Charles S.

Kirkpatrick Senior IT Security Program Manager

To obtain a dynamic Information Technology Security position that will utilize my years of experience ensuring security
assurance, securing network systems and data are secured with confidentiality, integrity and availability. Areas of expertise
and interest include: Information Security, Project Management, and Information Technology Support experience with
Security Clearance: DOD Top Secret, DHS, & DEA adjudicated.
 Experience includes Ongoing Assessments, SCA-SME, POA&M management / remediation, Cybersecurity
Maturity Model Certification (CMMC), assessments, operating systems, data communications, analyzing
scans & running scans, database management, client-based and server based operating systems and
applications, local area networks, wide area networks, and email systems. Conducted security tests and
evaluations FedRAMP & FedRAMP+, Architecture, preforming (ST&E) for a security product evaluations.
Experienced in National Institute of Science and Technology (NIST) 800-37, and 800-60 Rev3 & Rev4 process.
Knowledgeable in the implementation of Defense Information Systems Agency (DISA) Secure Technical
Implementation Guides (STIGs), ATT&CK, NIST 800-30 Risk Management Framework (RMF), and 800-53 rev4
requirements. Reviewing & approving FIPS 199, reviewing system implementation of FedRamp policies at
USAID. I have experience in CSF Support for HIPAA and NIST Implementation, Policy development, and
Compliance. I also provided oversite and compliance of Amazon AWS & Microsoft AZURE. I also use the site
CVE to keep my knowledge fresh on the latest vulnerabilities.
 Lead Experience with the following Government Agencies & Programs: Experience with DoD Cybercom, JSP,
OSD experience, DHS, DoD, JFHQ, DODEH, CMS, USAID, DISA, DMA, DSS and DARPA.
 Experience with Security Tools: Nessus (Tenable), DB protect, Splunk, HP WebInspect, nMAP, Cenzic,
Wireshark, nCircle, and Audits Dashboard.
 Cloud Experience in Assessment, FedRAMP package review/submission: AWS, Microsoft Azure, Akamai,
GovCloud, Google Suite, and Salesforce.

EDUCATION:
 West Virginia State University, Institute, WV; Bachelors of Science in Communications. Graduated:
December 2009.

CERTIFICATES:
 CASP CompTIA Advanced Security Practioner CE certified
 CompTIA Security+ ce certified
 CompTIA A+ certified
 CISSP IN PROGRESSPROFESSIONAL EXPERIENCE

TRAINING:
 Cyberspace and Cybersecurity course at University of Maryland University College for the Cyber Security
Master’s Program (6 Hours completed). December 2011
 Department of the Army Certificate of Training for Information Assurance Fundamentals (40 Hours). May
28, 2013
 Risk Management Framework experience 2014 to present day.

EXPERIENCE:

Boundary Security Manager (System Compliance) SAIC

07/2020 – Present Vienna, VA

Responsible for providing policy compliance measuring NIST 800-53 Controls, and FRTIB system boundaries. My
duties consist of analyzing risk (likelihood, and impact) for various FRTIB systems and policy. Providing support to the

NTT DATA, Inc.

nttdata.com/americas
Assessments & Authorization, SCA’s, POA&M remediation/tracking, conducting assessments, analyzing waivers,
generating hardware software/ application activity report, system monthly metrics, and creating system boundary
diagram. Analysis scans: Nessus, DB protect, and Webinspect. Maintaining FISMA guidelines, making sure all systems
are up to (ATO) authority to operate by FRTIB standards, reviewing (CIA) of the contingency plans and security
system plans. Quantitative analysis of RMF and all FRTIB systems. Tracking all agency assigned security servers,
mobile applications, patching, email, exchange, and remote access. Preparing monthly reports, and quarterly
reports. Over seeing ISSO’s artifacts, POA&M status, document review, rev.4 migration to rev.5 compliant, and
creating waivers. Experience in reviewing system implementation of FedRamp policies. I also provided oversight and
compliance of Amazon AWS & Microsoft AZURE. While holding a steading rapport with the government client.

Security Control Assessor Raytheon

07/2019 – 04/2020 Annapolis Junction, MD

Responsible for providing ACT Adaptable Capability Test risk assessments to the CMS customer. Primary
responsibilities are perform risk assessments using the ACT structure starting with a prelim meeting presentation,
next an assessment test plan meeting/report, then we conduct the risk assessment questionnaire / document review
along with the security technical testing. Finally we provide the customer with results of the assessment with a
technical CAAT file and Security Assessment Report with all the details outlined in the assessment. Once the
assessment evaluations has been taken care of we provide the customer with the security package with test results,
reports, findings, remediation strategies, email correspondence, artifacts, and system documentation.

Information System Security Compliance Officer/Project Manager Two Six Labs

10/2018 – 07/2019 Arlington, VA

Responsible for providing governance and compliance classified systems for all Two Six Labs accreditation systems.
Monitoring all systems Two Six Labs and prepping information security package in OBMS and EMASS. With the
guidance of Risk Management Framework and NIST. My duties consist of combining scorecard findings and brief
senior staff, providing an overview of the vulnerabilities of military networks, mission systems, and Harding systems
to reach system accreditation.

Lead Cyber Defense Risk Analyst (Connection Approval) Booz Allen Hamilton
02/2018 – 10/2018 Arlington, VA

Responsible for providing leadership supporting Joint Service Provider (JSP) applying Risk Management Framework
to their Connection Approval team for all external systems. Also, support Assess Only systems. Duties consist of
combining scorecard findings and brief senior staff, providing an overview of the vulnerabilities of military networks,
weapon systems, and installation using (DCS) Defense Cyber Scope. Also, other duties consist of system portfolio
management, reviewing & approval of (SCA) Security Control Assessments, and Certification & Accreditation
assessment packages. During assessments I review ACAS/ Nessus scans & DISA STIG findings and create an analyst of
the likelihood and impact of each vulnerability. Utilizing Splunk to pull system statistics and audit logs. Reviewing
remediation plan of systems vulnerabilities so they can gain an "ATO". Experience in reviewing system
implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS system. We assess
CCRI and Splunk risk scores to gage the system posture. Working with a cohesive team in Joint Staff CIO team to
develop a common control catalog & cyber manual to help bolster Joint Staff's cyber policy. Also providing (CMRS)
Continuous Monitoring with status updates and leveraging the repository tool EMASS.

Lead Technical Project Manager Akamai Technology

04/2017 – 01/2018 Reston, VA

NTT DATA, Inc.

nttdata.com/americas
Leading the FedRAMP+ initiative for several DoD clients on behalf of Akamai. Providing support, technical expertise,
cloud products (Fast DNS, Content Delivery, Free Flow, Luna Control Center, Web Firewall, and Accelerated Network
Services) for our FedRAMP+ customers. Leading the FedRAMP+ team while providing our federal and commercial
customers with system documentation including SSP, CP, IRP, POA&M report, Continuous Monitoring Plan &
Monthly Report, and System Categorization etc. I am also responsible for prepping our monthly continuous
monitoring report: scanning 20% and running queries for the IPs, researching NVD’s latest CVE’s to see if we have
remedy for those vulnerabilities, also updating existing POA&Ms. Our team works diligently with our 3PAO for
annual assessments. Also corresponding with our federal client and providing executive summaries to gain the ATO. I
provided all our system documentation and reports on Max.gov and eMASS (clients repository).

Security Control Assessor Spry Methods

06/2016 – 04/2017 Tysons Corner, VA

Responsible for providing risk assessment for the Department of Interior Client. I provide Security Authorization
Assessments (SA&A), Security Control Assessments (SCA), Privacy Threshold Assessments (PTA), Privacy Impact
Assessments (PIA), 1/3 security control assessing, and Compliance of system reviews. Also, my experience in this role
includes analyzing Security Assessment Reports (SAR), Security Assessment Plan (SAP), reviewing Nessus Database
and web application scans, Remediation of findings (POA&M report), guidance of security control inheritance,
guiding & training new staff on processes of our assessment procedure, reviewing FedRAMP packages, and
conducting meetings with system stakeholders on the current activities or the final assessment findings. Periodically
travelling to Denver to assess different systems while keeping a professional rapport with the DOI client.

Lead Cyber Risk Analyst (ISSM) Booz Allen Hamilton

03/16 – 06/2016 Arlington Hall Station

Responsible for providing supporting collaborative efforts for National Guard Bureau on updating there cyber policy
from DIACAP to (SP 800-37) Risk Management Framework. Duties consist of combining scorecard findings and brief
senior staff, providing an overview of the vulnerabilities of military networks, weapon systems, and installation using
(DCS) Defense Cyber Scope. Also other duties consist of system portfolio management, reviewing & approval of
(SCA) Security Control Assessments, and Certification & Accreditation assessment packages. During assessments I
review ACAS/ Nessus scans & DISA STIG findings and create an analyst of the likelihood and impact of each
vulnerability. Reviewing remediation plan of systems vulnerabilities so they can gain an "ATO". Experience in
reviewing system implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS.
Working with a cohesive team in NGB J6/CIO team to develop a common control catalog & cyber manual to help
bolster NGB's cyber policy. Also providing (CMRS) Continuous Monitoring with status updates and leveraging the
repository tool EMASS.

Lead Information Assurance Risk Analyst (ISSM) Foxhole Technology

06/15 – 03/16 USAID 2733 Crystal Drive
Arlington, VA
Responsible for Information Assurance Governance and Compliance of USAID systems. Measure NIST 800-53, 800-
37, 800-30, and 800-60 against USAIDs 545 policy. Provide Risk Management Consulting. Experience in conducting
(SA&A) Security Authorization and Assessment (SCA) Security Control Assessment reviews. Provide management
support of POA&Ms. Overseeing remediation of vulnerabilities of systems, websites, and databases. Review and
approve artifacts from the system ISSO to satisfy assessed controls. Running the following documents: SSP, SAP, SAR,
CP, CPT and FIPS 199 through a quality checklist. Analyzing vulnerabilities of Nessus, Cenzic, and nCircle scans.
Reviewing and approving FIPS 199. Conduct executive briefing with CIO and AO. Providing Monthly and Quarterly
reports to USAID government personnel. Experience in reviewing system implementation of FedRamp policies. I
also provided oversite and compliance of Amazon AWS. Proving Continues Monitor support with CSAM software

NTT DATA, Inc.

nttdata.com/americas
tool. CSAM surge migration experience. Provide guidance and assistance writing policy USAID 545 policy. USAID
Portfolio consists of: created “Remediation Plan”, “External System Control’s list”, and “SOP of SA&A process”.

Cyber Security Risk Analyst (ISSM) TAPE LLC

02/15 – 06/15 DHS ICE 801 I Street
Washington, DC

Measure NIST 800-53 Controls, and DHS 4300 Controls to various DHS systems. Analysis risk (likelihood, and impact)
for various ICE systems and policy. Experience in Ongoing Assessments, SCA’s, POA&M remediation, conducting
assessments, analysis waivers. Analysis scans: Nessus, DB protect, and Webinspect. Maintaining FISMA guidelines,
making sure all systems are up to (ATO) authority to operate by DHS standards, reviewing (CIA) of the contingency
plans and security system plans. Quantitative analysis of RMF and all DHS/ICE systems. Security servers, mobile
applications, patching, exchange, and remote access. Preparing monthly reports, and quarterly reports. Over seeing
ISSO’s artifacts, POA&M status, document review, rev.3 or rev.4 compliant, and creating waivers. Experience in
reviewing system implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS &
Microsoft AZURE. While holding a steading rapport with the government client.

Network System/Security Administrator STG Inc.

02/14 – 02/15 DEA Head Quarters 600 Army Navy Drive
Arlington, VA
Responsible for conducting information systems security risk and mitigation assessments and providing outstanding
secure network system support services to the DEA Headquarters; which includes the following tasks: Run
vulnerability scanners, and use security testing tools; Wireshark, Symantec Endpoint Encryption, Nessus, Snort.
Configuring secure network devices; switches, routers, servers and applying port security. I provide support on Data
Recovery, Secure File Transfer Protocol (SFTP), PowerShell scripting. Configure workstations for compliance with DEA
security requirements. Server Management - Using a script to reboot and track servers, run maintenance, and
(allocating network storage) host network drivers; Monitor network traffic and optimize network performance -
Microsoft Server Manager 2008 & 2012; Creating Printer Queues, using DEA security protocol with DHCP/DNS -
corresponding all mac addresses, computer names, IP’s, and drop information; VMware Hypervisor (HyperV);
Provide connectivity for DEA users; Remote Desktop to conduct Data Scans for workstation vulnerabilities &
installing software patches; Applying Bit-locker encryption & Symantec Endpoint Encryption to workstations and
tablets; experience with UNIX shadow password encryption. Administering DEA groups and user accounts, including
adding, deleting accounts, and setting appropriate permissions; Perform regular scheduled backups. Maintain
remote user assistance capabilities secure VDI login - (VPN); and Track all service, and incident request in Microsoft
Service Manager.

Enterprise Service/Security Support Yoh Federal Contracting NMCI/CoSC

Bolling AFB 256 Chappie James Boulevard
07/13 – 02/14 Washington, DC

Provided information technology support services for the Navy & Marines system and network assistance on
classified and unclassified networks. Provided experience and sound judgment as well as being able to follow pre-
established procedures and instructions to identify issues like 802.1x, port security, secure classified MAC address
locked floors, and resolve technical problems including classified mobile devices, and used Kerberos protocol for
scan to file. Documented, tracked, and monitored problems to ensure timely resolution of each assigned ticket
through the Remedy and HP Service (SM7) ticket systems to ensure timely resolution.

L-3 Stratis
Tier II / Tier III IT Specialist
09/12 – 07/13 Pentagon, Washington DC Hoffman Building, VA

NTT DATA, Inc.

nttdata.com/americas
Provided excellent customer support to end users’ hardware and software, on Headquarters Department of the
Army classified and unclassified networks. As first line of defense for security reported incidents, provided sound
decisions and judgments, in regard to, pre-established procedures and instructions to identify and resolve technical
and security related problems. Experience in holding elevated administrative privileges and rights in software
programs. Experienced in documenting, tracking and monitoring security and non-security problem tickets that are
used in Remedy Tickets Systems to ensure timely resolution of IT problems. Performed excellent IT support services
for senior leadership and high level officials. Performed these identical duties off-site providing excellent support
services to Senate Russell
& Rayburn (Capitol Hill), Center of Military History (Ft. McNair), Ft. Myers, Governmental Accountability Office
building. Other key responsibilities are as follows:

 Configured workstations to meet security requirements, Active Directory & Active Client, Conducting CAC
PIV’s, install/remove computer units.
 Reimaged computers using Sympantics /Altiris, prepping hard drives, configure local and network printers,
mapping printers, replaced parts in computers and printers.
 Migrated Domains, Operation Systems (Upgrade), Backup data to shared drive,
 Provided Blackberry support.
 Configured Outlook Enterprise Emailing system, VPN SSL Pentagon and Juniper set up, using remote system
Dameware.
 Conducted EFS provision and re-provisioning of CAC Cards and set up user accounts.
 Handled password resets, activate Microsoft Windows, Warranty Checks, Lifecycle replacements.
 Troubleshot and resolved trouble tickets related to technical difficulties with hardware, software, and the
network.
 Resolve network switch and connectivity issues.
 Collaborated with Tier I and Tier IV. Validated issue resolution on the customers’ behalf. Verified, with the
customer, that the issue was resolved and updated the ticket system.
 Trained newly hired Tier I, Tier II, and Tier III technicians.

Award:
 Fort George G. Meade Commander’s Certificate of Excellence. April 15, 2013

NTT DATA, Inc.

nttdata.com/americas