J OHN W.

B ROWN
Miss ou ri C it y, T e xa s
P h: 7 0 3 .7 9 8 .0 5 4 5 E ma il : jwb123@gmx.com www.linkedin.com/in/jwbrown/

INFORMATION TECHNOLOGY, SECURITY & RISK MANAGEMENT EXECUTIVE

Security Subject Matter Expert with history of delivering complex security projects that consistently solve variety of corporate
and government security challenges including threat resistance, system integrity, risk management, disaster recovery and
continuity planning. Skilled in developing comprehensive security plans, leading risk assessments and managing security control
implementations that reduce system vulnerabilities and cyber threats while improving overall security integrity. Possess
integrated understanding of technical, liability, vulnerability and compliance/control perspectives related to managing IT
security and risk issues. Proven ability to apply technology initiatives to broad range of business operatives through
understanding of how technology solutions drive business results.
Possess hands-on leadership strengths that consistently implement positive change by providing motivation, key performance
strategies, spirit of teamwork and accountability; able to assemble talented teams that work cohesively to attain goals. Unique
ability to communicate on business and technology issues, bridging the comprehension gap between business people and
technologists. Reputation for producing results despite challenges, intense commitment to customer needs, ability to thrive in
any situation and wide range of technical and procedural expertise.

SECURITY-SPECIFIC, TECHNOLOGY & MANAGEMENT PROFICIENCIES

Security & Risk Management

Threat & Risk Assessment
Policy / Standards Implementation
Relationship Building
Intrusion Detection
Capacity / Contingency Planning

Project Management
Client/Server Architecture
Vulnerability Assessments
Incident Response Reporting
Productivity Improvement
Security Monitoring

Performance Analysis
Business Continuity Planning
Disaster Recovery
Compliance Analysis
Systems Administration
Network Activities

CAREER & ACHIEVEMENT SUMMARY

INDEPENDENT CONSULTANT - Missouri City, TX
Provider of Information Technology, Cybersecurity, Information Assurance, and Risk Management Services to the Federal
Government

Information System Security Officer (1.2015 to Present)

Hired to provide information security SME support services to include management of security, vulnerability and risk and
implementation and testing of management, operational and technical controls for U.S. Secret Service Infrastructure; coaching
younger members of ISSO team. Provided comprehensive IT security consulting to system owners regarding security incident
reports, equipment/software inventories, operating instructions, asset management, technical vulnerability management and
contingency plans. Authored System Security Plans and Contingency Plans, reported status of compliance actions and
collaborated with system owners to develop plan of action to mitigate any vulnerabilities.

TISTA SCIENCE AND TECHNOLOGY Rockville, MD

Leading Provider of Program Management, Information Technology, Cybersecurity, Information Assurance, Application
Development and Financial Management Services to the Federal Government

SECURITY ENGINEER / INFORMATION SYSTEM SECURITY OFFICER (1.2014 TO 12.2014)

Hired to serve as Security Policy Subject Matter Expert with responsibility for developing and maintaining the Security Reusable
Program Level Requirements database including building database to map the Internal Revenue Services security controls to
the FISMA/NIST SP 800-53 R4 controls. Following assignment to the USSS contract, daily activities included management of
security, vulnerability and risk and implementation and testing of management, operational and technical controls for U.S.
Secret Service Infrastructure; coaching younger members of ISSO team. Provided comprehensive IT security consulting to
system owners regarding security incident reports, equipment/software inventories, operating instructions, asset management,
technical vulnerability management and contingency plans. Authored System Security Plans and Contingency Plans, reported
status of compliance actions and collaborated with system owners to develop plan of action to mitigate any vulnerabilities.
Proactively assumed leadership role on the project with the IRS. Developed an executive level briefing to promote
usability of teams to work in other departments. Completed the update of the Security Reusable Program Level
Requirements database that merged the security requirements from the Federal level with the IRS requirements. Database
had 1500 security requirements.

John W. Brown, Page Two

Consistently maintained customer confidence in teams ability to produce results by effectively managing customer
relations and delivering all work products on time, with attention to quality.
Saved users numerous hours of reviewing each requirement and deciding its applicability to their systems above by
facilitating greater usability of database through development of questionnaire to be presented to each user once
database was open.
Reassigned as a senior Information System Security Officer to help the US Secret Service rebuild its security compliance
team. Defined procedures for capturing asset inventory information and for identifying vulnerabilities and mitigation
strategies. Developed test strategies for testing security controls of a new application and oversaw writing of System
Security and Contingency Plans.

MERLIN INTERNATIONAL Inc. Vienna, VA

Veteran-owned Government Contracting Company engaged in areas of Cyber Security, Network Performance Management,
Cloud System Deployment and Application Development/Deployment

SENIOR SECURITY ENGINEER (10.2012 TO 10.2013)

As Information Assurance SME, and expertise in security assessments, certification and accreditation, charged with managing
establishing governance, risk and compliance (GRC) security components for the U.S. Department of Veterans Affairs (VA)
Office of Information Technology. Tracked budgeted vs. billed project expenses, supervised hardware installation, setup and
configuration, overseeing all support issues. Supervised team of 10 including two subcontractors

Delivered critical Veterans Affairs project, a deployment of a Governance, Risk and Compliance (GRC) tool, RiskVision,
on time and within budget. Oversaw staff of ten, ensured project deliverables were submitted on time while meeting
quality standards.
Improved VAs Security Authorization assessments by authoring number of project deliverables including Service Level
agreement, Help Desk Plan/Procedures and Escalation plan, utilizing MS Project for project planning and tracking activities.
Maintained project productivity by establishing Service Management Plan and Procedure based on combination of
Information Technology Library and Microsoft Operation Framework Guidelines and creating ticketing procedures using
Computer Associates Service Desk Manager.
Enabled capturing of asset and vulnerability information and ability to perform continuous assessment of their
information systems 400,000 assets and 600 systems.
Personally completed the implementation of the contracts required 24x7 help desk support / call center despite lack of
funding by negotiating for less coverage, establishing staggered work schedule to address prime coverage. Funds
subsequently reimbursed when it was determined that center was key to continued work on contract.

EXALT INTEGRATED TECHNOLOGIES Roswell, GA

Government Contracting Company, a Veteran-owned business providing Cyber Security, Network Performance Management,
Cloud System Deployment and Application Development/Deployment
INFORMATION SYSTEM SECURITY PROGRAM MANAGER (4.2010 TO 10.2012)
Retained to help establish formal Security Management program for Departmental Management (DM), one of the U.S.
Department of Agricultures agencies. Advised and coached government counterpart in all essential duties of a Security
Program Manager, with accountability for security compliance, vulnerability management and risk management of all DM
system consisting of two general support systems and 18 major applications.

Delivered comprehensive Security Management Program covering asset management, change management, business
continuity and disaster recovery planning, vulnerability management and risk management.
Led security assessment of several cloud-based systems including Amazon Web Services and Salesforce Cloud Services,
both hybrid Cloud implementations that where part Infrastructure as a Service (IaaS) and Software as a Service (SaaS).
Provided recommendations for data encryption and operational security to comply with Federal security policy.
Wrote all System Security and Contingency plans as well as Configuration Management Plans for all systems,
collaborating daily with Cyber security team.
Instrumental in reducing vulnerabilities, implementing new systems and evaluating new technologies by overseeing all
aspects of the Information System Security Program.
Provided security compliance, vulnerability management and risk management for all DM systems, consisting of two
general support systems and 18 major applications.

John W. Brown, Page Three

Successfully brought all systems into compliance, updated their documentation, reduced vulnerabilities and
reaccredited all systems.
Program included approximately 20 applications including three General Support Systems, with the rest being Major
Applications. GSS accounts for 40,000 assets across 19 locations and process involved establishing an effective account
management procedure and all system accounts.
Established vulnerability assessment procedure, mitigation process, patch management process and change
management process which was updated to include security review and risk assessment procedure.
Maintained business continuity in case of failure by creating Business Impact Assessment before developing allencompassing contingency plans to address all scenarios such as natural disasters, accidents, human errors or hardware
failures.
Effectively maintained and managed Contingency Plans by leading a Business Impact Assessment (BIA) prior to writing
the CP, including plans which called for high availability which meant there was instant failover in case of an outage with
no loss of service to business or customer and systems with low availability that could sustain a small period of time
without service with minimal impact to user community.
Successfully completed security assessment and authorization of 20 systems, maintaining compliance with FISMA, the
Federal Information Security Management Act.

EARLY CAREER PROGRESSION

Information System Security Officer Knowledge Consulting Group (KCG) City, State (2008 to 2010)

Hired as part of Transportation Security Administration (TSA group) following departure of previous ISSO during
companys rebuilding process to address backlog of security issues. Directed all phases of TSAs most complex system
including the wide area network, local area network, windows infrastructure and end-user devices.
Significantly reduced over 400 action plans to a manageable few in just eight months including consolidation of all
440 remote operations ensuring physical and technical controls were up to TSAs standards; first agency up and
running in the new Department of Homeland Security Data Center.
Awarded ISSO of the year by the Department of Homeland Security.
Served as active member of Change Control Board with voting rights on any system changes such as firewall rules,
configuration files and hardware changes.

Vice President of Operations JAD Corporation, Norcross, GA (2003 to 2009)

Assigned to the National Guard Bureau (NGB) as their Project Manager during companys conduction of an asset
inventory of all NGB IT assets across the 50 states and four territories. Facilitated interface with the inventory team
and NGB.
Played key role in deciding to store data collected into searchable online database; once database deployed, ensured
that system was documented and accredited by developing all necessary documentation required.
Acted as Principal writer of security documentation and building a small business practice to offer security
assessment services to other groups such as the Department of Agriculture and the National Geological Survey, which
led to companys diversification and development of Managed Services offering for small-to-medium businesses that
included a security operations center providing 24/7 client monitoring.

Owner NTSim Alexandria, VA (1999 to 2003)

Launched this startup that developed a simulation modeling tool that predicted response times and resource utilizations
in a MS Active Directory Network; joint venture included team of developers from the U.K. and a directory services
company from Phoenix, while personally serving as simulation modeling SME. Coordinated all team components to
ensure optimum system functionality.

John W. Brown, Page Four

TECHNICAL INVENTORY
Software: Microsoft Office, Microsoft Project, Microsoft Visio, LogRythm, SolarWinds, OpNet, RiskVision, CSAM, Qualys Guard,
Nessus, McAfee Vulnerability Manager, Service Desk Manager, Tivoli, BMC Remedy, SalesForce, McAfee ePO
Hardware: Dell Servers and laptops, HP Servers and laptops
Programming: Visual Basic
Operating Systems: Windows Servers 2003/2008/2012, Windows 98/2000/ME/XP/Vista/7 and 8, Apple iOS
Data Management: SQL, DB2, Oracle
CompTIA Security+ Certification
Currently Matriculating at American Military University Major BS in Information Security/Enterprise Security
Expected graduation May 2016.