James P Callahan
james.p.callahan 'at' gmail.com
manager with a record of achieving extraordinary results, motivating task
oriented teams to bring complex projects to successful, on-time and on-budget
completions. A highly skilled security expert with expertise in developing
implementing and managing enterprise wide multi-faceted security solutions, both
in the federal and private sector. Experienced in the design, application
and maintenance of multiple security disciplines, including information
security; physical security; personnel security as well as legal aspects of
security implementations. An exceptional communicator with experience preparing
and presenting instruction and written guidance; taking complex issues and
tailoring them to specific audiences, in easy to understand formats.
Current Top Secret with Full Scope Poly.
Over twenty five
years experience in a variety of successful positions directing and managing
task oriented teams and sub-elements of up to 80 persons including eighteen
years leadership experience on active military duty and two consecutive director
level positions in the private sector Information Technology industry.
Held an assortment of titles including, Director, Special Agent in Charge, Team
Leader, Operations Officer, Staff Security Officer, Lead Investigator and
Liaison Officer. Conferred numerous honors and awards for performance and
lauded as best among peers on efficiency reports.
* Bachelor of
Science, University of the State of New York Regents College 1996
Systems Security Engineering Professional (ISSEP) 2010
Information Systems Security Professional (CISSP) 2007
Ethical Hacker (CEH) 2010
* Certified Splunk
Knowledge Manager 2015
Foreign Language Proficiency (Defense Language Institute) 1985
Computer Investigators Course for Special Agents (Network
Investigations/Computer Forensics) 1999
October 2009 - Present:
Consultant/Information Systems Security Engineer
UScontracting; Prime Solutions; National Security
Company and IBM (by
(a contract position with worksite at Ft Meade, Maryland)
Security Operations Center (SOC) Sr ISSE and Teir III Cyber Network Analyst,
Develop and engineer advanced tools and techniques in order to proactively mine
multiple data sources and feeds detecting subtle anomalies not easily discovered
through automated alerting processes. Aid in resolving these anomalies
leveraging detailed infrastructure knowledge. Continually seek out new sources
of data and tools to leverage in these analytical efforts. Provides advanced
detailed security analysis based on aggregate data from both internal and
Subsequently responsible to support
the sustainment of that operational maturity growth during tenure in assignment.
-Developed process for examination of open source reporting for relevant
application to supported infrastructure.
-Engineered process for creating baseline data sets for normal data flows to
quickly identify abnormalities.
-Engineered and documented processes to leverage on hand office tool suite in
order to provide advanced analytics with visualization. This filled gaps in
analytic capability at no additional expense to supported organization.
-Served as charter member and senior mentor for an advanced analytics team,
having team formed and formalized around individual capability and skill.
-On boarded and mentored team lead for newly formed team provided advice and
assistance for administrative, mission and technical aspects of this team.
-Served as informal mentor for assigned personnel in areas of expertise.
-Personally and/or in concert with SOC team members, identified, triaged and
resolved numerous situational and systemic systems security anomalies resulting
in continual exceptional laudatory comments and remarks at the group level of
the supported organization.
-Provided requirements for, and aided in creating new data sources based on
previously untapped network connection information.
-Authored Standard Operatizing Procedures regarding SOC leveraging of unique
corporate data sources assuring compliance with law and organizational policy.
-Assured availability of data mining systems and tools under purview of control.
-Served as Technical Task Order Lead for contractor personnel across multiple
supported organizations, assuring staffing qualifications and contract reporting
requirements. Was selected for this role, as a sub-contractor over several prime
contractor personnel who could have fulfilled this duty. This TTO was the
largest Contractor population across this specific contract.
-Selected by office level senior to assist in addressing sensitive matter,
providing project management skills and alleviating administrative and analytic
burden for short fuse, high visibility matter.
-Provided security engineering integration support for SOC commercial and
government developed analytics solutions, ensuring relevance of results for
Information System Security Engineer
Oct 2009-Aug 2010
Providing consulting type information systems security engineering advice and
assistance to new and existing projects and programs across supported
agency. This includes identifying and costing of solutions; preparing and/or
editing appropriate certification and accreditation documentation; advocating
solutions with the Designated Approving
-Designed and received formal written approval for implementation of
non-standard Cross Domain Connection (PL5).
-Developed reporting metrics framework and tracking for customer organization to
work product success and work load.
-Participated as a principal content provider and project champion for training
effort to facilitate transition from DCID 6/3 Certification and Accreditation
process to the NIST Risk Management Framework
-Developed, proceduralized and authored weekly threat reporting process, taking
hundreds of threat reports from multiple sources and condensing into the
-Weekly Threat Roll-Up. This report was designed to provide customer
organization with mission relevant threat data that may impact the
recommendation on how to design or accredit Agency systems.
-Conducted in depth non-standard product evaluation to determine appropriateness
and suitability for purpose of proposed shared encrypted storage product to
provide shared storage capability for disparate classification levels.
-Provided subject matter expertise and thought leadership in support of customer
organization vendor demonstration process for continuous monitoring product
included participating in writing and administering use cases and tests for ten
different candidate vendor products and initial product requirement enumeration
for selected vendor.
participated as customer advisor during initial dialog with organization
responsible for implementation.
-Hand selected to provide initial evaluation of Information Assurance status
relative to security engineering for Agency involvement in US Army collection
platform modernization of Guardrail Common Sensor.
January 2009 - October 2009:
Data Center Operations & Strategy
Barclaycard US/Barclay’s Bank
125 S. West Street, Wilmington, DE
Brief Description: Responsible to provide thought leadership to senior IT
management, IT operations, technical staff and project management to proactively
assist in defining specifications, solutions, direction, and architecture
principals for data center operations and strategy. Construct the
statistical and analytical methods necessary to understand, evaluate and
recommend improvements to current data center operations and future strategies.
Concludes on options, risks, cost/benefit analysis, integration issues, gaps,
and impact on business processes of the current and proposed data center
technology. Conducts cost analysis studies to determine feasibility of
various approaches to maintain operational environment. Leads the research
for data center infrastructure advancements to ensure that the enterprise-wide
data center infrastructure is continuously improved and aligned with the
industry and company standards; designs and provides updates to standards to
-Developed socialized and received formal approval for first ever organizational
long term data center strategy document.
-Developed data center migration plans to implement strategy.
-Cultivated relationship with sister company to aid in implementation of
strategy and leverage synergies in application and equipment sharing.
-Championed and implemented 'Green' initiative in data center power consumption,
ultimately saving an estimated 28% in data center cooling costs.
-Developed, socialized and received formal approval for first ever formal
organizational IT asset disposal program.
January 2008 - January 2009:
Recovery Services and Records Management,
Barclaycard US/Barclay’s Bank
125 S. West Street, Wilmington, DE
Responsible for developing and directing two teams of subject matter
experts assuring development and maintenance of critical business processes
compliant with Barclays UK corporate strategy while tailored to US operational
environment. Specifically, directing the company's business continuity and
disaster recovery program as well as the records management function as part of
the information security and risk management department.
This includes directing
functional area programs of risk based assessments and mitigation strategies
covering internal systems and processes as well as external vendors.
Working with business and
technology partners developing incident response and recovery strategies for
time-sensitive functions. Working with record holding business units and
database administrators on information life cycle management as part of the
overall enterprise content management (ECM) initiative.
-Initiated consolidated records management program including publishing
corporate wide operational standard; adoption of steering committee charter; and
hiring head count.
-Oversaw and coordinated continuity and recovery aspects of two major technology
migrations involving four separate data center environments assuring adequacy of
strategy and implementation to meet recovery objectives as defined by service
-Working with human resources department, served as
project lead for information security department job family alignment project,
writing job descriptions for all Infosec department positions including
retitling of all positions to standard corporate framework, quantifying general
job requirements and creating consistent career path as well as job progression
for each position.
-Provided executive education for continuity and recovery operations including
table top exercise.
-Managed recovery hosting vendor relationship during critical migration.
-Standardized and validated records recall procedure for over 100 relevant
records for compliance with federal rules of civil procedure (FRCP) litigation
retention and discovery requirements.
-Validated and/or initiated records destruction procedures and protocols for
both internal and external (vendor) held corporate records.
October 2004 -
Operations Executive/Director, Customer Data Center Security,
Business (by acquisition) & MCI
1 Digex Plaza,
Beltsville, MD, 20705
strategic planning; implementation; management and direction for security
policy, procedures and protocols for 15 Premium Collocation Data Centers and
four managed hosting data centers (two domestic and two international).
Provides compliance advice and assistance for hosting operations to meet
customer contractual obligations across all supported industries and standards.
Working closely with sales, marketing, and product management, provides
direction and support to address customer specific environmental security and
compliance issues and concerns for all hosting products Provides
outsourced consulting services regarding data center security.
-Working through matrixed support relationships throughout the
enterprise reviewed diverse security practices at individual data centers to
identify, and develop new standards where necessary and deploying those
practices across all data centers.
-Provided outsourced consulting services to enterprise class
customer in site selection and design of in-house data center.
-Developed and implemented Standardized Access Control Policy in
Premium Data Centers, bringing 14 geographically dispersed locations under a
single set of physical security processes and protocols.
-Focused security efforts of Premium Data Center operations
groups to achieve first ever unqualified SAS70 Type II audit.
-Awarded Network World/AFCOM Secure Data Center of the Year for
managed hosting data center.
-Working with legal, sales and product management, participated
in complex customer RFPs (bids) to address individually customer unique data
center physical and personnel security issues, leading to the first ever
physical security SLA for a customer.
June 2000 –
Security & Business Continuity,
1 Digex Plaza,
Beltsville, MD, 20705
all facets of corporate security planning, implementation and management of
physical and personnel assets and operations for a private sector hi-tech
Internet Service Company. Responsible for the development, management and
implementation of corporate business continuity and disaster recovery plans and
operations. Responsible for all security and business continuity awareness
training and internal corporate threat and vulnerability assessments. Interface
directly with customers, assisting with sales and support of company product
from a security and business continuity perspective.
-Oversaw the security aspects of Digex international
implementations, establishing security standards and procedures for integrating
Digex managed service in non-Digex facilities.
-Reduced overall operating budget by 50% in two years.
Reduced headcount; integrated network enabled - cost saving security solutions
and eliminated extravagance while increasing corporate wide employee security
contentment and awareness.
-Corporate subject matter expert for emerging privacy related
issues (HIPPA, GLB, Safe Harbor, etc). Authored customer facing corporate
position on compliance requirements as they relate to supporting specific client
-Primary corporate liaison with federal, state and local law
-Developed facilities security standards and design criteria
integrating these standards into nine new facility construction projects and/or
-Developed and implemented standard first ever multi-discipline
security policies and procedures for this relatively new company in the
transition from a dot com start-up to corporate enterprise.
-Successfully developed and initiated an innovative corporate
security awareness program increasing security awareness of all employees to the
point of making this corporate security awareness a competitive discriminator.
-Developed employee pre-employment background screening program.
-Personally developed and implemented Security and Business
Continuity Intranet Web sites, automating many support procedures and giving
immediate employee access to corporate security policies and BC procedures.
1980 – 2000:
United States Army, Counterintelligence Chief Warrant Officer Four
Special Agent in Charge,
Intelligence & Security Staff Officer (S2),
Serving in a
variety of positions of increasing complexity and responsibility, provided
counterintelligence support to US Army customer agencies and organizations.
This support included national security investigations, battlefield force
protection support and intelligence analysis, computer crimes investigations and
special operations, as well as national and local agency liaison. Also
served as instructor and mentor for US Army Intelligence Warrant Officer Corps.
- Developed and established effective liaison program with
Department of Defense’s Joint Task Force Computer Network Defense, serving on
the Law Enforcement/Counterintelligence Cell. This program assisted in
coordinating computer/network crimes investigations across multiple DoD and
- Served for eight months in special duty position US Army
Intelligence Representative to Joint National Agency Coordination Group at FBI
Headquarters, in Washington DC.
- Deployment After Action Report was published in Center for Army
- Lead Intelligence Agent on US Army portion of renowned Solar
Sunrise - Pentagon Hacker investigation that eventually led to the conviction of
a hacker in a foreign country.
- Assisted in development of Standard Operating Procedures for
Intelligence Investigations processing of computer media evidence.
- Developed and implemented organizational professional
development web site, the first ever of its type.
- As Special Agent in Charge, lauded on my efficiency
report as the "Best in the Battalion" (of 16 peers) earning Distinguished Leader
- Developed and implemented user friendly automated
database programs and interface to track and report security issues and
inputting message traffic into training simulation.
- Served as organization automation systems advisor,
keeping the command informed on automation issues and assisting in maintaining
automation resources during Operations Just Cause, Desert Shield and Storm.
- Assisted in design and implementation of first organizational
local area network.
- Developed and implemented first ever organizational Automation
Systems Security Policy and Program for a 4000 person organization.
- Conducted over 1200 personnel security interviews to assist in
determining individual suitability for access to classified information.
Record Label |
T-Shirts and Things