Summary
Overview
Work History
Education
Skills
Certification
Additional Information
Disclaimer
Training
Languages
Timeline
Generic

Melissa Gonzalez

California

Summary

Accomplished IT Specialist (INFOSEC) and cybersecurity professional with extensive experience supporting Department of Defense (DoD) and Navy programs through system security engineering, information assurance, risk assessment, and Risk Management Framework (RMF) implementation. Demonstrated expertise in security control validation, system authorization (ATO packages), cybersecurity policy compliance, and vulnerability management. Skilled at collaborating with system owners, engineers, and senior leadership to mitigate risks, develop security solutions, and ensure mission readiness. Hold an active Top Secret clearance with SCI eligibility.

Event management professional prepared for this role. Proven track record in planning and executing successful events, showcasing ability to handle logistics and client relations effectively. Known for strong team collaboration and adaptability to changing needs. Skills include project management, vendor coordination, and budget oversight.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Test Event Manager

Naval Surface Warfare Center Dahlgren Division (NSWCDD)
03.2025 - Current
  • Lead cybersecurity oversight during test and evaluation events, validating compliance with DoD INFOSEC policies.
  • Coordinate cross-functional teams, system owners, and engineers to identify vulnerabilities and document findings.
  • Develop and deliver after-action reports and risk assessments to senior leadership, informing authorization decisions.
  • Ensure RMF compliance during testing by reviewing Objective Quality Evidence (OQE) and test artifacts.
  • Manage scheduling, execution, and reporting of INFOSEC-related test events across multiple Navy systems.
  • Supervisor: Heather Monroe | Email: heather.l.monroe10.civ@us.navy.mil | Phone: (540) 284-0661 | Hours per week: 40

System Security Engineer

NSWC/NUWC, NAVSEA
01.2025 - Current
  • Support system development efforts in a 20% rotational capacity by analyzing cybersecurity requirements and ensuring system designs and software architectures align with mission-critical security objectives.
  • Collaborate within agile teams to address system security concerns during development and subsystem updates.
  • Provided cybersecurity requirements engineering to enhance and improve compliance across system development phases.
  • Acted as a Cyber Model-Based System Engineering (MBSE) Subject Matter Expert (SME), leveraging SysML models to validate security integration within larger system architectures.
  • Conducted technical assessments and validation to improve system security across subsystems for System Security Engineering Section (SP20123) and Fire Control Systems (SP23) by utilizing information gained from Technical Interexchange Meetings (TIMs).
  • Strengthened system designs by integrating risk-based methodologies and traceability mechanisms, addressing high-priority vulnerabilities.
  • Enhanced security posture through collaboration with cross-functional teams, guiding subsystem upgrades and ensuring integration of robust security measures.
  • Reviewed technical documentation (e.g., SRS, ICDs) to determine cyber system requirements, supporting security-driven deliverables and improving submission processes.
  • Collaborated in MBSE cyber initiatives, contributing to improved system modeling and architecture verification processes for enhanced defense readiness.

Navy Qualified Validator – NSWC/NUWC, NAVSEA

NAVSEA Warfare Center
08.2024 - 03.2025
  • Executed validation of security controls within the Submarine Launched Ballistic Missile (SLBM) program.
  • Prepared RMF documentation including Concurrence Memos, Security Objectives, and Risk Assessment Summaries.
  • Conducted Annual Security Reviews, analyzing outputs from CSCS tool and ensuring compliance with evolving RMF policy.
  • Delivered executive-level INFOSEC briefings with actionable mitigation recommendations.
  • Developed IATT Memos and security artifacts to expedite reauthorization processes.
  • Supported the System Security Engineer (SSE) Steering Group meetings to resolve ongoing issues, review priorities, and align system security postures with DoD objectives.
  • Volunteered as backup for SSE Cybersecurity Identification (SPCID) generator/database management, mitigating risks associated with potential single points of failure.
  • Prepared artifacts for reauthorization, ensuring timely submission within the 10-day turnaround and reducing process delays for high-priority ATO packages.
  • Led security testing and validation efforts to verify compliance with continuous monitoring standards and reduce risks during subsystem upgrades.

Data Management Specialist

USS Secure, NAVSEA
04.2023 - 08.2024
  • Managed data integrity and version control processes for technical documentation supporting NAVSEA’s submarine and naval defense systems.
  • Collaborated with engineers, cybersecurity specialists, and technical teams to ensure secure data dissemination, test and evaluation exercises and consistent updates to mission-critical systems.
  • Monitored configuration management to maintain traceability across development phases and supported policy development efforts to strengthen security protocols.
  • Maintained configuration baselines by managing design documents, test plans, and version-controlled security updates.
  • Collaborated with cybersecurity engineers to address unauthorized data access risks and ensure proper distribution of technical data.
  • Reviewed and updated LCSPs to provide accurate assessments during system upgrades.
  • Led technical audits by providing up-to-date documentation, ensuring compliance with DoD and NAVSEA standards.
  • Improved document tracking workflows to reduce errors and enhance team access to system specifications and maintenance guidelines.
  • Developed and enforced IT policies and system protocols to align with federal cybersecurity objectives and enhance defense readiness.
  • Drafted Standard Operating Procedures (SOPs) on handling classified materials and repository management to improve internal processes and minimize operational risks.

Model Based Systems Engineer

ITZ LLC
07.2022 - 04.2023
  • Supported large-scale system design efforts by analyzing stakeholder needs, system requirements, and architecture models within a DoD-focused environment.
  • Strengthened traceability across design iterations by developing scalable model-based solutions and coordinating Engineering Change Proposals (ECPs) for mission-critical outcomes.
  • Designed and refined system architectures using Cameo Enterprise Architect, ensuring alignment with evolving operational requirements and DoD security standards.
  • Converted system models from DoDAF, UPDM/UAF to SysML, improving flexibility and accuracy for future system updates and reconfigurations.
  • Ensured traceability of system requirements, linking ECPs, architecture models, and testing outcomes to prevent inconsistencies across system development.
  • Documented the Change Management Plan, coordinating iterative updates to support evolving architectural requirements during design phases.
  • Collaborated with stakeholders and cross-functional teams to ensure architecture models seamlessly integrated into larger system designs, meeting DoD mission objectives.

Systems Engineer

Platform Aerospace
03.2020 - 07.2022
  • Supported the design and security of complex systems by serving as a Cyber Risk Assessment (CRA) SME and collaborating with stakeholders, engineers, and cybersecurity teams.
  • Led efforts to identify, model, and mitigate system vulnerabilities to ensure compliance with cybersecurity requirements and technical standards for mission-critical programs.
  • Collaborated across stakeholders and technical teams to mitigate cybersecurity risks, delivering targeted recommendations that strengthened overall system resilience.
  • Identified system vulnerabilities through security testing and documented findings using the CRAST tool, enhancing visibility into high-risk areas and improving proactive risk mitigation strategies.
  • Validated system designs for cybersecurity compliance by analyzing data flows, integrated subsystems, and security measures to address anti-tamper threats and operational weaknesses.
  • Led cybersecurity system modeling efforts, creating detailed Visio diagrams and data flow mappings to visualize system interfaces and address architecture gaps.
  • Supported P-8A aircraft configuration and compliance efforts, contributing to the successful achievement of the first P-8A Cybersafe certification for Foreign Military Sales (FMS).
  • Conducted comprehensive vulnerability assessments, mapping and characterizing data transmissions across systems and subsystems to identify weaknesses and develop corrective measures.

Cyber Risk Analyst

Booz Allen Hamilton
09.2019 - 03.2020
  • Served as a Cybersecurity SME supporting various DoD clients by developing and reviewing assessment and authorization documentation, conducting vulnerability assessments, and ensuring system compliance with DoD cybersecurity policies.
  • Collaborated with stakeholders to improve security postures and provide actionable recommendations during system reviews.
  • Applied the Risk Management Framework (RMF) for DoD IT systems, implementing system hardening and compliance measures using Security Technical Implementation Guides (STIGs).
  • Identified and assessed system vulnerabilities through the analysis of access points, data types, and mission-critical functions, leveraging DoDAF viewpoints and models to support mitigation planning.
  • Conducted technical vulnerability audits and briefed senior leadership, providing actionable recommendations to correct security weaknesses and improve posture.
  • Managed Requests for Information (RFIs) and tracked resolution of action items related to cyber risk assessments, ensuring timely responses and effective mitigations.
  • Oversaw secure storage and distribution of system documents, including Interface Design Description (IDDs), Interface Control Document (ICDs).
  • Managed internal repositories such as JIRA, Confluence, and MS Teams, to maintain accurate records.
  • Collected and organized cyber risk assessment data, contributing to program briefs, technical reports, and security documentation development.

Program Analyst – Customer Relationship Management (CRM)

SMARTRONIX
01.2019 - 09.2019

Education

Bachelor of Science - Information Systems Management

University of Maryland University College
Adelphi, MD
12.2018

Associate of Arts - General Studies

College of Southern Maryland
La Plata, MD
08.2017

Skills

  • Expert in DoD Risk Management Framework (RMF), developing, validating, and maintaining ATO packages
  • Validated security controls across complex enclaves using DISA STIGs, SCAP, ACAS, and Evaluate-STIG
  • Led cross-functional teams during security assessments, incident response reviews, and test events
  • Authored Concurrence Memos, Risk Assessment Executive Summaries, IATTs, and security policy documentation
  • Advised senior leadership on INFOSEC risk mitigation strategies to support mission-critical decisions

Certification

  • Navy Qualified Validator Certification | 2024-08
  • DISA eMASS Certificate | 2024-08
  • DISA ACAS Certificate | 2024-08
  • CompTIA Sec+ Certificate | 2024-07
  • NAWWAR RMF Certificate | 2024-07

Additional Information

  • Qualifications:
  • Current Status: NT-4 (GS-12 Equivalent)
  • NT-5 Eligibility: Eligible for NT-5 (GS-13 Equivalent)
  • Risk Management Framework (RMF) Implementation & Compliance
  • System Security Engineering & Cyber Requirements Analysis
  • System Authorization & A&A Processes
  • Vulnerability Management & Security Hardening (STIGs, SCAP)
  • Model-Based Systems Engineering (SysML, Cameo Enterprise Architect)
  • Technical Documentation Review & Validation (SSPs, LCSPs, Concurrence Memos)
  • Agile Development & Cross-Functional Collaboration
  • DoD IT Systems and Cybersecurity Standards Compliance
  • Core Competencies
  • Cybersecurity & Risk Assessment: Risk Management & Mitigation, Threat Modeling, Security Posture Assessments, Anti-Tamper Investigations, Risk Analysis for A&A Processes
  • System Security & Validation: Vulnerability Identification, Technical Reviews, Security Testing & Validation, System Upgrades & Hardening, Continuous Monitoring
  • Policy Development & Compliance: IT Security Guidelines, DoD Compliance, Internal Security Protocol Development, Configuration Baseline Maintenance, Audit Preparation
  • Project Coordination & Cross-Functional Collaboration: Agile Development Processes, Coordination Across Engineering Teams, Stakeholder Engagement, Knowledge Transfer & Documentation Best Practices
  • Process Improvement & Reporting: SOP Development, Process Documentation, Data Flow Mapping, Error Reduction & Corrective Action Implementation, Report Preparation (IATT Risk Exec Summaries, Concurrence Memos)
  • Technical Proficiencies
  • Cybersecurity Tools & Platforms: SCAP, DISA STIGs, eMASS, ACAS, CSCS Tool
  • System Engineering & Modeling: Cameo Enterprise Architect, SysML, DoDAF, UPDM/UAF
  • Frameworks & Standards: RMF (NIST SP 800-37), NIST SP 800-53, DoD Cybersecurity Guidelines
  • Collaboration & Documentation: Confluence, JIRA, MS Teams, SharePoint
  • Vulnerability Management: STIG Checklists, Security Patch Reviews, Risk Mitigation

Disclaimer

I certify that, to the best of my knowledge and belief, all of my statements are true, correct, complete, and made in good faith. February 10, 2025 Oversee the cybersecurity program of assigned Navy systems during test events, ensuring full INFOSEC compliance. Manage information security implications across test planning, personnel coordination, infrastructure readiness, and policy enforcement. Ensured the rigorous application of information assurance policies, principles, and practices across multiple Navy systems. Oversaw cybersecurity program compliance by conducting system security evaluations, audits, and reviews for ATO readiness.

Training

  • Delligatti Associates Accelerator OCSPMP SysML Training | 2022-09
  • CompTIA CASP and CYSA Training | 2020-09

Languages

Spanish

Timeline

Test Event Manager

Naval Surface Warfare Center Dahlgren Division (NSWCDD)
03.2025 - Current

System Security Engineer

NSWC/NUWC, NAVSEA
01.2025 - Current

Navy Qualified Validator – NSWC/NUWC, NAVSEA

NAVSEA Warfare Center
08.2024 - 03.2025

Data Management Specialist

USS Secure, NAVSEA
04.2023 - 08.2024

Model Based Systems Engineer

ITZ LLC
07.2022 - 04.2023

Systems Engineer

Platform Aerospace
03.2020 - 07.2022

Cyber Risk Analyst

Booz Allen Hamilton
09.2019 - 03.2020

Program Analyst – Customer Relationship Management (CRM)

SMARTRONIX
01.2019 - 09.2019

Associate of Arts - General Studies

College of Southern Maryland

Bachelor of Science - Information Systems Management

University of Maryland University College
Melissa Gonzalez