Hi, I'm Paul Brittin

Developed a method to validate DISA STIGs on immutable Apache and Tomcat container instances by analyzing container build scripts — approach independently confirmed as valid in a 2021 ISC2 Security Congress presentation.

Identified a UNIX_Remote_Plugin defect in SCAP Compliance Checker causing intermittent RHEL scan failures; opened vendor ticket, beta-tested the fix, and rolled the corrected release to production.

Co-led full lifecycle design, deployment, and administration of enterprise Trellix ePO — encompassing ENS, Policy Auditor, and DLP Device Control — producing security posture reports submitted to a centralized vulnerability reporting system for senior leadership review.

Demonstrated track record of migrating enterprise on-premises applications across major version upgrades, including Tenable Security Center and Nessus Scanners (RHEL 6 → RHEL 7) and Arcserve/SolarWinds platforms (Windows Server/SQL Server 2016 → 2022), maintaining continuity of operations throughout.

Agile Defense Inc.  ·  Systems Infrastructure, Applications & Security

• Co-led design, deployment, and administration of enterprise-wide centralized security management using Trellix ePO — including ENS Threat Prevention, Exploit Prevention, Policy Auditor, and DLP Device Control — tuning threat prevention and exploit protection settings to balance performance with maximum threat detection.
• Customized Policy Auditor audit rules to satisfy DoD compliance requirements; produced automated compliance reports and custom ePO dashboards to monitor endpoint security posture and agent health.
• Enforced granular DLP Device Control policies to prevent unauthorized USB and peripheral exfiltration; conducted policy testing and validation across the enterprise fleet.
• Co-led migration of Arcserve and SolarWinds platforms and databases from Windows Server 2016/SQL Server 2016 to Windows Server 2022/SQL Server 2022, improving performance and supportability.
• Configured Trend Micro Deep Security policies across 35 AWS GovCloud EC2 instances in a test VPC, enabling malware protection to meet DoD requirements and tailoring path and file exclusions by instance type.
• Developed PowerShell scripts to collect Trellix ePO server metrics (disk space, running services, SQL index fragmentation) and deliver automated email reports to the admin team.
• Collaborated with SOC teams, risk analysts, and infrastructure engineers on cross-functional endpoint defense strategy; performed root cause analysis on agent communication and threat detection anomalies.

Agile Defense Inc.  ·  Enterprise Security & Support

• Served as STIG validation SME for two AWS GovCloud programs; collaborated with system engineers on RHEL, Kubernetes, and Docker security configurations and Container Platform SRG requirements.
• Developed a method to validate DISA STIGs on immutable Apache and Tomcat container instances by reviewing container build scripts — approach later confirmed valid at the 2021 ISC2 Security Congress.
• Deployed and operated SCAP Compliance Checker for automated remote STIG scanning of Windows Server, RHEL, IE11, .NET, and Firefox using DISA benchmarks; identified a UNIX_Remote_Plugin defect causing intermittent RHEL connection failures, submitted vendor ticket, beta-tested fix, and rolled to production.
• Led evaluation of Automation Anywhere, SteelCloud ConfigOS, and Ansible to automate STIG compliance validation across Windows Server and RHEL; operationally deployed and configured each in test environments before selecting SCAP Compliance Checker as the production solution.
• Administered Tenable Security Center, Nessus Manager, Nessus Scanners, and Nessus Agents on-premises across VMware infrastructure; served as RHEL SME for SELinux, SSSD/Active Directory integration, filesystem, and storage troubleshooting.
• Wrote Bash, PowerShell, and Python scripts to automate OS patch checks (DNF), Tenable plugin downloads over HTTPS, and SolarWinds SAM server health metric and alert reporting.

Array Information Technology  ·  Enterprise Security & Support

• Directed RMF ATO deliverables and coordinated STIG validation for Air Mobility Command programs of record; authored and delivered program status reports to the COR.
• Developed STIG applicability matrices mapping DISA STIGs to Air Mobility Command systems by server type; established and maintained continuous STIG compliance monitoring workflows.
• Migrated Tenable Security Center and Nessus Scanners from RHEL 6 to RHEL 7 on-premises VMware VMs; deployed a new RHEL 7 Nessus Manager and upgraded Tenable.sc from v5.4 to v5.8; maintained DISA plugin updates, feed troubleshooting, and Nessus Scanner upgrades.
• Developed primary/backup Tenable.sc instance sync process to ensure continuity of operations; created and maintained a custom Tenable.sc plugin for DoD certificates.
• Generated DoD PKI-signed TLS certificates to link Tenable.sc to a centralized vulnerability reporting system; replaced self-signed certificates with DoD-signed certificates.
• Coordinated with the intrusion detection team to create a Splunk dashboard for monitoring ESS server patch status; performed offsite vulnerability scans and STIG validation for a remote program of record.
• Led team priority deconfliction across STIG validation, vulnerability reporting, and code review; reported compliance automation evaluation results to executive leadership; mentored junior personnel.

CSRA Inc. / ExecuTech Strategic Consulting  ·  DoD IT Services

• Planned, coordinated, and performed system maintenance globally across a multi-site enterprise environment.
• Applied security requirements and IAVA/IAVB/TA patches to operating systems; managed accounts, network rights, and access controls across the computing environment.
• Wrote and maintained scripts to automate repetitive computing environment tasks; performed firewall IP additions and collaborated with privileged users to resolve information assurance problems.
• Provided escalated Tier 2 technical support via Remedy ARS; ensured hardware, software, and data resources were archived, sanitized, or disposed of per system security plan requirements.

Western Governors University  ·  Salt Lake City, UT