressed
all applicable assigned IA Controls and mitigated per FISMA and DoDI 8500.2
DIACAP guidelines for ATO approval.
·
Frequently interacted with the executive level client to
recommend Information Assurance solutions based on an understanding of how
products and services interrelate and support the Information Assurance
mission
·
Performed Risk Assessments and analysis on key systems for
Joint Network Operations.
MTS
Technologies - Virginia Beach, VA April 2008- April 2009
Senior
Network Engineer/Senior Information Assurance Engineer Team Lead
·
Assisted with establishing the Certification and
Accreditation (C&A) boundary under FISMA and DITSCAP of the systems to be
accredited for the US101 Presidential Helicopter for ATO approval. Mitigated
IA controls for the project under crucial deadlines.
·
Provided assistance in developing pristine security
documentation which consisted of: Systems Concepts of Operation and
System Security Authorization Agreements (SSAA). Experience with
FISMA, DoD 8500.1, 8500.2, DCID 6\3 and the DoDI 5200.40 - Department of
Defense Information Technology Security Certification and Accreditation
Process (DITSCAP) and Department of Defense Information Assurance Certification
and Accreditation Process (DIACAP) Process.
·
Supported the installation of 42 802.11 b/g 2.4 Ghz wireless
access points, 12 mobile power line communications packages, 15 VOIP
phones command center for a Navy project on the Ex USS Shadwell.
·
Performed security audits and reviews as the ISSM in
accordance with NISPOM.
U.S.
Army - Seoul, Korea November 2004- March
2008
Telecommunications
Manager
·
Provided combatant commands IA exercise planning and
execution related to the security of the evolving defense and intelligence,
national, and Global Information Grid Infrastructures.
·
Managed rapid, reliable C4I communications with
established federal guidelines and provided technical solutions to complex
issues concerning telecommunications, installation, operation, maintenance
and electronic logistic support. Directed the activities of over 134 combined/joint
military, Department of Defense contractors, and Korean technicians assigned
to the U.S. Army for network operation/maintenance.
·
Provided network support and 100% IAVM compliance in the
operation and maintenance of both classified/unclassified equipment and
documentation to a 4 star general and his immediate staff.
·
Performed duties as the Information Systems Security
Manager implementing policies and procedures in accordance with FISMA and
organizational guidelines.
·
Developed SIPRnet certification and accreditation packages
in accordance with FISMA and DIACAP guidelines for ATO approvals.
U.S.
Army - Yongsan, Korea
April 2004-October 2004
Defense
Switched Network Manager
·
Supervised the operation and repairs of one SL-100 Super
Node and two Remote Switching Facilities valued at over 24 million dollars
while maintaining 100% accountability.
·
Ensured the facilities operated within the Defense
Information Systems Agency (DISA) guidelines – performing Retina scans and
maintaining IAVM compliance
·
Provided Protection Assessments and Analyses of mission
critical and real-time systems identifying single points of failure,
vulnerabilities, and formulating remediation strategies and solutions.
·
Performed evaluations of emerging technologies to securely
meet organizational requirements.
·
Verifies security requirements; performs system
certification and accreditation planning and testing and liaison activities,
and supports secure systems operations and maintenance.
U.S.
Army - Fort Bragg, North Carolina July 2000-March 2004
Network
Operations Supervisor
·
Performed strategic and implementation planning, security
certification and accreditations, security test and evaluation, risk
management, and technology assessments to in the areas of communications,
networking, operating systems, applications, secure messaging, and wireless.
·
Planned project management of infrastructure for LAN/WAN
networks, including design, analysis, evaluation, installation, and
maintenance.
·
Resolved problems related to collision, data traffic
congestion, LAN segmentation, and network cable standards.
·
Performed Enterprise WAN management functions
communicating and troubleshooting across 3 countries while deployed on a real
world mission.
·
Supervised the installation of the units first Cisco 3600
platform data telecommunications network comprised of over 124 mobile
communications shelters and over 326 personnel.
United States Army, Kitzingen,
GermanyApril 1999– July 2000
Senior Communications Supervisor
Responsible for the management and supervision of 10 Digital Mobile
Subscriber Equipment communications
assemblages,
providing digital voice and data services for up to a 14,000-member
taskforce. Equipped with SB22 PBX Switch Boards, and
Trunked Encryption Devices. Equipment utilized 7 sets of 26-paired copper
cable and 6 remote junction boxes for digital
telephone interface at the subscribers’ location. Systems valued in the
excess of $10,000,000. Ensured the training, health,
and general welfare of 30 personnel.
Contingency Operations
Instructor/Team Leader
Rapid deployment responsibility of providing on the
spot encrypted communications for the Commanding General of the US Army’s 1st
Infantry Division. Provided training to division level troops while deployed
to Bosnia and Kosovo. Skilled with encrypted communication devices such as;
Microwave Multi-Channel Tactical Satellite and Point to Multi-Point
Transceivers, SINCGARS, STUIII’s, INMARSATS, Multi-Channel Tacsat, KY57,
KY99, KG194, and TELEX operations.
TRAINING AND CERTIFICATIONS
Certificate, Project Management/ Planning, Colorado
Technical University
Certificate, Certified Information Security Manager,
(CISM), ISACA
Certificate, Certified FISMA Compliance
Practitioner, (CFCP), FISMA Center
Certificate, Certified in Risk and Information
Systems Control (CRISC), ISACA
Certificate, Fully Qualified Navy Validator #I0289
Certificate, ITIL V3 Foundation, EXIN
Certificate, ITIL V3
Practitioner Service Design, EXIN
Certificate, Cisco Certified Network
Associate, (CCNA)
Certificate, Building Cisco Multi-Switched Networks,
Global Knowledge
Certificate, Network Management with HP Openview and
Cisco Works, General Dynamics
Professional Organizations
ISACA, Information Systems Audit and Control Association
member
ISSA, Information Systems Security Association,
member