Click Here for the PDF Version.
Vitals:
- Phone: +1 850 691 9708
- Email: mail@justinmjohnson.com
- Location: Atlanta, GA
- Website: www.justinmjohnson.com
- LinkedIn: imjustinjohnson
- GitHub: justin-m-johnson
Senior GRC Strategist & Lead CMMC Certified Assessor (CCA)
Strategic Cybersecurity Compliance Leader with 10+ years of experience directing multi-million dollar federal contracts and enterprise risk management programs. As a Certified CMMC Assessor (CCA) and PMP, specializes in translating complex regulatory requirements (NIST SP 800-171/53, NIST 800-37, RMF Framework, DFARS) into cohesive business strategies that ensure audit readiness without disrupting operations. Expert in guiding organizations through the full compliance lifecycle—from initial scoping and gap analysis to policy architecture and final remediation. Proven record of securing ATOs for mission-critical systems and building collaborative partnerships that align security posture with executive business goals.
Education
Western Governors University, MBA - IT Management
- Oct 2024 – May 2025
- Masters of Business Administration
Colorado State University-Global Campus, B.Sc in Cyber Security
- Aug 2016 – May 2018
- 4.0 GPA
- Magna Cum Laude
Florida State University, B.Sc in Criminology
- Aug 2007 – May 2011
- 3.7 GPA
Experience
SeKON / Alpha Omega
Aug 2020 – Present | Atlanta, GA (Remote)
CMMC Initiative (Sept 2025 – Present)
Position: Internal CMMC Consultant/Advisor
- Spearheaded the CMMC compliance initiative by providing Alpha Omega with several training sessions on the importance of CMMC and impact on the DIB.
- Scoped the organizational enclave and identifying all contracts subject to DFARS 7012, 7019, and 7021 clauses, establishing the foundational requirements for the certification effort.
- Authored and implemented over 10 new security policies and procedures, closing critical gaps identified during the initial assessment and aligning organizational practices with CMMC Level 2 controls.
CDC Contract (Oct 2024 – Present)
Position: Cybersecurity Project Manager
- Led and mentored a cybersecurity team of three Security Stewards and Analysts, driving comprehensive assessment activities that supported the CDC’s public health mission.
- Directed Authorization & Accreditation workflows aligned with NIST SP 800-37 RMF and NIST 800-53 controls, overseeing audits, control assessments, and compliance documentation.
- Chaired Configuration Control Board meetings managing critical change and risk mitigation across multiple information systems during organizational transition.
- Acted as primary liaison with CDC stakeholders, delivering risk status, audit results, and strategic security guidance.
- Led/Completed 25+ NIST RMF assessments annually, ensuring continuous accreditation readiness.
DHA Contract (Aug 2020 – Oct 2024)
Position: Lead Information Systems Security Engineer
- Promoted from Information Systems Security Engineer to Information Systems Security Engineer Lead, overseeing implementation of RMF, NIST controls, and vulnerability management solutions across DHA information systems.
- Integrated CISA/DISA guidance into actionable team projects and technical processes, influencing successful ATO certifications and transition from ATO-C to ATO for multiple government systems.
- Delivered automated vulnerability scanning with integration to eMASS and Cybersecurity Dashboarding using Splunk, improving real-time monitoring and metrics, reducing manual work by 75%.
- Coordinated Quarterly STIGs/SCAPs review and continuous monitoring, ensuring systems exceeded evolving federal compliance requirements.
- Provided technical recommendations based on latest executive orders (EOs) and OMB policies, specializing in Zero Trust and NIST RMF Rev. 5 implementations.
- Conducted comprehensive audits and assessments of cybersecurity practices and control implementations, verifying evidence and evaluating readiness for advanced compliance standards.
- Achievements: Authored two (2) Standard Operating Procedures; Mentored five (5) engineers/analysts, driving team upskilling and streamlined compliance documentation; Multiple recognitions from government leadership.
Georgia Tech Research Institute
Information Systems Security Officer Nov 2018 – Aug 2020 | Atlanta, GA
- Implemented RMF and compliance documentation (JSIG, NIST, POAMs).
- Conducted weekly vulnerability scans and annual cybersecurity training for technical and non-technical staff.
Mount Vernon Towers
IT Technician July 2018 – Nov 2018 | Atlanta, GA
- Redesigned networks and managed day-to-day IT support for 200+ users.
Bay County Sheriff’s Office
Corporal, Field Services Division July 2013 – July 2018 | Panama City, FL
- Supervised and led multiple patrol deputies.
Current Certifications
- CMMC-LCCA, Cyber-AB/CAICO
- CMMC-CCA, Cyber-AB/CAICO
- CMMC-CCP, Cyber-AB/CAICO
- PMP, PMI
- CISSP, ISC(2)
- Azure Fundamentals, Microsoft
- Office 365 Fundamentals, Microsoft
- Security Compliance and Identity Fundamentals, Microsoft
- Security+, CompTIA
- Network+, CompTIA
- A+, CompTIA
Skills
- Leadership & Management: Team Leadership, Project Management (PMP), Stakeholder Engagement, Strategic Planning, Cross-Functional Collaboration, Mentoring & Training
- Governance, Risk & Compliance: NIST SP 800-37/800-53/800-171, NIST Cybersecurity Framework, Zero Trust Architecture (NIST 800-207), HIPAA, JSIG, RMF, A&A, Compliance Auditing
- Cloud & Security Platforms: AWS, Azure (Microsoft Certified: Azure Fundamentals), GCP, Oracle Cloud, Office 365 (Microsoft Office 365 Fundamentals), Hybrid/Multi-Cloud Security, Containerization (Docker), Virtualization (VMware, KVM, Hyper-V)
- Security Operations & Tools: Vulnerability Management (Nessus), SIEM (Splunk, ELK), Endpoint & Log Monitoring (Wazuh), Automation & Orchestration (Ansible, Terraform, GitHub Actions)
- Programming & Scripting: Python, PowerShell, Bash, Git
- Other Technical Skills: Network & Systems Administration, Continuous Monitoring, Incident Response, Security Documentation, Policy Development, Regulatory Compliance Assessment
Achievements
- Cyber50 Award - Northern Virginia Technology Council (NVTC)