Richard Carlton

Provided ISSO/ISSE subject matter expertise for US Navy/NAVAIR DIARMF/NIST RMF authorization and accreditation for assigned computer systems. Produced security control assessment reports, SSPs, risk assessment reports, and conducted monthly POA&M reviews using eMASS and Tenable Nessus/ACAS.

Led an automotive transmission re-manufacturing business, managing employees, assets, operating budgets, contracts, and PCI-DSS compliance. Built manufacturer relationships and delivered training to wholesale distributor sales teams, increasing sales by 22%.

Supported US Navy/NAWC-AD Rapid Capability engineering as an Information Assurance lead for the RATS team. Designed IA-certified laboratory spaces and served as ISSM and system administrator for lab laptops and servers.

Served as an Echelon II IA Analyst/Senior Cyber Security Analyst and CS/IA team lead supporting US Navy/NAVAIR efforts to transition from DIACAP to DIARMF. Facilitated NIST/DIARMF-based authorization and accreditation as ISSE/ISSO for Navy computer systems.

Supported DHS NPPD as a functional analyst for the Chief Information Security Office (CISO), authoring SOPs, policies, guidance, and training plans for directorate-level security needs. Performed POA&M management and security control assessments aligned to NIST 800-37/800-39 using Xacta.

Supported US Navy JTDI 2.0 as an ISSM/IAM, providing weekly FISMA reporting and producing POA&M actions from vulnerability scan results. Managed DIACAP and RMF certification and accreditation activities and maintained system vulnerability and mitigation documentation using VRAM.

Implemented the transition of DIACAP C&A processes to DIARMF to support an OSD environment while maintaining secure ATO posture. Audited security controls for existing systems, advised engineers on security requirements, and supported DAA/VMS vulnerability management and reporting.

Served as a cyber risk management SME for OSD OCIO, producing system security architectures and guidance using Nessus scanning and client interactions. Developed RMF introduction guidance for DoD and supported updates to eMASS for FISMA reporting, including SECaaS design support.

Developed department-level cyber risk management policy for NNSA headquarters and subordinate facilities in alignment with NIST 800-37 and NIST 800-39. Supported interviews and documentation using NIST SP 500-53 and NIST SP 800-53A guidance.

Ensured FISMA compliance by providing DIACAP/RMF-based certification and accreditation support in accordance with applicable DoD and Navy guidance. Interpreted Gold Disk and Retina scan data and mitigated POA&M findings to address system weaknesses.

Supported government clients with DIACAP/RMF-based C&A to meet FISMA requirements using NIST 800-37/800-53/800-53A and related guidance. Researched allowable devices for engineering teams and created and submitted C&A documentation using approved templates.

Provided RMF-based authorization and accreditation support for U.S. State Department systems to meet FISMA requirements. Tracked updates using Remedy, supported continuous monitoring using IPost data, and used DISA Gold Disk scan data for security posture review.

Served as Chief of Helicopter Maintenance Branch logistician functional area manager, managing personnel and equipment for AFDW helicopter maintenance. Participated in VIPSAM planning and the source selection team, and coordinated and tracked annual training requirements for 200+ personnel.

Earned a Bachelor of Science in Information Assurance from the University of Maryland University College (College Park, MD).

Earned an Associate of Science in Aviation Maintenance Technology from the Community College of the Air Force (Maxwell AFB, AL).

Earned an Associate of Arts in General Studies from the College of Southern Maryland (La Plata, MD).