John Walley - Cyber Security SME (OT/ICS), Tenable

Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app

Work Background

TenableSenior Consultant (ICS/OT)

Mar. 2020Maryland, United States · RemoteAt Tenable, following the acquisition of Indegy, I spearheaded the establishment of a pioneering Operational Technology (OT) program. This initiative was pivotal in integrating and expanding Tenable’s footprint in critical infrastructure security on a global scale. My leadership in developing and delivering a comprehensive suite of OT professional services catered to strategic clients across essential sectors, including nuclear power generation, rail transportation, and manufacturing. My role was holistic, encompassing the strategic onboarding and rigorous training of new team members, and the meticulous crafting and execution of service offerings aligned with Tenable’s innovative OT Security product post-Indegy acquisition. I led direct OT engagements, delivering bespoke solutions tailored to the nuanced requirements of diverse industries such as automotive manufacturing, pharmaceuticals, oil & gas, and water/waste management. These engagements were crucial in deploying Tenable’s OT products and services, meticulously customized to address the unique security needs of each sector. Beyond client engagement, my role was instrumental in fueling Tenable’s business growth. Working in tandem with the sales team, I utilized my deep OT expertise and comprehensive suite of services to boost product sales, demonstrating the tangible value and security our OT solutions bring to critical infrastructure environments. To encapsulate and share the wealth of knowledge acquired, I devised an OT Security Training Curriculum. This educational initiative serves a dual purpose: elevating the expertise of our internal teams to stay at the forefront of OT security, and empowering our clients to enhance their cyber-defense capabilities. This curriculum not only solidified our internal competencies but also reinforced Tenable’s commitment to advancing cybersecurity resilience across industries, leveraging the strengths and capabilities gained from the Indegy acquisition.

International Critical Infrastructure Security Institute (ICISI)Cyber Physical Systems Architect (Executive Level SME)

Apr. 2018 - Mar. 2020Forest, VA · HybridServed as a key member of the International Critical Infrastructure Institute (ICISI), a distinguished 501(c)(6) entity dedicated to the forefront of cybersecurity research and the safeguarding of essential infrastructure against cyber threats. Leveraged unparalleled access to cutting-edge laboratories, enabling both individual and corporate members to engage with advanced systems and technologies typically reserved for major research institutions. At ICISI, our ethos of “Democratizing Cyber-Physical”® was brought to life, ensuring a wide range of expertise could contribute to and benefit from our initiatives. My role was instrumental in fostering an innovative environment where training, resources, and expert guidance were amalgamated to challenge existing paradigms and pioneer new solutions in security technology. Engaging in strategic collaborations with leading industry players, academic institutions, and government bodies, I contributed to enhancing cyber-physical defenses across critical sectors. My efforts were focused on advocating for performance-driven standards, driving the evolution of security technologies, and promoting the widespread adoption of validated best practices

Oasis SystemsDirector of Cyber Security and Critical Infrastructure Protection (Technical SME)

Oct. 2015 - Apr. 2018Rockville, MDOversaw the strategic direction for the Nuclear Regulatory Commission’s (NRC) Nuclear Security and Incident Response contract, focusing on assembling a specialized team adept in cybersecurity within the nuclear sector. This role required a deep understanding of technical objectives, goals, and expectations critical to the NRC’s mission. Engaged in technical discussions on cybersecurity with the public, nuclear industry stakeholders, and national laboratories, highlighting the NRC’s efforts to mitigate cybersecurity threats to public safety. My work centered on Critical Infrastructure Protection related to nuclear materials, where I applied my technical expertise to inform on current cybersecurity threats, their potential impacts, and the technical measures necessary to safeguard against cyber-attacks leading to radiological sabotage. I provided technical guidance to the NRC on developing regulations and guidance for the secure handling, storage, and creation of nuclear materials. This involved a nuanced understanding of the cybersecurity landscape to ensure that regulatory frameworks were robust enough to prevent adverse outcomes from cyber-attacks. I played a key role in the technical development of significant guidance and regulations for the NRC and the nuclear industry, including contributions to NRC Regulatory Guide 5.71, NRC Draft Guide 5061, NEI 08-09, NEI 13-10, NRC Draft Guide 5062, and Draft Rule 10 CFR 73.53. Additionally, I directed the development of the NRC Nuclear Cyber Security Inspection Training program, leveraging my technical knowledge to implement adult learning principles for effective training. This initiative was aimed at improving the consistency and quality of regional inspection outcomes, demonstrating a blend of technical acumen and an understanding of administrative law.

ClearPathCyber Security Subject Matter Expert - Founder of Clearpath

Aug. 2009 - Mar. 2020Stone Ridge, VA · HybridAs a Cybersecurity Subject Matter Expert at ClearPath, I led critical audit readiness initiatives and implemented cybersecurity frameworks for the Department of Defense and federal agencies. Reporting to the DCMA Director of eBusiness, my work included drafting SSAE16 reports and contributing to FIAR and FISCAM audits, underscoring my expertise in financial and information system controls. I championed DCMA's shift from DIACAP to the Risk Management Framework (RMF), developing policies and procedures for high-criticality FISCAM controls to ensure compliance and enhance security. As lead auditor, I crafted test plans, documented outcomes, pinpointed deficiencies, and formulated corrective action plans. My efforts also involved authoring parts of DCMA's Contract Pay SSAE No. 16 SOC 1 – Type 2 Report, reinforcing the agency's dedication to rigorous cybersecurity standards. My responsibilities extended to implementing controls and conducting tests per GAGAS/Yellowbook standards, FFMR, and Federal and DoD policies. I facilitated DoD ContractPay, working closely with DLA, DFAS, and DISA to bolster cybersecurity. Additionally, I assessed the DCMA SOC's processes to ensure effective security event management and supported OMB in evaluating technical compliance for FDCC and IPv6 implementations. Educating federal staff on cybersecurity risks and new technology impacts was a vital aspect of my role, enhancing federal cybersecurity awareness. As the Lead FISMA Certifier at the NRC within the CSO, I upheld FISMA and NIST guidelines, significantly contributing to the NRC REGULATORY GUIDE 5.71. Though no longer with ClearPath, I continue to advise the organization, demonstrating my ongoing commitment to cybersecurity excellence.

Prometheus Global, IncCyber Security Subject Matter Expert - Executive Level

May. 2007 - Aug. 2009Chantilly, VA · On-siteAt Prometheus, as a Cybersecurity Subject Matter Expert specializing in Enterprise Architecture, Mission Support, and Information Security, I significantly enhanced the security postures of key sectors, impacting both commercial and governmental organizations worldwide. My work with the U.S. Nuclear Regulatory Commission (NRC) on Cyber Security Initiatives, particularly in developing the NRC Regulatory Guide 5.71, "Cybersecurity Programs for Nuclear Facilities," underscored my expertise in cybersecurity audits and the implementation of critical cybersecurity frameworks. I played a pivotal role in advancing the Department of Labor's Enterprise Architecture, notably integrating one of the first Security Architectures into the Federal Enterprise Architecture Framework (FEAF) and co-authoring a guide on Service-Oriented Architecture. My representation on the Federal CIO Council highlighted my influence in shaping cybersecurity and architectural standards across federal agencies. My tenure was marked by a comprehensive approach to cybersecurity, leveraging risk management, effective communication, and a strong ability to build relationships. I employed strategic use of cybersecurity tools and excelled in critical infrastructure protection, enhancing the company’s ability to provide cutting-edge cybersecurity solutions. My role as a technical liaison and my presentation skills further affirmed my holistic approach to securing sensitive infrastructures. This journey began with my startup, Espy Technologies, LLC, which Prometheus Global acquired in 2008, marking a significant milestone in my career and in the broader cybersecurity landscape. My contributions have been integral to navigating the evolving challenges in cybersecurity, demonstrating a lasting impact on the organizations and sectors I served. http://www.prometheusglobal.com/about/news/34-products/122-prometheus-acquires-espytech.html

Cornerstone Consulting Inc.Cyber Security Consultant - Founder

Jul. 2004 - May. 2007Leesburg, Virginia, United States · HybridIn my role, I led SAS No. 70 (SAS70) audits for third-party vendors serving the banking industry, evaluating essential services like server hosting, encryption, and online transactions. These audits were crucial for affirming the security and effectiveness of services that banks depend on, reinforcing trust and integrity within the sector. I was the go-to for SCC and SOX compliance issues within several banks, liaising directly with executive levels of Cyber. This role demanded a comprehensive understanding of Virginia Code § 13.1-518, focusing on investigations and the confidentiality of information. My duty was to ensure all operations complied with state and federal regulations, thus protecting the bank's operations and its reputation. I initiated and led controlled, real-life incident simulations, such as armed bank robberies and black box penetration tests across various banking institutions. These drills aimed to spotlight and rectify potential vulnerabilities in training, systems, and procedures, significantly lowering the risk of real-world security breaches. Moreover, I crafted Incident Response and Continuity of Operations plans for a spectrum of operations, focusing on areas from cash center activities to the logistics of cash handling. This work involved a detailed examination of existing protocols to pinpoint and mitigate vulnerabilities to cyber threats, ensuring robust procedures were in place to enhance resilience against cyber-attacks and safeguard assets and personnel.

Booz Allen HamiltonAssociate / Project Manager

Mar. 1998 - Oct. 2005In my capacity, I was charged with fortifying the network security framework for various Intelligence Community (IC) agencies, involving intricate design and setup of firewalls, configuring intrusion detection systems, and architecting a network of over 10,000 nodes. My focus was on bolstering network security to ensure a secure operational environment for the agencies. I addressed the challenge of engineering boundary protection for a global collateral network, requiring an in-depth understanding of worldwide network security threats. My innovations in this area not only strengthened the network’s security posture but also enabled secure global communication and data exchange. Following the need for adept crisis management, I established a crisis response team at the National Geospatial-Intelligence Agency (NGA), crucial in responding to events like the September 11 attacks and the Space Shuttle Columbia disaster in 2003. This initiative highlighted the value of a skilled response team in managing the fallout from unforeseen events. Additionally, I led a team of 14 network and systems engineers, overseeing the completion of over 150 projects in two years. This achievement demonstrated our team’s expertise and the effectiveness of our leadership and strategic planning. Together, we significantly enhanced network performance and security, playing a key role in supporting critical IC missions.

US NavyRM3

Jan. 1994 - Jan. 1998In my tenure with the US Navy, I achieved significant milestones, including becoming the second individual to attain the RM21 designation, which unified the Radioman and Data Processor rates. This distinction allowed me to develop a broad expertise in satellite communications, networking, and cryptologic technologies, establishing me as a leader in military communications. I further enhanced my skills through cross-rate training as a Cryptologic Technician (Communications), enabling me to manage cryptographic communications on the USS Mount Whitney (LCC-20), vital for TS/SCI level operations. My contributions were pivotal in maintaining the security of high-level communications, crucial to naval intelligence. A key achievement was my development of a Microsoft Windows NT 4.0 network for the USS Mount Whitney's Intelligence Center, which became a benchmark for the division. Additionally, I led the deployment of the first Intrusion Detection System in collaboration with the Fleet Information Warfare Center, significantly boosting our cybersecurity measures. As the Terminal Area Security Officer for Intelligence systems, I ensured the security and integrity of our intelligence infrastructure, managing system inventories and implementing antivirus measures. My role as a Tech Control satellite communications technician, handling patch panel configurations and crypto installations, further demonstrated my technical expertise. Promotions to various supervisory positions allowed me to hone my leadership skills, guiding my teams toward achieving excellence and fostering a culture of innovation. My service concluded with an Honorable Discharge, marking my participation in Operation Uphold Democracy and affirming my commitment to my country. This experience not only showcased my technical and leadership capabilities but also deeply instilled in me the values of dedication, innovation, and resilience.

Intch is a Professional Networking App for the Future of Work

100k+ people

130+ countries

AI matching

Get Intch if you'd like to

📝

Get Recommended to New Customers

👋

Connect with Like-Minded People

💸

Raise Capital

🚀