Stephen McCauley

Title: Adjunct Assistant Professor
Email: Stephen.McCauley@erau.edu Email
Department: Department of Management and Technology
College: College of Business

Areas of Expertise

Leadership, Management, Information Technology, Cybersecurity, Privacy

Education

D.B.A. - Doctor of Business Administration, Walden University
M.B.A. - Master of Business Administration in Technology Management, University of Phoenix-Wyoming
B.S. - Bachelor of Science in Business: Information Systems, University of Phoenix-Wyoming

Courses Taught

Doctoral Subject Areas Taught: CS-857, CS-871, CS-875, CS-877, CS-879, CS-880, CS-881, CS-882, CS-884, EIS-850, EIS-852, EIS-854, EM-832 (All online @ CTU)

Master’s Subject Areas Taught: STEM courses @ American Public University (Online), DeVry University (San Diego Campus), and West University (Online), Embry-Riddle (Online), National University (San Diego Campus)

Bachelor’s/Associate’s Subject Areas Taught: STEM Courses @ ITT-Tech (San Diego Campus), American Public University (Online), DeVry University (San Diego Campus), and West University (Online), Embry-Riddle (Online), National University (San Diego Campus)

Dissertations/Theses Chaired/Supervised and Related Committee Memberships Georgianna Shea (2015) A Phenomenological Examination of Cyber Security Deception Susceptibility (Chair), William Wilson (2015) An Ensemble Approach to Intrusion Detection (Chair). Deno R. Cornelius (2016) Social Media Recruiting: Ethical Implications and Discrimination in the Hiring Practices of Companies and their HR recruiters (Chair), Multiple Dissertation as a Committee Member.

Professional Experience

Kratos Defense – Colorado Springs, CO……………………………................…………….......08/2020 to Present

Cybersecurity Operations ManageR

Accepted high profile cybersecurity operations management position challenged with developing and maintaining classified systems in support of US Air Force (USAF), US Space Force (USSF), and Missile Defense Agency (MDA) projects and components.

Cybersecurity Operations: Led all cybersecurity operations [RMF, Information Assurance, Mission Assurance, Cross Domain Solutions (CDS), Compliance, Privacy, Governance, etc.] leveraging Department of Defense (DoD) cybersecurity Counterintelligence directives IAW DODI 8500.01, 8510.01, 8570.01-M and DODD 8140.01, across Defense and Security Agency (DCSA), Space System Center (SSC), Missile Defense Agency (MDA), Space Operations Command (SpOC), and USSPACECOM Agencies within NIPR, SIPR, and JWICS environments (NC³, etc.). Implemented Static & Dynamic code analysis.
Risk Management Framework: Developed and reviewed all components of the A&A processes and procedures within multiple programs including Supply Chain Risk Management (SCRM).
Vulnerability Management: Leveraged ACAS and SCC scans, and Auditing throughout the environment to identify findings, mitigated or added to POAM.
NIST SP 800-171 (CUI/CTI) implementation and compliance in support of CMMC efforts, ensuring proper markings were applied, and controls met.

CACI International – Columbia, SC…………………………………................…………….......09/2018 to 08/2020

Cybersecurity Operations

Accepted high profile cybersecurity operations position challenged with developing and maintaining classified systems in support of USAFCENT, the air component of United States Central Command (USCENTCOM), a regional unified command.

Cybersecurity Operations: Implemented and maintained Department of Defense (DoD) cybersecurity directives across a multinational infrastructure on NIPR, SIPR, and ISAF networks IAW DODI 8500.01, 8510.01, 8140.01, 8570.01-M. Total environment (NIPR, SIPR, & ISAF) encompassed more than 150,000 devices, and 45,000 users.
Counter Access: Utilized Fidelis, ArcSight, Firepower, ePO (GTI), and a host of similar tools to hunt for “low and slow” anomalous activities within USAFCENT networks.
Risk Management Framework: Developed, maintained, and reviewed components of the A&A process, theater wide. Created SSP’s, POA&M’s, SAP’s, SAR’s, PPSM’s, SOP’s, Policies, etc. in support of A&A efforts. Determined data classifications and selected appropriate system categorizations. and Integral part of the effort for AFCENT to become CSSP certified.
Vulnerability Management: Hands-on ACAS experience. Created Repositories, Assets, Reports, Scans, Organizations, and a Rollup Server for the entire environment. Leveraged kick-start images to deploy ACAS servers (i.e., Security center, Nessus Scanners, and Passive scanners) throughout the environment.
Cyber Intelligence: Lead the development and implementation of initiatives to meet priority objectives. Thorough understanding of the cyber threat landscape, identified IOC’s within AFCENT environment, delivered production of finished intelligence products, technical analysis of threat actor tactics, techniques, and procedures (TTPs), and ongoing automation and engineering to support the Cyber Intelligence lifecycle.

State of South Carolina – Columbia, SC………….…………………………………………...06/2014 to 08/2018

Chief Information Security Officer (CISO)

Accepted high profile executive management position within the Department of Social Services (DSS) challenged with developing and leading highly diverse, information assurance, privacy, risk, governance, and cybersecurity teams.

Risk, Governance, Compliance, and Privacy: Proposed and led the implementation of agency-wide governance, risk, compliance, privacy initiatives. Led the development and implementation of agency-wide risk, cybersecurity and privacy frameworks. Developed security and privacy policies, procedures, standards and guidelines. Ensured compliance with all applicable federal and state regulations; 7 CFR, 21 CFR, 43 CFR, 45 CFR, Criminal Justice Information Services (CJIS), CMS, FERPA, HIPAA | HITECH, IRS Publication 1075 (FTI), MARS-e, and PII.
Frameworks and Standards: ensured systems development life cycle efforts were optimized (SDLC methodologies (NIST SP 800-64r2), implemented ITIL framework. Implemented, validated, and enforced the RMF, to include NIST SP 800 SP-37, NIST SP 800-60 V 1 & 2, NIST 800 SP-53r4, NIST SP 800-53r4(a), NIST SP 800-115, FIPS 199 & 200. Defines all KPI’s

AT&T – Government Solutions, Inc. San Diego, …...…………………………………….….6/2012 to 06/2014

Senior Information Security Officer

Accepted high profile senior management position challenged with leading worldwide, highly diverse, technical, and cybersecurity and privacy teams implementing multiple complex project efforts.

Security Program Management: Led AT&T GSI efforts on the security architectural design and implementation of the next generation (NGEN) of the Department of Defense’s (DoD) networking, security (DIACAP to RMF).
Security Compliance: Applied DoD Directives IAW DODI 8500.01, 8510.01, 8140.01, 8570.01-M to implement efficient and effective cybersecurity. ISSM for entire area of responsibility (AOR).

Memberships and Credentials

ISC²: CISSP, HCISPP

IAPP: CIPP/US, CIPP/G, CIPM, CIPT, FIP

EC-Council: C|CISO

ISACA: CISM, CRISC, CISA. CDPSE

GIAC: GCIH, GSEC, GSLC, GSTRT

Microsoft: MCDBA, MCSE (NT 4.0 & Win2K), MCSA (Server 2012)

CompTIA: Network+, A+

Validator Certification(s): Fully Qualified Validator, Navy Qualified Validator (Level II)

https://www.youracclaim.com/users/stephen-mccauley.42cc627b

https://www.credential.net/profile/stephenmccauley736/wallet

Awards, Honors and Recognitions

2011 - IT Executive of the Year Nominee (San Diego - Top Tech Exec Awards)