Profiles search
Christopher Featherston
Author | Information Security Analyst, CASP+
East Hampton, VA, United States
Details
Education:
Bachelor of Science (B.S.)
Computer Science
Old Dominion University
2009 : 2015
Bachelor of Engineering - BE
Computer Engineering
North Carolina Agricultural and Technical State University
2008 : 2009
Computer Science
Old Dominion University
2009 : 2015
Bachelor of Engineering - BE
Computer Engineering
North Carolina Agricultural and Technical State University
2008 : 2009
Experience:
Safeguarding of data and information, focused on the tenets of security that include Confidentiality, Integrity and Availability
Provide comprehensive support to protect and defend networks and all attached systems by validating configurations and ensuring regulatory compliance with DoD and Air Force directives
Provide security architecture and design recommendations in support of the migration and integration of new hosting service clients.
Support to the Department of Defense Cybersecurity training and refresh training program.
Use of Government furnished security assessment software to conduct vulnerability assessment scanning.
Support the Authority to Operate (ATO) efforts following the Risk Management Framework for DoD IT (RMF) process IAW DoD Instruction 8510.01 Risk Management Framework (RMF) for DoD Information Technology, DoD Instruction 8500.01 Cybersecurity, DoD Instruction 500.02 Operation of the Defense Acquisition System, Joint Capabilities Integration and Development Systems (JCIDS) Manual, Public Law (P.L.) 100-235 (Computer Security Act of 1987), Office of Management and Budget (OMB) Circular A-130, DoD Directive 5220.22, DoD 5220.22M and DoD 5220.22-M- Supplemental.
Support to Authorization and Accreditation documentation and testing efforts to include development of plans, policies, and procedures and ensuring timely submission of accurate accreditation documentation.
Support to achieve compliance in Information Assurance Vulnerability Assessment (IAVA) and Security Technical Implementation Guide (STIG) required postures using the Army approved scanning tools and reporting systems.
Policy and procedure recommendations to the Enterprise Services Division in support of the migration and integration of new hosting service clients.
Provide support to ensure personnel are properly classified and certified with DoD 8570.01 IA Certification Program.
2022 : Present
E&M Technologies, Inc.
Information Security Analyst IV
-Transmit documents via DoD public key infrastructure (PKI) encrypted email or place in government designated repository.
-Serve as the Information Assurance Officer (IAO) for assigned applications
-Review system or application audit logs either manually or through automated tools
-Report any system anomaly that could result in an unauthorized disclosure of or access to sensitive information within one hour of identification.
-Review current threats and outstanding vulnerabilities using Assured Compliance Assessment Solution (ACAS)
-Perform monthly vulnerability scans for assigned applications or systems. If the scan must be performed by CEDC personnel, the contractor shall initiate the request.
-The contractor shall protect the vulnerability scan results as UNCLASSIFIED/ SENSITIVE.
-Support security and IA evaluations; develop/maintain test and audit records
-Perform monthly access audits and suspend and restore user accounts as needed to control access.
-Perform and document quarterly tests of the backup and restore capability for each assigned application or database.
-Apply DISA STIGs to configure systems, operating systems and vendor updates, patches and version upgrades.
-IA Vulnerability Alerts (IAVA), IA Vulnerability Bulletins (IAVB). Technical Advisories (TA) or Computer Tasking Orders (CTO) and Vulnerability Assessments and Management. Implement the necessary IA/CND mechanisms. Monthly scanning of the systems using the current CEDC vulnerability-scanning package.
-Update and document applicable C&A artifacts to support accreditation or reaccreditation.
-Support obtaining C&A for assigned applications or systems, to include process support, analysis support, coordination support, conduct of various IA control validation activities, compiling validation results, and creation or execution of Plan of Actions and Milestones.
-Cyber Security Operational Services for protection of all sensitive information, the Information Systems, Information System Domains
2022 : 2022
Ishpi Information Technologies, Inc. (DBA ISHPI)
Information Technology Security Analyst
-Providing mission cyber support for the HQ Air Combat Command (ACC) in support of Enterprise Mission Systems, the RMF Cyber Analyst applies expertise and work experience executing cyber risk assessments to perform duties assigned by the Security Control Assessor (SCA) for AF Enterprise systems.
-Reporting to the Cyber Security Task Lead, RMF Cyber Analyst determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state.
-Conduct System Categorizations, Security Plan Approvals, and Full System Security Assessments.
-Applies expertise and work experience executing cyber risk assessments to perform duties assigned by the Security Control Assessor (SCA) for AF Enterprise systems
-Contributes toward recommendations on processes and methodologies to assess cybersecurity risk on information technology within the SCA's appointed authorization boundary
-Works with other Cyber Analysts, SMEs, and SCARs to ensure that all cybersecurity analysis and cybersecurity risk assessments are completed with time and quality standards established by Division leadership and Task Lead
-Determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state
-Evaluates effectiveness of proposed mitigations
-Recommends technical/policy changes to mitigate cyber risk
-Supports program and projects with security and information assurance requirements elicitation based on customer and subject matter expert communication and independent research
-Support additional duties as required.
2021 : 2022
Sev1Tech LLC
RMF Cyber Analyst
-Review completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists and perform all coordination functions with the Security ------Control Assessor Liaisons and Navy Authorizing Official Cyber Security Analysts (CSA) for Security -Authorization Package review, processing requirements, and issues associated with Checkpoint schedules.
-Conduct in-depth reviews of authorization packages and artifacts within Enterprise Mission Assurance Support Service (eMASS).
-Reviewing, analyze and report on current authorization status and Authorization Termination Dates (ATD) for all systems within the client's portfolio and review Security Assessment Plans, System-Level -Continuous Monitoring Plans, Implementation Plans, Security Control Tailoring Plans, Plans of Actions and Milestones, and Security Assessment Reports (SAR).
-Make determinations if there are risk posture changes when system modifications are requested for authorized systems, the brief status of RMF package reviews, and recommendations for concurrence to the client.
-Develops plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
-Reviews violations of computer security procedures and discusses procedures with violators to ensure violations are not repeated.
-Monitors use of data files and regulate access to safeguard information in computer files.
-Monitors current reports of computer viruses to determine when to update virus protection systems.
-Review IAVM (information assurance vulnerability management) mitigation plans for approval.
-Review and process CAR (conditional authorization request), HRE (high risk escalation), CLSA (component local service assessment), and BCR (boundary change request) requests.
-Demonstrate and retain requisite cybersecurity knowledge in multiple areas to be able to properly inform and support the varied work activities.
2019 : 2021
Atlantic Systems Group INC.
Cyber Security Analyst
-Assist the Regional ISSM in the oversight, inspection, review, and accreditation of Information -Systems
-Ensure and validate hardware and software inventory process and procedures to oversee equipment and software entering and departing the data center(s)
-Ensure and validate backup and data restoration processes and procedures for customer managed systems and networks
-Perform media and laptop inspections and scans
-Provide review and progress reports of all Plan of Action and Milestones (POA&M)
-Provide weekly metrics and reports of customer service activities
-Conduct daily review of government provisioned ticketing system for required response to incidents, events, actions, and requirements. Provide management of assigned actions in accordance with agency prescribed timelines
-Manage Media Control & Personal Electronic Devices (PED) Program oversight
-Provide IA Exercise Support and as well as support for International Systems
-Execute the system and site Risk Management Framework program in the region/AOR as outlined by CIO issuances
-Conduct Risk Assessment for Sites within Region and provide Risk Assessment Reports (RAR) annually
-Perform day to day tasks associated with the agency's Continuous Monitoring Plan
-Support the management of the Data Transfer Officer Program (DTO) user requirements (Enterprise/Regional Level)
-Support the establishment of end to end IA processes and procedures across CIO to streamline AO/DAO approvals and to establish IT security standards for region in accordance with current DOD and IC policy guidance
-Support the development and execution of a checklist for required system security controls validation in accordance with the system/site Continuous Monitoring Program (CMP)
-Develop key metrics for continuous monitoring of IA Ops functions which support FISMA reporting and compliance
-Provide regional/associated sites and site specific assessment suppo
Provide comprehensive support to protect and defend networks and all attached systems by validating configurations and ensuring regulatory compliance with DoD and Air Force directives
Provide security architecture and design recommendations in support of the migration and integration of new hosting service clients.
Support to the Department of Defense Cybersecurity training and refresh training program.
Use of Government furnished security assessment software to conduct vulnerability assessment scanning.
Support the Authority to Operate (ATO) efforts following the Risk Management Framework for DoD IT (RMF) process IAW DoD Instruction 8510.01 Risk Management Framework (RMF) for DoD Information Technology, DoD Instruction 8500.01 Cybersecurity, DoD Instruction 500.02 Operation of the Defense Acquisition System, Joint Capabilities Integration and Development Systems (JCIDS) Manual, Public Law (P.L.) 100-235 (Computer Security Act of 1987), Office of Management and Budget (OMB) Circular A-130, DoD Directive 5220.22, DoD 5220.22M and DoD 5220.22-M- Supplemental.
Support to Authorization and Accreditation documentation and testing efforts to include development of plans, policies, and procedures and ensuring timely submission of accurate accreditation documentation.
Support to achieve compliance in Information Assurance Vulnerability Assessment (IAVA) and Security Technical Implementation Guide (STIG) required postures using the Army approved scanning tools and reporting systems.
Policy and procedure recommendations to the Enterprise Services Division in support of the migration and integration of new hosting service clients.
Provide support to ensure personnel are properly classified and certified with DoD 8570.01 IA Certification Program.
2022 : Present
E&M Technologies, Inc.
Information Security Analyst IV
-Transmit documents via DoD public key infrastructure (PKI) encrypted email or place in government designated repository.
-Serve as the Information Assurance Officer (IAO) for assigned applications
-Review system or application audit logs either manually or through automated tools
-Report any system anomaly that could result in an unauthorized disclosure of or access to sensitive information within one hour of identification.
-Review current threats and outstanding vulnerabilities using Assured Compliance Assessment Solution (ACAS)
-Perform monthly vulnerability scans for assigned applications or systems. If the scan must be performed by CEDC personnel, the contractor shall initiate the request.
-The contractor shall protect the vulnerability scan results as UNCLASSIFIED/ SENSITIVE.
-Support security and IA evaluations; develop/maintain test and audit records
-Perform monthly access audits and suspend and restore user accounts as needed to control access.
-Perform and document quarterly tests of the backup and restore capability for each assigned application or database.
-Apply DISA STIGs to configure systems, operating systems and vendor updates, patches and version upgrades.
-IA Vulnerability Alerts (IAVA), IA Vulnerability Bulletins (IAVB). Technical Advisories (TA) or Computer Tasking Orders (CTO) and Vulnerability Assessments and Management. Implement the necessary IA/CND mechanisms. Monthly scanning of the systems using the current CEDC vulnerability-scanning package.
-Update and document applicable C&A artifacts to support accreditation or reaccreditation.
-Support obtaining C&A for assigned applications or systems, to include process support, analysis support, coordination support, conduct of various IA control validation activities, compiling validation results, and creation or execution of Plan of Actions and Milestones.
-Cyber Security Operational Services for protection of all sensitive information, the Information Systems, Information System Domains
2022 : 2022
Ishpi Information Technologies, Inc. (DBA ISHPI)
Information Technology Security Analyst
-Providing mission cyber support for the HQ Air Combat Command (ACC) in support of Enterprise Mission Systems, the RMF Cyber Analyst applies expertise and work experience executing cyber risk assessments to perform duties assigned by the Security Control Assessor (SCA) for AF Enterprise systems.
-Reporting to the Cyber Security Task Lead, RMF Cyber Analyst determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state.
-Conduct System Categorizations, Security Plan Approvals, and Full System Security Assessments.
-Applies expertise and work experience executing cyber risk assessments to perform duties assigned by the Security Control Assessor (SCA) for AF Enterprise systems
-Contributes toward recommendations on processes and methodologies to assess cybersecurity risk on information technology within the SCA's appointed authorization boundary
-Works with other Cyber Analysts, SMEs, and SCARs to ensure that all cybersecurity analysis and cybersecurity risk assessments are completed with time and quality standards established by Division leadership and Task Lead
-Determines system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state
-Evaluates effectiveness of proposed mitigations
-Recommends technical/policy changes to mitigate cyber risk
-Supports program and projects with security and information assurance requirements elicitation based on customer and subject matter expert communication and independent research
-Support additional duties as required.
2021 : 2022
Sev1Tech LLC
RMF Cyber Analyst
-Review completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists and perform all coordination functions with the Security ------Control Assessor Liaisons and Navy Authorizing Official Cyber Security Analysts (CSA) for Security -Authorization Package review, processing requirements, and issues associated with Checkpoint schedules.
-Conduct in-depth reviews of authorization packages and artifacts within Enterprise Mission Assurance Support Service (eMASS).
-Reviewing, analyze and report on current authorization status and Authorization Termination Dates (ATD) for all systems within the client's portfolio and review Security Assessment Plans, System-Level -Continuous Monitoring Plans, Implementation Plans, Security Control Tailoring Plans, Plans of Actions and Milestones, and Security Assessment Reports (SAR).
-Make determinations if there are risk posture changes when system modifications are requested for authorized systems, the brief status of RMF package reviews, and recommendations for concurrence to the client.
-Develops plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
-Reviews violations of computer security procedures and discusses procedures with violators to ensure violations are not repeated.
-Monitors use of data files and regulate access to safeguard information in computer files.
-Monitors current reports of computer viruses to determine when to update virus protection systems.
-Review IAVM (information assurance vulnerability management) mitigation plans for approval.
-Review and process CAR (conditional authorization request), HRE (high risk escalation), CLSA (component local service assessment), and BCR (boundary change request) requests.
-Demonstrate and retain requisite cybersecurity knowledge in multiple areas to be able to properly inform and support the varied work activities.
2019 : 2021
Atlantic Systems Group INC.
Cyber Security Analyst
-Assist the Regional ISSM in the oversight, inspection, review, and accreditation of Information -Systems
-Ensure and validate hardware and software inventory process and procedures to oversee equipment and software entering and departing the data center(s)
-Ensure and validate backup and data restoration processes and procedures for customer managed systems and networks
-Perform media and laptop inspections and scans
-Provide review and progress reports of all Plan of Action and Milestones (POA&M)
-Provide weekly metrics and reports of customer service activities
-Conduct daily review of government provisioned ticketing system for required response to incidents, events, actions, and requirements. Provide management of assigned actions in accordance with agency prescribed timelines
-Manage Media Control & Personal Electronic Devices (PED) Program oversight
-Provide IA Exercise Support and as well as support for International Systems
-Execute the system and site Risk Management Framework program in the region/AOR as outlined by CIO issuances
-Conduct Risk Assessment for Sites within Region and provide Risk Assessment Reports (RAR) annually
-Perform day to day tasks associated with the agency's Continuous Monitoring Plan
-Support the management of the Data Transfer Officer Program (DTO) user requirements (Enterprise/Regional Level)
-Support the establishment of end to end IA processes and procedures across CIO to streamline AO/DAO approvals and to establish IT security standards for region in accordance with current DOD and IC policy guidance
-Support the development and execution of a checklist for required system security controls validation in accordance with the system/site Continuous Monitoring Program (CMP)
-Develop key metrics for continuous monitoring of IA Ops functions which support FISMA reporting and compliance
-Provide regional/associated sites and site specific assessment suppo
Company:
E&M Technologies, Inc.
Years of Experience:
8
Spoken Language:
Spanish
Skills
Active Directory, Assured Compliance Assessment Solution (ACAS), C, C++, eMASS, HTML, HTML5, Information Security, ISO 27001, Java, JavaScript, Linux, Microsoft Excel, Microsoft Office, Microsoft SQL Server, Microsoft Word, MySQL, Outlook, Process Improvement, Python (Programming Language), RMF, Security Clearance, SQL, Symantec Endpoint Protection, Unix
About
Greetings, my name is Christopher D Featherston.
I am currently an Information Security Analyst with E&M Technologies. I am currently CASP+ and A+ certified with a Bachelors in Computer Science from Old Dominion University. I have experience predominantly with RMF, eMASS, ACAS/HBSS, software development and coding. I have been working in the Cyber field for over 7 years and am looking to expand my knowledge further!
Profile Photo
