Profiles search
James L. Stevens
Cybersecurity Professional
Virginia Beach, VA, United States
Details
Experience:
Leads information security function across the University to ensure consistent and high-quality information security management in support of the business goals.
Ensures information security vision and strategy is aligned to organizational pillars and facilitates the agency’s business objectives.
Integral in advancing the agency from Tier I to Tier II Status, which gave the agency greater autonomy in IT oversight and governance.
Leads initiatives such as developing Business Impact Analysis, Risk Assessments, and System Security Plans for fourteen (14) sensitive system.
Utilizes the Archer Governance, Risk, and Compliance (GRC) solution to maintain Information Assurance (IA) situational awareness, identify risk, and comply with the Commonwealth of Virginia (COV).
Led the initiative to formalize the Security Impact Analysis (SIA) process, active voting member of the Configuration Advisory Board (CAB).
Writes and co-approves IT security exception/deviation requests.
Establishes and maintains best practices to comply with COV Information Technology Resource Management (ITRM) information security standards (SEC501, SEC525), U.S. Department of Education Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act (FERPA) and other regulations and standards.
Authored and implemented ten (10) cybersecurity policies.
Presents cybersecurity policies to Agency Cabinet members and Board of Visitors for approval.
Composed the Agency’s log-on/system use notification banner.
Works in conjunction with the Legal Office, Compliance Office, Procurement Office, and Office of Information Technology (OIT).
Receives and approves Special Data Audit Requests (SDAR).
Conducts cybersecurity role-based IT security awareness training.
Serves on the Information Assurance Research and Education Development Institution Advisory Board – focuses on preparing students for research and careers in the cybersecurity field.
2020 : Present
Norfolk State University
Information Security Officer
Developed audit objectives, scope, and timeframes.
Performed control assessments and audit activities.
Performed process walkthroughs.
Mapped controls and supporting artifacts to a predetermined IT Controls Set.
Developed and executed test plans to audit the design and operational effectiveness of controls.
Maintained detailed work papers of test activities and results.
Identified and documented control deficiencies and provided recommendations to management regarding mitigation.
2019 : 2020
Norfolk State University
Information Technology Internal Auditor
Information System Security Officer (ISSO) - served as an advisor to the Chief Information Security Officer on all matters involving the security of information systems.
Developed and documented Plan of Action and Milestones (POA&M) for all identified weaknesses.
Supported audit activities (Office of Inspector General (OIG), FISMA, etc.).
Primary liaison between the Office of Information Security (OIS) and the Privacy Compliance Office (PCO).
Reviewed itemized security metrics and reported them using a monthly scorecard.
Ensured changes were identified and analyzed prior to implementation to determine the security impact of changes.
Utilized FedRAMP to provide guidance on securing Cloud information systems.
Assisted in the preparation of Interconnection Security Agreements (ISA) and Memorandum of Understandings (MOU) to ensure all external connections were documented and met security requirements.
Ensured proper access controls were approved and implemented for federal employees, contractors, and anyone else who has access to Census systems or data.
Verified completion of continuous monitoring activities, including : routine scans (vulnerability, compliance, etc.), patching, audit log reviews, security awareness training and role-based training, terminating system.
Reported and investigated IT security incidents in collaboration with the Computer Incident Response Team (CIRT).
Maintained tools, templates, and checklists to support Assessment and Authorization (A&A) process requirements. Active role in development of Security Authorization to Operate (ATO) Packages.
Oversaw development, accuracy, compliance, and maintenance of security documentation (operating procedures, system administration manual, account management policy, configuration management, contingency plans, etc.)
Ensured System Security Plans (SSP) and Risk Assessments (RA) were up-to-date.
2017 : 2019
Department of Commerce
IT Specialist (INFOSEC)
Network Services – installed, configured, tested, operated, monitored, maintained, and troubleshoot networks (e.g., bridges, switches, routers, cables,) and a wide range of transmission media.
Administered and operated classified and unclassified telecommunications network equipment, including cryptographic equipment, multiplexers, modems, routers, switches, and satellite equipment.
Installed and maintained network hardware and software; troubleshoot and restore outages within the network.
2016 : 2017
United States Department of Defense
IT Specialist (Network)
Utilized Risk Management Framework to identify and evaluate threat vectors and ensure system security measures comply with multiple regulatory requirements.
Maintained variety of hardware and software according to Security Technical Implementation Guide (STIG) guidelines ensuring IT systems are compliant with current Information Assurance Vulnerability Alert (IAVA) patches.
Analyzed audit logs and advised on matters related to vulnerabilities or threats to information; directed
necessary actions to remediate vulnerabilities.
Maintained Configuration Control Board (CCB) forum for tracking approval/disapproval of enterprise RFC (Request for Change) above baseline.
Interpreted concepts, principles, and applications to enhance the confidentiality, integrity, and availability of the enterprise Non-Classified Internet Protocol Routed Network (NIPRNet) and Secret Internet Protocol Routed Network (SIPRNet) networks.
Maintained a systematic model of record information management by controlling and modifying data analysis spreadsheets and updating data entry correspondence.
Maintained baseline security benchmarks across the Fort Meade Installation Campus Area Network (ICAN).
Assisted in obtaining an Authority to Operate (ATO) in accordance with the Assessment and Authorization (A&A) and Certification and Accreditation (C&A) processes.
Disseminated 3-4 weekly Operation Orders (OPORDs) to party responsible for implementing security configuration parameters.
Participated in weekly collaboration team meetings.
Verified authorized and unauthorized software using a Signed Certificate of Networthiness.
Ensured technical objectives, issues, and priorities in correlation with Command Cyber Readiness Inspection (CCRI) self-assessments were communicated clearly and documented.
Understood being a proponent of mandatory access controls – data ownership .gov and .mil.
Served as the Fort Meade PKI Enhanced Trusted Agent (ETA) - created and issued tokens to military activities.
2014 : 2016
United States Department of Defense
IT Specialist (INFOSEC)
Ensures information security vision and strategy is aligned to organizational pillars and facilitates the agency’s business objectives.
Integral in advancing the agency from Tier I to Tier II Status, which gave the agency greater autonomy in IT oversight and governance.
Leads initiatives such as developing Business Impact Analysis, Risk Assessments, and System Security Plans for fourteen (14) sensitive system.
Utilizes the Archer Governance, Risk, and Compliance (GRC) solution to maintain Information Assurance (IA) situational awareness, identify risk, and comply with the Commonwealth of Virginia (COV).
Led the initiative to formalize the Security Impact Analysis (SIA) process, active voting member of the Configuration Advisory Board (CAB).
Writes and co-approves IT security exception/deviation requests.
Establishes and maintains best practices to comply with COV Information Technology Resource Management (ITRM) information security standards (SEC501, SEC525), U.S. Department of Education Gramm-Leach-Bliley Act (GLBA), Family Educational Rights and Privacy Act (FERPA) and other regulations and standards.
Authored and implemented ten (10) cybersecurity policies.
Presents cybersecurity policies to Agency Cabinet members and Board of Visitors for approval.
Composed the Agency’s log-on/system use notification banner.
Works in conjunction with the Legal Office, Compliance Office, Procurement Office, and Office of Information Technology (OIT).
Receives and approves Special Data Audit Requests (SDAR).
Conducts cybersecurity role-based IT security awareness training.
Serves on the Information Assurance Research and Education Development Institution Advisory Board – focuses on preparing students for research and careers in the cybersecurity field.
2020 : Present
Norfolk State University
Information Security Officer
Developed audit objectives, scope, and timeframes.
Performed control assessments and audit activities.
Performed process walkthroughs.
Mapped controls and supporting artifacts to a predetermined IT Controls Set.
Developed and executed test plans to audit the design and operational effectiveness of controls.
Maintained detailed work papers of test activities and results.
Identified and documented control deficiencies and provided recommendations to management regarding mitigation.
2019 : 2020
Norfolk State University
Information Technology Internal Auditor
Information System Security Officer (ISSO) - served as an advisor to the Chief Information Security Officer on all matters involving the security of information systems.
Developed and documented Plan of Action and Milestones (POA&M) for all identified weaknesses.
Supported audit activities (Office of Inspector General (OIG), FISMA, etc.).
Primary liaison between the Office of Information Security (OIS) and the Privacy Compliance Office (PCO).
Reviewed itemized security metrics and reported them using a monthly scorecard.
Ensured changes were identified and analyzed prior to implementation to determine the security impact of changes.
Utilized FedRAMP to provide guidance on securing Cloud information systems.
Assisted in the preparation of Interconnection Security Agreements (ISA) and Memorandum of Understandings (MOU) to ensure all external connections were documented and met security requirements.
Ensured proper access controls were approved and implemented for federal employees, contractors, and anyone else who has access to Census systems or data.
Verified completion of continuous monitoring activities, including : routine scans (vulnerability, compliance, etc.), patching, audit log reviews, security awareness training and role-based training, terminating system.
Reported and investigated IT security incidents in collaboration with the Computer Incident Response Team (CIRT).
Maintained tools, templates, and checklists to support Assessment and Authorization (A&A) process requirements. Active role in development of Security Authorization to Operate (ATO) Packages.
Oversaw development, accuracy, compliance, and maintenance of security documentation (operating procedures, system administration manual, account management policy, configuration management, contingency plans, etc.)
Ensured System Security Plans (SSP) and Risk Assessments (RA) were up-to-date.
2017 : 2019
Department of Commerce
IT Specialist (INFOSEC)
Network Services – installed, configured, tested, operated, monitored, maintained, and troubleshoot networks (e.g., bridges, switches, routers, cables,) and a wide range of transmission media.
Administered and operated classified and unclassified telecommunications network equipment, including cryptographic equipment, multiplexers, modems, routers, switches, and satellite equipment.
Installed and maintained network hardware and software; troubleshoot and restore outages within the network.
2016 : 2017
United States Department of Defense
IT Specialist (Network)
Utilized Risk Management Framework to identify and evaluate threat vectors and ensure system security measures comply with multiple regulatory requirements.
Maintained variety of hardware and software according to Security Technical Implementation Guide (STIG) guidelines ensuring IT systems are compliant with current Information Assurance Vulnerability Alert (IAVA) patches.
Analyzed audit logs and advised on matters related to vulnerabilities or threats to information; directed
necessary actions to remediate vulnerabilities.
Maintained Configuration Control Board (CCB) forum for tracking approval/disapproval of enterprise RFC (Request for Change) above baseline.
Interpreted concepts, principles, and applications to enhance the confidentiality, integrity, and availability of the enterprise Non-Classified Internet Protocol Routed Network (NIPRNet) and Secret Internet Protocol Routed Network (SIPRNet) networks.
Maintained a systematic model of record information management by controlling and modifying data analysis spreadsheets and updating data entry correspondence.
Maintained baseline security benchmarks across the Fort Meade Installation Campus Area Network (ICAN).
Assisted in obtaining an Authority to Operate (ATO) in accordance with the Assessment and Authorization (A&A) and Certification and Accreditation (C&A) processes.
Disseminated 3-4 weekly Operation Orders (OPORDs) to party responsible for implementing security configuration parameters.
Participated in weekly collaboration team meetings.
Verified authorized and unauthorized software using a Signed Certificate of Networthiness.
Ensured technical objectives, issues, and priorities in correlation with Command Cyber Readiness Inspection (CCRI) self-assessments were communicated clearly and documented.
Understood being a proponent of mandatory access controls – data ownership .gov and .mil.
Served as the Fort Meade PKI Enhanced Trusted Agent (ETA) - created and issued tokens to military activities.
2014 : 2016
United States Department of Defense
IT Specialist (INFOSEC)
Company:
Norfolk State University
Profile Photo
