SUMMARY

• ver thirteen years of experience within the government and commercial sectors performing and leading cyber security control assessments, threat analysis, information security architecture reviews, information security policy development, cybersecurity performance reviews, and organizational programmatic analysis.
• Mr. Mayers has broad experience transforming Chief Information Security Offices performing as an Cybersecurity Performance Program Manager, Audit Liaison, and Security Control Assessor improving coordination with Inspector General audit teams, developing technical security assessment reports, and improving vulnerability assessment (VA) results within tools such as Tanium Endpoint Management and RiskVision governance, risk management, and compliance (GRC) tools to improve Asset Discovery and Vulnerability Management Programs.
• Mr. Mayers has in - depth experience assessing technical compliance with leading cybersecurity frameworks and best guidance which includes ISO 27001 information security management system (ISMS), Payment Card Industry Data Security Standard (PCI DSS), National Institute of Standards and Technology (NIST) Special Publication (SP), "Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems" and NIST SP, "Security and Privacy Controls for Federal Information Systems and Organizations," with a focus in business mission risk analysis, internal Information Technology (IT) controls reviews, analyzing compliance with Federal laws and regulations which include; Federal Information Security Modernization Act of 2014 (FISMA), and Department of Defense (DoD) RMF.
• Mr. Mayers has experience developing Independent Validation and Verification (IV&V) Programs, enterprise level IT security policies, System Security and Authorization, IT architecture system security analysis, and database/software development. In addition, Mr. Mayers has extensive experience performing as a technical writer and assisting with the development of Annual FISMA Metrics, US Congressional reports, senior executive reports for the Executive Branch, and briefings on the status of Federal-wide cybersecurity initiatives through the CyberStat program in support of the Office of Management and Budget and Department of Homeland Security (DHS).
• Mr. Mayers performed as a lead technical writer for Guidehouse Cyber Security Solutions and has led and produced several millions of dollars of winning Request for Proposal (RFP) responses across the spectrum of cybersecurity and throughout the commercial industry and Federal government.
• Mr. Mayers has four years of honorable military service in the United States Army and has also earned a BBA in Computer Information Systems with honors and an MBA in General Business Management from the Confidential (UTEP). In addition, Mr. Mayers has maintained Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH) certification since 2007. Mr. Mayers earned the Certificate of Cloud Security Knowledge (CCSK) in 2014 and Certified Scrum Master in 2015.  

PROFESSIONAL EXPERIENCE

Confidential, McLean, VA

• Working in the Cybersecurity Solutions Practice, a component of Guidehouse consulting, Mr. Mayers assisted commercial and Federal organizations with strategic and tactical information security projects across a broad range of technology disciplines applying his experience to identify and remediate vulnerabilities, strategically apply security tools such as Tanium, to discover and remediate enterprise endpoints, develop technical reports, and charts for presentation to cybersecurity executives to aid in the risk management process.
• Mr. Mayers performed an end-to-end assessment of NIST security controls for a commercial client’s government component to support cybersecurity program transformation initiatives.
• Mr. Mayers provided cybersecurity advisory services to a DoD client Chief Information Security Officer (CISO) and assisted the newly formed organization with implementing the Tanium Endpoint Management security tool, aligning to the NIST Cybersecurity Framework, and improving IT asset management procedures for over 700,000 endpoints in near-real-time.
• Mr. Mayers led the Guidehouse contract team support of the DoD client CISO Special Projects Division implementation of innovative cybersecurity initiatives through internal and external stakeholder collaboration and the prioritization of tasks or projects that increase resiliency and get the most business value of multiple technology investments to improve the identification and management of risk throughout the lifecycle of all DoD client IT systems, which included analysis of McAfee Endpoint security tools and Tenable Nessus.
• Mr. Mayers led the DoD client CISO Information Protection Team, supported the Special Projects Division’s strategic and programmatic management efforts to strengthen the resiliency of DoD client systems/platforms through the leveraging and optimization of advanced defensive tools on DoD client networks to increase automation, awareness of threats, risks, vulnerabilities, and mitigation requirements.
• Mr. Mayers led a Federal Agency’s vulnerability management program and led the documentation of vulnerabilities within the RiskVision GRC tool and the development of holistic enterprise-level strategies and program plans based on the Center for Internet Security (CIS) Top 20 “Critical Security Controls for Effective Cyber Defense” and NIST SP “Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems” to reduce system vulnerabilities and improve visibility of the security posture.
• Mr. Mayers performed independent testing of security controls for compliance with NIST and Federal Agency’s standards, developing enterprise remediation business plans for senior executives to increase the visibility of vulnerability management throughout the Federal Agency’s information technology enterprise.
• Mr. Mayers provided cybersecurity advisory and execution services to the Federal Agency’s Chief Information Security Officer (CISO) and developed strategies for managing its enterprise cybersecurity program. Mr. Mayers developed social engineering penetration test plans, provided recommendations on improving communications, business processes, organizational structures, and reporting methods to increase the overall impact and effectiveness of cybersecurity services and operations.
• Mr. Mayers supported the development of orders, policies, and instructions for the Federal Agency’s cybersecurity mission through identifying best practices, federal laws, regulations, and guidelines mandating the protection of information systems, and developing a tailored approach for program management, oversight, and execution of communications among components.
• Mr. Mayers served the lead audit liaison for the Federal Agency’s annual Inspector General (IG) audits for FISMA and/or financial statement audits and aided the development of Information Assurance (IA) policies of multiple federal government agencies by providing guidance, recommendations, and updates to current IA policies in accordance with corresponding legislative and regulatory guidelines to proactively increase data confidentiality, integrity, and security. Mr. Mayers followed generally accepted audit protocols to ensure full compliance, segregation of duties and independence.
• Mr. Mayers served as a Program Manager for the Federal Agency and key interface with senior level Government Client executives to develop a IV&V assessment methodology that increased the overall security posture, reduced risk and increased regulatory compliance with Personally Identifiable Information (PII) standards, FISMA, Federal Financial Management Improvement Act (FFMIA), FISCAM, NIST Special Publications, Federal Information Processing Standards (FIPS), National Security Agency (NSA) Communication Security (COMSEC) Policies and National Security Telecommunications and Information Systems Security Committee (NSTISSC) Guidance.
• Mr. Mayers developed and led an IV&V Program for Federal Agency’s Information Assurance Section (IAS), integrating Institute of Electrical and Electronics Engineers (IEEE) IV&V standards, Capability Maturity Model Integration (CMMI) verification and validation processes, and Project Management Institute (PMI) Project Management Professional (PMP) principles to analyze current IA Policies and organizational compliance.
• Mr. Mayers served as a team lead and key analyst for the Federal Agency’s and Executive Branch CyberStat program conducting analysis and reporting on cyber security data from across the Federal government, including assisting with the development of a common set of FISMA Metrics reporting criteria, which provided annual enterprise-wide reporting guidance to agencies Chief Financial Officers (CFOs), Chief Information Officers (CIOs), and Chief Information Security Officers (CISOs). Mr. Mayers developed key briefing materials that highlighted agencies risks, issues and progress on fiscal year FISMA Metrics goal requirements.
• Mr. Mayers served as a member of a Commercial Client Information Security assessment team; evaluating ISO/IEC 27002:2005 technical controls for the multi-national corporation’s ISO/IEC 27001:2005 based Information Security Management System (ISMS).
• Mr. Mayers provided penetration testing project management plan development support for a Commercial Client Data Centers Risk and Vulnerability Analysis (RVA) Program Management Office (PMO).
• Mr. Mayers served as a member of an executive dashboard software development team for a Federal Agency providing; database development, requirements documentation development, marketing and business development support, database architecture and database performance improvement.
• Mr. Mayers served as a lead analyst for the Commercial Client and performed a FISMA Compliance gap analysis to aid the business pursuit decisions and compliance requirements.
• Mr. Mayers served as a member of the Guidehouse Cyber Forensics team tasked to provide a PCI DSS analysis of financial services technology provider, Commercial Client, Information Security Incident Response policies and standards, Information Security Management documentation and internal compliance. Mr. Mayers conducted the analysis in comparison to practices recommended by the Carnegie Mellon Software Engineering Institute (SEI) Handbook for Computer Security Incident Response Teams (CSIRTs), and the NIST Special Publication (SP) Revision 2, Computer Security Incident Handling Guide.
• Mr. Mayers performed Advanced Persistent Threat (APT) research for internal networks, analyzing the exploits and malware utilized and target networks with the FireEye Malware Protection System and advanced manual traffic analysis techniques to detect active and historic compromise, identify unusual network activity, data exfiltration, and vulnerability exploitation attempts. Mr. Mayers has significant experience developing reports of malware analysis findings for senior executives and multiple levels of the organization, which summarize the findings, risks, and appropriate mitigation.
• Mr. Mayers developed a Quality Management program for Commercial Client Enterprise Program Management Office (PMO), which provided the processes and procedures to manage quality assurance and control across 40 congruent Information Technology projects based on the PMI Project Management Body of Knowledge (PMBOK), CMMI and Information Technology Infrastructure Library (ITIL) v3 Information Technology Service Management (ITSM) practices.

Information Security Analyst

Confidential

• Mr. Mayers provided IA/ Computer Network Operations (CNO) security consulting, consisting of; risk assessments, information security research, penetration and vulnerability analysis of various IA technologies for the Department of Defense (DoD) Agent of the Certifying Authority (ACA) at the Army Research Laboratory (ARL) in White Sands Missile Range, New Mexico, applying the DoD Information Assurance Certification and Accreditation Process (DIACAP) and Defense Information Systems Agency (DISA) security procedures.
• Mr. Mayers supported the certification and accreditation of information systems implementing DIACAP security frameworks utilizing DISA Gold Disk, UNIX SRR, and RETINA assessment software. During DIACAP assessments, Mr. Mayers was responsible for the evaluation of DoD 8500.2 technical controls and indicated the risk level associated with discovered security weakness in Windows and UNIX/Linux based server/workstation environments according to DISA Security Technical Implementation Guides (STIGs). Mr. Mayers also has experience in performing Windows system hardening in accordance with Federal Desktop Core Configuration (FDCC) standards.
• Mr. Mayers performed information security research for the ARL Survivability and Lethality Analysis Directorate (SLAD), analyzing military system design and interface control documentation identifying potential vulnerabilities and susceptibilities within proposed communication nodes, networks, services, devices, and interfaces.
• Mr. Mayers analyzed system architecture diagrams identifying weaknesses and suggesting the placement of firewalls and intrusion detection systems. In addition, he developed virtual machine networks utilizing VMware and performed network attack performance analysis with OPNET network modeling software. Mr. Mayers researched firewall vulnerabilities which affected proposed controlled interfaces between classified and unclassified networks and developed Quantitative Risk Assessment documentation.
• Mr. Mayers derived threat descriptions and provided mitigation for prototype military networks. Mr. Mayers researched proposed network routing hardware to identify current vulnerabilities and exploits/malware. In addition, he co-authored vulnerability assessment reports, which identified vulnerabilities across critical system architectures while embodying Defense in Depth concepts and strategies.
• As a Certified Ethical Hacker (CEH), Mr. Mayers participated in the penetration tests of non-production military networks, to discover vulnerabilities before combat deployment. Mr. Mayers developed test plans, performed internal and external penetration testing, mapped networks with open source and commercial automated scanning tools and attempting to penetrate key resources through identified vulnerabilities and default vendor configurations.
• Mr. Mayers was responsible for the front-end design and back-end transaction processing, reporting, and data analysis of a MySQL database, which included database administration, performance, availability, and compliance with DoD security standards based on a Linux Apache MySQL PHP (LAMP) platform. Mr. Mayers was also assigned as the lead web application developer with duties that included testing, debugging, and designing web based reports and forms utilizing HTML, PHP, SQL, JavaScript, CSS and XML. The web application software he helped develop assisted in the research and development of computer exploits, security tools, and countermeasures.
• Mr. Mayers provided expert consultation to customer team leads preparing/delivering presentations and briefings for senior level military officers and industry executives.

Safety Specialist

Confidential

• Mr. Mayers was responsible for disposal of hazardous waste and inspected facilities for fire hazards and safety violations within National Fire Protection Association (NFPA), Federal Environmental Protection Agency (EPA) and the Texas Commission on Environmental Quality (TCEQ) regulatory standards, taught laboratory and forklift safety courses, and was also a member of an emergency response team responsible for remediating radioactive, chemical, and biohazardous material spills.

E4 Specialist

Confidential

• Mr. Mayers served four years in the Confidential specializing in chemical weapons disposal and leading teams of five or more personnel on missions involving loading and transportation of explosives, toxic material, and spill mitigation/decontamination and was instrumental in the shipment of hazardous chemical weapons for destruction and the development of critical standard operating procedures.