WILFREDO CANDELARIA JR.

• Certified Minority Business Enterprise (MBE)
• Service Disabled Veteran Owned Small Business (SDVOSB)
• Certified Information System Security Professional (CISSP)
• Certified Expert Risk Management Framework Professional (CERP)

• MS, Information Technology, Capella University
• BS, Electronics Engineering Technology, ITT Tech
• Army Management Staff College Advanced Leadership Course
• United States Army Inspector General School
• AS, Electronics Engineering Technology, Community College Of The Air Force

Cybersecurity Consultant, Federal Emergency Management Agency, FEMA, Washington, DC, (2018-Present).

Operational Testing & Evaluation (OT&E) Services, Operational Test Agent (OTA): Provide Cybersecurity SME support in the full range of OT&E/IT&E planning, execution, analyzing, and reporting. Understanding of DHS/FEMA guidance and acquisition policies related to OT&E/IT&E and the ability to perform OT that conforms to DHS/FEMA OT&E processes. Execution of an Integrated Test and Evaluation Plan (ITEP). Participation in the Integrated Project Team (IPT) and the Test and Evaluation Working Integrated Product Team (T&E WIPT) Development and use of innovative solutions to support OT&E/IT&E. Update the test traceability matrix that maps the operational test requirements to the appropriate Operational Evaluation Requirements, Mission Needs, Critical Operational Issues, and Key Performance Parameters. Coordinate and conduct independent OT&E/IT&E on primary and secondary program operational capabilities that comprise FOC requirements. Deliver incremental test findings reports via a series of IRs to the Program Managers and other stakeholders.

Information Systems Security Officer (ISSO): Manage RMF processes and maintain systems compliance. Identify/manage weaknesses and potential threats to critical FEMA information systems and recommend actions to remediate vulnerabilities according to DHS and FEMA policies and guidance. Perform continual program reviews/audits and systems risk assessments to determine organizational risk and brief stakeholders on impact of the risk. Prepare reports for internal and external clients detailing security issues/risks, making recommendations and identifying solutions. Stay ahead of and provide advice on new and upcoming technological capabilities. Formulated and tested an IT security incident response strategy and implemented a method of notifying parties. Support the Agency with a wide range of compliance requirements.

Senior Cybersecurity Specialist, Inspector General, Department of the Army Inspector General, Pentagon, VA, (2017-2018).

Managed and coordinated Cybersecurity and Security Compliance Inspections. Responded to requests for help from Inspectors Generals while providing liaison to three technical inspection teams. Provided recommendations and guidance in matters concerning inspection, audit, investigations, assessment and/or review of Cybersecurity/Security programs, systems, and organizations or functions. Completed compliance inspections, analyzed results and reviewed findings with stakeholders, prepared inspection reports. Evaluated and conducted analysis of data gathered to substantiate whether operations or administrative systems failed to prevent, detect, or correct Cybersecurity and Security violations of law, regulation, policy, or other irregularities. Developed and rationalized the budget to include prioritization and trade-off analysis. Justified, defended, negotiated, and/or settled matters involving significant or controversial issues, briefing executive/senior leadership on the resolution progress of organizations on assessment and review recommendations. As SME, offered technical recommendations on an array of highly complex Cybersecurity and Security technical matters. Performed a full range of managerial functions; planned work priorities, set and adjusted short-term priorities, prepared inspection schedules, assigned work to inspectors based on priorities from the Division Chief. Led, mentored, and coached employees on both work and administrative matters.

Information Systems Security Professional, DSS, San Antonio, TX, (2014-2017).

Provided oversight and management on assessments, inspections, and reviews of security programs in accordance with established DoD policies governing the safeguarding of classified information and systems. Provided executive support, representation, and SME to the AO and stakeholders regarding security of classified data and information systems. Oversaw accomplishment of tasks relating to the secure install and execution of applications software and hardware for the development of classified systems. Developed guidelines, instructions, methodologies, techniques, and standards for the analysis, testing, and evaluation of information systems security controls utilizing the RMF. Recommended solutions in coordination with the AO on matters requiring policy or procedural determinations. Analyzed, evaluated, and verified contractor security plans for computer systems, networks, IS, and telecommunications systems within established timelines to ensure protection of classified information in accordance with DoD and DSS requirements. Evaluated contractor certifications and government accreditations, recommending the approval or disapproval to operate of classified systems. Documented and addressed information security, information assurance architecture, and information security engineering requirements throughout the IT change management lifecycle.

Information Assurance Compliance Manager, SMS Data Group- AF Contractor, San Antonio, TX, (2014).

Responsible for information systems security compliance management throughout the systems lifecycle. Developed, prepared, and administered the organization’s information systems security operational procedures, plans, policies, and programs to adhere to DoD policies. Assessed, advised, and supported the organization’s objectives to determine current and future requirements on a wide range of IT capabilities. Reviewed Employee integration of multilevel security plans, programs and operations encompassing a wide range of classified information systems and organizational components. Supported the development of IT security architectures and the integration of security policies through the management of systems security compliance reviews. Ensured all IAM personnel received the necessary technical and security training to carry out their duties and maintain compliance. Served as the primary POC for all IA-related actions including vulnerability management reporting utilizing VMS, compliance assessments, incident handling and feedback to government staff on current and upcoming IA policies. SME in the areas of network and systems security architecture concepts and information security architecture planning. Ensured the rigorous application of information security/information assurance policies, principles, and practices in the delivery of IT security projects and services.

Vulnerability Manager & Senior Cyber Security Engineer, SRA International, Inc-Army Contractor, Stuttgart, Germany, (2011-2014).

Responsible for reviewing developing, implementing, enforcing, and communicating security policies, principles, and practices to enhance the VM program. Led a fourmember tiger team, lowering the command’s security footprint; rooted out rogue systems, brought them back to health, and managed them throughout their lifecycle. Raised and maintained Cyber Command IAVM compliance to 96%, up from 79%. Ensured techniques were in place to facilitate confidentiality, integrity, and availability of information systems. Developed contingency plans and disaster recovery procedures for critical system assets, testing plans annually. Developed design concepts for information security systems processing at multiple levels of classified data. Utilized reliability and utilization reports from various enterprise tools to aid in development and architecture activities. Managed risks and delivered requirements to ensure the IT program was compliant policies and guidelines. Developed methodologies to monitor, guide, and enforce compliance with FISMA.

Lead Information Assurance Engineer, SAIC, Inc., DIA Contractor, MacDill AFB, FL, (2010-2011).

Reviewed C&A artifacts developed by employees conducting risk and vulnerability assessments of planned and installed information systems to identify shortfalls in vulnerabilities, risks, and protection needs. Endorsed hardened systems, providing recommendations for action to the AO. Promoted security awareness to and ensured security principles were reflective in the performance of personnel. Identified, assessed and recommended information system upgrades having major impact on the current and planned application of IT security resources. Conducted systems security evaluations, audits, and reviews to determine the organization’s security footprint and compliance with policies and guidelines. Provided technical oversight; assessed, analyzed, and updated security policies, standards and guidelines as it pertains to the IT security program. Integrated and documented information security systems and network infrastructure projects. Implemented a layered approach to IT security using Defense-in-Depth principles. Determined the effectiveness of projects in meeting functional requirements and information security objectives. Developed and conducted briefings to senior management personnel regarding IA projects status and results.

Information Assurance Analyst and Network Engineer, General Dynamics, DIA Contractor, MacDill AFB, FL, (2007-2010).

Provided Vulnerability Management and Incident Response. Identified and reported malicious code across the network, utilized Retina, Retina Enterprise Manager, and other network security tools. Coordinated with Configuration Management, Integration Facility, and Service Desk to identify, test, and install vendor software patches to eliminate vulnerabilities. Resolved security issues using PM standards and techniques. Evaluated budgetary and technical proposals for acquisition of security infrastructure upgrades (e.g., firewall/VPN upgrades, intrusion detection, and audit log management). Developed comprehensive maintenance strategies while deployed to Afghanistan in support of the DIA. Analyzed network security requirements to design robust architectures for IT projects, developed configuration upgrades, led team through implementation changes ensuring security policy compliance. Provided secure network administration/management ensuring enterprise network devices mitigated risks and maximized efficiencies. Evaluated new computing technologies and their operational/technical effect on the organization’s operating environment providing recommendations to stakeholders. Assessed technical infrastructure LAN/WAN management issues, provided technical assistance and briefings, and effectively led teams to resolve technical problems.

Systems Administrator NCOIC, Network Administrator NCOIC, 290th JCSS, FL Air National Guard, MacDill AFB, FL, (2006-2009).

Ensured the secure installation, maintenance and diagnoses of end-to-end deployment communication packages through personnel management and effectively communicated status reports to the NOC. Evaluated and documented the work performance of personnel who installed, modified and/or replaced hardware or software components and any configuration change affecting the configuration baseline. Prepared technical operating procedures for input into Knowledge Base Information Library. Provided professional and effective customer service issue resolution through direct customer interaction. Managed administrator accounts, network role-based access rights, and the use of secure systems and infrastructure equipment. Managed systems resources including performance, capacity, availability, serviceability, and recoverability. Implemented security policies, enhancing the unit’s systems security posture.

Network Analyst, Network Administrator, LAN/WAN Administrator, USAF, Active Duty Locations, (1998-2006).

Defined network requirements and work assignments based on network performance metrics. Configured and optimized network servers, hubs, routers, switches, and firewalls. Diagnosed and resolved network problems in response to customer reported incidents. Developed and implemented network backup and recovery procedures. Installed, tested, maintained, and upgraded enterprise network devices. Ensured the rigorous application of information security/information assurance policies, principles, and practices in the delivery of network services