Profiles search
Kenny Lightner
Cybersecurity shouldn't break the bank...reducing risk while increasing profitability can be done!
New Orleans, LA, United States
Details
Experience:
Within the Senior ISO role my primary responsibility is to transition legacy DoD Information Assurance Certification and Accreditation Process (DIACAP) DoDI 8510.01 to the Risk Management Framework (RMF) Assessment and Authorization process. Each step of the transition ensures that all applicable engineering design and control artifact is updated to comply with all DoD/Department of Navy (DoN) Information Assurance requirements. Each transition strategy is developed with a clearly defined plan of action and milestones (POA&M) in order to assist all stakeholders in meeting timelines.
In addition, I review vulnerability assessments utilizing several automated methods to report vulnerabilities to program support personnel and senior management to track the remediation efforts underway.
I further document all changes, both technical and non-technical, in order to validate asset security configurations and ensure an acceptable level of risk is maintained.
2017 : Present
Millennium Corporation
Deputy Lead Cybersecurity Engineer
As the Associate Vice President of IT Security Operations I was responsible for a highly trained team that maintains all operational Cyber Security applications/appliances to include : Palo Alto, McAfee ePO, Correro DDOS/IPS, Entrust 2-Factor Authentication as well as Splunk SIEM.
In addition to the day to day operations I also oversaw re-architecture activities for Palo Alto, Splunk SIEM and McAfee ePO infrastructure to accommodate additional locations and enhance our capabilities.
The Identity Access Management team, which also manages our Single Sign-On capabilities, fell under my purview as well as a recent initiative to enhance user friendliness and identity control over full-time, contracting and temporary employees. We utilized IBM Security Identity Manager (ISIM) and OKTA SSO.
My business activities entailed developing the Key Performance Indicators (KPI’s) for the entire team and to mentor growth and performance for each member. As a public trading company I also participated and supported all Sarbanes-Oxley (SOX) and Service Organization Controls - 1 (SOC-1) audits by providing evidence of compliance and developing action items to bring failures into compliance.
2015 : 2017
Mr. Cooper
AVP IT Security Operations
I was responsible for updating and upgrading all aspects of the security architecture to include connectivity for our WAN connections.
We also performed vulnerability/patch management activities for remote sites utilizing the Automated Installation Entry (AIE) system - primarily an automated Army gate guard system with connections to local and Federal 'do not enter' personnel lists. Ensured all log retention/alerting as well as policy and procedure were created for continuity.
In addition to the engineering portion of my daily responsibilities I also update the accreditation documentation under DIACAP.
2014 : 2015
EliteTech Associates
Cyber Security Engineer
Eyes on the glass technician utilizing the McAfee Security Information and Event Management (SIEM), formally called Nitro.
Performed all management activities for our SIEM to include : policies, source feed additions/subtractions, signatures, watchlists and alarm creation as well as assisted in the architecture expansion.
We utilized Tripwire, and later NNT, to watch for baseline drifts and unauthorized software as well as to ensure compliance with Army Cyber Security standards.
Additionally, I ensured customers maintained an approved security posture against all Department of Defense regulatory guidance.
2013 : 2014
Apex Systems
Senior Information Assurance Engineer
Managed the Vulnerability Assurance process and ensured all patches were pushed to all systems within our areas of responsibility.
Alerted the Southwest Asia Cyber team of all security violations and performed all required incident response activities, from cradle to grave, until resolution was achieved.
Tested user compliance using QTip, eEye Retina and USBDetect. Created and submitted all documentation in support of the DIACAP packages for the three different networks (NIPR/SIPR/Coalition Network).
2011 : 2013
ITT Exelis
Senior Information Assurance Analyst
In addition, I review vulnerability assessments utilizing several automated methods to report vulnerabilities to program support personnel and senior management to track the remediation efforts underway.
I further document all changes, both technical and non-technical, in order to validate asset security configurations and ensure an acceptable level of risk is maintained.
2017 : Present
Millennium Corporation
Deputy Lead Cybersecurity Engineer
As the Associate Vice President of IT Security Operations I was responsible for a highly trained team that maintains all operational Cyber Security applications/appliances to include : Palo Alto, McAfee ePO, Correro DDOS/IPS, Entrust 2-Factor Authentication as well as Splunk SIEM.
In addition to the day to day operations I also oversaw re-architecture activities for Palo Alto, Splunk SIEM and McAfee ePO infrastructure to accommodate additional locations and enhance our capabilities.
The Identity Access Management team, which also manages our Single Sign-On capabilities, fell under my purview as well as a recent initiative to enhance user friendliness and identity control over full-time, contracting and temporary employees. We utilized IBM Security Identity Manager (ISIM) and OKTA SSO.
My business activities entailed developing the Key Performance Indicators (KPI’s) for the entire team and to mentor growth and performance for each member. As a public trading company I also participated and supported all Sarbanes-Oxley (SOX) and Service Organization Controls - 1 (SOC-1) audits by providing evidence of compliance and developing action items to bring failures into compliance.
2015 : 2017
Mr. Cooper
AVP IT Security Operations
I was responsible for updating and upgrading all aspects of the security architecture to include connectivity for our WAN connections.
We also performed vulnerability/patch management activities for remote sites utilizing the Automated Installation Entry (AIE) system - primarily an automated Army gate guard system with connections to local and Federal 'do not enter' personnel lists. Ensured all log retention/alerting as well as policy and procedure were created for continuity.
In addition to the engineering portion of my daily responsibilities I also update the accreditation documentation under DIACAP.
2014 : 2015
EliteTech Associates
Cyber Security Engineer
Eyes on the glass technician utilizing the McAfee Security Information and Event Management (SIEM), formally called Nitro.
Performed all management activities for our SIEM to include : policies, source feed additions/subtractions, signatures, watchlists and alarm creation as well as assisted in the architecture expansion.
We utilized Tripwire, and later NNT, to watch for baseline drifts and unauthorized software as well as to ensure compliance with Army Cyber Security standards.
Additionally, I ensured customers maintained an approved security posture against all Department of Defense regulatory guidance.
2013 : 2014
Apex Systems
Senior Information Assurance Engineer
Managed the Vulnerability Assurance process and ensured all patches were pushed to all systems within our areas of responsibility.
Alerted the Southwest Asia Cyber team of all security violations and performed all required incident response activities, from cradle to grave, until resolution was achieved.
Tested user compliance using QTip, eEye Retina and USBDetect. Created and submitted all documentation in support of the DIACAP packages for the three different networks (NIPR/SIPR/Coalition Network).
2011 : 2013
ITT Exelis
Senior Information Assurance Analyst
Company:
Millennium Corporation
About
I am a results driven leader with both a strong technical background as well as tested and tried leadership abilities. My career has progressed from Soldier to Department of Defense (DoD) contractor and into the broad landscape that is Corporate America. Relationships are paramount when interpreting business needs to actionable IT initiatives and I strive to ensure that all recommended and architecture security solutions are both fiscally reasonable and technically manageable.
Profile Photo
