Profiles search
Glenn Wathen
Director, Cybersecurity & Information Assurance
Louisville, KY, United States
Details
Experience:
- Direct the Cybersecurity and Information Assurance project activities within the Nuclear, Security and Environmental (NS&E) Global Business Unit (GBU).
- Strategize and establish Cybersecurity programs for government projects.
- Ensure the successful implementation and execution of RMF, RMAIP, and CUI requirements on government projects, to include DoD and DoE. - Utilize NIST 800-37, 53, 82, 137, 171, ISO-27001 and other publications to establish, maintain compliance and conduct operations in a secure environment.
- Obtain Authorizations to Operate (ATO’s) and administer robust Continuous Monitoring programs.
- Oversee the Cybersecurity Maturity Model Certification (CMMC) program.
- Manage a Cybersecurity team with diverse skill sets and specialties deployed globally on multiple projects.
2015 : Present
Bechtel National Inc
Director, Cybersecurity & Information Assurance (NS&E)
• Direct the demilitarization (DEMIL) sites Integrated Control Systems Cyber security program in both Richmond, KY and Pueblo, CO. Manage a plant-wide Information Assurance (IA) organization with purview over design and construction and plant operations at both sites.
• Work with the Plant Operations team to develop mutually accepted Information Assurance procedures for the Facility Control System (FCS) and Laboratory Information Management System (LIMS) that provide documentation of the physical and technical safeguards that are in place to protect the storage of DoD Information on the production ICS and for data network monitoring managed by the IA team
• Direct and supervise a cohesive team comprised of both a 14 member central IA staff and specialists deployed into other organizations.
• Oversee and administer continuous monitoring daily and coordinate with other functional departments to address and mitigate compliance violations.
• Oversee a FISMA compliant system authorization program based on the NIST Risk Management Framework (RMF) and other appropriate NIST guidance.
• Collaborate with the Instrumentation & Control Engineering team to develop appropriate data backup and restore procedures for the Facility Control System.
• Work collaboratively with DoD officials to ensure proper cyber security measures are in place for the DEMIL site.
• Provide reports, maintain accountability and execute high level briefs up to congressional officials.
• Conduct annual Organizational Self-Assessment (OSA) and create self-assessment reports for submission to ACWA-HQ.
• Ensure proper documentation is maintained on all personnel who are authorized to have access to DoD information systems.
• Run vulnerability scanners, interpret reports and assess risks.
• Develop and track Plan of Actions and Milestones (POA&M) for cyber security actions that require mitigation.
• Collaborate with other BSII project IA team and BNI’s enterprise IA functional management.
2015 : 2018
Bechtel National Inc
Information Assurance Manager
• Direct the daily operations of a 4+ team of computer security specialists overseeing 6000+ employees in support of Louisville Metro Government programs and agencies.
• Provide expert guidance in the application of NIST, HIPPA and PCI requirements on complex UNIX, Linux, and Windows information systems. Develop, implement and monitor new strategies for complex security demands involving technologies such as cryptography, virtualization, network monitoring/defense, and embedded systems.
• Advise and assist in deployment and tuning of security solutions e.g. Cisco ASA, Endpoint Protection, and Data at Rest solutions. Develop, implement, and enforce computer security policies and procedures.
• Negotiate vendor contracts for information security products. Research information technology security trends and products, and evaluate their cost effectiveness and feasibility.
• Develop and coordinate metro government information security awareness program.
• Coordinate and conduct security audits on systems. Investigate and respond to security policy violations regarding information technology resources.
•Participate in the implementation, testing and simulation of backup and disaster recovery solutions and scenarios.
• Prioritize, plan and monitor the progress of upgrades, system modifications, conversions, and application development projects to ensure project deadlines and goals are achieved.
• Review network architecture designs and ensure projects meet development standards and adhere to security requirements.
• Assist in budget preparation and monitor security initiatives and projects.
• Compile and analyzes data, and prepare reports in regards to INFOSEC.
2014 : 2015
Louisville Metro Government
Chief Information Security Officer
• Trusted Agent for Office of Naval Intelligence (ONI), Special Security Office (SSO)
Navy and Department of Homeland Security providing software certification support.
• Design and implement program specific configuration management plans. Write and execute certification test plans for new architectural changes and perform security impact analyses.
• Support new business proposal teams on initiatives involving intelligence, surveillance, and reconnaissance technologies.
• Policy development, implementation, and management. Ensure mission critical product development and system integration labs meet strict government regulations.
• Interface with program management to ensure system accreditations have minimal impact on performance and delivery demands. Perform project planning for new business.
• Responsible for implementation of security procedures in regards to all shipboard InfoSec systems in accordance with DCID, JDODISS and DIACAP instructions.
• Responsible for preparing documentation and software allocations for site specific operating systems to include Systems Security Authorization Agreement (SSA), Trusted Facilities Manual (TFM), Standard Test Procedures (STP) and Certification Test & Evaluation Report (CT&E).
• Provided weekly spreadsheets and status reports identifying current and future certifications that enable tracking of ships schedules for efficient planning.
• Facilitated technical training, evaluated standard practices and nominated Trusted Agents in regards to certification, accreditation and installation processes.
2013 : 2014
SPAWAR
Information Assurance Officer/Trusted Agent
• Compile Certification and Accreditation (C&A) packages for the U.S. Commerce Department systems. Packages include scans, letters of designation for roles, System Security Plan (SSP), hardware/software lists, system functionality, contingency plan, continuous monitoring plan, and other documents and drawings that are system specific.
• Address system security issues, such as user mis-use, virus threats, or any security threat whether malicious or inadvertent.
• As the ISSO, I conduct continuous monitoring for systems in my area of responsibility to include U.S. Census Bureau, International Trade, and Scientific Development. NIST is the governing authority for Commerce Dept. and we follow their guidelines as put forth in the NIST 800-53A.
2012 : 2013
U.S. Department of Commerce
Information System Security Officer
- Strategize and establish Cybersecurity programs for government projects.
- Ensure the successful implementation and execution of RMF, RMAIP, and CUI requirements on government projects, to include DoD and DoE. - Utilize NIST 800-37, 53, 82, 137, 171, ISO-27001 and other publications to establish, maintain compliance and conduct operations in a secure environment.
- Obtain Authorizations to Operate (ATO’s) and administer robust Continuous Monitoring programs.
- Oversee the Cybersecurity Maturity Model Certification (CMMC) program.
- Manage a Cybersecurity team with diverse skill sets and specialties deployed globally on multiple projects.
2015 : Present
Bechtel National Inc
Director, Cybersecurity & Information Assurance (NS&E)
• Direct the demilitarization (DEMIL) sites Integrated Control Systems Cyber security program in both Richmond, KY and Pueblo, CO. Manage a plant-wide Information Assurance (IA) organization with purview over design and construction and plant operations at both sites.
• Work with the Plant Operations team to develop mutually accepted Information Assurance procedures for the Facility Control System (FCS) and Laboratory Information Management System (LIMS) that provide documentation of the physical and technical safeguards that are in place to protect the storage of DoD Information on the production ICS and for data network monitoring managed by the IA team
• Direct and supervise a cohesive team comprised of both a 14 member central IA staff and specialists deployed into other organizations.
• Oversee and administer continuous monitoring daily and coordinate with other functional departments to address and mitigate compliance violations.
• Oversee a FISMA compliant system authorization program based on the NIST Risk Management Framework (RMF) and other appropriate NIST guidance.
• Collaborate with the Instrumentation & Control Engineering team to develop appropriate data backup and restore procedures for the Facility Control System.
• Work collaboratively with DoD officials to ensure proper cyber security measures are in place for the DEMIL site.
• Provide reports, maintain accountability and execute high level briefs up to congressional officials.
• Conduct annual Organizational Self-Assessment (OSA) and create self-assessment reports for submission to ACWA-HQ.
• Ensure proper documentation is maintained on all personnel who are authorized to have access to DoD information systems.
• Run vulnerability scanners, interpret reports and assess risks.
• Develop and track Plan of Actions and Milestones (POA&M) for cyber security actions that require mitigation.
• Collaborate with other BSII project IA team and BNI’s enterprise IA functional management.
2015 : 2018
Bechtel National Inc
Information Assurance Manager
• Direct the daily operations of a 4+ team of computer security specialists overseeing 6000+ employees in support of Louisville Metro Government programs and agencies.
• Provide expert guidance in the application of NIST, HIPPA and PCI requirements on complex UNIX, Linux, and Windows information systems. Develop, implement and monitor new strategies for complex security demands involving technologies such as cryptography, virtualization, network monitoring/defense, and embedded systems.
• Advise and assist in deployment and tuning of security solutions e.g. Cisco ASA, Endpoint Protection, and Data at Rest solutions. Develop, implement, and enforce computer security policies and procedures.
• Negotiate vendor contracts for information security products. Research information technology security trends and products, and evaluate their cost effectiveness and feasibility.
• Develop and coordinate metro government information security awareness program.
• Coordinate and conduct security audits on systems. Investigate and respond to security policy violations regarding information technology resources.
•Participate in the implementation, testing and simulation of backup and disaster recovery solutions and scenarios.
• Prioritize, plan and monitor the progress of upgrades, system modifications, conversions, and application development projects to ensure project deadlines and goals are achieved.
• Review network architecture designs and ensure projects meet development standards and adhere to security requirements.
• Assist in budget preparation and monitor security initiatives and projects.
• Compile and analyzes data, and prepare reports in regards to INFOSEC.
2014 : 2015
Louisville Metro Government
Chief Information Security Officer
• Trusted Agent for Office of Naval Intelligence (ONI), Special Security Office (SSO)
Navy and Department of Homeland Security providing software certification support.
• Design and implement program specific configuration management plans. Write and execute certification test plans for new architectural changes and perform security impact analyses.
• Support new business proposal teams on initiatives involving intelligence, surveillance, and reconnaissance technologies.
• Policy development, implementation, and management. Ensure mission critical product development and system integration labs meet strict government regulations.
• Interface with program management to ensure system accreditations have minimal impact on performance and delivery demands. Perform project planning for new business.
• Responsible for implementation of security procedures in regards to all shipboard InfoSec systems in accordance with DCID, JDODISS and DIACAP instructions.
• Responsible for preparing documentation and software allocations for site specific operating systems to include Systems Security Authorization Agreement (SSA), Trusted Facilities Manual (TFM), Standard Test Procedures (STP) and Certification Test & Evaluation Report (CT&E).
• Provided weekly spreadsheets and status reports identifying current and future certifications that enable tracking of ships schedules for efficient planning.
• Facilitated technical training, evaluated standard practices and nominated Trusted Agents in regards to certification, accreditation and installation processes.
2013 : 2014
SPAWAR
Information Assurance Officer/Trusted Agent
• Compile Certification and Accreditation (C&A) packages for the U.S. Commerce Department systems. Packages include scans, letters of designation for roles, System Security Plan (SSP), hardware/software lists, system functionality, contingency plan, continuous monitoring plan, and other documents and drawings that are system specific.
• Address system security issues, such as user mis-use, virus threats, or any security threat whether malicious or inadvertent.
• As the ISSO, I conduct continuous monitoring for systems in my area of responsibility to include U.S. Census Bureau, International Trade, and Scientific Development. NIST is the governing authority for Commerce Dept. and we follow their guidelines as put forth in the NIST 800-53A.
2012 : 2013
U.S. Department of Commerce
Information System Security Officer
Company:
Bechtel National Inc
About
Chief Information Security Officer (CISO) for Federal/Military/State & Local Government to Major Corporate organizations.
IT Security Executive Management & Oversight – Strong Communication & Leadership skills coupled with 27 years of experience in Information Technology Security.
Information Security Industry Focus Areas:
• DoD Instruction (DODI) 8500.2
• National Institute of Standards and Technology (NIST) 800-37/53/171 etc.
• Risk Management Framework (RMF)
• Industrial Control Systems (ICS)
• Cybersecurity Maturity Model Certification (CMMC)
• DOE RMAIP & 205.1b/c
Profile Photo
