Dec 2023 – Present · 2 yrs 3 mos · Remote

• Lead governance modernization initiatives supporting cloud-native software delivery environments
• Translate NIST 800-53 Rev.5 and NIST SSDF requirements into scalable controls embedded directly in CI/CD pipelines
• Drive adoption of Policy-as-Code and Compliance-as-Code to automate evidence collection and reduce audit burden
• Integrate security tooling including GitLab, ArgoCD, Trivy, SonarQube, Vault, OWASP ZAP, Cosign, and SD Elements
• Advise leadership and Authorizing Officials on Continuous Authorization (cATO) strategies
• Build governance frameworks aligning security requirements with agile development practices
• Mentor analysts and engineers on RMF modernization and compliance automation

Aug 2022 – Dec 2023 · 1 yr 4 mos

• Analyze security posture to determine risk for 3rd party vendors looking to work directly with Amazon
• Provide risk analysis reports and findings after completing a full risk analysis assessment
• Create findings from risk assessments and help the 3rd party develop remediation and mitigation plans by implementing compensating controls
• Determine compliance with ISO27001 standards and issue findings accordingly
• Work with vendors to remediate findings and develop solutions to create compensating controls when necessary

Oct 2021 – Aug 2022 · 10 mos · United States

• Review security exceptions on daily basis
• Follow up with requestors for more information
• Work with requestors to create mitigating controls and develop remediation plan
• Evaluate risk and develop standards to manage it
• Analyze the impact to the PepsiCo network and company by understanding the risk associated
• with each exception

Aug 2019 – Oct 2021 · 2 yrs 2 mos

• Update security controls and support stakeholders on security controls covering internal
• assessments, regulations, and protecting Personally Identifying Information (PII) and classified
• data
• Implement security controls and risk assessment frameworks that align to NIST standards and
• regulatory requirements, ensuring documented and sustainable compliance for classified and
• unclassified systems.
• Perform risk assessments and execute tests of data processing system to ensure functioning of
• data processing activities and security measures.
• Evaluate risks and develop security standards, procedures, and controls to manage risks.
• Document and report control failures and gaps to stakeholders.
• Provide remediation guidance and prepare management reports to track remediation activities.
• Train staff on processes and procedures.
• Plan & engineer the requirements for future network architecture & migration
• Experienced with DoD Risk Management Framework (RMF) Authority to Operate (ATO) process
• and eMASS workflow.
• Utilized eMASS for comprehensive management of security controls, risk assessments, and compliance documentation.
• Configured eMASS to align with RMF (Risk Management Framework) requirements and organizational security policies.
• Developed and maintained security control baselines, ensuring accurate implementation and documentation in eMASS.
• Managed Continuous Integration/Continuous Delivery (CI/CD) pipelines and automated security assessments through eMASS.

Mar 2019 – Aug 2019 · 5 mos · Dahlgren, VA

• Migrated/backed-up data to comply with disaster recovery policies.
• Developed an audit process to track and monitor status of over 200 systems with recurring
• backup requirements.
• Created and implemented a new system of issuing loaner laptops and reimaging upon return.
• Tier 1 and 2 helpdesk experience with desktop support.
• Configuration Control Board meeting coordinator and asset manager.

Nov 2018 – Mar 2019 · 4 mos · Greater Richmond Region

• Completed CompTIA technical training for IT Fundamentals, including: A+, Network+, Security+,
• Cisco Networking (CCENT), Certified Ethical Hacker (CEH), CompTIA Advanced Security
• Practitioner (CASP).
• Intense training in lab environments, including actual networking simulations and training.

Jan 2014 – Nov 2017 · 3 yrs 10 mos

• Sharepoint administrator
• Assisted users in resolving Tier 1 and Tier 2 desktop issues.
• Developed continuous innovation plan to drive workplace efficiency and productivity.
• Awarded the Presidential Volunteer Service Award