Charles Pelton, CISSP

  1. Data

Retired U.S. Navy Chief (CISSP) | 20+ years in network & information security, systems accreditation, RMF/JSIG, and enterprise infrastructure

Retired U.S. Navy Chief with over 20 years of hands‑on experience in network engineering, cybersecurity, and systems accreditation across unclassified and all classified levels. Career highlights include leading Type Accreditations, MUSA/ISOL implementations, WAN and infrastructure design, and COMSEC management while applying NIST RMF and JSIG controls. Supported DoN and industry (Engility, Orbital ATK/Northrop Grumman, NAWC Pt. Mugu, ExoAnalytic, Nooks) and hold a BS in Management Information S…
  1. Aerospace
  2. Consumer Electronics
  3. Network Security
  4. Network Administration
  5. Windows Server
  6. Senior Site Reliability Engineer
Hire Charles
Charles Pelton, CISSP

Experience

  • Nooks

    Nooks

    Cybersecurity Site Lead

    Feb 2026 - Present

    Nooks provides Classified-Infrastructure-as-a-Service (CIaaS), offering a nationwide network of accredited classified workspaces by subscription to enable cleared teams from industry and government to operate in classified environments without the multi‑year cost and wait of building SCIFs.

    • Led site cybersecurity posture for an accredited classified facility, developing and enforcing access controls, network segmentation, and hardening standards for on‑prem and virtualized assets.
    • Coordinated SCIF security requirements with facilities, physical security, and accreditation teams to maintain continuous compliance with accreditation criteria and site security plans.
    • Established incident response and reporting procedures for classified and unclassified enclaves, including escalation paths to cleared leadership and external stakeholders.
    • Performed risk assessments and vulnerability scans; tracked remediation through POA&Ms and coordinated mitigation with IT and facilities teams.
    • Provided security awareness and cleared‑personnel onboarding focused on classified handling, OPSEC, and insider threat indicators.
    • Partnered with mission and customer teams to balance operational availability with strict security controls in a subscription CIaaS environment.
  • ExoAnalytic Solutions

    ExoAnalytic Solutions

    ISSM

    Aug 2022 - Mar 2026

    ExoAnalytic Solutions is a scientific and engineering company delivering space domain awareness, analytics and mission systems to defense and commercial customers, specializing in advanced algorithms, sensing and modeling for the space and missile domains.

    • Served as Information System Security Manager (ISSM) for program systems, owning RMF/A&A activities and maintaining continuous authorization posture.
    • Developed and maintained system security plans (SSP), control implementations, and artifacts to support Authority to Operate (ATO) and contract deliverables.
    • Directed continuous monitoring: coordinated vulnerability scanning, patching schedules, and log/alert tuning with engineering and operations teams.
    • Managed POA&M lifecycle and coordinated remediation prioritization with program managers and stakeholders to reduce security risk exposure.
    • Led user account and privileged access governance, ensuring separation of duties and adherence to least privilege for mission systems.
    • Delivered security training and compliance briefings to program personnel and supported security-related customer reviews and audits.
  • Naval Air Systems Command (NAVAIR)

    Naval Air Systems Command (NAVAIR)

    ISSM

    Jun 2019 - Jul 2023

    U.S. Navy — the United States naval warfare service branch — provides global maritime power projection, operations, and support for national defense and security objectives.

    • Acted as ISSM for Navy aviation program elements, implementing RMF processes and maintaining Authorization artifacts for afloat and shore-based systems.
    • Coordinated cross‑organizational security assessments and mitigations with program offices, systems engineers, and C4ISR stakeholders to protect mission assurance.
    • Managed secure configuration and baseline enforcement for mission systems and communications equipment in accordance with DoD/Navy policies and STIGs.
    • Directed incident handling and reporting for operational systems, working with cyber teams to contain, investigate, and remediate compromises or anomalies.
    • Supported certification and accreditation activities, including continuous monitoring, audit response, and evidence collection for Authorizing Officials.
    • Advised leadership on risk tradeoffs between mission needs and cybersecurity controls to preserve operational availability.
  • Northrop Grumman

    Northrop Grumman

    ISSM

    Jan 2016 - Jun 2019

    Northrop Grumman designs, develops and sustains advanced aerospace, defense and mission systems—ranging from aircraft and spacecraft to C4ISR, cyber, and radar systems for national security customers.

    • Served as ISSM on program(s) delivering mission systems, leading security governance and ensuring alignment to corporate and DoD cybersecurity requirements.
    • Oversaw implementation of security controls across development, integration, and sustainment phases, coordinating with engineering, supply chain, and subcontractors.
    • Managed vulnerability management and secure build processes, integrating security testing early in the lifecycle and reducing downstream findings.
    • Prepared and presented security posture and risk briefings to program leadership and external stakeholders during design reviews and contract milestones.
    • Implemented supply‑chain security practices and third‑party assessment coordination to protect program IP and sensitive sources/techniques.
    • Supported cross‑program information sharing for cyber threats, lessons learned, and control improvements.
  • Engility Corporation

    Engility Corporation

    Information Assurance Analyst

    May 2013 - Jan 2016

    SAIC (formerly Engility) advances technology and engineering solutions for government customers, delivering mission support across defense, intelligence and civilian domains.

    • Performed information assurance duties including STIG application, baseline configuration, and continuous monitoring for customer systems.
    • Conducted vulnerability scans and coordinated remediation with system owners to maintain compliance with DoD/contract security requirements.
    • Developed and maintained security documentation (SSP, contingency plans, incident response playbooks) to support audits and ATO efforts.
    • Administered identity and access controls for enterprise systems, managing privileged accounts and role‑based access workflows.
    • Provided user training and security awareness to technical staff and end users to improve compliance and reduce risky behaviors.
    • Assisted program teams with security requirements translation into technical requirements and operational procedures.

  • USS ANTIETAM (CG 54)

    Information Assurance Manager

    Sep 2010 - May 2013

    USS ANTIETAM (CG 54) — United States Navy guided‑missile cruiser responsible for shipboard operations and mission support.

    • Managed network security for two virtual LANs running on VMware supporting 15 servers and 250+ workstations, ensuring availability and integrity of shipboard IT services.
    • Led and mentored a 12‑person team responsible for daily network administration, systems maintenance, and helpdesk support.
    • Implemented and enforced baseline configurations, patch management, and hardening standards to meet Navy cybersecurity guidance.
    • Maintained user account lifecycle, role assignments, and separation of duties to protect privileged access on ship systems.
    • Developed incident response processes tailored to the shipboard environment, including escalation and reporting to command and shore authorities.
    • Coordinated with engineering and operations to support classified and unclassified communication needs while preserving security posture.
  • NSA

    NSA

    Hawaii Enterprise Help Desk and Infrastructure Manager

    Oct 2006 - Jan 2010

    NSA (Norske Systemarkitekter) is a Nordic IT consultancy specializing in service management, business intelligence, integration and system operations with expertise in Oracle and Red Hat technologies.

    • Managed enterprise help desk and infrastructure operations for a geographically distributed customer base, overseeing incident, request and problem management processes.
    • Directed infrastructure teams responsible for server virtualization, storage, and network services to meet SLA and availability targets.
    • Implemented ITSM practices and tooling to improve ticket resolution, asset tracking, and change control across the enterprise.
    • Coordinated vendor relationships and third‑party support to ensure timely escalations, hardware/service replacements, and contract adherence.
    • Provided end‑user support and training, and documented operational runbooks and escalation procedures to streamline supportability.
    • Conducted periodic capacity, performance and risk reviews to inform infrastructure investments and mitigations.

  • Commander, Expeditionary Strike Group 7, Okinawa

    Force Information Assurance Manager

    Oct 2003 - Oct 2006

    Commander, Expeditionary Strike Group 7 (Okinawa) — naval command responsible for expeditionary strike group operations and readiness in the region.

    • Served as Force Information Assurance Manager, developing and enforcing enterprise IA policy and procedures across assigned units.
    • Led force‑level risk assessments and coordinated accreditation activities for command information systems and mission enclaves.
    • Oversaw compliance with DoD/Navy information assurance directives, ensuring timely remedial actions and reporting to higher echelons.
    • Coordinated security training, insider threat briefings, and OPSEC campaigns across the force to raise awareness and consistent practices.
    • Liaised with regional cyber and COMSEC authorities to align defensive measures with theater operations and incident response plans.
    • Advised command leadership on cyber risk, operational impacts, and mitigation options during deployments and exercises.

  • Commander, Naval Networks and Space Operations Command

    Information Systems Security Officer

    Jun 2000 - Oct 2003

    Commander, Naval Networks and Space Operations Command — command focused on naval networks, communications and space‑related operations to enable naval warfighting capabilities.

    • Acted as Information Systems Security Officer for naval network and space operations systems, enforcing security controls and monitoring compliance.
    • Managed system hardening, STIG/STIG‑like implementation, and continuous monitoring to preserve mission integrity.
    • Coordinated audits, log collection, and forensic support for network incidents and security investigations.
    • Maintained configuration management and change control for critical network components and ensured documentation for accreditation purposes.
    • Collaborated with cross‑functional engineering and operations teams to integrate cybersecurity requirements into system upgrades and deployments.
    • Provided user access governance, authorization support, and training for operators of space and network systems.

  • USS ESSEX

    Communications Supervisor

    Apr 1997 - Jun 2000

    USS ESSEX — United States Navy amphibious assault ship responsible for expeditionary operations and shipboard communications support.

    • Supervised shipboard communications operations, ensuring reliable voice, data and messaging services in support of deployed operations.
    • Managed maintenance and configuration of communication equipment and supported cryptographic/COMSEC requirements.
    • Trained and led enlisted communications personnel in operating and troubleshooting tactical and administrative networks.
    • Implemented protocols for secure transmission of classified and unclassified operational messages and coordinated with afloat/ashore networks for interoperability.
    • Monitored network performance and coordinated repairs or workarounds to maintain mission communications during underway periods.
    • Maintained logs, reports and readiness metrics to support command inspections and evaluations.

  • Special U.S. Liaison Advisor Korea

    Technical Controller

    Feb 1995 - Apr 1997

    Special U.S. Liaison Advisor Korea — mission/liaison assignment providing technical and operational advisory support in the Republic of Korea.

    • Served as Technical Controller and primary technical liaison between U.S. and host nation/partner technical staffs for communications and systems integration.
    • Coordinated configuration, testing and fielding of communication equipment to ensure interoperability and security with allied systems.
    • Managed classified information flows and ensured compliance with applicable handling and transmission procedures.
    • Facilitated technical problem resolution across multinational stakeholders and documented lessons learned for future deployments.
    • Supported training and technical handovers to partner organizations to sustain operational capability.

  • Commander, Patrol Wing 11

    Message Processor

    Oct 1993 - Feb 1995

    Commander, Patrol Wing 11 — naval aviation command responsible for maritime patrol and reconnaissance operations and associated communications/message processing.

    • Operated as Message Processor responsible for handling, routing and safeguarding operational and administrative messages in support of maritime patrol squadrons.
    • Ensured communications security procedures were followed for classified messaging and maintained message logs for traceability and audit.
    • Coordinated with operations and intelligence cells to prioritize message flows and expedite time‑sensitive information.
    • Maintained message handling systems and performed regular checks to ensure message integrity and delivery success.
    • Trained personnel on message formatting, distribution protocols and COMSEC procedures to maintain operational readiness.