Profiles search
Leonard (Lee) Kusek, CISSP
Cybersecurity Engineer at Raytheon Technologies
Fairfax, VA, United States
Details
Education:
B.A.
English
George Mason University
1989 : 1994
B.S.
Computer Information Systems/Cyber Security
Strayer University (VA)
2008 : 2012
English
George Mason University
1989 : 1994
B.S.
Computer Information Systems/Cyber Security
Strayer University (VA)
2008 : 2012
Experience:
Cybersecurity Engineer and subject matter expert on enterprise governance, risk, and compliance (eGRC) systems, providing cybersecurity risk management services with a focus on enabling our strategic vision towards eGRC automation, integration, and data analytics.
• Analyze technical and business processes for eGRC integration to support risk management and continuous monitoring strategies
• Implement eGRC platform enhancements for administration of organizational policies and enterprise cybersecurity requirements
• Ensure compliance with government and regulatory requirements, especially Defense Federal Acquisition Regulation Supplement (DFARS) and Cybersecurity Maturity Model Certification (CMMC)
• Integrate the eGRC platform with vital enterprise services, including asset management (Splunk, Tanium, ServiceNow, Planview Enterprise One), privacy management (OneTrust), business analytics (Tableau, Qlik), and project tracking (Jira)
• Deliver eGRC design, development, testing, training, and deployment services
• Continually monitor and remedy the eGRC platform for data and configuration issues
• Evaluate current and emerging DOD and Government IT security regulations and compliance standards for impact to A&A processes
• Participate in cybersecurity and eGRC forums and working groups
• Post-merger eGRC platform consolidation and development
• Create access control matrix and provide role-based training and support
• A&A CMMC build and implementation, and authorization package conversions from NIST SP 800-53 to NIST SP 800-171, to meet new DOD federal requirements
• Develop organizational A&A risk scoring and trending analysis for executive scorecard
• Enable Continuous Monitoring, vulnerability sensor and scanner integration, and Ongoing/Continuous Authorization within eGRC platform to improve A&A process efficiency and provide real-time response to high and critical system vulnerabilities
2017 : Present
Raytheon Technologies
Cybersecurity Engineer
Senior cybersecurity consultant and subject matter expert for public sector GRC solutions.
• Provided subject matter expertise on GRC automation of NIST 800-37 Risk Management Framework (RMF) requirements for U.S. Department of State (DOS)
• Provided RSA Archer expertise towards the integration and implementation of the U.S. Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) department dashboard
• Collaborated with counterparts at DHS on RSA Archer CDM dashboard integration
• Analyzed, mapped, and enhanced DOS Information Assurance (IA) processes and FISMA reporting to integrate RMF methodology and governance for risk management tiers (Tier 1 - Organization, Tier 2 - Mission, Tier 3 - System)
• Planned and developed a strategy for compliance responsibilities, established a security control framework, and implemented a governance model workflow
• Performed gap analyses to identify findings with IA procedures, applied fixes where necessary, and determined how best to update DOS policies and processes environment
• Identified weaknesses and strengths consistent with DOS and Federal requirements, standards, and guidelines (i.e., DOS FAM/FAH, FISMA, Appendix III to OMB Circular No. A-130, FIPS 199, FIPS 200, NIST SP 800-18, NIST SP 800-37, NIST SP 800-53, NIST SP 800-60, and NIST SP 800-137)
2016 : 2017
PwC
Senior Associate, Public Sector Cybersecurity
Program Manager and Technical Team Lead for Office of the Chief Information Officer, Enterprise Cybersecurity Automation, partnering with key stakeholders, end users, developers, and vendors to enhance GRC system utilization and collaborating with federal leads, security officers, auditors, and technical teams on GRC automation.
• Provided customized, automated cybersecurity solutions on the RSA Archer eGRC platform
• Developed inter-department agreements, authorizing activities between departments
• Drove enterprise partnerships on a distributed Archer services model, and promoted Archer license consolidation for a standardized set of GRC solutions for the Department
• Configured and managed Archer instances and databases in compliance with federal laws and mandates
• Strategized and collaborated with Information Security Continuous Monitoring/Continuous Diagnostics and Mitigation (ISCM/CDM) team for agency CDM dashboard implementation on the RSA Archer platform
• Developed and maintained a three-year road map strategy for the automation DOE processes and workflows through key stakeholder interviews, mapping use cases to DOE cybersecurity strategic initiatives
• Performed Information Systems Security Manager duties and Assessment and Authorization (A&A) tasks for Authorization to Operate (ATO)
• Ensured system security and configuration compliance with NIST 800-53 Rev 4 controls
• Configured data feeds for external systems data integration
• Created and maintained data feeds, custom reports, data-driven events, calculated fields, notifications, workspaces, iViews, and workflows; performed installs, upgrades, and patch management
• Configured and maintained user accounts, groups, roles, and system rules; optimized user experience
• Reviewed Netsparker and Tenable Nessus scans for vulnerabilities and remediated as necessary
• Applied database encryption through SQL Transparent Data Encryption (TDE)
2013 : 2016
U.S. Department of Energy, Office of Cybersecurity - ActioNet Contractor
Program Manager, Cybersecurity Automation
Development and implementation team member for a centralized reporting system to track Plan of Actions and Milestones (POA&Ms) for the Office of Cybersecurity under the Chief Information Officer, utilizing RSA Archer eGRC in compliance with the FISMA OMB reporting requirements.
• Provided subject matter expertise with the development, implementation, and maintenance of automated data collection tools
• Configured a complex governance hierarchy structure within Archer to meet the demands of an enterprise federated environment
• Utilized ODAs, cross-references, and related records to enforce need-to-know throughout the POA&M Management System
• Performed verification and validation of data and performed large data imports across three cross-referenced applications
• Established user groups and roles, created user accounts, developed and maintained access control procedures
2012 : 2013
U.S. Department of Energy, Office of Cybersecurity - ActioNet Contractor
Information Assurance Engineer
• Managed member accounts in TMA Resources Personify system
• Served as administrator for Xythos and Ektron content management systems
• Served as a member of the ASCE Web Standards development team
• Managed member database and file share administration
• Developed and posted website content
• Managed codes and standards development activities for the Society
2007 : 2012
American Society of Civil Engineers
Program Administrator
• Analyze technical and business processes for eGRC integration to support risk management and continuous monitoring strategies
• Implement eGRC platform enhancements for administration of organizational policies and enterprise cybersecurity requirements
• Ensure compliance with government and regulatory requirements, especially Defense Federal Acquisition Regulation Supplement (DFARS) and Cybersecurity Maturity Model Certification (CMMC)
• Integrate the eGRC platform with vital enterprise services, including asset management (Splunk, Tanium, ServiceNow, Planview Enterprise One), privacy management (OneTrust), business analytics (Tableau, Qlik), and project tracking (Jira)
• Deliver eGRC design, development, testing, training, and deployment services
• Continually monitor and remedy the eGRC platform for data and configuration issues
• Evaluate current and emerging DOD and Government IT security regulations and compliance standards for impact to A&A processes
• Participate in cybersecurity and eGRC forums and working groups
• Post-merger eGRC platform consolidation and development
• Create access control matrix and provide role-based training and support
• A&A CMMC build and implementation, and authorization package conversions from NIST SP 800-53 to NIST SP 800-171, to meet new DOD federal requirements
• Develop organizational A&A risk scoring and trending analysis for executive scorecard
• Enable Continuous Monitoring, vulnerability sensor and scanner integration, and Ongoing/Continuous Authorization within eGRC platform to improve A&A process efficiency and provide real-time response to high and critical system vulnerabilities
2017 : Present
Raytheon Technologies
Cybersecurity Engineer
Senior cybersecurity consultant and subject matter expert for public sector GRC solutions.
• Provided subject matter expertise on GRC automation of NIST 800-37 Risk Management Framework (RMF) requirements for U.S. Department of State (DOS)
• Provided RSA Archer expertise towards the integration and implementation of the U.S. Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) department dashboard
• Collaborated with counterparts at DHS on RSA Archer CDM dashboard integration
• Analyzed, mapped, and enhanced DOS Information Assurance (IA) processes and FISMA reporting to integrate RMF methodology and governance for risk management tiers (Tier 1 - Organization, Tier 2 - Mission, Tier 3 - System)
• Planned and developed a strategy for compliance responsibilities, established a security control framework, and implemented a governance model workflow
• Performed gap analyses to identify findings with IA procedures, applied fixes where necessary, and determined how best to update DOS policies and processes environment
• Identified weaknesses and strengths consistent with DOS and Federal requirements, standards, and guidelines (i.e., DOS FAM/FAH, FISMA, Appendix III to OMB Circular No. A-130, FIPS 199, FIPS 200, NIST SP 800-18, NIST SP 800-37, NIST SP 800-53, NIST SP 800-60, and NIST SP 800-137)
2016 : 2017
PwC
Senior Associate, Public Sector Cybersecurity
Program Manager and Technical Team Lead for Office of the Chief Information Officer, Enterprise Cybersecurity Automation, partnering with key stakeholders, end users, developers, and vendors to enhance GRC system utilization and collaborating with federal leads, security officers, auditors, and technical teams on GRC automation.
• Provided customized, automated cybersecurity solutions on the RSA Archer eGRC platform
• Developed inter-department agreements, authorizing activities between departments
• Drove enterprise partnerships on a distributed Archer services model, and promoted Archer license consolidation for a standardized set of GRC solutions for the Department
• Configured and managed Archer instances and databases in compliance with federal laws and mandates
• Strategized and collaborated with Information Security Continuous Monitoring/Continuous Diagnostics and Mitigation (ISCM/CDM) team for agency CDM dashboard implementation on the RSA Archer platform
• Developed and maintained a three-year road map strategy for the automation DOE processes and workflows through key stakeholder interviews, mapping use cases to DOE cybersecurity strategic initiatives
• Performed Information Systems Security Manager duties and Assessment and Authorization (A&A) tasks for Authorization to Operate (ATO)
• Ensured system security and configuration compliance with NIST 800-53 Rev 4 controls
• Configured data feeds for external systems data integration
• Created and maintained data feeds, custom reports, data-driven events, calculated fields, notifications, workspaces, iViews, and workflows; performed installs, upgrades, and patch management
• Configured and maintained user accounts, groups, roles, and system rules; optimized user experience
• Reviewed Netsparker and Tenable Nessus scans for vulnerabilities and remediated as necessary
• Applied database encryption through SQL Transparent Data Encryption (TDE)
2013 : 2016
U.S. Department of Energy, Office of Cybersecurity - ActioNet Contractor
Program Manager, Cybersecurity Automation
Development and implementation team member for a centralized reporting system to track Plan of Actions and Milestones (POA&Ms) for the Office of Cybersecurity under the Chief Information Officer, utilizing RSA Archer eGRC in compliance with the FISMA OMB reporting requirements.
• Provided subject matter expertise with the development, implementation, and maintenance of automated data collection tools
• Configured a complex governance hierarchy structure within Archer to meet the demands of an enterprise federated environment
• Utilized ODAs, cross-references, and related records to enforce need-to-know throughout the POA&M Management System
• Performed verification and validation of data and performed large data imports across three cross-referenced applications
• Established user groups and roles, created user accounts, developed and maintained access control procedures
2012 : 2013
U.S. Department of Energy, Office of Cybersecurity - ActioNet Contractor
Information Assurance Engineer
• Managed member accounts in TMA Resources Personify system
• Served as administrator for Xythos and Ektron content management systems
• Served as a member of the ASCE Web Standards development team
• Managed member database and file share administration
• Developed and posted website content
• Managed codes and standards development activities for the Society
2007 : 2012
American Society of Civil Engineers
Program Administrator
Company:
Raytheon Technologies
Years of Experience:
29
Skills
Access, Access Control, Analysis, Assessment and Authorization, CISSP, Computer Security, Cyber Security, Data Analysis, Database Administration, Databases, Data Collection, FISMA, Information Assurance, Information Security, Information Security Management, Information Technology, Internet Investigations, Internet Security, Legal Compliance, Network Security, NIST, NIST 800-53, Program Management, Project Management, Risk Management, RSA Archer eGRC, Security, Security+, Security Policy, Standards Compliance, Standards Development, System Administration, Technical Writing, Troubleshooting, Vulnerability Assessment, Vulnerability Management
About
Cybersecurity professional with over fifteen years of experience in IT service delivery. Skilled in developing enterprise governance, risk, and compliance (eGRC) solutions, automating business processes, and managing cybersecurity development and tool integration for both public and private sector customers. Expert in analyzing, developing, and delivering Assessment & Authorization (A&A) tools that empower the organization to effectively manage system risks and vulnerabilities.
Highly skilled in producing cost-effective solutions to challenging technical issues, and combining analytical and technical expertise to help manage successful cybersecurity programs. Proven success in cybersecurity mission enablement. Awarded for excellence in delivering eGRC solutions in alignment with NIST RMF, DFARS, CMMC, and organizational policies.
Profile Photo
