I am a results-driven security leader with 23 years of experience delivering risk management and compliance solutions for federal, healthcare, and enterprise environments. I specialize in RMF, ATO, continuous monitoring, and cloud security, translating complex regulatory requirements into practical, actionable plans that support business goals. I lead cross-functional teams, drive incident response, and cultivate a culture of security awareness across organizations. Throughout my career I’ve aligned security initiatives with mission needs, managed risk through RMF and ISCM, and ensured timely compliance and continuous improvement. I enjoy turning complex security programs into tangible results, mentoring teams, and partnering with stakeholders to protect people, data, and critical operations. I also have 5 years of voice over and commercial production.

Derrick O’Neal

I am a results-driven security leader with 23 years of experience delivering risk management and compliance solutions for federal, healthcare, and enterprise environments. I specialize in RMF, ATO, continuous monitoring, and cloud security, translating complex regulatory requirements into practical, actionable plans that support business goals. I lead cross-functional teams, drive incident response, and cultivate a culture of security awareness across organizations. Throughout my career I’ve aligned security initiatives with mission needs, managed risk through RMF and ISCM, and ensured timely compliance and continuous improvement. I enjoy turning complex security programs into tangible results, mentoring teams, and partnering with stakeholders to protect people, data, and critical operations. I also have 5 years of voice over and commercial production.

Available to hire

I am a results-driven security leader with 23 years of experience delivering risk management and compliance solutions for federal, healthcare, and enterprise environments. I specialize in RMF, ATO, continuous monitoring, and cloud security, translating complex regulatory requirements into practical, actionable plans that support business goals. I lead cross-functional teams, drive incident response, and cultivate a culture of security awareness across organizations.

Throughout my career I’ve aligned security initiatives with mission needs, managed risk through RMF and ISCM, and ensured timely compliance and continuous improvement. I enjoy turning complex security programs into tangible results, mentoring teams, and partnering with stakeholders to protect people, data, and critical operations.

I also have 5 years of voice over and commercial production.

See more

Language

English
Fluent

Work Experience

Information Systems Security Officer (ISSO) at ASRC Federal - Broadleaf LLC
April 1, 2023 - Present
Directed enterprise-wide security validation strategies for GSA FAS/ITC systems, driving alignment with NIST, FISMA, and OMB standards across diverse business units. Led RMF, ATO, and continuous monitoring services, overseeing vulnerability management, incident response, and compliance activities. Led annual FISMA assessment lifecycle, including planning, execution, reporting, and remediation. Oversaw cloud IaaS ATO package reviews and internal system reviews, providing risk-based recommendations and remediation leadership. Spearheaded vendor risk assessment (VRA) initiatives using OSINT to evaluate and mitigate supply chain risks for GSA schedules.
Information Systems Security Officer (ISSO) at Broadleaf LLC
January 1, 2022 - April 1, 2023
Led enterprise security validation strategies for RMF/ISCM, coordination with GSA ITSS, and cybersecurity posture governance across business units. Managed vulnerability management, incident response, and compliance activities, and conducted annual FISMA assessments, with continuous improvement.
Information Systems Security Officer (ISSO) at Network Security Systems Plus, Inc. (NSSPlus)
July 1, 2012 - January 1, 2022
Directed security validation strategies for IT systems under FISMA, RMF, and OMB standards; oversaw ISCM, ATO reviews for cloud IaaS and internal systems; Led vulnerability management, incident response, and compliance activities; Led annual RMF/ISCM assessment lifecycle; Conducted vendor risk assessments (VRA) leveraging OSINT.
Senior Engineer at Network Security Systems Plus, Inc. (NSSPlus)
February 1, 2010 - December 1, 2011
Planned and executed vulnerability assessments for DoD health systems, coordinated with site staff to prioritize remediation and ensure compliance with DoD IA controls and STIGs; provided quality control of security documentation and actionable recommendations to Certifying Authorities.
Interim Director at Schneider Regional Medical Center, U.S. Virgin Islands (St Thomas)
January 1, 2008 - January 1, 2010
Directed IT operations and project delivery for hospital systems, including network upgrades, Meditech HCIS implementations, and enterprise software deployments. Managed teams and vendors, ensuring on-time delivery of infrastructure, servers, and security tooling with minimal downtime.

Education

Bachelor of Science – Management Information Systems at Hampton University
January 11, 2030 - January 1, 2001
Oracle DBA Certification Program at Johns Hopkins University Computer Career Institute
January 11, 2030 - January 1, 2001
Oracle 9I DBA Fundamentals Class at Oracle University
January 11, 2030 - January 1, 2004
Checkpoint VPN-1 Management 1 Class at VPN Dynamics
January 11, 2030 - January 1, 2005
SQL 2005 Training at CompuMaster Seminars
January 11, 2030 - November 1, 2006
Exchange 2003 at CompuMaster Seminars
January 11, 2030 - January 1, 2008

Qualifications

CISSP
January 11, 2030 - January 23, 2026
CRISC
January 11, 2030 - January 23, 2026
Security+
January 11, 2030 - January 23, 2026
CCSK
January 11, 2030 - January 23, 2026
CGRC
January 11, 2030 - January 23, 2026
CCA
February 1, 2021 - February 1, 2024

Industry Experience

Government, Healthcare, Professional Services, Software & Internet, Other