Matthew Titcombe
New Port Richey, Florida, United States
6K followers
500+ connections
About
A dedicated and innovative Senior Information Security consultant with demonstrated…
Articles by Matthew
-
Why CMMC Related GRC Tools (as far as I know) are missing the target
Why CMMC Related GRC Tools (as far as I know) are missing the target
By Matthew Titcombe
-
NIST SP 800-171 & Cloud Service Providers
NIST SP 800-171 & Cloud Service Providers
By Matthew Titcombe
-
Fortinet Security Fabric—A Transformative Technology
Fortinet Security Fabric—A Transformative Technology
By Matthew Titcombe
Contributions
-
What do you do if you're unsure which Cloud Security Posture Management service is best for your enterprise?
Foremost, understand the laws, regulations, and external policies that affect the information form your client stat your receiving, generating, storing, and transmitting. This will always drive you to the Cloud Service tier you should use.
Activity
-
With the impending release of the “final” version of the first of three United States Department of Defense’s CMMC regulations (32 CFR 170), one…
With the impending release of the “final” version of the first of three United States Department of Defense’s CMMC regulations (32 CFR 170), one…
Liked by Matthew Titcombe
-
Thanks Sara Friedman for staying on top of all things #CMMC! This keep grinding along.
Thanks Sara Friedman for staying on top of all things #CMMC! This keep grinding along.
Shared by Matthew Titcombe
-
For orgs needing desktop MFA without a full DUO SSO through ADFS deployment - Summit 7 now offers a lower cost, non-federated DUO desktop MFA…
For orgs needing desktop MFA without a full DUO SSO through ADFS deployment - Summit 7 now offers a lower cost, non-federated DUO desktop MFA…
Liked by Matthew Titcombe
Experience
Education
Licenses & Certifications
-
-
-
-
-
-
-
Air Force CYBER Professional Military Education (CYBER 300)
Air Force Institute of Technology
Issued -
-
-
-
Certified Information Systems Security Professional (CISSP®)
(ISC)2
IssuedCredential ID Certification Number: 429802 -
-
-
-
Volunteer Experience
-
CMMC AB Standards Industry Working Group Volunteer
Cybersecurity Maturity Model Certification Accreditation Body (CMMC AB)
- Present 4 years 7 months
Science and Technology
Volunteer to support development of the CMMC Assessment Criteria, related standards and other documentation for members of the Defense Industrial Base
-
-
-
Volunteer
Rocky Mountain Calvary Chapel
Poverty Alleviation
Supported annual start of the school year drive effort for students and families
Publications
-
Plumbing & Mechanical Magazine
BNP Media
A monthly magazine for owners of Plumbing, Mechanical, & HVAC service companies
Courses
-
Advanced Information Systems Acquisition
IRM 304
-
Advanced Software Acquistion Management
SAM 301
-
Basic Information Systems Acquisition
IRM 101
-
Contract Planning
CON 121
-
Contracting Officer Representative with a Mission Focus
CLC 106
-
Cost Analysis
CLB 007
-
Fundamentals of Systems Acquisition Management
ACQ 101
-
Fundamentals of Systems Planning, Research, Development and Engineering
SYS 101
-
Intermediate Information Systems Acquisition
IRM 202
-
Intermediate Systems Acquisition Course
ACQ 201 A
-
Intermediate Systems Acquisition, Part B
ACQ 201 B
-
Introduction to Earned Value Management
CLB 016
-
OPSEC Contract Requirements
CLC 107
-
Online Training for Contracting Officer's Representative (COR)
CLC 222
-
Oracle BI 11g R1: Create Analyses and Dashboards
-
-
Practical Software and Systems Measurement
CLE 060
-
Program Management Tools Course, Part I
PMT 251
-
Program Management Tools Course, Part II
PMT 257
-
Technical Reviews
CLE 003
Projects
-
WaveStrong Penetration Testing & Vulnerability Scanning
- Present
Brought in as a consultant to conduct and oversee Penetration Testing and Vulnerability Scanning for publicly accessible network resources; wireless networks; publicly accessible applications; and, internal network penetration tests
-
Imprimis Inc.
- Present
Brought in as a consultant to conduct NIST SP 800-171 compliance assessments for Department of Defense contractors and then to facilitate the client’s remediation actions required to achieve compliance.
- Explained Information Security compliance requirements and responsibilities to Executive Leadership Teams
- Serve as the Contracted in Chief Information Security Officer (CISO) for multiple clients
- Identified and led the team responding to an Advanced Persistent Threat that had…Brought in as a consultant to conduct NIST SP 800-171 compliance assessments for Department of Defense contractors and then to facilitate the client’s remediation actions required to achieve compliance.
- Explained Information Security compliance requirements and responsibilities to Executive Leadership Teams
- Serve as the Contracted in Chief Information Security Officer (CISO) for multiple clients
- Identified and led the team responding to an Advanced Persistent Threat that had infiltrated a client’s network
- Architected client networks from no compliance to designs that met requirements using Cisco and Fortinet solutions
- Implemented Next-Generation Firewalls using Fortinet, Palo Alto, and Cisco to achieve compliance
- Implemented Vulnerability Management and Security Incident & Event Management solutions
- Performed Security Analyst functions reviewing SIEM outputs form multiple solutions
-
Chesapeake Energy Office 365 Information Security Assessment
As a subcontractor to Razorthorn Inc., tasked to conduct a limited NIST CyberSecurity Framework Information Security assessment of Chesapeake Energy’s Microsoft Office 365 rollout and related Plans, Policies, and Procedures.
- Reviewed 26 Chesapeake Energy related documents, identified 45 specific findings, and provided recommendations
-
Patient Centered Outreach Research Institute (PCORI) Security Systems Assessment
As a subcontractor to RazorThorn Inc., led the Information Security assessment team to conduct an ISO/IEC 27001 based assessment and penetration testing of PCORI in Washington DC.
- Successfully completed a complete assessment against ISO/IEC 27001 and multi-modal penetration testing
- Identified cultural & technical deficiencies; developed get-well actions to address shortfalls; drafted corporate policies to fill gaps; and, provided PCORI both a project plan and prioritized 1 year get…As a subcontractor to RazorThorn Inc., led the Information Security assessment team to conduct an ISO/IEC 27001 based assessment and penetration testing of PCORI in Washington DC.
- Successfully completed a complete assessment against ISO/IEC 27001 and multi-modal penetration testing
- Identified cultural & technical deficiencies; developed get-well actions to address shortfalls; drafted corporate policies to fill gaps; and, provided PCORI both a project plan and prioritized 1 year get well plan
- Developed Continuity of Operations Plan (COOP) and Incident Response Plan to fill PCORI gaps
- Educated and facilitated development of a Risk Management framework used by PCORI staff to assess 40+ risks’ probability and impacts. Facilitated the development of 20+ Risk Treatment Plans to reduce PCORI’s risk exposure
Briefed PCORI C-Suite on the Systems Security Assessment, deficiencies, and proposed recommendationsOther creators -
United Launch Alliance (ULA) Network Segmentation
As a subcontractor to WaveStrong Inc., tasked to design the ULA network segmentation architecture and implementation plan using virtualized Palo Alto (PA) firewall hardware clusters at four geographically dispersed datacenters.
- Evaluated the information and processes of 422 separate ULA applications that were mapped to 18 separate security zones
- Designed Palo Alto firewall policy governance process to ensure risk acceptance occurs at the appropriate level
- Analyzed 14+ GB of logs…As a subcontractor to WaveStrong Inc., tasked to design the ULA network segmentation architecture and implementation plan using virtualized Palo Alto (PA) firewall hardware clusters at four geographically dispersed datacenters.
- Evaluated the information and processes of 422 separate ULA applications that were mapped to 18 separate security zones
- Designed Palo Alto firewall policy governance process to ensure risk acceptance occurs at the appropriate level
- Analyzed 14+ GB of logs extracted from Splunk to identify 24.4 million unique communications traversing the firewalls
- Identified 580+ Palo Alto application signatures in use. Provided separate risk assessments for each of the 422 ULA Application and Palo Alto signature combination to ULA’s CISO for risk acceptance
- Developed 329K+ firewall rules for both as-is and to-be security zones that distilled down to 1900+ security policies
- Generated a project $3.2M cost and 12 man-year level of effort estimate for ULA to migrate their application to the new security zone architecture per ISO/IEC 27001 best practices
- Architected a secure solution for ULA to protect its launch sensitive SCADA equipmentOther creators -
Sony Entertainment
-
Tasked to document, assess, and recommend Information Security architecture designs to Sony’s datacenters as Sony refreshes their internal Checkpoint, Cisco, and Juniper firewalls to a new Checkpoint baseline.
- Reviewed 50+ internal firewalls and performance logs to provide Sony detailed architecture designs that led to the identification of multiple Information Security gaps in their design
- Recommended revisions to the current designs to include implementing both firewall and…Tasked to document, assess, and recommend Information Security architecture designs to Sony’s datacenters as Sony refreshes their internal Checkpoint, Cisco, and Juniper firewalls to a new Checkpoint baseline.
- Reviewed 50+ internal firewalls and performance logs to provide Sony detailed architecture designs that led to the identification of multiple Information Security gaps in their design
- Recommended revisions to the current designs to include implementing both firewall and end-point Intrusion Detection/Prevention Systems (IDS/IPS), architectural changes per Information Security best practices
- Oversaw successful rollout of the new architecture to Sony datacenters with minimal business impacts
- Guided Sony re-architecture efforts as Sony moved from internally hosted to hybrid in AWS & IBM Cloud
-
ConocoPhillips
-
Led a workshop to facilitate CoP’s Information Security strategy and identify key strategic goals.
Facilitated development and fielding of CoP’s Data Loss Prevention solution using Digital Guardian.
- Engaged Information Security & Technology plus business subject matter experts to develop strategic Data Loss Prevention (DLP) implementation plan, key information flow processes, and alerting mechanisms
- Developed DLP monitoring processes for sensitive ConocoPhillips data types and…Led a workshop to facilitate CoP’s Information Security strategy and identify key strategic goals.
Facilitated development and fielding of CoP’s Data Loss Prevention solution using Digital Guardian.
- Engaged Information Security & Technology plus business subject matter experts to develop strategic Data Loss Prevention (DLP) implementation plan, key information flow processes, and alerting mechanisms
- Developed DLP monitoring processes for sensitive ConocoPhillips data types and rolled them out to production using the fielded Digital Guardian solution
- Supported migration to McAfee Total Protection for Data Loss Prevention (DLP) whe Digital Guardian had issues
-
Munich Re-Insurance
-
Provided Information Security design guidance and oversight for the Munich Re’s implementation of Cisco Identity Services Engine (ISE) and micro-segmentation initiative. Identified critical vulnerabilities that were mitigated prior to implementation.
Honors & Awards
-
Top Graduate for CYBER 300-14H
Air Force Institute of Technology
Organizations
-
Information Systems Audit and Control Association (ISACA)
-
- Present -
Armed Forces Communications and Electronics Association
-
- Present -
(ISC)2
-
- Present
More activity by Matthew
-
Woo-Hoo!!! This is going to be incredible to hear from Stacy Bostjanick about #DIB Cybersecurity at CUI-CON | Seattle!!! CUI-CON | Seattle…
Woo-Hoo!!! This is going to be incredible to hear from Stacy Bostjanick about #DIB Cybersecurity at CUI-CON | Seattle!!! CUI-CON | Seattle…
Shared by Matthew Titcombe
-
Ruh-roh!!! #BobbleHeadBedard from KTL Solutions, Inc. is going to be at CUI-CON | Seattle!!! CUI-CON | Seattle Info: > WHEN: 1-2 October…
Ruh-roh!!! #BobbleHeadBedard from KTL Solutions, Inc. is going to be at CUI-CON | Seattle!!! CUI-CON | Seattle Info: > WHEN: 1-2 October…
Shared by Matthew Titcombe
-
We are looking forward to having Redspin, a division of Clearwater not only sponsoring CUI-CON | Seattle, but we also have Robert J. Teague, MBA…
We are looking forward to having Redspin, a division of Clearwater not only sponsoring CUI-CON | Seattle, but we also have Robert J. Teague, MBA…
Shared by Matthew Titcombe
-
I'm excited to announce that I'm now a Certified CMMC Professional. So what does this mean for you? It means that I'm better equipped than ever…
I'm excited to announce that I'm now a Certified CMMC Professional. So what does this mean for you? It means that I'm better equipped than ever…
Liked by Matthew Titcombe
People also viewed
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Matthew Titcombe
-
Matt Titcombe
Matt Titcombe
-
Matt Titcombe
Director at Workpl@ce UK Ltd
-
Matt Titcombe
--
-
Matt Titcombe
none at none
4 others named Matthew Titcombe are on LinkedIn
See others named Matthew Titcombe