John brings to Protiviti more than 30 years of experience in technology consulting with particularly deep skills related to information technology (IT) strategy, developing and deploying secure, Internet-based solutions and IT operations. Throughout his career, John has been an innovator in information technology, led major IT studies, and provided leadership in e-business solutions and program development. John has been instrumental in technology transformation projects at the IRS, GSA, NIH, PBGC and Department of Commerce. He provides a unique blend of practical, hands-on IT expertise with an ability to deliver strategic IT vision.
Prior to joining Protiviti in 2011, John worked for a leading government consulting, not-for-profit company, LMI, as a Program Manager responsible for business development direction, technical insights and program management of LMI's Cyber Security practice area. He led a team of engineers to develop a unique method to integrate cyber security practices, processes and skills into the enterprise architecture.
- John leads the technical components of the Protiviti DFARS/Controlled Unclassified Information (CUI) readiness assessment practice, having performed readiness assessments for multiple large and global companies supporting the U.S. Defense industrial base. John leads a team of security professionals with deep expertise in U.S. Federal Government compliance requirements to respond to contracting questionnaire and assess the organization’s controls against DFARS/CUI and other security control frameworks. In addition, John leads the team of security professionals to respond to gaps found during the DFARS/CUI/NIST SP 800-171 assessment phase.
- Currently leads the Security Team supporting the Federal Public Key Infrastructure Management Authority (FPKIMA). Developed strategy and vision in supporting the complete security life-cycle for the mission-critical infrastructure within the General Services Administration (GSA) and all FISMA compliance activity. Leads a blended team of security professionals, analysts, network engineers and platform support to produce certification and accreditations, system test and evaluations, risk assessments, implements continuous monitoring, security awareness training, security classification and Plan of Action & Milestones (POA&M) development and maintenance.
- Provided leadership and program management over GSA Identity Credentials and Access Management (ICAM) Governance and Chair Support. Led key FISMA initiatives, including Federal agency adoption of the Trust Framework Provider concept, adoption of Federal cloud service offerings requiring FedRAMP approval, and Third Party Credential adoption.
- For the General Services Administration (GSA), provided Subject Matter Expertise (SME) and led a team that advanced the security of select FPKIMA systems from medium to high security levels by developing gap analyses of system changes/ upgrades and policy and procedure changes required to implement additional security controls and security control enhancements, and coordinate with FPKIMA to develop a cost and schedule to completion for system(s) to migrate from moderate-to high-impact.
Areas of Expertise
- Identity and Access Management
- Security & Privacy
- NIST 800-series/FISMA/FedRAMP
- DFARS/CUI & Cybersecurity
- Assessment & Authorization
- Certification & Accreditation
- System Test and Evaluation
- Risk Management
- IT Infrastructure
- Completed MS work, Systems Engineering, Virginia Polytechnic Institute and State University, 1991
- BS, Physics Engineering and Mathematics, Washington & Lee University, 1985
- ITILv3 Foundations
- (ISC)2 Certified Authorization Professional (CAP)
- Certified Information Privacy Professional/Government (CIPP/G)
- CompTIA Security + (ce)
- Active Department of Defense Top Secret (TS) Clearance