Experience

Phacil (a By Light Company)

• United States
• IT Services and IT Consulting
• 100 - 200 Employee

• CyberSecurity Specialist

  • Aug 2018 - Present



Robbins-Gioia, LLC

• United States
• Business Consulting and Services
• 200 - 300 Employee

• Information Asssurance Analyst

  • Nov 2017 - Present

  •Review/develop RMF documentation to include System Security Plan (SSP), Information Security Continuous Monitoring (ISCM), and Account Management Plan, •Review/modify IACs ( Information Assurance Controls) per guidance of CNSS 1253 •Work action items on POA&M to fix vulnerabilities identified within the system •Develop system-level security A&A plans and projects with milestones to obtain ATO/ATC •Making IA recommendations in accordance with applicable DoD orders & directives •Security testing and evaluation activities for validation in the RMF process •Attend weekly status meetings with SCAR(Security Control Assessor Representative)/AO •Review/develop test scripts to ensure vulnerability is assessed properly



KBR Careers - Gov Solutions

• United States
• Defense and Space Manufacturing
• 700 & Above Employee

• Information Assurance Analyst

  • Jul 2017 - Nov 2017

  •Provide Information Assurance engineering support to Naval Air Systems Command (NAVAIRSYSCOM- a multi-faceted Information Technology acquisition program focused on system accreditation and continuous monitoring •Review and approve required IA documentation in accordance with applicable US government and DoD information assurance and security guidance • Develop and execute RMF packages for multiple concurrent systems to include Plan of Action and Milestones (POA&Ms) and System Security Plan (SSP) •Work with multiple teams and stakeholders to understand the capabilities of their IT systems and develop accreditation packages for approval •Review/approve IA artifacts, documentation, and IACs (Information Assurance Controls) required for RMF •Assists the customer in initiating and maintaining the IA Risk Management Framework (RMF) and Authorizations to Operate (ATO) for designated systems. •Analyze and review the designated assets to ensure they are in compliance with DOD IA/Cybersecurity instructions, guidelines and certification requirements as appropriate •Provide guidance, recommendations, timelines and milestones to stakeholders in order to maintain compliance and improve security posture as needed •Maintain certification as a Navy Qualified Validator



The MIL Corporation

• United States
• Information Technology & Services
• 700 & Above Employee

• Information Assurance Specialist

  • Jul 2016 - Jun 2017

  • Prepare documentation for the RMF certification and accreditation process • Review STIGs to ensure they are in compliance with DoD standards • Use DADMS (Department of the Navy (DoN) Application and Database Management System) to ensure software is registered • Ensure IACs (Information Assurance Controls) are in compliant through the use of eMASS • Generate POA&M in compliance with the IACs • Review system information profile • Review SAP (Security Assessment Plan) • Review ACAS scans to ensure they are in compliance. • Conduct interviews for information assurance and highly technical roles • Member of the recruiting management team • Navy Qualified Validator



General Dynamics Information Technology

• IT Services and IT Consulting
• 700 & Above Employee

• Information Assurance Analyst

  • Jun 2015 - Jul 2016

  • Manage and lead efforts in the review, application, and maintenance of IA policies and C&A procedures for Programs of Record (POR) acquisition programs • Coordinates the efforts of multiple personnel and organizations to ensure objectives and goals are achieved on schedule and meets or exceeds DON Cyber Security policy and requirements. • Prepare, validate, and submit DIACAP/RMF certification and accreditation packages for new and continued system accreditations for multiple systems using Enterprise Mission Assurance Support Service (EMASS). • Perform Information Assurance/security analyses and risk/vulnerability assessments along with evaluating IA technologies and secure solutions for applications, systems, and platform interconnections/interfaces to include ACAS scans and STIGs • Conducts risk and vulnerability assessments of accreditations on RDT&E and Operational Data Center systems, based upon environment, connectivity, classification, mission criticality, and other related factors. • Develop plans, including budgets and schedules, and monitor tasks to meet project requirements and goals for assigned programs. • Coordinate with system and network administrators to ensure all identified threats are corrected and/or mitigated in accordance with established guidance from the Department of Defense and the US Navy. • Review C&A plan documentation to include, RAR (Risk Assessment Report), System Implementation Plan (SIP), DIACAP Implementation Plan (DIP), and System Security Plan (SSP) with system owners and provide feedback and assistance where needed to meet accreditation requirements. • Entry Level Navy Validator • Responsible for facilitating the C&A process with the goal of getting requested systems their desired accreditation within current impact dates. • Provides cyber solutions within the program office such as, but not limited to, boundary consolidation, reviewing policy and assisting with mitigation statements.



Booz Allen Hamilton

• United States
• IT Services and IT Consulting
• 700 & Above Employee

• Information Assurance Analyst

  • Jun 2014 - Jun 2015

  • Prepare and submit DIACAP certification and accreditation packages for new and continued system accreditations for simultaneously multiple systems using Enterprise Mission Assurance Support Service (EMASS). • Conduct regular Retina and ACAS network security scans to ensure compliance with DISA STIGs, DoD Guidance, and Navy network security requirements. • Coordinate with system and network administrators to ensure all identified threats are corrected and/or mitigated in accordance with established guidance from the Department of Defense and the US Navy. • Review and complete C&A plan documentation to include, RAR (Risk Assessment Report), BCR (Baseline Change Request), System Implementation Plan (SIP), DIACAP Implementation Plan (DIP), and System Security Plan (SSP) • Complete and enter DADMS (Department of the Navy (DoN) Application and Database Management System) reporting information. • Briefs senior leadership and stakeholders on current certification and system security statuses, and provide updates on current and future actions. • Coordinates with various individuals and organizations over a wide geographical area in order to meet mission requirements and objectives.