Noah Walley

Cloud Security Advocate — Securing Digital Frontiers

Profile

Noah Walley

Cloud Security Advocate

Dynamic and results-driven IT professional with over 15 years of experience in information assurance, security testing and evaluation, compliance standards, and continuous monitoring. Demonstrated success in executing comprehensive IT security initiatives, including planning, analysis, and implementation of solutions to meet compliance objectives. Expert in providing detailed IT security documentation, conducting control assessments, and managing projects through their full lifecycle. Recognized for a keen ability to deliver effective and compliant security solutions that enhance organizational resilience and integrity.

Resume

Employment

IBM

Cybersecurity Delivery Leader

12.2018 - Present

Expert-Level Security Consulting: Provided advanced security consulting for over thirty cloud solutions within AWS, MS Azure, and IBM Government cloud environments.
Thought Leadership: Executed Go-to-Market strategies, responding to federal solicitations with a focus on cutting-edge security solutions.
Modern Security Solutions: Specialized in Hybrid Cloud Architecture, Cloud Agnostic Security Solutions, Cloud Native Security Services, Automated Security Incident Detection/Prevention, and AI-driven cybersecurity maturity.
Team Building & Comradery: Fostered a collaborative work environment, promoting strong team dynamics and mutual support.
Advocacy for Continued Education: Championed ongoing professional development and continuous learning to keep teams at the forefront of cybersecurity advancements.

Apex Consulting Services Group

Security Compliance Manager

12.2015 - 12.2018

Team Leadership: Managed a team of analysts preparing FISCAM Security Assessment Plans (HHS Cycle Memos).
Compliance & Audit Readiness: Developed NIST/FISCAM Control-to-Artifact mapping, revised access control and SA&A policies to comply with NIST SP 800 series, and conducted internal audit readiness, including validation of FISCAM controls, development of test plans, and Corrective Action Plans (CAPs).
Control Testing: Performed Test of Design and Operating Effectiveness for FISCAM controls at DCMA and tested third-party controls impacting security.
Internal A-123 Evaluations: Conducted 2016 & 2017 evaluations using hybrid NIST SP 800-53 and FISCAM controls per HHS FFMIA policies.
Documentation & Communication: Created test sheets detailing objectives, control implementations, and results. Communicated compliance gaps and recommendations to leadership.
Management Assertion Development: Developed IT components for DCMA’s SSAE No. 16/18 SOC 1 – Type 2 reporting compliance.
Inter-Agency Coordination: Worked with DFAS, DISA, and DLA to support OUSD FIAR Directorate’s assertions with valuable feedback.

Network Security Systems Plus

Cybersecurity Analyst

10.2014 - 11.2015

SA&A Roles & Responsibilities: Established roles for System Assessment and Authorization (SA&A) activities.
FIAR Response Program: Created and managed the DCMA Information Assurance FIAR Response Program, improving SSAE No. 16 audit results.
Internal Audit Support: Supported the FY2015 FIAR Internal Audit by handling artifact requests, reviewing artifacts, and verifying compliance with FIAR objectives.
Risk Assessment Program: Co-developed a Risk Assessment Program aligning with DoDi 8510 Risk Management Framework, NIST SP 800-37, and NIST SP 800-30.
Vulnerability Analysis: Analyzed ACAS & Security Center scan results, identified false positives, and provided remediation actions to ISSMs via Risk Assessment Reports.
STIG Implementation: Determined DISA STIG/SRG requirements and assisted ISSMs with implementation benchmarks.
Project Management: Led weekly project status meetings and provided key metrics.
Technology Integration: Developed processes for securely introducing new technologies to the DCMA environment and reported security risks to ISSMs.

Certifications

Certified Information Security Manager
2022

Security+ CE
2014

Cybersecurity Domains

Security Assessment & Testing

Security & Risk Management

Asset Security

Communication & Network Security

Security Operations

Security Architecture & Engineering

Identity & Access Management

Software Development Security

Cybersecurity Standards

CSF | NIST SP 800-3715

DS&P | NIST SP 800-5315

RAR | NIST SP 800-3015

DISA STIGs7

DoD RMF | DoDi 8510.016

CUI DS&P | NIST SP 800-1716

FedRAMP5

ZTA | NIST SP 800-2072

Security Tool Proficiency

Vulnerator

STIG Viewer

Excel

Xacta

eMASS

ServiceNow

Qualys VMDR

Tenable.sc

Prisma Cloud CSMP

Panorama

Guardium DB

AWS Security Hub

HP Fortify

SonarCube

Splunk Cloud SIEM

Qradar SIEM

Network DLP

TrendMicro

Crowdstrike

Windows ATP

OpenSCAP

Wireshark

Bitlocker

LucidScale

LLM AI