Fattis N. Mann, Developer in Orlando, FL, United States
Fattis is available for hire
Hire Fattis

Fattis N. Mann

Verified Expert  in Engineering

Information Security Executive and Developer

Location
Orlando, FL, United States
Toptal Member Since
February 10, 2023

Fattis is one of the most talented and seasoned information security executives in the market today. Having worked as a vCISO and a BISO director of business enablement and resilience for a Fortune 500, he brings together solid project management, communication, and documentation skills, specifically leveraging cybersecurity in business settings. Fattis is CAP, CDPSE, CISSP, and CRISC certified and is highly effective in communicating cybersecurity to both technical and non-technical staff.

Portfolio

Computer Data Services, LLC
Cybersecurity, Database Security, IT Security, Security, Application Security...
Science Applications International Corporation (SAIC)
CISO, Governance, Risk, Compliance, Teams, Zoom, ISO 27002, ISO 27001...
JetBlue
CISO, BIA, Risk, PCI, Disaster Recovery Plans (DRP), PCI Compliance...

Experience

Availability

Full-time

Preferred Environment

Windows, Zoom, Teams, CISO, ISO 27001, Information Security, Cybersecurity, IT Security, Compliance, Security, Certified Information Systems Security Professional

The most amazing...

...project I've led involved building a BISO team, aligning 60 champions across nine BUs to help the enterprise accept the use of disruptive security technology.

Work Experience

IT Security Engineer/Consultant for a Social Help Platform

2023 - 2023
Computer Data Services, LLC
  • Conducted a security risk assessment of the Social Help Platform which was a review of the as -is network, application, third party IVR and database security controls.
  • Identified data base service account access risks, website security controls enhancements, access and authorization administration risks and made recommendations for remediation.
  • Provided organizational security strategy and initiative roadmap components to drive an audit once and report many attestations to customers and business partners.
Technologies: Cybersecurity, Database Security, IT Security, Security, Application Security, Amazon Web Services (AWS), Interactive Voice Response (IVR), MySQLdb, .NET, VPN, Azure, Security Architecture, People Management, Architecture, Cloud Architecture, DevOps, Certified Information Systems Security Professional, Network Security, Leadership, Azure Cloud Security, Cloudflare, Azure Network Security Groups

Cybersecurity and Business Resilience Director

2013 - 2023
Science Applications International Corporation (SAIC)
  • Built the first Business Information Security Office (BISO) team to manage cybersecurity. Although we were a Windows endpoint and an Azure platform standard enterprise, we evaluated and deployed MacOS endpoints and AWS as BU/department standards.
  • Integrated the business resilience and disaster recovery teams to align cybersecurity with a budget of $4.7 billion in the defense and civilian sector and $2.7 billion in national security and space.
  • Deployed secure technologies to transform the 27,000-member workforce from 80% on-site to remote, post-COVID, reducing the brick-and-mortar footprint recurring investment by $20 million without compromising company and customer data or health.
  • Sourced positions for the BISO team to represent cybersecurity on in-process reviews (IPRs) for all programs above $750 million to $1 billion in contract values.
  • Promoted better cyber hygiene through cybersecurity communication, awareness, resilience, and training.
  • Launched the first governance, risk, and compliance (GRC) organization, integrating former internal audit and cyber compliance personnel and functions.
  • Led the security integration team through the $2 billion Scitor M&A to perform post-acquisition security network connectivity.
  • Introduced a SOX monitoring solution to the risk management team and directed the review of all legacy SAIC applications. Insourced incident response (CIRT), security operations center (SOC), and SOX monitoring functions from Leidos Cyber BU to SAIC.
  • Approved all program and developer-specific non-enterprise standard technology requirements by risk-based exception management and alternative architecture designs and implementations (e.g., micro-segmentation, NSVPNs, open source, sandboxes, et al.).
Technologies: CISO, Governance, Risk, Compliance, Teams, Zoom, ISO 27002, ISO 27001, Application Security, Information Security, Cybersecurity, IT Security, Security, Azure, AWS HA, MacOS, Amazon Web Services (AWS), Intrusion Prevention Systems (IPS), Web Security, Mobile Security, Google Cloud Platform (GCP), Intrusion Detection Systems (IDS), Java Security, React, Cloud Security, DDoS, Configuration Management, Risk Assessment, Stakeholder Management, IT Deployments, Security Architecture, People Management, Architecture, Cloud Architecture, DevOps, Certified Information Systems Security Professional, Network Security, Leadership, Azure Cloud Security, Cloudflare, Azure Network Security Groups

Senior PCI Security Consultant

2011 - 2013
JetBlue
  • Addressed compliance issues, including the lack of an existing compliance program for managing credit card transaction processes. Conducted a risk assessment for the cardholder data environment (CDE) and defined the POS and device requirements.
  • Defined the 21,000 node CDE by compiling the CDE's device inventory and pricing and budgeting security tools—enabling us to make purchases based on a CDE risk assessment and attestations of compliance from JetBlue business partners and suppliers.
  • Developed a $3 million budget strategy for security tools. Secured $1.9 million in consultant fees, creating the 1st ROC and ending quarterly fines of up to $100,000 to VISA and MasterCard before the granting of a Trustwave quality security assessor.
  • Completed monthly PCI DSS compensating control worksheets, self-assessment reports, and compliance requirement checklists until ROC was granted. Maintained PCI cyber activity/posture to support the company's first QSA-certified ROC.
Technologies: CISO, BIA, Risk, PCI, Disaster Recovery Plans (DRP), PCI Compliance, Vulnerability Management, Application Security, Information Security, Cybersecurity, IT Security, Compliance, Security, Intrusion Prevention Systems (IPS), Web Security, Mobile Security, Intrusion Detection Systems (IDS), Java Security, Cloud Security, DDoS, Configuration Management, Risk Assessment, Stakeholder Management, IT Deployments, Security Architecture, People Management, Architecture, Cloud Architecture, DevOps, Certified Information Systems Security Professional, Network Security, Leadership

Director, IT Security and Compliance

2006 - 2011
Broward Board of County Commissioners
  • Oversaw IT security operations for a $3+ billion government organization. Delivered the 1st budget proposal for the county commissioner and the executive IT security and compliance program.
  • Supported IT security and compliance initiatives for the above-mentioned project, impacting 84 agencies.
  • Developed the 1st budget document ever submitted in Broward county to secure $2 million in funding and build the 1st IT security, compliance, and disaster recovery team. Became the FEMA-certified NIMS technology incident commander (aka the CISO).
  • Collaborated with revenue-generating agency security teams to propose enterprise economies of scale for existing siloed multimillion-dollar budgets for airport and seaport security, water wastewater utility SCADA networks, and mass transportation.
  • Resolved multiple conflicts and saved millions of dollars in McAfee and Microsoft tool procurements/investments for the county, including decreasing privileged accounts from over 20% to less than 6%—closer to the industry benchmark.
Technologies: CISO, BIA, Risk, HIPAA Compliance, PCI Compliance, Compliance, Risk & Compliance, Data, Disaster Recovery Plans (DRP), Networks, Desktop Support, Desktop App Design, Apps, HTML, IT, Java, Law, Oracle OSM, PCI, Application Security, Information Security, Cybersecurity, IT Security, Security, Intrusion Prevention Systems (IPS), Web Security, Mobile Security, Intrusion Detection Systems (IDS), Java Security, Cloud Security, DDoS, Configuration Management, Risk Assessment, Stakeholder Management, IT Deployments, Security Architecture, People Management, Architecture, DevOps, Certified Information Systems Security Professional, Network Security, Leadership

IT General Manager, Public Safety, Applications and CISO

1999 - 2005
City of Detroit
  • Established and directed the IT department's 1st public safety division. Implemented a technology plan that targeted IT for law enforcement, public safety, and judicial information systems to sustain federal grant funding levels of over $20 million.
  • Managed recruiting, training, resource allocation, and employee assessment functions to transition police IT to central IT. Built and mentored cohesive, qualified teams to meet schedule and budget for forming the 1st IT public safety division.
  • Upgraded police CAD applications and infrastructure on mirrored IBM pSeries fully redundant infrastructure and Oracle9i Real App Clustering (RAC) HACMP. The $10 million secure network architecture upgrades included Brocade switches and Shark SAN devices.
  • Led the design and implementation of new Motorola 800Mhz digital radio systems for public safety and water departments worth $100 million. Established fleet maps and talk groups for the city's first 10-point DHS plan, 211 and 311 CRM.
  • Managed security and app development teams as the 1st CISO, along with maturing QA. Supervised release testing for new applications by providing final approval for bug-free, fully functional city agency solutions.
  • Circumvented manual installation of the Norton Antivirus (NAV) on 8,000 endpoints during the Nimda.E virus outbreak. Our CIRT analysis business case justified the purchase of the IBM Tivoli suite to automate and saved $500,000 on dealing with each device separately again.
Technologies: CISO, IBM SAN, Unisys Mainframe, Java, SecOps, Application Security, Information Security, Cybersecurity, IT Security, Compliance, Security, Web Security, Mobile Security, Intrusion Detection Systems (IDS), Cloud Security, DDoS, Configuration Management, Risk Assessment, Stakeholder Management, IT Deployments, Security Architecture, Architecture, DevOps, Leadership

Constitution of the First Business Information Security Office (BISO) for a Fortune 500 Company

Sourced the BISO with hand-picked cybersecurity practitioners who provided an alignment of the enterprise-compliant cybersecurity program and architecture for a government and publicly-traded company. They aligned the company's nine business units (BUs) and two sectors worth $7 billion in revenue with program-specific security, risk, and resiliency requirements.

Some of the program-specific security management goals and technical controls required:
• Building an enterprise cybersecurity champion program, leveraging 60 BU-assigned security champions to attend monthly sessions with security updates on business requirements per LOB
• Establishing developer or program-appropriate network micro-segmentations, leveraging software-defined data centers, VMs, and AD groups to enable the business-compelled exception management use of non-enterprise standard apps, open-source software, or unique internet URL access
• Developing a business resilience program, which involved conducting a business impact analysis (BIA) to determine the program app recovery time and point objectives (RTOs/RPOs) and developing and testing the disaster recovery plans (DRPs) for validation by tabletop, test, and exercise rehearsals

Creation of a Cyber Program Risk-tracking Project to Report to the Risk Oversight Committee (ROC)

Developed a methodology for identifying which of the thousands of contracts had a contract line item number (CLIN) containing requirements for cybersecurity services. A cyber review is done to provide customers with information on these services' cyber hygiene and the health of contract performance.

The project involved:
• Creating the Epics hypothesis and Lean business case to present to the OCIO Intake Review Board for approval as a prioritized enterprise project
• Building a four-tiered priority system to determine the adverse impact of services disruption on the company or customer brand—priority tier one service being running the SOC, security tools and firewall administration, intrusion prevention/detection systems (IDS/IPS), and priority tier four being performing security awareness, training, or system patching
• Developing the template to conduct and report the results of cyber reviews to the BoD ROC
• Using ServiceNow tickets, searching for contracts in Oracle Fusion, and MS Dynamic PM databases and the CRM to flag PM status updates and identify anomalies
• Creating a list of tier 1-4 discovered contracted cyber services to create ready-accessible past-performance narratives for future proposal efforts
• Training PMs

Upgraded Seaport Law Enforcement Information Systems

I managed Port Everglades MOU support team service levels to maintain a $40 million security operations center (SOC). It involved an intelligent video surveillance system with 300 cameras connected by a separate campus fiber network fully monitored by Intrusion Protection/Detection System (IDS/IPS). Motorola Moto Mesh cameras and self-forming wireless network were integrated on campus, at each cruise line berthing station (as well as shipboard wireless), the harbormaster, and the port police vehicle fleet. I also built an alternate SOC at the emergency operations center (EOC) campus with cloud security and access to SaaS seaport applications, networks, and environments.

Frameworks

AWS HA, .NET

Paradigms

DDoS, DevOps, HIPAA Compliance

Platforms

Amazon Web Services (AWS), Azure, MacOS, Google Cloud Platform (GCP), Windows

Industry Expertise

Cybersecurity, IT Security, Security, Network Security

Other

Risk, CISO, BIA, Governance, Risk & Compliance, Compliance, Application Security, Information Security, Web Security, Intrusion Detection Systems (IDS), Cloud Security, Configuration Management, Risk Assessment, Stakeholder Management, IT Deployments, Security Architecture, Enterprise Architecture, People Management, Architecture, Cloud Architecture, Certified Information Systems Security Professional, Web App Security, Leadership, Azure Cloud Security, Cloudflare, FedRAMP, SOX, IT Projects, Cloud, Proposals, ISO 27001, Intrusion Prevention Systems (IPS), Mobile Security, VMware VMotion, SOX Compliance, Teams, Technology, SecOps, Disaster Recovery Plans (DRP), Incident Management, Incident Response, PCI Compliance, Risk Models, Law, Writing & Editing, Economics, Statistics, IBM SAN, Unisys Mainframe, PCI, Vulnerability Management, Data, Networks, Desktop Support, Desktop App Design, Apps, IT, ISO 27002, Data Privacy, Privacy, Interactive Voice Response (IVR)

Libraries/APIs

Java Security, React

Languages

SQL, Java, HTML, BC

Tools

Zoom, Oracle OSM, VPN, Azure Network Security Groups

Storage

Database Lifecycle Management (DLM), Database Security, MySQLdb

1991 - 1995

Bachelor's Degree in Criminal Justice

University of Baltimore - Baltimore, MD, USA

DECEMBER 2022 - PRESENT

Certified in Governance, Risk and Compliance (CGRC)

(ISC)2

AUGUST 2020 - PRESENT

Certified Data Privacy Solutions Engineer

ISACA

OCTOBER 2011 - PRESENT

Certified Information Systems Security Professional (CISSP)

(ISC)2

JUNE 2011 - PRESENT

Certified in Risk and Information Systems Control (CRISC)

ISACA