Alton Rehberg

Certified information security professional with over 15 years of experience within multiple security roles as defined by NIST to include Security Control Assessor (SCA), Information Assurance Engineer (IAE), and Information System Security Engineer (ISSE).  Strong communicator well versed in the NIST RMF, with a knack for distilling complex ideas into comprehensive assessment reports, relevant policy, and informative presentations for technical and nontechnical audiences.  Strong leader with experience managing security initiatives for large, heterogenous enterprise information systems comprised of thousands of hosts and serving thousands of users.  An energetic self-starter who thrives in team environments delivering outstanding customer-focused results with minimum supervision.

Information System Security Engineer (ISSE); CACI/BITS; October 2018 to January 2025

• Information System Security Engineer (ISSE) with security oversight of an Intelligence Community (IC) organization's Research and Development (R&D) assets comprised of the following technologies: RHEL 9.x, Windows Server 2022, Docker Containers, Kubernetes, Cisco, Juniper, ESXi, VMWare, Ansible, Puppet, Oracle, AWS, Splunk, HBSS, Nessus Manager…
• Responsible for compliance with all relevant security policies and directives as defined by NIST, FISMA, FIPS, NSA, NRO, DoD and other regulatory agencies within the federal government. 
• Directed system engineers with respect to levied security controls and their mitigation, maintained asset Service Now records, drafted all security documentation to include System Security Plans, Certification Test Plans, Contingency Plans, Plan of Action and Milestones, and all other documentation as required.
• Worked with CIO and Designated Approval Authority (DAO) in maintaining asset Authorities to Operate (ATO) through near real time system audits using internal tools like puppet and external tools like, Splunk, Nessus scans, and privileged user activity tracking software.
• Worked with engineers to ensure asset integration with monitoring and audit tools to include Splunk, EVSS (Nessus), Host Based Security System (HBSS) and other organizational-specific applications. 
• Conducted status meetings in which MS Office Suite applications - Excel, PowerPoint, and MS Word - and JIRA/Confluence pages were leveraged to apprise leadership of complexities influencing security with ATO, asset recap, and functional requirement impacts.

Information Assurance Engineer (IAE); General Dynamics Information Technology Division (GDIT); May 2015 to October 2018

• Information Assurance Engineer with security oversight of ~100 organizational assets with an emphasis on secure integration with infrastructure at customer location; Assets leveraged a wide range of technology include RHEL, Windows Server, ESXi, VMWare, AWS, Nagios, Puppet, Cisco, Juniper, Oracle DB, Postgres, Docker, Kubernetes…
• Created a Security Situational Awareness Report (SSAR) tool for tracking the security posture of assigned assets; tool referenced other organizational tools/reports to track ATO status and open POAMs; SSAR tool was leveraged by leadership when making GO/NO GO decisions at system development milestones.
• Reviewed Requests for Change (RFCs) to assigned systems and ensured new systems and systems undergoing security-relevant change did not present an unacceptable risk to operations.
• Ensured system security baselines were commensurate with organization policies and directives and were in keeping with the organization's security vision and information technology strategy.
• Ensured assigned systems leveraged newly implemented enterprise security services and were compliant with service-oriented architecture (SOA) integration expectations.
• Advised leadership on potential threats, addressed engineering concerns, and suggested workarounds that allowed for mitigation of assigned security controls while allowing systems to meet contracted functional requirements.
• Aided in the secure implementation of security systems and tools.
• Conducted system audits and drafted reports on the security of systems as needed.
• Presented findings and potential solutions to leadership as required.

Security Control Assessor (SCA); General Dynamics Advanced Information Systems Division (GDAIS); June 2009 to May 2015

• Security Control Assessor (SCA) responsible for the objective assessment of all assets (100+) at a federal government field location.
• Handpicked by leadership to join tiger team for transition from DCID 6/3 certification and accreditation methodologies to the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
• Authored whitepapers and other situational awareness reports that influenced modernization of network and system polices to better align with virtualization and, ultimately, cloud computing.
• Participated in pilot program for the adoption of the XACTA analytical engine and RMF database.
• Engineered and presented an early solution to tracking security controls across dependent systems in virtual and cloud environments at IT industry working groups like CAISSWG and the organization’s engineering working group: i.e. hybrid and common controls as described in NIST 800-53 and listed in CNSSI 1253.
• Reviewed early drafts of the organization’s Information Assurance Standards Document (IASD) which is an agency-specific adaptation of CNSSI 1253 that aids in modification of the “high-watermark” categorization system deployed by NIST, as it would be too costly to an organization in which “high” Levels of Concern (LOC) are the norm.
• Objectively assessed the security of the approximately 100 systems assigned to the field location and wrote detailed Security Assessment Reports (SARs) to clearly capture security control shortfalls and address the risk associated with those shortfalls allowing for informed authorization decisions.
• Advised program ISSEs and system engineers on security requirements and organizational security processes.
• Wrote reports informing leadership of potentially dangerous trends identified during security testing, audits, and assessments.

Field Engineer; Northrop Grumman Electronic Sensors Division; January 2003 to June 2009

• System engineer on a multi-million-dollar heterogeneous information system comprised of HPUX, IRIX, Solaris, Windows, and CISCO IOS operating systems; hardware was CISCO, Sun Microsystems, HP, SGI, and NetApp.
• Worked as system TASSO/ISSO, responsible for system security, security audits, and security plans.
• Worked to resolve system problems to limit downtime while in mission.
• Performed periodic maintenance of critical equipment; performed system backups and recoveries as necessary.
• Wrote mission reports and advised leadership as appropriate.
• Worked with customers to ensure timely data collection and product quality.

Squadron Training Manager; United States Air Force, Davis-Monthan AFB, AZ; December 2001 to December 2002

• Training Manager responsible for drafting training documents, maintaining training systems, and conducting qualification training for USAF personnel assigned to the 51st Communications Squadron.
• Advised squadron leadership regarding training and training objectives.
• Maintained squadron training records.

System Administrator; United States Air Force, Osan Air Base, ROK; December 2000 to December 2001

• Assigned to the 501st Communications Group as System Administrator for a multi-million dollar, Unix-based, Theater Battle Management System comprised of over 200 workstations located at multiple locations throughout the Republic of Korea.
• Was the TASO for the system, supervising and training newly assigned personnel on the system as required.
• Equipment custodian for an account totaling over $10 million in IT assets; conducted equipment inventories.
• Conducted O&M of Sun Microsystem servers and workstations running Solaris OS.
• Maintained Cisco-based, closed network for servers and mission critical workstations.
• Administered user accounts and conducted user training.
• Conducted system backups and audits.

Information Technology Instructor; United States Air Force, Keesler AFB, MS; November 1996 to November 2000

• Trained over 500 students annually in a 14-week tech school that consisted of 7 blocks of instruction and contained the following: Microsoft and Unix operating systems, networking (Cisco Semester 1 equivalent), scripting, computer configuration and repair, basic electronics, and information assurance.
• United States Air Force Technical Schools in Information Systems through Level 7, 1994 - 2002
• CISSP-ISSEP in good standing; ISC2 Certification Number 454221
• Occupational Instructor Certificate
• Subject Matter Expert (SME) responsible for maintaining classroom equipment and developing training materials to Instructional System Development (ISD) standards to include student texts, lesson plans, and testing materials.
• Consulted students and maintained student records.
• Recommended course improvements to leadership.

• Master of Science in Information Technology, Capella University, 2005-2007
  • Major: Network Engineering and Design - Summa Cum Laude
• Bachelor of Arts, New Mexico State University, 1987-1992
  • Major: Journalism and Mass Communications
• United States Air Force Technical Schools in Information Systems through Level 7, 1994 - 2002
• CISSP-ISSEP in good standing; ISC2 Certification Number 454221