David W. Smith, CISSP, CISM, CEH, MCITP PMP, LSS, ITIL

 

Career Summary:

Proven military leader and manager in Information Technology and Financial Management at strategic, operational and field levels with 20 years of experience as both a successful officer and non-commissioned officer, retiring at Major. Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Project Management Professional (PMP), Certified Information Technology Infrastructure Library (ITIL), Microsoft Certified Information Technology Professional (MCITP), and Certified Lean Six Sigma (LSS) Green Belt military with a Top Secret security clearance (SCI active) and 22 years of experience in Information Assurance (IA), project management, and leadership.  Specialized experience in Enterprise Architecture (EA), Continuity of Operations (COOP), Disaster Recovery (DR), Incident Response (IR), Business Process Management (BPM), Governance, Risk Management, and Compliance (GRC).  Accomplished communications and interpersonal skills, adept at working in dynamic, complex environments with diverse audiences.  Expert problem analysis proficiency to resolve issues and bring order, motivation and focus for mission success.  Mentors and develops subordinates to achieve excellence.  Mission driven and customer focused.

United States Department of Defense Security Clearance:

Top Secret w/ Sensitive Compartmentalized Information (SCI) Access (Active)

 

Education:

MBA, Webster University, St Louis, MO 2006

BBA, Computer Information Systems – Campbell University, Buies Creek, NC 1998 (ROTC)

 

Professional Certifications:

• Certified Information Security Manager (CISM) – Jul 2014

• Certified Information Security Professional (CISSP) - Feb 2012

• Project Management Professional (PMP) – Apr 2012     

• ITIL 2011 - May 2012

• Certified Ethical Hacker (CEH) – Feb 2012

• Microsoft Certified Information Technology Professional (MCITP): 2008 Server Administrator  - Sep 2012

• MCITP: 2008 Enterprise Administrator – Mar 2013

• Microsoft Certified Technology Specialist (MCTS): Windows 7 Configuration – July 2012

• MCTS:  Windows Server 2008 Network Infrastructure Configuration – Aug 2012

• MCTS:  Windows Server 2008 Active Directory Configuration – Aug 2012

• MCTS:  Windows Server 2008 Applications Infrastructure Configuration – Sep 2012

• Security+ - Dec 2009

• Lean Six Sigma Green Belt (certified through U.S. Government) – Apr 2008

 

Military Education:

• Command General Staff College:  March 2009– July 2009

• Information Systems Management Course:  July 2008 – March 2009

• Training with Industry – Banking:  August 2005 – May 2006

• Resource Management Tactical Course:  April 2005

• Finance Captains’ Career Course:  May 2001 – February 2002

• Advanced Military Accounting and Analysis:  November 2001

• Planning, Programming, Budgeting, and Execution (PPBE):  December 2001

• Combined Arms and Services Staff School:  March – July 1999

• Armor Officer Basic Course: November - May 1998

• ROTC Green to Gold Program Campbell University:  September 1996 - May 1998 (resulted in commission)

• Software Analyst Course:  January – April 1993 (2^nd enlisted Military Occupational Specialty (MOS))

• Armor Crewman M1A1 Abrams Training:  August– December 1990 (1st enlisted MOS)

 

Professional Experience:

December 2014 – Present: Information Assurance Systems Security Engineer (IASSE)

ManTech International Corporation – Arlington, VA

Providing expert level consultation and technical services on all aspects of Information Security to the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics (OUSD (AT&L)) within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts.  Providing daily support for Collateral, Sensitive Compartmented Information (SCI) and SAP activities.  Performing oversight of the development, implementation and evaluation of information system security program policy with special emphasis placed upon integration of existing SAP network infrastructures.  Supporting a team of System Security Engineers and Certification and Accreditation Analysts responsible for ensuring the customers national and international security interests are protected as support equipment are designed and tested.  Supporting customer and SAP community IA working groups, participating in Systems Security Engineering (SSE) Integrated Project Team (IPT) reviews.  Reviewing SSE related designs and providing security compliance recommendations.  Developing and providing IA risk management recommendations to the customer.  Providing SSE support for Mission and Training systems design and development.  Assisting with the development and maintenance of the Program Protection Plan (PPP), site activation activities and design reviews.  Representing the customer in various SSE related working groups, advisory groups, and advisory council meetings.

 

October 2014 – December 2014: Information Security Consultant (1099)

Consulting for 1 Source, Incorporated – Washington, DC

Providing HUD Cyber Security Program Support, Policy Development and Planning support to define an enterprise-wide HUD Cyber Security Program framework.  Providing guidance to help ensure that HUD’s privacy program is in compliance with federal privacy policies and regulation and that HUD’s program and framework reflects privacy best practices to the maximum extent possible.  Cross walking all new Public Law, the Federal Information Security Management Act of 2002 (FISMA), Presidential Directives, Executive Orders, Office of Management and Budget (OMB) directives, National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS), Departmental policies, and the HUD CIO Cyber Security Technical and Management Requirements (TMRs) and providing comprehensive reports, impact statements, implementation plans and other documents to ensure that the cybersecurity framework remains current and relevant to the cyber, political and operational environments of HUD Elements.  Modifying, developing, maintaining and producing all required cyber security documentation, reports, project plans and other documentation required for implementing cyber security program framework in HUD.  

 

September 2012 – October 2014: Program Manager

1 Source, Incorporated – Washington, DC

Directing and controlling activities for the Federal Communications Commission (FCC) Network Security   Operations Center (NSOC), having overall responsibility for technical and managerial leadership and security compliance direction in the development, management, and application of IT security requirements, controls and best practices. Performing duties and directing staff to manage Plan of Action and Milestones, Security Weakness Reporting, Independent Verification and Validation tracking, reporting, and performance monitoring for FCC systems. Ensuring remediation of identified security technical vulnerabilities and process weaknesses to reduce the overall FCC risk exposure.  Directing staff and identifying gaps in processes and procedures and overseeing the coordination and drafting of manuals, user guides, instructions and standard operating procedures to fill the gaps. Negotiating and resolving issues to ensure all parties abide by and comply with the new procedures.  Managing multiple projects (large and complex) and communicating with stakeholders at all stages of the System Development Lifecycle (SDLC).  Providing leadership in engineering, implementing, and supporting a broad range of security technologies such as next generation firewalls (i.e. Web application firewalls), Data Lost Prevention (DLP), Federal Identity Credential and Access Management (FICAM), virtualization, mobility, cloud environments, and Intrusion Detection/Prevention systems.  Analyzes and defines security requirements for computer systems which include mainframes, workstations, and mobile devices across multiple platforms to include Unix, Linux, and Microsoft.  Ensuring compliance with applicable regulations such as NIST Special publications 800-37, 800-137, 800-39, 800-30, 800-53, 800-53A, ICD 503, and DCID 6/3, FISMA, and the Federal Information System Controls Audit Manual (FISCAM).  Implementing the Risk Management Framework (RMF), and Information Security Continuous Monitoring (ISCM) across the enterprise architecture.  Maintaining up to date knowledge of new IT security development, processes, and equipment and identifying processes equipment that can be applied to improve agency program and IT security activities.  

July 2011 – August 2012: Information Systems Manager

U.S. Army, Chief Information Officer/ G6 – The Pentagon

Technical advisor to General Officers and SES on executive orders, laws and regulatory guidance, to include SOX, HIPPA, PCI DSS, Federal Risk and Authorization Management Program (FedRAMP), FISMA standards, DoD 8500.01, DoD 8510.01, NIST Special publications 800-37, 800-137, 800-39, 800-30, 800-53, 800-53A, ICD 503, and DCID 6/3.  Led the pilot of Google Applications for Government, a cloud-based Software as a Service (SaaS) initiative, in collaboration with the Defense Information Systems Agency (DISA). Working directly with the product manager at Google, supporting Army strategic goals of analyzing and leveraging existing technologies to improve services and reduce costs.  Responsibilities included steering the synchronization of DoD and Army CIO governance activities and partnering with federal agencies to leverage lessons learned.  This requires a diverse understanding of IT Enterprise Strategies such as Single Sign-On (SSO), Federal Identity Credential and Access Management (FICAM), and operational knowledge of ports, protocols, and processes.

 

July 2009 – July 2011:  Chief Information Assurance  (similar to civilian CISO)

U.S. Army, 1^st Infantry Division, G6 Section - Fort Riley, KS

Earned the Bronze Star Medal for accomplishments as the Chief of Information Assurance (IA) for the United States Forces-South (USD-S).   As Chief, Information Assurance (IA), United States Division – South (USD-S), responsible for the strategic planning and execution for a network footprint of over 18,000 end users and five forward operating bases (FOB).  Managing multiple projects (large and complex) spearheading the implementation (design, development, and integration) of several defense-in-depth information systems that directly supported the division’s mission requirements to include perimeter firewalls, Cisco Security Monitoring Analysis and Response System (CSMARS), Host Based Security System (HBSS), and the implementation of fault-tolerant information systems providing continuity of operations within the division’s network in accordance with the Information Assurance Technical Framework (IATF).   Responsible for enabling Information Sharing and Safeguarding on classified networks to include the Joint Worldwide Intelligence Communications System (JWICS), and the Secret Internet Protocol Router Network (SIPRNET) in accordance with CNSS instruction 1253 and 4009; CNSS and IC Security Control Overlays, and the DCID 6/3.  Directed the certification and system testing of the tactical to strategic solution enabling hardware that provided a local transport, giving tactical users access to the strategic operational backbone fiber that enabled cross-domain communications to meet the mission requirements of combat commanders in Iraq.  As Chief, IA, 1st Infantry Division (1ID) responsible for strategic planning and execution for a network footprint of over 16,000 end users across multiple platforms to include Unix, Linux, and Microsoft on the installation at Fort Riley, Kansas.  Responsible for the DoD Information Assurance Certification and Accreditation (DIACAP), Plan of Action and Milestones (POA&M), Continuity of Operations (COOP), and Disaster Recovery.   Identifies, reports, and resolves security violations.  Designs, develops, engineers, and implements solutions that meet security requirements.  Provides integration and implementation of the computer system security solutions.  Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.  Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.  Determines enterprise information assurance and security standards.  As the Information Assurance Manager (IAM), 1ID, responsible for planning, managing, and implementing IA policies and procedures for the division and subordinate computer systems and networks.  Demonstrated proficiency in integrated systems testing and defense in depth strategies when external penetration testers from 1st Information Operations Command lauded the division as having the most secure network collectively tested in the Army.

March 2009 – July 2009:  Command General Staff College

U.S. Army Training Course, Fort Gordon, GA

Student of the Command General Staff College (CGSC) that is a graduate level program that provides instruction on leadership philosophy, military history, and the military planning and decision-making processes. Provides Intermediate Level Education (ILE) for United States Army and sister service officers, interagency representatives, and international military officers for full spectrum joint, interagency and multinational operations.

 

July 2008 – March 2009:  Information Systems Management Course (FA53)

U.S. Army Training Course, Fort Gordon, GA

Student of the Information System Managers Course (FA53) that integrate diverse forms of enterprise services such as configuration management, active directory, database management, e-mail, and Web portals that must operate seamlessly in support of the Army and JIIM operations worldwide. FA 53 officers supply their expertise of all enterprise systems technologies, along with their knowledge of highly technical concepts, in order to provide the warfighter with the information required to make timely decisions on the battlefield.  Training modules included:  Cisco Academy IT Essentials (214hrs), CISSP (160 hrs), Microsoft Technologies (120 hrs), Solaris 10 System Admin (40 hrs), Collaboration (web design, SQL, IDM, Requirements Analysis – 288 hrs), LAN/WAN (24 hrs), Knowledge Management (24 hrs), and Operating Systems Design (24 hrs), and CAPSTONE Project (56 hrs).

 

May 2006 – July 2008:  Department of the Army Banking Officer

Assistant Secretary of the Army (Financial Management & Comptroller) – The Pentagon

Technical advisor to General Officers and SES within the ASA (FM&C) on laws and regulatory guidance related to financial institutions that operate on DoD installations.  Advised the Army Service Component Commands in Europe and Korea to maximize the upgrade of overseas banking facilities and services for soldiers and their families using retained earnings on the DoD banking contract.  Programmed, planned, and executed the Army’s $9M Overseas Military Banking Program budget.  Earned Lean Six Sigma Green Belt Certification for resolving the time and resource problems involved in the Casual Pay disbursing operation to Wounded Warriors.  This was accomplished by leveraging existing IT infrastructure to upgrade the manual disbursing operations for wounded warriors into an automated disbursing system resulting in an estimated cost avoidance of $307 thousand annually and increasing response time for payment by 45%. Negotiated and obtained an agreement with the National Bank of Kuwait to establish the first bank on Camp Arifjan, Kuwait. Served as the Army’s spokesperson for all national and international DoD banking industry speaking events and presentations. Developed information papers for the Secretary of the Army and ASA (FM&C). Served as representative for the Army for all Memorandums, Staff Actions, and other written correspondence related to financial institutions on DoD Installations. Contributed to the revised February 2009 DoD Financial Management Regulation, Volume 5, Chapter 34 “Financial Institutions on DoD Installations ” Contributed to the revised 2008 Bank Liaison Desktop Guide that was developed to serve as a reference tool for commanders and Bank Liaison Officers /Credit Union Liaison Officers within DoD.

 

August 2005 – May 2006:  Training with Industry (TWI) Program Fellowship

Armed Forces Bank – Fort Leavenworth, KS and Pentagon Federal Credit Union - Alexandria, VA

The TWI Program was established as a Secretary of the Army for Financial Management, board selected program, to train an Army officer on all aspects of the banking industry.  At the end of the training the individual becomes the sole representative for the Department of the Army on all banking issues, within the government.  The board selection process is merit based, and only 1 finance officer is selected every 3 years.  Hands on training within every department in the banking industry beginning with bank teller, and working all the way up to the highest-level managers and bank president.  Providing financial services as an agent of Armed Forces Bank to include Retail Banking Representative, Call Center Operations, Online Banking, Mortgage Loans, Consumer Loans, Credit Cards, Collections, Compliance, Data Center Operations, Accounting Operations, Internal Audit ATM Department, Human Resources, and Marketing.  Coordinates with agencies to include Federal Deposit Insurance Corporation, Federal Reserve Bank, U.S. Treasury, and the National Credit Union Association.  Completed American Banking Association (ABA) courses Principals of Banking, and Law and Banking Principles.

 

September 2003 - August 2005:  Detachment Commander

Additional duties:  Disbursing Officer and Field Ordering Officer

Bravo Detachment, 4^th Finance Battalion – Fort Carson, CO

Commander of a finance detachment in support of Operation Iraqi Freedom (OIF) and garrison finance support at Fort Carson.  During deployment provided daily finance support to average population of 20,000 soldiers.  As Disbursing Officer and Field Ordering Officer, responsible for the operation of four separate base camps which disbursed over $12 million dollars without a single loss of funds.  Throughout OIF the detachment was responsible for paying 47,000 casual payments and cashed over 24,000 checks in support of 5 combat divisions.

 

January 2003 - September 2003:  Battalion Operations Officer

Additional Duties:  Cash Control Officer

HHD, 4^th Finance Battalion – Fort Carson, CO

Planned and coordinated the battalion’s deployment in support of OIF.  Successfully deployed the battalion out of Fort Carson, and established six operating locations in northern Kuwait Base Camps.  Responsible for publishing numerous finance support operation orders and developing convoy-operating procedures for dozens of successfully executed finance missions.  As Cash Control Officer, maintained accountability for over 82 paying agents funded with over $770K for local procurement operations.

 

January 2002 - January 2003:  Detachment Commander

Alpha Detachment, 177^th Finance Battalion – Camp Casey, Korea

Commander of the Army’s most forward deployed finance battalion in the Republic of Korea.  Fostered direct support relationship with the units the detachment supports, taking finance support to the soldier and integrating finance soldiers into the maneuver commander’s team. Responsible for the wartime unit readiness and financial resources distribution functions to the 2nd Infantry Division; provided pay support, disbursing operations, and cash accountability to over 15,000 soldiers located throughout 5 installations and bordering the Demilitarized Zone; conducted bank and credit union liaison functions within the area of operations.

 

May 2000 – May 2001:  Detachment Commander

Additional duties:  Battalion Safety Officer, Unit Movement Officer, and Budget Officer

HHD, 4th^th Finance Battalion – Fort Carson, CO

Commander of a Finance Detachment, responsible for the training, welfare, morale, safety, and maintenance of 29 soldiers and their families servicing the 16,000 soldiers of the 7^th Infantry Division and Fort Carson.  Plans and evaluates collective training.  Sets and enforces detachment standards and administers non-judicial punishment.  Responsible for administrative, logistic, and maintenance support for the Battalion’s four finance detachments.  Additional duties include Battalion Safety Officer, Unit Movement Officer, and the Budget Officer.

 

July 1999 – May 2000:  Assistant Brigade Adjutant

HHC, 3^rd Brigade Combat Team, 4^th Infantry Division – Fort Carson, CO

Assistant Brigade Adjutant for a heavy brigade combat team comprised of six subordinate battalions, totaling over 4,300 personnel. Responsibilities include Agency Program Coordinator for Government travel cards, Line of Duty reports, and Congressional inquiries.  Serves as the Battle Captain in the Brigade ALOC during combat, which includes the monitoring and supervising of personnel and logistical issues within the Brigade’s Area of Operations.  Responsible for tracking the battle and briefing the Brigade’s situation to all superiors and subordinates.

 

November 1998 – July 1999:  Platoon Leader

Additional duties:  Computer Security Officer, Information Systems Officer and Calibrating Officer

2^nd Platoon, Charlie Company, 1-69 Armor Battalion – Fort Carson, CO

Platoon Leader of a M1A1 Tank Platoon with a worldwide contingency mission, consisting of four M1A1 tanks and related equipment values in excess of ten million dollars.  Responsible for the health, morale, welfare, safety and training of fifteen junior enlisted and non-commissioned officers.  Responsible to plan and execute a training program designed to achieve proficiency in the areas of tactical and gunnery operations.  Directly responsible to train, maintain, and sustain the platoon for deployment.  Additional duties include Computer Security Officer, Information Systems Officer and Calibrating Officer. 

 

April 1994 - September 1996: Network Systems Administrator and Computer Security NCO

704^th MI Brigade, Information Management Office (IMO) – Fort Meade, MD

Responsible for the daily operations of the brigade Local Area Network (LAN); advise and assist users in technical support to meet requirements; analyze and troubleshoot LAN system and user maintenance problems; implement and maintain all hardware and/or software to meet established LAN architecture; perform the functions of computer security officer to include patch management and incident handling; advise brigade staff elements on ways to improve IMO efficiency.  Successfully completed five computer oriented cryptology school courses.  As Computer Security NCO, directly supported NSA by analyzing and troubleshooting LAN system and user maintenance problems within the Sensitive Compartmented Information Facility (SCIF).  Recommended for the Army ROTC Green to Gold Scholarship to become a commissioned officer by brigade leadership.  Department of the Army selection board approved brigade recommendation resulting in enrollment at Campbell University to enter 2-year Army Officer Commissioning program. 

 

November 1993 – April 1994: Computer Programmer/Analyst   

DISCOM, 1^st Calvary Division – Fort Hood, TX

Responsible for walk-in customer service concept where users drop off hardware, ask questions, and pick up loaner equipment.  Responsible for the Installs, Moves, Adds, and Changes (IMACs) for tier 2 hardware and/or software support to include incident handling.  Hand-selected by supervisor to serve as primary Unit Level Logistics System-Ground (ULLS-G) specialist to troubleshoot, program, and configure the mission critical systems within the division.