Profiles search
Chris Bursenos
Chief Information Security Officer
Ft. Washington, MD, United States
Details
Experience:
2015 : Present
Peace Corps
Director - Information Security Policy & Governance, CISO
Mr. Bursenos serves as the Project Manager of the Federal Communications Commission (FCC) Application Security team. Mr. Bursenos :
• Security compliance analysis of cloud service providers for FCC modernization
• Manages information system security officer (ISSO) support services
• Responsible for bringing 14 FISMA reportable systems into ATO compliance in one year
• Manages vulnerability testing and flaw remediation for FCC web application development
• Provides security compliance analysis for new system development and system enhancements
• Evaluates security technologies used application development continuous integration (CI) process
• Directs the Application Security FISMA compliance managers and software security engineers
• Is a trusted adviser on security compliance to FCC’s OCISO, Security Architect and System/Business Owners
2015 :
NCI INC (purchased Computech Inc.)
Security Manager
Mr. Bursenos serves as the Project Manager of the Federal Communications Commission (FCC) Application Security team. Mr. Bursenos :
• Security compliance analysis of cloud service providers for FCC modernization
• Manages information system security officer (ISSO) support services
• Responsible for bringing 14 FISMA reportable systems into ATO compliance in one year
• Manages vulnerability testing and flaw remediation for FCC web application development
• Provides security compliance analysis for new system development and system enhancements
• Evaluates security technologies used application development continuous integration (CI) process
• Directs the Application Security FISMA compliance managers and software security engineers
• Is a trusted adviser on security compliance to FCC’s OCISO, Security Architect and System/Business Owners
2013 : 2015
Computech, Inc. (purchased by NCI Inc.)
Cybersecurity Manager
Mr. Bursenos served as an IT security manager and as an OMB A-130 and A-123 compliance practitioner for multiple Federal government agencies. For the following federal agencies and the offices of the U.S. Courts Mr. Bursenos has :
• National Credit Union Administration (NCUA) -
o Led the security test and evaluation (ST&E) and external and internal penetration testing of the NCUA GSS and three major applications
o Developed and delivered organization level security policies and procedures in accordance with NIST SP800-53 rev. 3
o Created privacy threshold analysis (PTA) and Privacy Impact Assessment (PIA) templates and supporting processes in accordance with OMB M-03-22 and M-07-16
• Office of Personnel Management (OPM) -
o Led the security team to create a full scope authorization package for the OPM Serena Business Manager application development and production systems (task completed in seven weeks)
o Developed and presented a white paper for moving the system to a cloud environment.
• Centers for Medicare and Medicaid Services (CMS) -
o Led a team of IT security control auditors responsible for testing security controls for 15 major applications and three general support systems in accordance with OMB A-123 Internal Controls over Financial Reporting
o Conducted physical and environmental security controls review of three data centers
2010 : 2013
Grant Thornton LLP
IT Security Manager
• United States Coast Guard (USCG) Finance Center (FINCEN) -
o Led a team of assessment and authorization (A&A) specialist responsible for the full lifecycle A&A support of the USCG core financial system and supporting GSS
o Reviewed and updated USCG FINCEN information assurance policies and procedures.
• Administrative Office of the United States Courts (AOUSC) -
o Served as a subject matter expert on information assurance policy and compliance.
o Provided guidance to the Office of Information Technology (OIT) for the remediation on material and high risk audit findings affecting multiple AOUSC financial systems.
o Conducted risk assessments on three major financial systems in accordance with NIST SP800-30.
o Developed and delivered : security categorization workbook and procedures; privacy threshold analysis and privacy impact assessment workbooks and procedures.
• Federal Emergency Management Agency (FEMA) IT Security Branch (ITSB) -
o Acted as information system security manager (ISSM)
o Provided guidance to FEMA ISSOs for the development of authorization packages
o Streamlined the A&A process by creating a parent/child inheritance scheme to be applied to major applications.
2010 : 2013
Grant Thornton LLP (continued)
IT Security Manager
Peace Corps
Director - Information Security Policy & Governance, CISO
Mr. Bursenos serves as the Project Manager of the Federal Communications Commission (FCC) Application Security team. Mr. Bursenos :
• Security compliance analysis of cloud service providers for FCC modernization
• Manages information system security officer (ISSO) support services
• Responsible for bringing 14 FISMA reportable systems into ATO compliance in one year
• Manages vulnerability testing and flaw remediation for FCC web application development
• Provides security compliance analysis for new system development and system enhancements
• Evaluates security technologies used application development continuous integration (CI) process
• Directs the Application Security FISMA compliance managers and software security engineers
• Is a trusted adviser on security compliance to FCC’s OCISO, Security Architect and System/Business Owners
2015 :
NCI INC (purchased Computech Inc.)
Security Manager
Mr. Bursenos serves as the Project Manager of the Federal Communications Commission (FCC) Application Security team. Mr. Bursenos :
• Security compliance analysis of cloud service providers for FCC modernization
• Manages information system security officer (ISSO) support services
• Responsible for bringing 14 FISMA reportable systems into ATO compliance in one year
• Manages vulnerability testing and flaw remediation for FCC web application development
• Provides security compliance analysis for new system development and system enhancements
• Evaluates security technologies used application development continuous integration (CI) process
• Directs the Application Security FISMA compliance managers and software security engineers
• Is a trusted adviser on security compliance to FCC’s OCISO, Security Architect and System/Business Owners
2013 : 2015
Computech, Inc. (purchased by NCI Inc.)
Cybersecurity Manager
Mr. Bursenos served as an IT security manager and as an OMB A-130 and A-123 compliance practitioner for multiple Federal government agencies. For the following federal agencies and the offices of the U.S. Courts Mr. Bursenos has :
• National Credit Union Administration (NCUA) -
o Led the security test and evaluation (ST&E) and external and internal penetration testing of the NCUA GSS and three major applications
o Developed and delivered organization level security policies and procedures in accordance with NIST SP800-53 rev. 3
o Created privacy threshold analysis (PTA) and Privacy Impact Assessment (PIA) templates and supporting processes in accordance with OMB M-03-22 and M-07-16
• Office of Personnel Management (OPM) -
o Led the security team to create a full scope authorization package for the OPM Serena Business Manager application development and production systems (task completed in seven weeks)
o Developed and presented a white paper for moving the system to a cloud environment.
• Centers for Medicare and Medicaid Services (CMS) -
o Led a team of IT security control auditors responsible for testing security controls for 15 major applications and three general support systems in accordance with OMB A-123 Internal Controls over Financial Reporting
o Conducted physical and environmental security controls review of three data centers
2010 : 2013
Grant Thornton LLP
IT Security Manager
• United States Coast Guard (USCG) Finance Center (FINCEN) -
o Led a team of assessment and authorization (A&A) specialist responsible for the full lifecycle A&A support of the USCG core financial system and supporting GSS
o Reviewed and updated USCG FINCEN information assurance policies and procedures.
• Administrative Office of the United States Courts (AOUSC) -
o Served as a subject matter expert on information assurance policy and compliance.
o Provided guidance to the Office of Information Technology (OIT) for the remediation on material and high risk audit findings affecting multiple AOUSC financial systems.
o Conducted risk assessments on three major financial systems in accordance with NIST SP800-30.
o Developed and delivered : security categorization workbook and procedures; privacy threshold analysis and privacy impact assessment workbooks and procedures.
• Federal Emergency Management Agency (FEMA) IT Security Branch (ITSB) -
o Acted as information system security manager (ISSM)
o Provided guidance to FEMA ISSOs for the development of authorization packages
o Streamlined the A&A process by creating a parent/child inheritance scheme to be applied to major applications.
2010 : 2013
Grant Thornton LLP (continued)
IT Security Manager
Company:
Peace Corps
About
Mr. Bursenos possesses over twenty years of experience in the Information Technology (IT) industry with a background in system design and implementation in both the public and private sectors. He has over fifteen years of experience in information assurance (IA). Mr. Bursenos has contributed to programs, projects and tasks in the role of individual contributor, team leader, supervisor and project manager. Mr. Bursenos has excellent knowledge of and skills in networks, information systems, information technologies and information assurance.
Skills:
LAN/WAN design
Secured communications and information systems
Security assessment and authorization
Security risk and vulnerability assessment & management
NIST Guidelines and FIPS Publications
FISMA compliance
Writing security policy and standards
Cloud security compliance
Application security
Profile Photo
