Pascal Passigan

• Collaborated with executives in defining, building, and implementing architectural services to meet Center of Medicare and Medicaid Services (CMS) cloud migration strategy, so that the Enterprise is cheaper to operate, easy to use, and faster to deliver, and within the framework of the White House Cloud Smart Initiatives (CSI) scoping Data Security, Workforce, and Procurement leveraging TOGAF.
• Enabled DevSecOps and defined CI/CD pipelines and Infrastructure as a Code ecosystems for better delivery agility and time saving in the target environment.
• Estimated cloud services investment costs and advised product owners as required.

• Managed the team comprising of security architects, engineers and analysts to achieve the business objectives in a record time and within budget
• Established a multi-year roadmap for maturing the functions around key indicators for performance measuring and monitoring.

• Defined security strategies for Transportation Security Services (TSA) to support an established governing risk framework for system’s Approval to Operate.

• Collaborated with product owners and government executives on improving risk management.
• Developed teams of security control assessors, engineers, analysts, information security officers in implementing better security programs.

• Oversaw the overall organizational security assessment program; planned deliverable based on the Statement of Work. Drafted schedules, assigned and reviewed work.

• Provided oversight for the security program of the Department of Homeland Security Financial Management system.

• Developed security features such as Identity and Access Management, PKI, Single-Sign- on, Two factor Authentication, in order to enhance the assurance level and the resilience of the Enterprise.
• Designed various security reference models and solutions blocks to minimize the impact of exploited vulnerabilities, and served as senior security adviser to all business units under the DHS Financial Management Office, and conducted data privacy reviews for both existing and planned systems
• Collaborated with engineers managing the Wide Area Network, VPNs, Routers, firewalls, Intrusion Detection and Prevention Systems, Security Incident Event Management (SIEM) systems, Data Leak Prevention systems, Forensic Analysis system, and PKI systems.

• Served as the desk officer for responding to security audits inquiries from external providers such as KMPG and Deloitte.

• Designed the security strategy for BTG Cybersecurity offerings, using ISO27001, and supported DHS ESDO program office on FISMA at DHS Headquarter level.

• Developed cloud security solutions to strengthen DHS AWS cloud environment for Business Intelligence (BI), Identity Credential Access Management (ICAM), TSA Pre, and other General Support Systems and Major Systems.
• Designed architectural and reference models in the areas of business, data, application, technology, and governance, using TOGAF.
• Led FedRAMP authorization efforts on assigned systems

• Developed and implemented the Computer Security Incident Response Plan and led the C- SIRT team to contain, investigate, and prevent future system breaches.

● Managed CSC Information Security teams of engineers, analysts and principals to support government security operations on assigned projects/programs at client sites.

● Led the design and development of multiple government security programs for the security of the United States Government critical national infrastructures for the protection of the nation. Established Key Performance Indicators (KPI's) using

Capability Maturity Model (CMM) and strove to achieve level 4 on each project. Formally reported project performance to CSC upper management and government executives.

Have led the following projects:

• Designed and implemented the Trusted Interconnection (TIC) for the Social Security Administration (SSA) network pipe to provide trusted connection to the rest of the Federal Government.

• Developed governance, risk management and compliance schemes to control business units processes, functions and roles in order to eliminate social security benefits frauds.
• Acquired and developed staff to operate the security services implemented and the security appliances to support them, such as Arcsight and NetWitness.

• Performed project review and isolated areas needing improvements, including hiring and termination.
• Installed a new security governance process, which reduced customer complaints by 90%.
• Managed the day-to-day operations of the security department and developed the team processes and equipment such as firewall, intrusion systems, Security Incident and Event Management (SIEM) systems

• Conducted annual reviews and rewarded team members based on merit

• Designed and developed security program to secure the Arrival Departure Information System (ADIS) used to track foreigners entries into the United States.
• Established GRC model to govern the Interconnection Security Agreement (ISA) between the local CSC infrastructure and the DHS OneNet.
• Provided secure code review analyses throughout the application development life cycle to developers.
• Deployed innovative system access restriction scheme to reduce vulnerability.

• Implemented Disaster Recovery program and assigned emergency roles to staff.

• Developed information security service offerings to support multiple customers, using the Unified Compliance Framework.

• Deployed a laboratory to evaluate vendors’ high end security tools.
• Captured $2.5 millions worth of business within 3 months of tenure.
• Established key indicators, using Earned Value Management to monitor performance.
• Grew the team from 3 FTEs to 25 in less than six months.

The UMMS was a $1.9 billion dollars organization that sought to establish its security program for the first time.

• Implemented the security program for HIPAA, JCAHO, and PCI DSS frameworks.
• Wrote the security charter, and let the development of multiple security policies and standards that formed the basis of the information security enterprise.
• Built the Incident Response program, the Security Training & Awareness program, the Patch Management program, the Disaster Recovery program, the Data Leak Prevention, and more.
• Managed 10000+ users/devices, and increased cultural security awareness.
• Issued RFI/RFP’s to vendors and reviewed responses.

Acquired, and integrated high end security appliances such as Tippingpoint IPS, Core Impact, Data Leak Prevention technologies.

• Led teams of network engineers a military installations worldwide.
• Designed and deployed multiple Local and Wide Area Networks.
• Conducted briefings with headquarters’ directors about secure networks.
• Designed and developed system security features to resolve system availability disruption caused by Y2K leap year anomaly.
  Conducted Certification and Accreditation on Army systems using DITSCAP framework.

• Nominated to undergo NSTISSI 4011 and CIO Program in Information Assurance at the National Defense University, Information Resources Management College at Fort McNair to specialize in the CIO Core Competencies.

M.S. in Computer Information Systems

Strayer University - Arlington, VA

2002

Diploma in Information Assurance

National Defense University - Washington, DC

2002

B.S. in Computer Information Systems

Strayer University - Arlington, VA

2001