Profiles search
George H. Evans, Jr.
Senior Cyber Security Assessor
White Plains Village, MD, United States
Details
Experience:
• Primary responsibility is the development of a NGA Assessment & Authorization (A&A) life cycle process following the guidance of NIST SP 800-37, Risk Management Framework
• Serve as the primary Security Control Assessor (SCA) and Security Engineer to the NGA Cross Domain Solutions Element for CDSes
• Perform threat risk analysis of selected CDSes for migration to the NGA Enterprise CDS
• Perform vulnerability analysis of Cross Domain Solutions based upon NIST 800-53/53A security controls, ICD 503 and CNSSI security directives
• Ensure system documentation and assessment reports are being maintained in the Xacta IA Manager database
2014 : Present
CACI International Inc
Information Security Specialist, Lead
Involved in the collection, preservation, analysis, and presentation of computer-related evidence that may be useful in criminal cases, civil disputes, and human resources/employment proceedings.
2012 : 2014
Aveshka, Inc
Computer Forensic Examiner
• Performed Certification and Security Tests and Evaluations (CT&E/ST&E) for PL4 and CDS
• Developed Certification and Accreditation procedures for regional Security Assessors
o C&A activities, roles and responsibilities were clearly defined for security engineers, contractors and test team members
o Developed CDS-specific checklists for regional security assessors to use for FISMA compliance reporting and recertification tests of unfamiliar CDSs
• Subject matter expert for DIA’s joint security testing of cross domain solutions
o As the C&A lead, the team standardized the security testing methods of the Services and IC agencies resulting in quicker approvals to connect to the Joint Worldwide Intelligence Communications System (JWICS) network
• Researched and developed benchmarking and industry best practices Adhoc test procedures for systems and applications entering Beta 1 and 2 test evaluations
• Team member for DIA’s transition from DCID 6/3 to the new NIST, ICD and CNSSI security guidance
2007 : 2012
SAIC
Senior Cyber Security Assessor
• Provided security engineering and Independent Verification and Validation (IV&V) support to the DISA certification team
• Performed security risk assessments, developed security risk mitigation recommendations, and defined security requirements for GCCS, GCSS-J, JOPES and SORTS programs
o Streamlined the C&A process from 12 to 4 weeks, start to finish
• Maintained systems in the DISA Vulnerability Management System (VMS), responded to Communications Tasking Orders (CTO) and Information Assurance Vulnerability Management (IAVM) Alerts
• Assisted the ISSO and ISSM in identifying and developing security policies and procedures, system audits, compliance reviews and system documentation for a newly established directorate
o Identified 14 security policies; developed 8 and 3 were approved prior to my departure
o Received an overall 94% percent security rating from the network compliance team’s review for an approval to connect to the Armed Force’s network
2005 : 2007
SAIC
Security Engineer /Certification Team Manager
• Developed, revised, and reviewed information security governance processes, including security policies, procedures and guidelines
• Successfully completed three network reaccreditations
o Reaccreditation documentation were submitted IAW DIACAP and DoDIIS certification procedures
• Implemented Novell’s Certificate Based Network Logon solution, the first directorate within OSD to implement the DoD Common Access Card (CAC)
• Maintained systems in the DISA Vulnerability Management System (VMS), responded to Communications Tasking Orders (CTO) and Information Assurance Vulnerability Management (IAVM) Alerts
2002 : 2005
Lockheed Martin
Information Assurance Officer
• Serve as the primary Security Control Assessor (SCA) and Security Engineer to the NGA Cross Domain Solutions Element for CDSes
• Perform threat risk analysis of selected CDSes for migration to the NGA Enterprise CDS
• Perform vulnerability analysis of Cross Domain Solutions based upon NIST 800-53/53A security controls, ICD 503 and CNSSI security directives
• Ensure system documentation and assessment reports are being maintained in the Xacta IA Manager database
2014 : Present
CACI International Inc
Information Security Specialist, Lead
Involved in the collection, preservation, analysis, and presentation of computer-related evidence that may be useful in criminal cases, civil disputes, and human resources/employment proceedings.
2012 : 2014
Aveshka, Inc
Computer Forensic Examiner
• Performed Certification and Security Tests and Evaluations (CT&E/ST&E) for PL4 and CDS
• Developed Certification and Accreditation procedures for regional Security Assessors
o C&A activities, roles and responsibilities were clearly defined for security engineers, contractors and test team members
o Developed CDS-specific checklists for regional security assessors to use for FISMA compliance reporting and recertification tests of unfamiliar CDSs
• Subject matter expert for DIA’s joint security testing of cross domain solutions
o As the C&A lead, the team standardized the security testing methods of the Services and IC agencies resulting in quicker approvals to connect to the Joint Worldwide Intelligence Communications System (JWICS) network
• Researched and developed benchmarking and industry best practices Adhoc test procedures for systems and applications entering Beta 1 and 2 test evaluations
• Team member for DIA’s transition from DCID 6/3 to the new NIST, ICD and CNSSI security guidance
2007 : 2012
SAIC
Senior Cyber Security Assessor
• Provided security engineering and Independent Verification and Validation (IV&V) support to the DISA certification team
• Performed security risk assessments, developed security risk mitigation recommendations, and defined security requirements for GCCS, GCSS-J, JOPES and SORTS programs
o Streamlined the C&A process from 12 to 4 weeks, start to finish
• Maintained systems in the DISA Vulnerability Management System (VMS), responded to Communications Tasking Orders (CTO) and Information Assurance Vulnerability Management (IAVM) Alerts
• Assisted the ISSO and ISSM in identifying and developing security policies and procedures, system audits, compliance reviews and system documentation for a newly established directorate
o Identified 14 security policies; developed 8 and 3 were approved prior to my departure
o Received an overall 94% percent security rating from the network compliance team’s review for an approval to connect to the Armed Force’s network
2005 : 2007
SAIC
Security Engineer /Certification Team Manager
• Developed, revised, and reviewed information security governance processes, including security policies, procedures and guidelines
• Successfully completed three network reaccreditations
o Reaccreditation documentation were submitted IAW DIACAP and DoDIIS certification procedures
• Implemented Novell’s Certificate Based Network Logon solution, the first directorate within OSD to implement the DoD Common Access Card (CAC)
• Maintained systems in the DISA Vulnerability Management System (VMS), responded to Communications Tasking Orders (CTO) and Information Assurance Vulnerability Management (IAVM) Alerts
2002 : 2005
Lockheed Martin
Information Assurance Officer
Company:
CACI International Inc
About
• 15 years’ experience in the Information Security/Assurance career fields
• 8 years’ experience performing Certification and Accreditation (C&A) / Security Assessment (SA) testing
• 4 years’ experience as an Information System Security Engineer (ISSE) and Officer (ISSO)
• 2+ years’ experience performing Independent Verification and Validation (IV&V) testing for Federal agencies
• Experienced in the use of WASSP, SECSCN and Retina vulnerability assessment tools
Profile Photo
