Timothy Sunderland

Army Veteran with 26+ years of cybersecurity leadership across DoD and federal environments. Proven expertise in RMF, ATO, vulnerability management, and secure cloud adoption (AWS/GovCloud). Trusted advisor with active TS clearance, CISSP certification, and a record of driving compliance, reducing risk, and enabling mission-critical operations.

ISSE Lead at Booz Allen Hamilton (2025-10 – Present)

• Directed Agile planning and backlog management via Jira for the cybersecurity team, architecting the workload roadmap for each 6-month cycle to ensure alignment with mission objectives.
• Authored and finalized 17 comprehensive security policies encompassing 286 controls and 614 CCIs within eMASS for two programs.
• Spearheaded comprehensive vulnerability management by updating and assessing Security Technical Implementation Guides (STIGs) across all OS, Application, Database, and network environments.
• Engineered VBScript and VBA automation to streamline POA&M creation, extensions, and the validation of test results to ensure compliance within the 180-day threshold.
• Automated the synchronization and correction of out-of-date data across the SLCM and implementation plans; this scripting initiative saved over 80 hours of manual effort and was critical to successfully meeting the ATO submission deadline.
• Reviewed ACAS scan results weekly for new findings, coordinated patching with system administrators, and validated closure with follow-up ACAS scans.

Senior RMF Cybersecurity Engineer at 10x National Security (2025-01 – 2025-10)

• Served as ISSE for four Cloud applications and IL5 environments.
• Prepared IATT/ATO artifacts including policy docs, hardware/software inventories, and POA&Ms.
• Reviewed ACAS scans and STIG updates; conducted gap analysis from NIST SP 800-53 Rev. 4 to Rev. 5.

Cybersecurity Program Manager at 1898 & Co. / Burns & McDonnell (2023 – 2025)

• Led RMF for all Facility Related Control Systems requiring ATO.
• Managed cybersecurity for 20+ federal design projects; authored RMF sections for bids.
• Conducted on-site FRCS hardening, ACAS scans, and artifact generation.
• Created Unified Facilities Guide Specifications (UFGS) based on UFC 4-010-06.
• Directed the deployment and comprehensive testing of a Department of Energy (DOE) application, delivering strategic recommendations to optimize test plans and ensure operational readiness.
• Executed onsite installation, configuration, and troubleshooting for new system bays, resolving complex challenges across hardware, network infrastructure, and Active Directory (AD) integration.

Lead RMF Cybersecurity Engineer at RBR-Technologies (2022 – 2023)

• Streamlined tenant onboarding by implementing common control inheritance, reducing duplication of efforts over 100+ controls.
• Managed 6 ATOs through RMF; maintained ACAS vulnerability scans and eMASS packages.
• Supervised team of 5 Security Engineers; developed standardized policy docs and STIG mitigation guidance.

Cybersecurity / RMF Engineer at RBR-Technologies (2020 – 2022)

• Supported RMF for Air Force ACT 3 instantiation of DISA Big Data Platform.
• Maintained infrastructure (AD, VMware, Gitlab, Ansible, DNS, storage) for R&D project.
• Automated AD tasks via PowerShell/VBScript, saving 20+ hours weekly.
• Applied/maintained STIGs; managed PXEboot recovery solution and backups.

Cybersecurity / RMF Engineer → Program Manager at Huntington Ingalls Industries (2017 – 2020)

• Led RMF for DISA BDP applications; promoted to Program Manager overseeing delivery and security portfolio.
• Achieved ATO with conditions in 47 days for Bifrost program.
• Provided guidance on security, storage, and recovery practices.
• Coordinated Agile teams and managed eMASS container.

Information Systems Security Officer at Defense Information Systems Agency (DISA) (2016 – 2017)

• Transitioned GCSS-J program from DIACAP to RMF.
• Managed IAVM notices, updated POA&Ms, and completed C-I-A control self-assessment.

Cybersecurity Engineer / IA Analyst at Multiple (Janus Research Group, Rivera Group, Envision, ActioNet, US Navy Civilian) (2004 – 2016)

• Led DIACAP → RMF transitions for multiple DoD systems (WIN-T, SEC systems, MESB).
• Conducted ACAS scans, applied STIGs, developed VB scripts for compliance and automation.
• Provided IT support for faculty/students overseas and maintained network operations at Fort Meade.

Information Technology Specialist / Network Analyst at Multiple (Blackhawk Mgmt., US Army Civilian, SRA International) (2004 – 2016)

• Administered AD/Group Policy for 30,000+ clients; managed patching, backups, and firewall security.
• Migrated enterprise Exchange environments with minimal downtime.
• Supported Cisco network infrastructure and Symantec antivirus for 20,000+ clients.

25B Telecommunications Computer Operator/Maintainer at U.S. Army (1997 – 2004)

• Supported Commanding General and staff for division of 20,000+ personnel.
• Maintained classified/unclassified networks, administered division web page.
• Deployment: Operation Iraqi Freedom (2003).