Profiles search
Faheem Hamidzada, CSM
Cyber Security Risk at VivSoft Group
Ft. Washington, MD, United States
Details
Experience:
2021 : Present
VivSoft
Information Security Risk Analyst
2021 : 2021
BlueHalo
Cyber Security Risk
• Implemented Agency Cyber Security Assessment Management (CSAM) System controls and artifacts for Authority to Operate (ATO) requirements.
• Designed System Security Plan (SSP), Configuration Management Plan (CMP), and Contingency Plan (CP) components : technical specifications, architectural diagrams, and configurations for agency applications.
• Streamlined FIPS 199, Business Impact Analysis (BIA), Privacy Impact Assessments (PIA), E-Authentication and Memorandum documents detailing security impact categories for the transmission, storage, and processing of data.
• Produced Risk Assessments to identify threats to system security, the probability of occurrence, resulting impact and apply safeguards for mitigation.
• Updated Enterprise Policies from NIST 800-53 Rev4 Security Controls to Rev5 for applicability and compliance.
• Team lead for Splunk Enterprise data indexing, reporting and analytics of application server logs.
• Team lead for Tenable Security Center Vulnerability reporting, dashboards and analytics.
• Team lead for Qualys Web Application scans, analysis of identified Common Weakness Enumeration (CWE) and OWASP security risks, and facilitation of remediation activities.
• Analyzed monthly FedRAMP Cloud Service Provider (CSPs) packages for vulnerabilities, deviations, changes to the authorization boundary and address security related issues to Continuous Monitoring (ConMon) artifacts.
• Created, updated, and closed Bureau Plan of Action and Milestones (POA&Ms) based on high/critical vulnerabilities.
• Updated Risk Management Maturity Questionnaires and inactive Active Directory (AD) user accounts for Audit walkthroughs in support of FISMA Provided by Client (PBC) deliverables.
• Facilitated IAM specific PBC walkthroughs to determine ICAM strategy, account provisioning and management, account monitoring and periodic reviews, remote access, authentication mechanisms, least privilege, separations of duties and session controls.
2020 : 2021
Panum Group, LLC
Information System Security Officer
• Facilitated an IAM current state onsite workshop with stakeholders to document observations and gaps between current state architecture, planned initiatives, and desired future state (People, Process, and Technology) to develop the organization’s next-gen IAM capabilities
• Determined current state architecture and gaps of business processes from HR, audit, operations and security perspectives, for the purpose of automating manual processes and providing strong governance
• Supported the development of planned project activities, milestones, risk mitigation plans, deliverables and corresponding dates
• Defined and prioritized IAM requirements for future state architecture based on client capability area and function
• Developed Identity Use Cases for onboarding, off-boarding, employment conversions, transfers, rehires, and urgent terminations for employees and contractors
• Performed IAM vendor analysis and recommendations based on resources and cost
2019 : 2020
EY
Senior Consultant
• Facilitated DHS Component Health Checks to determine current PAM tool deployments, existing inventory of PRIV users/accounts/devices, PRIV types, PRIV attributes, network accounts in AD, 3rd Party Integration of PAM services, target device groups, naming standards, current data exports, licensing and server quantities
• Created DHS Component Decision Point Reports (DPRs), point-in-time updates to the initial RFS Response, to gain a deeper understanding of DHS Component implementations, issues, pain-points, challenges, and concerns, to better guide the Gap Fill planning and associated processes
• Managed Component Weekly Technical Exchange Meetings (TEM) for the Master User Record (MUR) Gap Fill effort, to facilitate the PAM tool/solution overview, integration of data from DHS Components’ CyberArk/CA PAM into DHS HQ SailPoint and identify expected gaps in realizing MUR data
• Creation of Solution Implementation Architecture (SIA) document to provide DHS HQ with current and future state architectures, data flows, data processing, dashboarding, design recommendations, implementation approaches, deployment plan, assumptions, risks and dependencies
• Facilitated weekly Integrated Project Team (IPT) meetings with management to discuss legacy and current PAM tool lab activities
2018 : 2019
Sila Solutions Group
Senior Consultant, Identity & Access Management
VivSoft
Information Security Risk Analyst
2021 : 2021
BlueHalo
Cyber Security Risk
• Implemented Agency Cyber Security Assessment Management (CSAM) System controls and artifacts for Authority to Operate (ATO) requirements.
• Designed System Security Plan (SSP), Configuration Management Plan (CMP), and Contingency Plan (CP) components : technical specifications, architectural diagrams, and configurations for agency applications.
• Streamlined FIPS 199, Business Impact Analysis (BIA), Privacy Impact Assessments (PIA), E-Authentication and Memorandum documents detailing security impact categories for the transmission, storage, and processing of data.
• Produced Risk Assessments to identify threats to system security, the probability of occurrence, resulting impact and apply safeguards for mitigation.
• Updated Enterprise Policies from NIST 800-53 Rev4 Security Controls to Rev5 for applicability and compliance.
• Team lead for Splunk Enterprise data indexing, reporting and analytics of application server logs.
• Team lead for Tenable Security Center Vulnerability reporting, dashboards and analytics.
• Team lead for Qualys Web Application scans, analysis of identified Common Weakness Enumeration (CWE) and OWASP security risks, and facilitation of remediation activities.
• Analyzed monthly FedRAMP Cloud Service Provider (CSPs) packages for vulnerabilities, deviations, changes to the authorization boundary and address security related issues to Continuous Monitoring (ConMon) artifacts.
• Created, updated, and closed Bureau Plan of Action and Milestones (POA&Ms) based on high/critical vulnerabilities.
• Updated Risk Management Maturity Questionnaires and inactive Active Directory (AD) user accounts for Audit walkthroughs in support of FISMA Provided by Client (PBC) deliverables.
• Facilitated IAM specific PBC walkthroughs to determine ICAM strategy, account provisioning and management, account monitoring and periodic reviews, remote access, authentication mechanisms, least privilege, separations of duties and session controls.
2020 : 2021
Panum Group, LLC
Information System Security Officer
• Facilitated an IAM current state onsite workshop with stakeholders to document observations and gaps between current state architecture, planned initiatives, and desired future state (People, Process, and Technology) to develop the organization’s next-gen IAM capabilities
• Determined current state architecture and gaps of business processes from HR, audit, operations and security perspectives, for the purpose of automating manual processes and providing strong governance
• Supported the development of planned project activities, milestones, risk mitigation plans, deliverables and corresponding dates
• Defined and prioritized IAM requirements for future state architecture based on client capability area and function
• Developed Identity Use Cases for onboarding, off-boarding, employment conversions, transfers, rehires, and urgent terminations for employees and contractors
• Performed IAM vendor analysis and recommendations based on resources and cost
2019 : 2020
EY
Senior Consultant
• Facilitated DHS Component Health Checks to determine current PAM tool deployments, existing inventory of PRIV users/accounts/devices, PRIV types, PRIV attributes, network accounts in AD, 3rd Party Integration of PAM services, target device groups, naming standards, current data exports, licensing and server quantities
• Created DHS Component Decision Point Reports (DPRs), point-in-time updates to the initial RFS Response, to gain a deeper understanding of DHS Component implementations, issues, pain-points, challenges, and concerns, to better guide the Gap Fill planning and associated processes
• Managed Component Weekly Technical Exchange Meetings (TEM) for the Master User Record (MUR) Gap Fill effort, to facilitate the PAM tool/solution overview, integration of data from DHS Components’ CyberArk/CA PAM into DHS HQ SailPoint and identify expected gaps in realizing MUR data
• Creation of Solution Implementation Architecture (SIA) document to provide DHS HQ with current and future state architectures, data flows, data processing, dashboarding, design recommendations, implementation approaches, deployment plan, assumptions, risks and dependencies
• Facilitated weekly Integrated Project Team (IPT) meetings with management to discuss legacy and current PAM tool lab activities
2018 : 2019
Sila Solutions Group
Senior Consultant, Identity & Access Management
Company:
VivSoft
About
Information security specialist with experience in executing Certification and Accreditation (C&A) activities, Governance, Risk and Compliance (GRC) initiatives, PO&AM Management, Risk Assessments, Identity & Access Management (IAM)/Privilege Access Management (PAM) best practices, FISMA, FedRAMP, Sarbanes-Oxley (SOX) and Payment Card Industry (PCI) security audits and developing secure IT management systems. Consistently demonstrated the ability to capture and transform business requirements into technological solutions that exceed stakeholder expectations.
Profile Photo
