Mason Tuckett
Cyber Analyst • Information System Security Officer (ISSO)
Download GPG Key83A3 C07C 1C7D 8B6D 4A4A 781D 7155 6DFD B495 ACB7
Summary
Cybersecurity professional and ISSO contractor supporting AFNWC/MMIII sustainment for the Department of the Air Force.
Focused on RMF, A&A documentation, security control evidence, POA&M tracking, STIG/SRG compliance, vulnerability management, and information system security requirements for mission-critical defense environments.
Skilled in information security, systems administration, Linux, networking, virtualization, firewalling, secure web infrastructure, and cybersecurity instruction.
Qualified for: IAT III, IAM II, IASAE II, CSSP Analyst, CSSP Infrastructure Support, CSSP Incident Responder, and CSSP Auditor roles.
Experience
Cyber Analyst/Information System Security Officer (ISSO)
BAE Systems, Inc.
March, 2026 – Present
- Supported AFNWC/MMIII sustainment as an Information System Security Officer (ISSO), advising on security requirements for sensitive information processed, stored, and transmitted by program systems.
- Assisted with RMF activities aligned to NIST SP 800-53, including A&A support, security documentation, control evidence, compliance artifacts, program security plans, policies, procedures, and configuration management records.
- Supported vulnerability/risk management, POA&M tracking, audit support, anomaly investigation, incident response coordination, corrective action tracking, and information security awareness efforts.
Community Educator
Davis School District
January, 2026 – February, 2026
- Independently developed and instructed hands-on, practical, weekly courses spanning: cybersecurity, computer networking, ethical hacking, Linux administration, Python programming, and web development.
- Partnered with district curriculum coordinators to structure courses around pertinent, underrepresented, high-impact, desired content areas.
- Collaborated with the district IT department to ensure courses were within policy and legal and ethical responsibilities were upheld.
Teacher Assistant
Davis School District
October, 2025 – February, 2026
- Conducted and prepared daily SIPPS lessons (Systematic Instruction in Phonological Awareness, Phonics, and Sight Words) to grades 1–5—improving literacy, fluency, and decoding acquisition.
- Utilized Acadience assessments to track and monitor student progress—adjusting pacing and reading intervention methodology.
- Facilitated small-group instruction for rounds of 5–10 students—maintaining engagement through positive reinforcement techniques and structured reading routines.
Ken Garff Esports — Summer Tech Track Mentorship
Success in Education
May, 2025 – June, 2025
- Instructed students (grades 7–12) in foundational cybersecurity utilizing the CyberPatriot curriculum, resulting in increased student confidence and performance in computer science.
- Facilitated hands-on game development projects that improved students’ understanding of logic, design thinking, and collaborative problem-solving.
- Collaboratively designed and implemented curriculum materials, including PowerPoints, Kahoots, interactive activities, and icebreakers—that enhanced student participation and learning outcomes.
Skills
- Security & Compliance: RMF, NIST 800-53 Rev. 5, A&A Support, POA&Ms, eMASS, STIGs/SRGs, Tenable Nessus
- Systems: AWS, Proxmox, VMWare ESXi, RHEL, Podman/Docker, Active Directory, Windows Enterprise
- Cloud & Networking: AWS VPC, Cisco IOS/Meraki, SD-WAN, MPLS, BGP, RIP, OSPF, VXLAN, VLAN, DNS, DHCP, TCP/IP
- Professional: Problem Solving, Troubleshooting, Collaboration, Curriculum Development, Technical Instruction
Education
MS, Cybersecurity and Information Assurance
Western Governors University
February, 2026 – August, 2026
BS, Cybersecurity and Network Management
Weber State University
August, 2022 – August, 2025
AAS, Cybersecurity and Network Management
Weber State University
August, 2022 – August, 2025
AS, General Studies
Weber State University
August, 2022 – August, 2025
HS Diploma
Davis Connect 7-12
May, 2022
Certifications
Professional Certifications
- CompTIA SecurityX (CASP+) — 8S50JTL5Y2FQ1ZSZ
- CompTIA CySA+ — HJGBKZQ5TM411WWF
- CompTIA PenTest+ — L06MGB7QYBF41S9B
- CompTIA Linux+ — L6JS88LT3FEEQHS1
- CompTIA Security+ — R6EZ8J86MMB1QKWP
- CompTIA Network+ — EBMQ8Z0TGJ411F9Y
- CompTIA A+ — 26DTYN06MFB4QMC7
- CompTIA ITF+ — 7KXDBYRYQFFQ1ESQ
- ISC2 Certified in Cybersecurity (CC) — 2068665
- Google IT Support Professional — 69J675FU9XSO
Course-Related Certifications
- CCNA: Switching, Routing, and Wireless Essentials
- AWS Academy Cloud Security Builder
- AWS Academy Cloud Foundations
Educational Certificates
- CP, Cybersecurity Policy and Management — Weber State University
- CP, Cloud Computing Security — Weber State University
- CP, Network Technologies — Weber State University
- CP, Cybersecurity Essentials — Weber State University
Projects
Home Lab — Proxmox Virtual Environment
- Deployed OPNsense as the primary edge router and firewall, configuring VLAN segmentation, RFC1918 subnetting, DHCP scopes, NAT (SNAT/DNAT), DNS forwarding, and rule-based inter-VLAN access control.
- Built a Proxmox virtualization environment using KVM virtual machines and LXC containers to host lab systems, infrastructure services, and security tooling with managed resource allocation, backups, and snapshot-based rollback.
- Implemented strict firewall baselines in OPNsense to limit east-west traffic between VLANs, restrict management-plane access, and enforce service-specific allow rules.
- Created a SOC lab using Kali Linux, Windows targets, and Wazuh to simulate vulnerability assessment, endpoint monitoring, alert generation, log collection, and detection workflows.
- Configured attribute-based WireGuard tunnels to securely route selected self-hosted service traffic through a VPS reverse proxy, with TLS 1.2/1.3 termination and hardened Nginx proxy configuration.
Web Hosting — RHEL VPC
- Deployed a hardened RHEL-based VPC/VPS environment using Podman rootless containers, Firewalld zones, SELinux enforcing mode, and least-privilege service isolation for public web, Tor/I2P, and supporting services.
- Implemented a strict network security baseline with default-deny inbound policy, IPSet-based geoblocking, tightly scoped Firewalld rich rules, non-standard IP-bound SSH access, and localhost-only Tor service binding.
- Hardened Nginx with TLS 1.2/1.3, strong AEAD cipher suites, HSTS, restrictive CAA records, DNSSEC, HTTP method restrictions, rate limiting, header size limits, and security-focused response headers.
- Applied RHEL system hardening through sysctl tuning, unused kernel protocol/module blacklisting, SELinux policy enforcement, application confinement, Journald log review, and service-specific attack-surface reduction.
- Established a verifiable trust chain using mirrored GPG public keys, signed darknet mirror statements, SHA-512 checksum proofs, DNS TXT validation records, and a public GitHub mirror for independent verification.