CYBERSECURITY PROFESSIONAL, MENTOR, & EDUCATOR
CHRISTIAN, HUSBAND, FATHER,
ADVANCED INFORMATION SYSTEMS AND CYBERSECURITY PROFESSIONAL WITH OVER 18 YEARS OF EXPERIENCE. A DEDICATED COMPLEX PROBLEM SOLVER AND TRUE SUBJECT MATTER EXPERT IN DESIGNING, IMPLEMENTING, AND TROUBLESHOOTING SYSTEMS, NETWORK INFRASTRUCTURE, SECURITY, AND COMPLIANCE TO A MYRIAD OF MILITARY AND PRIVATE SECTOR PLATFORMS. PASSIONATE ABOUT CULTIVATING TOP TALENT AND DEVELOPING LEADERSHIP.
RETIRED CHIEF WARRANT OFFICER 3, USMC
RECIPIENT OF THE NATIONAL ENGAGED LEADERSHIP AWARD FROM THE NATIONAL SOCIETY OF LEADERSHIP AND SUCCESS.
MY KNOWLEDGE LEVEL IN CYBERSECURITY
SECURITY & RISK MANAGEMENT
SECURITY ARCHITECTURE & ENGINEERING
COMMUNICATION & NETWORK SECURITY
IDENTITY & ACCESS MANAGEMENT
SECURITY ASSESSMENT & TESTING
SOFTWARE DEVELOPMENT SECURITY
THIRD PARTY VENDOR RISK MANAGEMENT
NOV 2018 - OCT 2019
Principal Cybersecurity Architect & Red Team Lead
• Served as a key stakeholder in the development of the cybersecurity team’s penetration testing and vulnerability assessment roadmap and capabilities for Honeywell Aerospace's product teams, including the Connected Aircraft, with specific regards to SATCOM, GPS, and cellular communications.
• Co-led the development and integration of a penetration testing framework and methodology derived from industry standards and best practices such as National Institute of Standards and Technology (NIST), MITRE's Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, and Common Attack Pattern Enumeration and Classification (CAPEC).
• As a co-inventor, submitted three patent applications aiming to solve common complex Aerospace engineering problems with innovative solutions.
• Led and co-authored a Product Security Guidelines (PSG) handbook for engineering teams to ensure systems security is woven throughout the entire Systems Development Life Cycle (SDLC), from concept to market.
• Established a training and education program with a strategic focus in security through various industry partnerships and Massive Open Online Courses (MOOC).
• Co-led an effort to establish and standardize Cyber Threat Intelligence (CTI) for the team and organization.
• Authored and reviewed cybersecurity artifacts for Honeywell Aerospace products and systems adhering to the Radio Technical Commission for Aeronautics (RTCA) guidelines (DO-326A, DO-178C and DO-356).
JUNE 2013 - JUNE 2016
U.S. MARINE CORPS
1st Radio Battalion | Camp Pendleton, CA
• Co-Authored a comprehensive Battalion Cybersecurity Policy covering: Acceptable Use Agreements, Clean Desk Policy, Change Management, Email Policy, Ethics Policy, Password Construction and Protection Policy, Authorized Software and End User License Agreements.
• Led a collaborative project with the Office of Naval Research (ONR), Massachusetts Institute of Technology Lincoln Laboratory (MIT-LL), and Johns Hopkins’ Applied Physics Laboratory (APL) on the development of a multi-million-dollar Tactical Cyber Range (TCR) to train and certify Marines on full-spectrum cyberspace operations, from the national to the tactical edge.
• Developed a state of the art Joint Cyberspace Operations Lab for the employment and testing of Offensive and Defensive Cyberspace Operations (OCO/DCO) tactics, techniques, and procedures (TTPs). This lab was engineered with no cost to the command, while valued over $400,000.00.
• Designed mission-critical hardware and software platforms designed to conduct Computer Network Exploitation (CNE) in a forward-deployed setting while maintaining secure software updates, policy compliance, and accountability of $1.2 million of assets.
• Designed, and configured a state of the art wireless network training lab, enabling the development of multiple training scenarios allowing for flexibility and realism utilizing a combination of virtual and physical environments comprised of over 30 cyber personas, 50 client devices, 45 mobile devices, 20 servers, and 15 Wireless Access Points (WAPs), using a wide variety of desktop and mobile operating systems, with a total system valuation over $1.8 million.
• Led 25 Wireless Network Engineers through a training and certification program of Signals Intelligence support to Cyberspace Operations and Computer Network Exploitation on behalf of the National Security Agency (NSA) and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).
DEC 2011 - JUNE 2013
U.S. MARINE CORPS
Center for Information Dominance, Corry Station |
I.T. Instructor, Course Chief, & Curriculum Developer
• Directly led, supervised, and mentored 12 instructors, 2 curriculum developers, and over 150 Intelligence, Surveillance, Reconnaissance (ISR) Systems Engineer students through instruction, mentorship, physical fitness, and professional development.
• Managed a budget of $2.1 million and maintained positive control of $4.6 million of radio, satellite, and computer network operations equipment.
• Developed and conducted over 700 hours of and training, with special emphasis on Computer Networking and Security, leading over 150 students to professional Microsoft, CompTIA, and Cisco certifications.
• Designed and engineered a virtual training lab that provided technical skills enhancement in the areas of computer networking design, routing, switching, and troubleshooting, as well as server design and configuration for email, secure file storage and exchange, domain name system, web servers, domain controllers, remote access and authentication platforms.
DEC 2004 - DEC 2009
U.S. MARINE CORPS
1st Radio Battalion | Camp Pendleton, CA | Iraq & Afghanistan
Intelligence, Surveillance, Reconnaissance (ISR) Systems Engineer
• Served in many technical billets throughout the U.S., Iraq, and Afghanistan in support of the Marine Corps, NSA, and multinational Intelligence Community.
• Installed, administered, maintained, and repaired secure computer, radio, SATCOM, and telephone networks and equipment.
• Managed a team of 35 ISR Systems Engineers in the daily operational status of a Top Secret Joint Worldwide Intelligence Communications System (JWICS) network, Secret Internet Protocol Router (SIPR) and Non-Secure Internet Protocol Router (NIPR) networks for over 2,500 network users, 65 physical servers, 90 virtual servers, maintaining a 99.6% uptime spread across the entire country of Iraq.
NOV 2019 - PRESENT
Lead Information Security Advisor
Third-Party Cyber Risk Assessments
• Develops, publishes, maintains and interprets complex Information Security governance (e.g. policies, principles, standards) that define Information Security requirements.
• Designs, develops and optimizes repeatable methods and measurements for Information Security risk management.
• Performs security risk assessments of complex projects, new technologies, environments, business partners and third parties.
• Influences Information Security risk management strategies and educates and consults with risk owners on best practices.
• Provides consulting (advice, guidance and assistance) across the enterprise, focusing on Information Security risk, to guide the strategic security direction of USAA development projects, departmental initiatives and other special projects.
• Determines requirements, recommends system security configurations, and risk mitigation effectiveness.
• Responds both verbally and in writing to moderately complex inquiries and periodic exams from both internal control partners (e.g. legal, compliance, audit, risk) and external control partners (e.g. regulators, external auditors, third-parties).
• Ensures process owners identify, develop and test Information Security controls for risk mitigation effectiveness.
JUNE 2016 - NOV 2018
U.S. MARINE CORPS
Tactical Training and Exercise Control Group | Twentynine Palms, CA
Signals Intelligence, Electronic and Cyberwarfare Officer
• Managed and operated a $38 million cellular telecommunications network and virtual cyberspace training environment, comprised of over 6,000 end items, creating a multi-tiered, cross-platform-compatible, adaptable, wireless telecommunications system. This system is utilized in support of service-level training exercises, providing an Opposing Force communications environment for the tenets of Signals Intelligence, Electronic Warfare, and holistic Cyberspace Operations.
• Authored an Urgent Universal Needs Statement (UUNS) to replace the training network with a plethora of communications assets valued up to $50 million, updating the training ranges and electromagnetic signals environment to a modern electronic battlefield.
• Established a partnership with Defense Advanced Research Projects Agency (DARPA) on the development and implementation of Small Unmanned Aerial System (SUAS) swarming technologies implemented on today’s battlefield and initiated a $3.1 million grassroots project designed to develop Counter-SUAS training for the Department of Defense (DoD).
• Trained forward-deploying Marines on Counter Radio-Controlled Improvised-Explosive-Device Electronic Warfare (CREW) procedures and electronic countermeasure employment.
JUNE 2013 - JUNE 2016
NATIONAL SECURITY AGENCY (NSA)
1st Radio Battalion | Camp Pendleton, CA
Cyberwarfare/Computer Network Exploitation (CNE) Officer
• Cyberspace Operations and Computer Network Exploitation on behalf of the National Security Agency / Central Security Service (NSA/CSS) and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).
DEC 2009 - DEC 2011
U.S. MARINE CORPS
2nd Special Security Communications Team (SSCT), 1st MarDiv | Camp Pendleton, CA
• Led 1st Marine Division's portion of a Marine Corps wide bandwidth study to provide an overall visualization of the Marine Corps Intelligence, Surveillance and Reconnaissance Enterprise (MCISR-E) by consistently working with the Marine Corps Intelligence Activity (MCIA) and the Long-range Information Networked Communications Services (LINCS) greatly impacting the security and mission accomplishment within the 1st Marine Division Intelligence Community.
• Coordinated mission critical hardware and software upgrades to the Special Intelligence Communications (SPINTCOM) Trojan Switched Extension (TSE) satellite communications suite which is the backbone of 1st Marine Division's SCI communications infrastructure, increasing network bandwidth efficiency and Quality of Service by 145%.
• Conducted 71 SCI indoctrinations, over 110 security screening interviews, 16 official SCI debriefs, over 150 administrative SCI debriefs, 17 foreign travel briefs, and submitted 37 SCI investigations greatly impacting the security and mission accomplishment within the 1st Marine Division Intelligence Community.
MOBILE DEVICE AUTHENTICATOR (MDA)
Critical Transportation Systems (CTS) are becoming edge--enabled to connect mobile devices for safe and secure connected vehicle services. However, these edge-enabled CTS networks have weak cybersecurity implementations. To mitigate cybersecurity threats in the edge enabled CTS network, the paper proposes a novel idea for secure mobile device authentication in the edge enabled CTS network. The proposed idea is a mobile device authenticator module, which allows any mobile device to connect securely to legacy devices through wireless connectivity. This allows a simple implementation to enable a secure Public Key Infrastructure (PKI) solution to authorize mobile devices to connect to legacy devices.
IP.com Disclosure Number: IPCOM000260138D
Publication Date: 2019-Oct-25
COPYRIGHT: Honeywell Aerospace
03 Patents & publications
PSYOP, Deception, and Cyberspace in the Open: Analysing Fake
News in a Cyber new Normal Communications Environment
Over the past 24 months; fake news and integrity cyberspace attacks have become a serious threat to government entities, companies, and individuals. The intended, and unintended, consequences that result from these types of attacks have escalated in complexity, costs, and appear to be a new collection of attack methodologies unique to today’s cyber enabled communications environment. Compromising information systems and exposing the results of targeted information attacks however, have always been a component of warfare tactics called psychological operations (PSYOP) and deception operations. In this paper, we explore the recent rise of the use of traditional psychological and deception attacks against multiple organizations like the Country of Sweden, the United States Democratic National Committee, and hacks against European financial institutions like Deutchse Bank using open-source unclassified cyberspace tools and methods. We apply a Grounded Theory approach to the problem set in order understand how fake news works as a process and determine why some stories go viral and others don’t. We present a resulting model that is both militarily influenced and biologically inspired. We argue that biological nature of the emerged model confirm many exert hypothesis that getting rid of fake news is impossible, but that companies, governments, and individuals can take steps to ‘immunize’ themselves. Throughout the paper, we highlight the effectiveness of these attacks in terms of explicit costs and tacit organizational power. The research shared in this paper also reveals a potential trend towards these types of attacks for the foreseeable future. We conclude this paper by positing a definition of the Cyber New Normal Communications Environment where government entities and businesses conduct information competitions using these tactics to gain business and political advantage.
Keywords: fake news, cyber new normal communications environment, information warfare, biologically inspired
information attacks, integrity attacks, and grounded theory
Terry Traylor • William Wong
16th European Conference on Cyber Warfare and Security (ECCWS 2017)
Publication Date: 2017-June-29