PDF of resume Available: HERE

Cybersecurity and Critical Infrastructure Resilience Resume / CV: Jack Whitsitt

KEY TERMS

Critical Infrastructure Protection, National Cyber Security, SABSA, Public/Private Partnership, HSPD-7, PPD-21, NIPP, CIPAC, SSA, SCC/GCC, Inactive Top Secret SCI Clearance, Government, Electric Sector, Transportation Sector, Pipelines

 SOFT SKILL SPECIALITIES

Education; Outreach; Training; Framework development; Communication Improvement; Facilitation; Threat Modeling; Risk Management; Research; Problem Space Assessment & Refactoring

SUMMARY

Jack Whitsitt possesses a breadth of security knowledge and strategic vision. His unusual combination of hard technical, public/private partnership development, facilitation, and national risk management experience allow him to provide particular insight into and leadership of strategic organizational, sector, and national cyber security initiatives.

Further, his experience and skill at developing and providing targeting training and education opportunities to a variety of audiences allows him to effectively communicate his knowledge and to positively affect behavior, culture, and outcomes within organizations.

A participant in the national critical infrastructure protection dialogue for a number of years, Jack has also provided regular advice, insight, and thought leadership to all levels of government, industry associations, and individual businesses.  He has been responsible for several successful initiatives spanning entire industries (such as transportation and oil & gas pipelines).

 NOTABLE SUCCESSES

  •  Publicly identified by Tripwire as “One of the top 10 Rising Stars and Hidden Gems in security education” (2013)
  • Developed and taught successful paid class on Cybersecurity framework development and integration techniques (2013)
  • Assisted with development, implementation, and day to day execution of program to train 50,000+ government employees in basic cyber security
  • Provided substantial leadership and input into the first ever national transportation cyber security exercise (2011)
  • Co-Organization of 2011 Cyber Security in Transportation Summit with 300+ attendees from private industry and government and 30+ international speakers from hackers to senior government officials such as the CIO of the CIA. (2011)
  • Substantial participation in, interpretation of, and support for various activities surrounding White House Executive Order — Improving Critical Infrastructure Cybersecurity and the NIST Framework development process – including public comments highlighted by a for-pay news publication. (2013)
  • Proposed and led early Pipeline Industry (50+ companies) adoption and implementation of DHS developed sector risk management initiative, CARMA (2012-2013)
  • Received federal agency’s highest recognition  – the Honorary Award – as part of Critical Infrastructure Cyber Security Team (2012)
  • Collaborative strategy for cyber security in the transportation sector to be used by industry and government (2012)
  • Improved, more strategic agency approach to agency’s NIPP/HSPD-7 cyber security responsibilities  (2009-2012)
  • Chairman of the Board of a 501c3 arts non-profit (Art Outlet, 2007)

 TECHNICAL ACHIEVEMENTS

  • Software which makes art out of brainwaves recorded by consumer EEG-reading headset (2010)
  • Open-source software implementing completely new method for visualizing network packet captures (Pkviz, 2008)
  • Large data security visualization methodologies ultimately used by ArcSight in developing their Interactive Discovery tool (2004/6)
  • Statistical anomaly detection & correlation add-on to ArcSight SIEM (still in use today) using long distance calling fraud detection engine (2004/5)
  • Groundbreaking open-source active-response honeypot security software (Bait and Switch, 2003)

SPEAKING ENGAGEMENTS (Partial List)

  • FIRST Energy Summit, Small & Medium Sized Utility Cybersecurity Considerations, VA, 2013
  • B-Sides DC, Critical Infrastructure Protection Panel, DC, 2013
  • ISSA-DC, Introduction to National Cybersecurity and Critical Infrastructure Protection, DC, 2013
  • Florida Natural Gas Association, Cybersecurity Panel, FL, 2013
  • Energysec Summit, Using Frameworks to Enhance Security and Compliance, CO, 2013
  • Source Boston, Cyber Momentum – Understanding & leveraging the National Dialogue, Boston, 2013
  • Cyber Security in Transportation Summit, Moderated Risk Management Panel, Washington DC, 2012
  • NATO – Emerging Energy Security Challenges, Cyber Security Isn’t Really Cyber, Tbilisi, 2011
  • B-Sides Chicago Hacker Con, Human Attribute Cyber Security, Chicago, 2011
  • Energysec Summit, Executive Responsibility in Cyber Security, Denver, 2010
  • DoD/JTF-GNO Joint Information Assurance Tech Exchange, Data visualization for network security, Washington DC, 2005
  • Recon Reverse Engineering Conference, Massive Data Visualization for the purposes of monitoring IDS, Montreal, 2005
  • Northeastern University‘s ACM Speaker Series, Massive Data Visualization for the purposes of monitoring IDS, Boston, 2005
  • Rubicon Hacker Con, Aggressive Honeypots, Detroit MI, 2003

 EMPLOYMENT AND WORK HISTORY

Energysec/NESCO | 07/2012 – Present | Principle Analyst

Assist in building a non-profit’s ability to improve the state of the U.S. Electric Sector’s cyber security through outreach, community building, education, and technical capabilities. Ongoing activities include participating in White House Executive Order and NIST Framework efforts (including White House and DHS leadership engagement), developing and providing educational cybersecurity products, services, and capabilities for under-served small electric utilities.

DHS/TSA | 11/2010 – 07/2012 | National Cyber Critical Infrastructure Protection, Awareness, Outreach 

Provided cybersecurity training, outreach, and education to TSA’s entire federal workforce (50,000+), with a focus on TSO’s stationed at airports throughout the country.

  • Helped develop and teach in-person classroom and ad-hoc training, including strategies (such as using a game format and tying personal concerns to professional requirements) to encourage strong end user engagement in training process
  • Developed standalone short training materials to be distributed to end-users
  • Edited monthly security newsletter

Enhanced TSA’s cyber security role with private industry as the Transportation Sector Specific Agency (SSA) under the National Infrastructure Protection Plan (NIPP)/Homeland Security Presidential Directive 7 (HSPD-7). Responsibilities included:

  • Developed strategic consensus on cyber security topics across multiple organizations, industries, stakeholder seniority levels, and backgrounds
  • Facilitated identification, prioritization and coordination of federal cyber security activities within transportation sector
  • Designed and gained support for implementation of sector-wide risk management program
  • Promote and coordinate cyber security awareness of owners, operators
  • Provided program level guidance for Critical Infrastructure (CIKR) protection to transportation and cross-sector communities
  • Encouraged private industry participation in non-mandatory initiatives
  • Facilitated development of sector information sharing programs and mechanisms
  • Developed agendas for and co-lead monthly national Transportation Systems Sector Cybersecurity Working Group (TSSCWG)

Kingfisher Systems – TSA Contract | 08/2010 – 11/2010  | National Critical Infrastructure Cyber Security Expert

EnhancedTSA’s cyber security role with private industry as the Transportation Sector Specific Agency (SSA) under the National Infrastructure Protection Plan (NIPP)/Homeland Security Presidential Directive 7 (HSPD-7)

Securicon (1099) | 06/2010 – 07/2010  | Control Systems Incident Consultant 

Short 1099 contract to Securicon to investigate customer control systems (SCADA) incident. Utilized technical log analysis, scripting, visualization, presentation, and control systems security knowledge to determine potential root cases and present to executive leadership.

Idaho National Lab (INL) | 09/2009 – 06/2010  | ICS-CERT Liaison to DHS NCCIC/US-CERT

Supported Industrial Control Systems CERT (ICS-CERT) at the DHS National Cybersecurity and Communications Integration Center (NCCIC). Responsibilities included responding to and analyze control systems (SCADA) related incidents, providing situational awareness in the form of actionable intelligence, coordinating the responsible disclosure of vulnerabilities/mitigations, sharing and coordinating vulnerability information and threat analysis through information products and alerts, contributing to ICS-CERT & NCCIC CONOPS, and providing ICS-CERT briefings to senior cyber leadership of DHS, FBI, DOD including ongoing investigations and onsite incident response efforts.

KCG – TSA Contract  | 09/2008 – 09/2009  | National Critical Infrastructure Protection Cyber Security Expert 

Enhanced TSA’s cyber security role with private industry as the Transportation Sector Specific Agency (SSA) under the National Infrastructure Protection Plan (NIPP)/Homeland Security Presidential Directive 7 (HSPD-7)

KCG – TSA Contract  | 09/2008 – 09/2008 | Senior Enterprise Information Security Architect

Utilized Federal Enterprise Architecture (FEA) and SABSA Enterprise Security Architecture knowledge to provide NIST and FISMA-driven security policy, engineering, and compliance services to TSA.

Lockheed Martin at FBI | 07/2006 – 09/2006  | SOC Shift Lead

Provided ArcSight SIEM correlation and SOC CONOPS experience to enhance the FBI’s internal SOC team. Work with ArcSight administrator, ESOC lead, and other team members to develop ArcSight rules, channels, and analysis methodology. Oversee second-shift contractors and provided senior level analysis escalation.

Netsec | 10/2003 – 07/2006 | Correlation Architect, CSIRC Lead, Security Engineer, SOC Analyst

Hired by NetSec MSSP (now a part of Verizon Business) as a senior SOC analyst. Repeatedly rewarded for outstanding analysis capability and then promoted to multi-disciplinary Tier 3 team charged with improving the SOC through technology, process, training, and customer service.  Specialized in developing analysis methodology, advanced automated data correlation and filtering techniques, and leading development/selection and integration of custom tools. Also led client operational relationship with large government Incident Response Coordination contract.

Perot Systems | 10/1998 – 10/2003  | IT and Desktop Engineer

Provided desktop, IT, development, system administration to large IT consulting firm in multiple locations throughout the US, including an Army Depot location tasked with neutralizing VX nerve agent.

Jack Whitsitt | @sintixerr | sintixerr@gmail.com | 703-409-9366 | Washington, DC