Ashley Montgomery
Information Security Assessor at Emerging Tech- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
English Native or bilingual proficiency
Topline Score
Bio
Credentials
-
Project Management Professional (PMP)
Project Management Institute
Experience
-
Emerging Tech
-
United States
-
IT Services and IT Consulting
-
1 - 100 Employee
-
Information Security Assessor
-
Jan 2018 - Present
Conduct IT risk assessment to identify system threats, vulnerabilities, and risk, and generate reports. Maintain, review and update information security system documentations, including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices. Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4 Review and update RTM (Requirements Traceability Matrix) analysis scan results and document findings in POA&M upon status of control Pass/Fail. Assess security controls and develop security assessment report (SAR) Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan. Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities Review authorization documentation for completeness and accuracy for compliance. Facilitate Security Control Assessment (SCA) and monitor activities. Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4. Ensure cyber security policies are adhered to and that required controls are implemented. Validated information system security plans to ensure NIST control requirements are met Review security logs to ensure compliance with policies and procedures and identify potential anomalies. Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M. Collect Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless. Upload supporting documentations into the SharePoint, Google Docs, and IACS-360 Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network. Show less
-
-
-
US Courts/RAS LLC
-
Washington, District of Columbia, United States
-
Cyber Security Analyst
-
Feb 2015 - Jan 2019
Ensure implementation of appropriate security controls for information systems based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199 Review and update remediations on POA&Ms. Work with system administrators (SA) & System Owner (SO) to resolve POA&Ms, gather artifacts and create mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M. Work with and communicate with stakeholders through authorization package completion. Review and update RTM (Requirements Traceability Matrix) analysis scan results and document findings in POA&M upon status of control Pass/Fail. Collaborate with system administrators to remediate (POA&Ms) findings. Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization’s continuous monitoring plan Monitor controls post-authorization to ensure continuous compliance with the security requirements Conduct security assessment interviews to determine the security posture of the system and to develop a Security Assessment Report (SAR) upon the completion of the Security Test and Evaluation (ST&E) (RTM) questionnaire using NIST SP 800-53A, required to maintain company Authorization To Operate (ATO), the Risk Assessment, System Security Plans, and system categorization Prepare and submit Security Assessment Plan (SAP) Perform information security risk assessments and assist with the internal auditing of information security processes. Exposure to vulnerability scanning and assessment tools such as Nessus analyzing scan results. Show less
-
-
Education
-
2012 - 2015
University of Maryland University College
Master's degree, Management -
2008 - 2011
University of Baltimore
Bachelor of Arts (BA), Interdisciplinary Studies
Community
