Jeffrey A. Youmans, MSc.IA., CISSP

16401 Dawn Crescent Court Spring Hill, FL, 34610

(352) 584-9426 | youmansja@gmail.com

 

Education, Training and Certifications

·  Master of Science Information Assurance, Norwich University, ‘08, 4.0 GPA, (2008)

·  Bachelor of Science Computer Networking, Strayer University, ‘06, 4.0 GPA, (2006)

·  Professional Development Certificate Computer Forensics, Oregon State University, (2002)

·  ITIL Foundations Course; Certified (2011)

·  (ISC)² Certified Information Systems Security Professional (CISSP), #110226 (2007)

·  McAfee Technical Professional Risk and Compliance (01/2014)

·  McAfee Technical Professional Network Defense (01/2014)

·  PMI Membership (2013)

·  Microsoft Certified System Engineer (MCSE), University of Phoenix, (2000)

·  Top Secret SSBI W/SCI Since 1991 updated 2013

Experience and Methodology

My understanding of business goals, along with risks to Information Technology (IT), enables me to develop and assess infrastructures holistically.  My previous positions, education and experience as an educator have all made me uniquely qualified to lead, design and implement from the ground up an IT Security program. My primary goal is to build and lead a meaningful and cost relevant IT Security Infrastructure that speeds business and provides IT risk awareness to leadership. To do this I focus on risk management, knowledge sharing and relationship building to drive business and reduce costs. My technological focus areas are:

 

·  Information management, to ensure the security and compliance of  data;

·  Social technology integration, to speed time to value;

·  Cloud technology integration, to reduce real footprints and effectively focus resources;

·  Mobile technology integration, to speed services and improve time to value.

 

From policy development and training to risk remediation and implementation, I have the hands on skills, experience and wisdom to effectively create, manage and communicate the most complex and regulated environments.

Publications

An Introduction to Netcentric Operations and Services Oriented Architectures for Emergency Managers; Published in The Journal of Emergency Management.

Public Speaking Engagements

DoDIIS Worldwide Convention, NIST Systems of Systems Conference, IEEE society, Special Operations Forces Industry Conference, The Department of Energy, The National Recognizance Office (NRO), The Office of Naval Intelligence, and the Defense Logistics Conference.

 

Work Experience

Technical Security Architect | April 2015 – Present | Humana

·  Perform cloud application and storage security assessments,

·  Supervise and perform vendor due diligence assessments,

·  Supervise and perform technical InfoSec vulnerability scans,

·  Perform HITRUST, HIPAA and Meaningful Use Security Assessments and Audits,

·  Develop, track and facilitate closure of remediation actions,

·  Design, modify and improve process and work flows of reference architectures,

·  Brief executives on critical IT risk & provide specific technical remediation concepts,  

·  Authored Humana’s Electronic Medical Record (EMR) Security Configuration Standard.

 

Adjunct Professor, Computer Security | August 2008 – Present | St. Petersburg College

·  Classes focus on improving the student's attention to detail, scientific authoring, and effective communications in an online environment,

·  Course development (IT Security Related Courseware),

·  Hands on education of 3rd and 4th year computer engineering undergraduates,

·  Security management & administration,

·  Risk management techniques,

·  Audit management and methodologies.

 

Manager, Information Security | February 2014 – April 2015 | Mead Johnson Nutrition

·  Planned, scoped and implemented  IT security governance risk and compliance for the corporate IT infrastructure,

·  Planned, scoped, developed, lead, and managed a security risk management program  for assets totaling over $10 million,

·  Planned, scoped, lead, developed and implemented a threat and vulnerability management program,

·  Lead and developed a business security intelligence architecture including all security support structure appliances (vulnerability scanners, firewalls, SIEM),

·  Developed corporate policies to support the ongoing development of the information security program,

·  Developed and lead corporate security incident response plan, 

·  Developed global educational correspondence on security related topics (IdM, Phishing, Best Practices),

·  Aced as the global incident manager for internal and external threats (Poodle, ShellShock, Et.al),

·  Trained all InfoSec employees on information security business practices.

 

Senior InfoSec Project Manager | March 2010 – January 2014| US Department of Veterans Affairs / Merlin International Corporation              

·  Lead Governance Risk and Compliance (GRC) development within The US Department of Veterans Affairs as the contractor project manager,

·  Proven technical project management in a high paced high pressure public project,

·  Managed and developed workflows, propagation of common controls and integration of security sub-system control automation,

·  Expertly implemented end-to-end approach focusing on NIST and HIPAA / HITECH Authorization and Accreditation process with the goal of preventing both the internal and external threats through proper planning and continuous monitoring.

 

Information Architect / Project Manager | July 2007-March 2010 | CTC

·  Project management of U.S. government advanced research and development projects,

·  Research and development of congressional funded programs and built web 2.0 proofs of concept,

·  Developed security support structure for a web services-based cross-security-domain solution,

·  Developed Web 2.0 position paper and implementation concept for the Department of Energy,

·  Monitored all aspects, including personnel, budget, time-line management, and client expectations. 

 

DAA Representative (Certifier) | July 1997 – July 2007 | SAIC

·  Appointed as Designated Accrediting Authority (DAA) Representative for the Defense Intelligence Agency (DIA),

·  Identified, planned, and executed Security Testing and Evaluations (ST&E),

·  Technical security expert responsible for system/network certification including hardware, software, web services, auditing, disaster recovery, contingency planning and  integration with network security subsystems.

 

US Army Sergeant | February 1991 -- April 1997 | 7th Special Forces Group (Airborne)

·  NCOIC group’s Intelligence Collection Management Cell,

·  Answered multi-disciplined (imagery, signal, or human intelligence) requests for intelligence,

·  Deployed with Special Operational Detachment Alpha (SOD A),

·  Deployed in Support of Drug Enforcement Administration (DEA), 

·  Decorated for actions during deployments and for joint service involvement.