Profiles search
Craig Rudd
Information Security Officer at Criterion Systems.
Lovettsville, VA, United States
Details
Experience:
Working closely with system owners throughout the Certification & Accreditation (C&A)/Assessment & Authorization (A&A) process. Develop all documents to complete the A&A package to submit to to government to obtain or renew the Authorization to Operate (ATO). Review of vulnerability scan data and assist in mitigation of discovered vulnerabilities through reporting and recommendations.
Update existing documentation as needed as part of the Continuous Monitoring program.
2017 : Present
Criterion Systems
Information Security Officer (ISSO)
Information System Security Officer (ISSO)
Oversee multiple subsystems within an enclave, working closely with the enclave owners and the subsystem System Owners to perform Assessment and Authorization (A&A) functions as well as re-authorizations for federal computing systems. Responsible for all documents included within the A&A package, System Security Plan (SSP), Contingency Plan (CP), Business Impact Analysis (BIA), Security Categorization, as well as Plans of Actions and Milestones (POA&M) and reporting to upper-level management on the status of the authorizations for on prem as well as FedRAMP cloud systems. Initial drafts as well as updates to the A&A to satisfy the Continuous Monitoring requirements. Organizing and collaborating amongst system owners and stakeholders to meet tight deadlines.
2015 : 2017
Actionnet
Information System Security Officer
We provide vulnerability updates and corrective recommendations. We research emerging vulnerabilities and provide notice in an effort to minimize zero day threats . Assist with detection, containment, and eradication of cyber vulnerabilities. Implementing enterprise automated vulnerability management tools for multiple geographically dispersed Federal agencies. Taking vulnerability management to a proactive level of protection through aggressive data correlation, research, and team fusion activities.
2013 : 2015
Red Arch Solutions
Senior Vulnerability Management Analyst
•Certification and Accreditation using the tool RMS.
●As a Protection Team member I was responsible for vulnerability scanning and mitigation.
●Maintaining and supporting enterprise anti virus solution located across the country.
●Responsible for FISMA reporting to client as well as sending weekly vulnerability reports to clients in remote locations.
●Generating monthly reports for tracking detected vulnerabilities.
● Tools used include Foundstone vulnerability scanner, CA eTrust enterprise anti virus, Sophos enterprise anti virus, Nessus vulnerability scanner, IP Sonar Lumetta scanner.
● Assist other teams when needed.
●Provide telephone/email customer support as needed.
2005 : 2013
Northrop Grumman
Cyber Information Assurance Analyst 4
2005 : 2007
Northrop Grumman
Computer Security Specialist
Update existing documentation as needed as part of the Continuous Monitoring program.
2017 : Present
Criterion Systems
Information Security Officer (ISSO)
Information System Security Officer (ISSO)
Oversee multiple subsystems within an enclave, working closely with the enclave owners and the subsystem System Owners to perform Assessment and Authorization (A&A) functions as well as re-authorizations for federal computing systems. Responsible for all documents included within the A&A package, System Security Plan (SSP), Contingency Plan (CP), Business Impact Analysis (BIA), Security Categorization, as well as Plans of Actions and Milestones (POA&M) and reporting to upper-level management on the status of the authorizations for on prem as well as FedRAMP cloud systems. Initial drafts as well as updates to the A&A to satisfy the Continuous Monitoring requirements. Organizing and collaborating amongst system owners and stakeholders to meet tight deadlines.
2015 : 2017
Actionnet
Information System Security Officer
We provide vulnerability updates and corrective recommendations. We research emerging vulnerabilities and provide notice in an effort to minimize zero day threats . Assist with detection, containment, and eradication of cyber vulnerabilities. Implementing enterprise automated vulnerability management tools for multiple geographically dispersed Federal agencies. Taking vulnerability management to a proactive level of protection through aggressive data correlation, research, and team fusion activities.
2013 : 2015
Red Arch Solutions
Senior Vulnerability Management Analyst
•Certification and Accreditation using the tool RMS.
●As a Protection Team member I was responsible for vulnerability scanning and mitigation.
●Maintaining and supporting enterprise anti virus solution located across the country.
●Responsible for FISMA reporting to client as well as sending weekly vulnerability reports to clients in remote locations.
●Generating monthly reports for tracking detected vulnerabilities.
● Tools used include Foundstone vulnerability scanner, CA eTrust enterprise anti virus, Sophos enterprise anti virus, Nessus vulnerability scanner, IP Sonar Lumetta scanner.
● Assist other teams when needed.
●Provide telephone/email customer support as needed.
2005 : 2013
Northrop Grumman
Cyber Information Assurance Analyst 4
2005 : 2007
Northrop Grumman
Computer Security Specialist
Company:
Criterion Systems
About
The areas that I am most interested in are vulnerability management scanning and mitigation actions. Currently working as an Information System Security Officer (ISSO) performing A&A duties as well as maintaining ATO's for existing systems.
Specialties: Computer security specialist with industry certifications such as MCSE, CSSA, CIW SA, Sec+, FITSP - A
Profile Photo
