Jack Devault II, CISSP

Project: NATO Final Lifetime Extension Programme (FLEP) — Boeing
Role: Cybersecurity Lead

As the cybersecurity lead on Boeing’s NATO FLEP initiative, I directed all security engineering and compliance activities for this high-stakes defense program aimed at extending the operational life of NATO’s critical airborne assets. I spearheaded threat modeling, secure architecture reviews, and rigorous vulnerability assessments to harden complex mission systems against advanced persistent… Show more

Project: NATO Final Lifetime Extension Programme (FLEP) — Boeing
Role: Cybersecurity Lead

As the cybersecurity lead on Boeing’s NATO FLEP initiative, I directed all security engineering and compliance activities for this high-stakes defense program aimed at extending the operational life of NATO’s critical airborne assets. I spearheaded threat modeling, secure architecture reviews, and rigorous vulnerability assessments to harden complex mission systems against advanced persistent threats.

Key outcomes included:

Reduced cyber risk exposure by 70%, achieving compliance with stringent NATO and U.S. DoD security standards ahead of schedule.

Streamlined accreditation timelines by 40% through proactive stakeholder engagement and clear risk remediation roadmaps.

Implemented advanced cryptographic and endpoint protections, directly enhancing NATO’s operational resilience and mission readiness.

This project reinforced NATO’s multi-decade strategic capabilities while safeguarding sensitive allied defense data — a direct testament to integrating robust cybersecurity into global defense sustainment programs. Show less

Development of a GRC Program at Cimarex Energy

As Chief Information Security Officer at Cimarex Energy, I spearheaded the design and implementation of a comprehensive Governance, Risk, and Compliance (GRC) program tailored to meet the unique demands of the oil and gas sector. Starting from the ground up, I built a robust security strategy that dramatically improved the company’s security posture and directly reduced incidents across the enterprise.

This program integrated risk… Show more

Development of a GRC Program at Cimarex Energy

As Chief Information Security Officer at Cimarex Energy, I spearheaded the design and implementation of a comprehensive Governance, Risk, and Compliance (GRC) program tailored to meet the unique demands of the oil and gas sector. Starting from the ground up, I built a robust security strategy that dramatically improved the company’s security posture and directly reduced incidents across the enterprise.

This program integrated risk assessment, compliance management, incident response, and staff training into a cohesive framework, leveraging industry standards like NIST and ISO 27001. I crafted and enforced security policies, conducted targeted risk assessments, and drove policy adoption company-wide, ensuring alignment with business objectives and regulatory requirements.

The outcome was more than just ticking boxes—our GRC initiative resulted in a substantial reduction in security incidents, set a benchmark later adopted by other exploration companies, and established a resilient security culture that continues to protect Cimarex’s critical assets. Under my leadership, the security program not only safeguarded sensitive seismic data (crucial for high-stakes drilling decisions) but also strengthened investor confidence and business continuity. Show less

• Enterprise Security Solutions (e.g., ACAS, ePO, HBSS) – I used these technologies at Boeing to accomplish a more secure systems with regards to the following aircraft and systems, B1 Bombers, AWACS, Wedgetail, B52 Bombers. The outcome was a more secure system that met or exceeded the NIST SP 800-53 Ver. 5 standards. I worked with cross functional teams to setup McAfee ePO systems to allow updates of definitions to systems on a regular basis to meet compliance requirements.
• AWS, Azure… Show more

• Enterprise Security Solutions (e.g., ACAS, ePO, HBSS) – I used these technologies at Boeing to accomplish a more secure systems with regards to the following aircraft and systems, B1 Bombers, AWACS, Wedgetail, B52 Bombers. The outcome was a more secure system that met or exceeded the NIST SP 800-53 Ver. 5 standards. I worked with cross functional teams to setup McAfee ePO systems to allow updates of definitions to systems on a regular basis to meet compliance requirements.
• AWS, Azure Security Tools – I worked on deploying and developing Azure security tools such as defender and correlated and collected logs using Sentinel log collector in Azure cloud. Also used AWS tools to securely encrypt data at rest that was used by Cimarex energy to do data analysis of large amounts of seismic data. Also, worked with Boeing Office 365 deployment to get better security that was required to store CUI data.
• RMF, NIST 800-53, CMMC – I worked on documentation for RMF packages for B1 Bombers and reviewed documents that are used to get ASIF labs ATO Accreditation from USAF. The ATO was obtained for two classified labs and one unclassified lab used for updated software development for the weapon systems.
• SIEMs, IDS/IPS – I setup log forwarders to help collect sys logs and other Linux logs from systems. I also correlated the logs and cross referenced with logs from PALO ALTO Firewalls that were setup and being used for deep packet inspections as IPS systems. The work on these systems lead to several security improvements that are still adopted and used by several oil and gas exploration companies.
• Nessus, OpenVAS, Vulnerability Scanners – I used these systems for NATO FLEP program and C17 Programs to help reduce the security footprint of ASIF Lab systems and production development labs. The data collected was used by me to create documentation such as crosswalks between NIST SP 800-53 Ver. 4 and Ver. 5 and NATO security standards. Show less