Sarah Marinacci
Insider Threat Analyst/Information System Security Officer at VOR TECHNOLOGY- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
Credentials
-
CompTia Security+
-
Experience
-
VOR TECHNOLOGY
-
United States
-
Information Technology and Services
-
1 - 100 Employee
-
Insider Threat Analyst/Information System Security Officer
-
Jun 2016 - Present
Support the insider threat hub with technical analysis of data network and user activity to identify indicators of insider threats. Mine data for unknown linkages in existing information and assist in the development of leads for the insider threat program. Provide analysis of feeds within the programs threat management hub and recommend disposition of inquiries. Conduct analysis of User Activity and network monitoring based on either analysis of all feed data or specific inquiries requested from multiple disciplines. Responsible for performing research and developing documents, summaries, reports, and presentations for key personnel. Review data for classification and transfer amongst systems of varying levels. Keep up to date with DoD regulations/guidance, DNI Counterintelligence Standards, NIST, and other directives/instructions.
-
-
-
ManTech International Corporation
-
United States
-
Software Development
-
1 - 100 Employee
-
Information System Security Officer
-
Jan 2015 - Jun 2016
Lead ISSO for Management, Security, and Operations directorate in large government organization. Responsible with planning, coordinating, and controlling information system security for the entire directorate including security measures for all computers, electronic storage devices, and communication systems. Serve as the Technical Advisor to Senior Management on all areas of Information Systems Security. Responsible for maintaining ongoing knowledge of Federal, DoD, and IC legislation, regulation, policies, and practices related to information systems security; overseeing the certification and accreditation of all MS&O information systems, managing the conduct of vulnerability assessments and audit, development of risk mitigation programs and action plans. Safeguard information security assets including assigning security responsibilities, developing security plans, screening users, developing problem reporting systems, planning for disaster contingencies, and reviewing appropriate authorizations for processing of data.
-
-
-
Knowledge Consulting Group
-
Lebanon
-
E-Learning Providers
-
Security Analyst
-
Sep 2014 - Jan 2015
Independent Assessor supporting the Federal Reserve Bank in assessing step four in the Risk Management Framework using NIST SP 800-53v4 & v3. Provide assistance and expertise to clients in risk management, System Security Plan, POA&M, Exception development, and continuous monitoring. Ensure all security control assessment (SCA) activities are completed for each client within the Bank. Review client provided security documentation and interview client stakeholders/subject matter experts to understand the system and the associated risk. Prepare security assessment report (SAR) using information obtained from system security documentation and client interviews.
-
-
-
PL Consulting, Inc.
-
United States
-
Information Technology & Services
-
1 - 100 Employee
-
ISSO II
-
Jul 2013 - Sep 2014
Hired as a an ISSO working in an “Information System Security Group” where our primary focus is to assist in getting a large government organization's countless assets into compliance with the ICD 503 A&A process. Specifically responsible for maintaining system security postures, writing and updating System Security Plans, Standard Operating Procedures, and Vulnerability Reports. Additional responsibilities include but are not limited to: the control, labeling, virus scanning, and transfer of media at various classification levels; system development life cycle management specifically pertaining to property decommission and proper sanitization and disposal techniques; informing government (both military and civilian) of current system status within the RMF process as well as assisting in determinations of security relevant changes to their systems.
-
-
-
-
ISSO/Program Administrator
-
May 2010 - Jun 2013
.Hired as a full-time travel coordinator and morale team leader my primary focus was increasing and maintaining employee retention. Data Tactics expanded my responsibilities in late 2010 to include program administration and planning for a large DARPA program. While providing administrative support I interface with clients, monitor and schedule reoccurring meetings, and produce/brief scheduled program reports such as daily, weekly, monthly and quarterly status reporting. I manage team tasking within Waterfall and Agile management frameworks for multiple parallel efforts. While supporting corporate leadership I generate expense reports, analyze and project program costs, identify areas of cost savings and provide iterative cost saving feedback. In the fall of 2011 I was promoted to ISSO where I have successfully been overseeing the operation and maintenance of Data Tactic’s SCIF Authority to Operate (ATO). As an ISSO I work directly with the ISSM, DAA Rep, and System Administrators. I am responsible for developing and maintaining SSP’s and the corresponding support documentation. Additionally, I review Windows logs, Retina Scans, and Host Based Security Systems (HBSS) for security incidents or vulnerabilities.
-
-
Education
-
2014 - 2016
George Mason University
Bachelor of Applied Science (BASc), Information Technology -
2011 - 2013
Columbia Southern University
Business Administration -
2008 - 2011
Northern Virginia Community College
AS, General Studies
Community
