Profiles search
Michael Thorndike
Cybersecurity Manager - Lockheed Martin | Sikorsky
New Haven, CT, United States
Details
Education:
Environmental Science
Unity College
2004 : 2005
N/A
Leadership and Management
Airman Leadership School
2013 : 2013
Computer Systems Operations
Air Force Technical Training School
2009 : 2009
Electrical and Electronics Engineering
Naugatuck Valley Community College
2005 : 2006
High School Diploma
Nonnewaug High School
2000 : 2004
Unity College
2004 : 2005
N/A
Leadership and Management
Airman Leadership School
2013 : 2013
Computer Systems Operations
Air Force Technical Training School
2009 : 2009
Electrical and Electronics Engineering
Naugatuck Valley Community College
2005 : 2006
High School Diploma
Nonnewaug High School
2000 : 2004
Experience:
• Supervise the Classified Cybersecurity team in Bridgeport, CT and Stratford, CT, including all line management responsibilities such as performance evaluation, budget, manning, work schedules, etc.
• Provide Classified Cybersecurity portion of proposals (e.g., Basis of Estimate, etc.) and modifications to existing contracts.
• Perform oversight of the development, implementation and evaluation of information systems security program for assigned programs in compliance with NISPOM and JSIG Risk Management Framework (RMF).
• Design, develop, and recommend integrated security solutions for multiple classified IS with various operating systems.
• Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
• Perform tasks related to compliance of Continuous Monitoring (ConMon) Plans (e.g., audit log review, security patching, software and hardware configuration management).
• Ensure system security measures comply with applicable government policies, provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented and functional.
• Provide support and subject matter expertise to other cybersecurity personnel for maintaining appropriate operational information assurance (IA) posture for programs
2023 : Present
Sikorsky
Cybersecurity Lead/Manager
• Assist in the development, execution, and maintenance of multiple enterprise cybersecurity program’s cybersecurity architecture, requirements, objectives, policies, and cybersecurity processes, and provide expertise to assure compliance to the most current revisions of security policies : DoDI 8510.01, RMF for DoD IT, JSIG, NIST 800-53, etc.
• Provide Cybersecurity support to assigned systems and develop, modify, review or coordinate items that include, but are not limited to : Cybersecurity Strategy, SSP, System Controls Traceability Matrix (SCTM), Risk Assessment Report (RAR), Plan of Action and Milestones (POA&M), Security Assessment Plan, Authority to Connect (ATC) requests, and all other artifacts for review and analysis.
• Evaluate the technical implementation of the security design to ascertain that security software, hardware and firmware features affecting confidentiality, integrity, availability, accountability, and non-repudiation have been implemented as documented in the DCID 6/3, JSIG, DoDI 8500.01, DoDI 8510.01, and NIST 800-53 and that the features perform properly. Document and report test plans, results, anomaly reports, recommendations, activity reports and other special reports as required.
• Review and develop required program office artifacts and make recommendations to support Cybersecurity RMF analysis. Review and coordinate approval for sanitization and declassification plans and/or procedures. Perform vulnerability, threat, and risk assessments, and security impact assessments on assigned systems, modifications, and interconnections. Develop an A&A report and an A&A presentation for each required system to support approval decisions.
• Perform Cybersecurity site audits to verify architecture analysis, Cybersecurity requirements, and controls, verify mitigation actions, witness security testing and evaluation, and support final approvals for IATT, IATO, ATO, and/or ATC. Document and report Cybersecurity site findings to PMO.
2019 : 2023
Odyssey Systems
Principal Cybersecurity Engineer
- Perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies.
- Validate and verify system security requirements definitions and analysis and establishes system security designs.
- Design, develop, implement and/or integrate IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.
- Build IA into systems deployed to operational environments.
- Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of security policy and enterprise solutions.
- Support the building of security architectures. Enforce the design and implementation of trusted relations among external systems and architectures.
- Assess and mitigate system security threats/risks throughout the program life cycle. Contribute to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
2018 : 2019
ASRC Federal
Principal Information System Security Engineer
- Responsible for the procurement, development, integration, modification, operation, maintenance and disposal of information systems.
- Ensure compliance with DCID 6/3, Office of the Director of National Intelligence (ODNI) Intelligence Community Directive (ICD) 503 and other documented security requirements for C2ISR weapon system during acquisition and sustainment activities.
- Identify, assess and document security risk and associated mitigations via SAR/RAR as appropriate.
- Conduct in-depth research to analyze and identify necessary security controls with written solutions and recommendations.
- Ensure all systems measures are met in implementing organizational information systems and upgrading legacy systems.
- Monitor the requirements analysis, design, implementation, integration, and test activities (accomplished by the designated organization) with focus on the system architecture and to facilitate delivery of a secure system.
- Review technical system, program documents and activities to ensure all documents and strategies are IAW applicable data requirements and guidelines, include risk assessments and are identified in the C2ISR data strategy.
- Analyze security requirements from internal and external sources, incorporate requirements into program documentation, and ensure they are understood by implementing organization by providing written documentation.
- Coordinate and maintain the System Security Authorization Agreement (SSAA)/System Security Plan (SSP), and associated attachments for each C2ISR weapon system (as required), using input from various sources.
2017 : 2018
Dawson8a
ISO - Information System Owner
• Manages indoctrination process from nomination to debrief, including nominations and record maintenance.
• Participates in Air Force SAP security compliance inspections of government organizations and industry.
• Interfaces with program managers and team members ensuring daily security needs are addressed.
• Provides classification guidance to employees, develops and provides security education and awareness training and conducts security briefings at all meetings and working groups.
• Spearheaded the successful transition of a vast number of programs to new digital format, expediting inter-organization security coordination.
• Maintains an extensive customer database point of contact listing and processes presentation for personnel updates for leadership.
• Performs data entry into systems of record for all local and non-local assigned personnel.
2016 : 2017
BAE Systems
Security Specialist II
• Provide Classified Cybersecurity portion of proposals (e.g., Basis of Estimate, etc.) and modifications to existing contracts.
• Perform oversight of the development, implementation and evaluation of information systems security program for assigned programs in compliance with NISPOM and JSIG Risk Management Framework (RMF).
• Design, develop, and recommend integrated security solutions for multiple classified IS with various operating systems.
• Ensure the development, documentation, and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
• Perform tasks related to compliance of Continuous Monitoring (ConMon) Plans (e.g., audit log review, security patching, software and hardware configuration management).
• Ensure system security measures comply with applicable government policies, provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
• Conduct reviews and technical inspections to identify and mitigate potential security weaknesses, and ensure that all security features applied to a system are implemented and functional.
• Provide support and subject matter expertise to other cybersecurity personnel for maintaining appropriate operational information assurance (IA) posture for programs
2023 : Present
Sikorsky
Cybersecurity Lead/Manager
• Assist in the development, execution, and maintenance of multiple enterprise cybersecurity program’s cybersecurity architecture, requirements, objectives, policies, and cybersecurity processes, and provide expertise to assure compliance to the most current revisions of security policies : DoDI 8510.01, RMF for DoD IT, JSIG, NIST 800-53, etc.
• Provide Cybersecurity support to assigned systems and develop, modify, review or coordinate items that include, but are not limited to : Cybersecurity Strategy, SSP, System Controls Traceability Matrix (SCTM), Risk Assessment Report (RAR), Plan of Action and Milestones (POA&M), Security Assessment Plan, Authority to Connect (ATC) requests, and all other artifacts for review and analysis.
• Evaluate the technical implementation of the security design to ascertain that security software, hardware and firmware features affecting confidentiality, integrity, availability, accountability, and non-repudiation have been implemented as documented in the DCID 6/3, JSIG, DoDI 8500.01, DoDI 8510.01, and NIST 800-53 and that the features perform properly. Document and report test plans, results, anomaly reports, recommendations, activity reports and other special reports as required.
• Review and develop required program office artifacts and make recommendations to support Cybersecurity RMF analysis. Review and coordinate approval for sanitization and declassification plans and/or procedures. Perform vulnerability, threat, and risk assessments, and security impact assessments on assigned systems, modifications, and interconnections. Develop an A&A report and an A&A presentation for each required system to support approval decisions.
• Perform Cybersecurity site audits to verify architecture analysis, Cybersecurity requirements, and controls, verify mitigation actions, witness security testing and evaluation, and support final approvals for IATT, IATO, ATO, and/or ATC. Document and report Cybersecurity site findings to PMO.
2019 : 2023
Odyssey Systems
Principal Cybersecurity Engineer
- Perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies.
- Validate and verify system security requirements definitions and analysis and establishes system security designs.
- Design, develop, implement and/or integrate IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.
- Build IA into systems deployed to operational environments.
- Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of security policy and enterprise solutions.
- Support the building of security architectures. Enforce the design and implementation of trusted relations among external systems and architectures.
- Assess and mitigate system security threats/risks throughout the program life cycle. Contribute to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
2018 : 2019
ASRC Federal
Principal Information System Security Engineer
- Responsible for the procurement, development, integration, modification, operation, maintenance and disposal of information systems.
- Ensure compliance with DCID 6/3, Office of the Director of National Intelligence (ODNI) Intelligence Community Directive (ICD) 503 and other documented security requirements for C2ISR weapon system during acquisition and sustainment activities.
- Identify, assess and document security risk and associated mitigations via SAR/RAR as appropriate.
- Conduct in-depth research to analyze and identify necessary security controls with written solutions and recommendations.
- Ensure all systems measures are met in implementing organizational information systems and upgrading legacy systems.
- Monitor the requirements analysis, design, implementation, integration, and test activities (accomplished by the designated organization) with focus on the system architecture and to facilitate delivery of a secure system.
- Review technical system, program documents and activities to ensure all documents and strategies are IAW applicable data requirements and guidelines, include risk assessments and are identified in the C2ISR data strategy.
- Analyze security requirements from internal and external sources, incorporate requirements into program documentation, and ensure they are understood by implementing organization by providing written documentation.
- Coordinate and maintain the System Security Authorization Agreement (SSAA)/System Security Plan (SSP), and associated attachments for each C2ISR weapon system (as required), using input from various sources.
2017 : 2018
Dawson8a
ISO - Information System Owner
• Manages indoctrination process from nomination to debrief, including nominations and record maintenance.
• Participates in Air Force SAP security compliance inspections of government organizations and industry.
• Interfaces with program managers and team members ensuring daily security needs are addressed.
• Provides classification guidance to employees, develops and provides security education and awareness training and conducts security briefings at all meetings and working groups.
• Spearheaded the successful transition of a vast number of programs to new digital format, expediting inter-organization security coordination.
• Maintains an extensive customer database point of contact listing and processes presentation for personnel updates for leadership.
• Performs data entry into systems of record for all local and non-local assigned personnel.
2016 : 2017
BAE Systems
Security Specialist II
Company:
Sikorsky
Years of Experience:
15
Spoken Language:
English, Spanish
Skills
Active Directory, Active Top Secret Security Clearance, Air Force, C4isr, Comptia Security+, Computer Hardware, Computer Security, COMSEC, Cybersecurity, Defense, Dod, Government, Information Assurance, Information Security, Information Security Management, Information Technology, IT Project & Program Management, JAFAN, JSIG, Leadership, Management, Microsoft Office, Military, Military Experience, Military Operations, Networking, Network Security, NISPOM, Nist 800 53, NIST 800-53, Physical Security, Program Management, RMF, Security, Security+, Security Clearance, SSO, System Administration, Top Secret, Training, Troubleshooting, U.S. Department of Defense, Veterans, Vulnerability Assessment, Xacta
About
I am an Information and Cyber Security professional and a United States Air Force veteran with experience being a part of and leading diverse teams, handling high-value resources, and coordinating both technical and administrative processes in the US military and private sector. I have a professional history of expert customer service, utilizing security principles to achieve organizational goals, and coordinating with government agencies to ensure compliance with federal regulations for a variety of programs and weapon systems across the Department of Defense.
Profile Photo
