Chad D. Freese

• Orchestrated and executed four rigorous  control tests encompassing 120 assessment samples, with over 600  artifacts scrutinized, culminating in a flawless 100% pass rate with  zero discrepancies identified.
• Championed and conducted 700+  Quality Assurance (QA) reviews of risk assessments, pinpointing and  rectifying over 90 defects, thereby elevating the precision of each  assessment prior to final examination and approval by control partners,  auditors, and/or regulators.
• Engaged stakeholders in developing the  CISO Dashboard for senior  leadership, showcasing key metrics related  to third-party risk  assessments and improving executive insight  regarding our risk posture.
• Pioneered a cost-cutting initiative  that transitioned approximately 70+ onsite assessments to virtual  platforms, carving out an impressive savings of ~$259,200 for the  enterprise, all while adhering rigorously to TPRM's mandates and without  amplifying risks. This initiative encapsulated a risk-based approach  for both Net New vendors and Cyber Critical/High vendors, underscoring  our adeptness in adapting innovatively without jeopardizing security or  regulatory accord.
• Utilized adept critical thinking and honed  expertise in data analysis tools including RSA Archer, Enlighta, and  Salesforce to craft and disseminate comprehensive risk reports. These  instrumental reports, advocating a data-driven, risk-based strategy,  informed and catalyzed discerning decision-making among leadership tiers  up to the CISO, engendering pivotal strategic augmentations in our risk  management architecture.
• Dedicated approximately 30 hours  executing an exhaustive alignment and gap analysis between TruSight’s  Best Practice Questionnaire (BPQ) and USAA InfoSec’s Due Diligence  Questionnaire (DDQ), which propelled the efficiency and throughput of  third-party risk assessments substantially.

• Spearheaded third-party risk assessments by  fostering collaborative  engagements with internal partners like  third-party relationship  managers, and second and third-line risk and  compliance auditors, as  well as external partners including vendors and  C-Suite executives. Thrived in a highly collaborative and effective  environment, ensuring a harmonized approach towards comprehensive risk  management and compliance adherence.
• Performed over 300 information  security risk assessments of varying complexity for dynamic projects,  technologies, environments, business partners, and third parties  throughout the financial and tech industries.
• Drafted  enterprise-level requirements for the on-boarding and integration of a  new Governance, Risk, and Compliance (GRC) tool, enhancing system  security configurations and risk mitigation effectiveness while  increasing operational efficiency by 35%.
• Developed 29 Quick  Reference Guides (QRG) and recorded 27 hours of instructional videos,  increasing the efficiency of onboarding, training, and standardized  operating procedures throughout the enterprise.
• Formed partnerships  with internal and external Cyber Threat Intelligence (CTI) teams,  producing over 75 Intelligence Reports that directly contributed to the  reduction of enterprise cyber risk by 27%.
• Developed, published,  and maintained complex Information Security governance (e.g., policies,  principles, standards) that define Information Security requirements.
•  Served on Shared Assessments Standardized Control Assessments (SCA)  Committee providing guidance in the security tenets of Physical  Environment, Server Security, Network Security, Cloud Security, and  Threat Management.

• Co-led the development and integration of a penetration testing  framework and methodology derived from industry standards and best  practices such as National Institute of Standards and Technology (NIST),  MITRE's Adversarial Tactics, Techniques, and Common Knowledge  (ATT&CK) framework, and Common Attack Pattern Enumeration and  Classification (CAPEC).

• Served as a key stakeholder in the  development of the cybersecurity team’s penetration testing and  vulnerability assessment roadmap and capabilities for Honeywell  Aerospace's product teams, including the Connected Aircraft, with  specific regards to SATCOM, GPS, and cellular communications.
• As a  co-inventor, submitted three patent applications aiming to solve common  complex Aerospace engineering problems with innovative solutions.
• Led and co-authored a Product Security Guidelines (PSG) handbook for  engineering teams to ensure systems security is woven throughout the  entire Systems Development Life Cycle (SDLC), from concept to market.
• Established a training and education program with a strategic focus in  security through various industry partnerships and Massive Open Online  Courses (MOOC).
• Co-led an effort to establish and standardize Cyber Threat Intelligence (CTI) for the team and organization.
• Authored and reviewed cybersecurity artifacts for Honeywell Aerospace  products and systems adhering to the  Radio Technical Commission for  Aeronautics (RTCA) guidelines (DO-326A, DO-178C and DO-356).

• Managed and operated a $38 million cellular  telecommunications network and virtual cyberspace training environment,  comprised of over 6,000 end items, creating a multi-tiered,  cross-platform-compatible, adaptable, wireless telecommunications  system. This system is utilized in support of service-level training  exercises, providing an Opposing Force communications environment for  the tenets of Signals Intelligence, Electronic Warfare, and holistic  Cyberspace Operations.
• Authored an Urgent Universal Needs Statement  (UUNS) to replace the training network with a plethora of  communications assets valued up to $50 million, updating the training  ranges and electromagnetic signals environment to a modern electronic  battlefield.
• Established a partnership with Defense Advanced  Research Projects Agency (DARPA) on the development and implementation  of Small Unmanned Aerial System (SUAS) swarming technologies implemented  on today’s battlefield and initiated a $3.1 million grassroots project  designed to develop Counter-SUAS training for the Department of Defense  (DoD).
• Trained forward-deploying Marines on Counter  Radio-Controlled Improvised-Explosive-Device Electronic Warfare (CREW)  procedures and electronic countermeasure employment.

• Co-Authored a comprehensive Battalion  Cybersecurity Policy covering: Acceptable Use Agreements, Clean Desk  Policy, Change Management, Email Policy, Ethics Policy, Password  Construction and Protection Policy, Authorized Software and End User  License Agreements.
• Led a collaborative project with the Office of  Naval Research (ONR), Massachusetts Institute of Technology Lincoln  Laboratory (MIT-LL), and Johns Hopkins’ Applied Physics Laboratory (APL)  on the development of a multi-million-dollar Tactical Cyber Range (TCR)  to train and certify Marines on full spectrum cyberspace operations,  from the national to the tactical edge.
• Developed a state of the  art Joint Cyberspace Operations Lab for the employment and testing of  Offensive and Defensive Cyberspace Operations (OCO/DCO) tactics,  techniques, and procedures (TTPs). This lab was engineered with no cost  to the command, while valued over $400,000.00.
• Designed mission  critical hardware and software platforms designed to conduct Computer  Network Exploitation (CNE) in a forward-deployed setting while  maintaining secure software updates, policy compliance, and  accountability of $1.2 million of assets.
• Designed, and configured a  state of the art wireless network training lab, enabling the  development of multiple training scenarios allowing for flexibility and  realism utilizing a combination of virtual and physical environments  comprised of over 30 cyber personas, 50 client devices, 45 mobile  devices, 20 servers, and 15 Wireless Access Points (WAPs), using a wide  variety of desktop and mobile operating systems, with a total system  valuation over $1.8 million.
• Led 25 Wireless Network Engineers through a training and certification  program of Signals Intelligence support to Cyberspace Operations and  Computer Network Exploitation on behalf of the National Security Agency  (NSA) and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).

• Served as a Direct Liaison for National Tactical Integration (NTI) of Signals Intelligence support to Cyberspace Operations and Computer Network Exploitation on behalf of the National Security Agency / Central Security Service (NSA/CSS) and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).