Profiles search
Jesse Hazel 何西
CISSP | Security + | AWS Certified Cloud Practitioner | Masters in Cybersecurity at UMBC
Ft. Washington, MD, United States
Details
Education:
Master's Professional Studies
Cybersecurity
University of Maryland Baltimore County
2017 : 2019
Master's Degree
2D Studies
Bowling Green State University
2013 : 2015
Bachelor of Fine Arts (B.F.A.)
Painting
Western Kentucky University
2007 : 2012
Cybersecurity
University of Maryland Baltimore County
2017 : 2019
Master's Degree
2D Studies
Bowling Green State University
2013 : 2015
Bachelor of Fine Arts (B.F.A.)
Painting
Western Kentucky University
2007 : 2012
Experience:
Act as a trusted advisor on security and privacy matters and serve as a bridge between federal client security teams and project teams to instill a culture of security and privacy within the program.
• Administer security and privacy risks through control selection, implementation, and assessment in compliance with client's acceptable risk safeguards and NIST 800-53 Standards.
• Create and update all client security and privacy deliverables (System Security Plan, Contingency Plan, Information System Risk Assessment, Privacy Impact Assessment, etc).
• Collaborate with team members for security matters for their programs.
• Review all change requests for potential impact to the systems’ security posture and complete Security Impact Analyses.
• Manage and maintain RMF Security Documentation using Governance, Risk, and Compliance tool.
• Review and update monthly POA&Ms.
• Review scan results and deploy configuration/patch/and vulnerability management plans.
• Support Sparksoft corporate security as needed.
2023 : Present
Sparksoft Corporation
Information Security Analyst
Strengthen enterprise compliance commitments, including updating POA&M procedures, and Security and Privacy Impact Analysis procedures.
• Advise project teams how to navigate ATO processes and provide security and risk based recommendations to them and clients.
• Develop, analyze, revise, and implement information security and privacy enterprise policies and procedures.
• Draft enterprise Roles and Responsibilities governance to ensure accountability and responsibilities of information security are properly delegated to proper personnel.
• Migrate NORC Enterprise System Security Plan to reflect NIST 800-53 Rev 5.
• Manage and maintain project and client RMF Security Documentation packages.
• Develop ATO Playbook to restructure governance on Authorization to Operate (ATO) processes for NORC enterprise and client dependent systems to improve coordination across NORC projects and clients.
2022 : 2023
NORC at the University of Chicago
IT Risk and Compliance Analyst
SServe as a contractor ISSO for 12 systems with FDIC following the Risk Management Framework. I collaborate with System Owners, and federal stakeholders to ensure the security and privacy posture is maintained.
• Identify the security and privacy requirements allocated to a system and to the organization.
• Collaborate with the System Owner to categorize the system and document the security categorization results as part of system requirements.
• Identify stakeholder assets that require protection, documented in Business Impact Analysis.
• Perform analysis of appropriate security controls that are in place and will safeguard On-Premises systems.
• Assist with the security control assessments with third party assessors in accordance with NIST RMF-Step 4.
• Select the security and privacy controls for a system and document the functional descriptions of the planned control implementations in a security/privacy plan.
• Develop strategies for monitoring security and privacy control effectiveness.
• Develop, review, and approve planned security and privacy control implementation.
• Manage and maintain RMF Security Documentation using CSAM.
• Prepare POA&Ms based on findings and recommendations of a security assessment report excluding any remediation actions taken.
• Report the security status of a system to ISSM.
2022 : 2022
Crest Security Assurance
Information System Security Officer
As Cyber Risk Advisor, I was subject matter expert in all areas of Risk Management Framework. Evaluate, maintain, and communicate the risk posture of FISMA systems to executive leadership and make risk-based recommendations to the Authorization Official to ensure smooth Authorization to Operate (ATO) approval. Interface with executives, federal and private stakeholders in ensuring that all requirements specified by agency’s procedures and standards are implemented and enforced.
• Risk advisor for 60 information systems providing guidance to over 20 Information System Security Officers (ISSOs) across a variety of CMS components.
• Assist IT governance and security efforts in modernizing High Value Asset (HVA) Program across federal enterprise including the reporting and confirmation status to Department of Homeland Security and other federal oversight bodies.
• Administer information technology principles and security best practices to ensure the confidentiality, integrity, and availability of information system.
• Integrate ATO model with business processes to improve IT governance and reduce risk of shadow IT.
• Provide risk analysis and recommendations for CISO to make risk-based decisions on the ATO of information systems.
• Oversee and provide guidance to ISSOs on System Security Plan (SSP) implementation language, Privacy Threshold Analysis/Privacy Impact Analysis, Security Impact Analysis (SIA)s, and any open/outstanding Plan of Action and Milestones (POA&Ms) using CFACTS.
• Apply comprehensive knowledge across key tasks and high impact assignments at the direction of the federal government.
• Submit Monthly and Quarterly data collections for parent and outside federal oversight agencies.
2020 : 2022
ASSYST
Cyber Risk Advisor
As the Lead Information Systems Security Officer provided support for a variety of enterprise security and DevSecOps FISMA systems under CMS and healthcare sector.
• Administer security and privacy risks through control selection, implementation, and assessment in compliance to federal agencies acceptable risk safeguards and NIST 800-53 Standards.
• Provide annual reviews and draft updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis/Privacy Impact Analysis, System Security Plan, Contingency Plan, Contingency Plan Test, Interconnection Security Agreements, and other FISMA and FedRAMP related security documentation.
• Support all assessment activities by responding to interview questions and working with team members to gather appropriate FISMA and FedRAMP artifacts during assessments.
• Review all change requests for potential impact to the systems’ security posture and complete Security Impact Analyses.
• Manage and maintain RMF Security Documentation using CFACTS.
• Review and update monthly POA&Ms.
• Review scan results and deploy configuration/patch/and vulnerability management plans.
• Facilitate Contingency Plan Tabletop tests with all security teams as well facilitate Acter Action Reports and Lessons Learned.
• Revamp the Security Impact Analysis template and process for the Information Security and Privacy Group to ensure all critical aspects of system security were captured.
• Led onboarding of new employees, covering organizational policies, process, and practices.
2019 : 2020
ASSYST
Information System Security Officer
• Administer security and privacy risks through control selection, implementation, and assessment in compliance with client's acceptable risk safeguards and NIST 800-53 Standards.
• Create and update all client security and privacy deliverables (System Security Plan, Contingency Plan, Information System Risk Assessment, Privacy Impact Assessment, etc).
• Collaborate with team members for security matters for their programs.
• Review all change requests for potential impact to the systems’ security posture and complete Security Impact Analyses.
• Manage and maintain RMF Security Documentation using Governance, Risk, and Compliance tool.
• Review and update monthly POA&Ms.
• Review scan results and deploy configuration/patch/and vulnerability management plans.
• Support Sparksoft corporate security as needed.
2023 : Present
Sparksoft Corporation
Information Security Analyst
Strengthen enterprise compliance commitments, including updating POA&M procedures, and Security and Privacy Impact Analysis procedures.
• Advise project teams how to navigate ATO processes and provide security and risk based recommendations to them and clients.
• Develop, analyze, revise, and implement information security and privacy enterprise policies and procedures.
• Draft enterprise Roles and Responsibilities governance to ensure accountability and responsibilities of information security are properly delegated to proper personnel.
• Migrate NORC Enterprise System Security Plan to reflect NIST 800-53 Rev 5.
• Manage and maintain project and client RMF Security Documentation packages.
• Develop ATO Playbook to restructure governance on Authorization to Operate (ATO) processes for NORC enterprise and client dependent systems to improve coordination across NORC projects and clients.
2022 : 2023
NORC at the University of Chicago
IT Risk and Compliance Analyst
SServe as a contractor ISSO for 12 systems with FDIC following the Risk Management Framework. I collaborate with System Owners, and federal stakeholders to ensure the security and privacy posture is maintained.
• Identify the security and privacy requirements allocated to a system and to the organization.
• Collaborate with the System Owner to categorize the system and document the security categorization results as part of system requirements.
• Identify stakeholder assets that require protection, documented in Business Impact Analysis.
• Perform analysis of appropriate security controls that are in place and will safeguard On-Premises systems.
• Assist with the security control assessments with third party assessors in accordance with NIST RMF-Step 4.
• Select the security and privacy controls for a system and document the functional descriptions of the planned control implementations in a security/privacy plan.
• Develop strategies for monitoring security and privacy control effectiveness.
• Develop, review, and approve planned security and privacy control implementation.
• Manage and maintain RMF Security Documentation using CSAM.
• Prepare POA&Ms based on findings and recommendations of a security assessment report excluding any remediation actions taken.
• Report the security status of a system to ISSM.
2022 : 2022
Crest Security Assurance
Information System Security Officer
As Cyber Risk Advisor, I was subject matter expert in all areas of Risk Management Framework. Evaluate, maintain, and communicate the risk posture of FISMA systems to executive leadership and make risk-based recommendations to the Authorization Official to ensure smooth Authorization to Operate (ATO) approval. Interface with executives, federal and private stakeholders in ensuring that all requirements specified by agency’s procedures and standards are implemented and enforced.
• Risk advisor for 60 information systems providing guidance to over 20 Information System Security Officers (ISSOs) across a variety of CMS components.
• Assist IT governance and security efforts in modernizing High Value Asset (HVA) Program across federal enterprise including the reporting and confirmation status to Department of Homeland Security and other federal oversight bodies.
• Administer information technology principles and security best practices to ensure the confidentiality, integrity, and availability of information system.
• Integrate ATO model with business processes to improve IT governance and reduce risk of shadow IT.
• Provide risk analysis and recommendations for CISO to make risk-based decisions on the ATO of information systems.
• Oversee and provide guidance to ISSOs on System Security Plan (SSP) implementation language, Privacy Threshold Analysis/Privacy Impact Analysis, Security Impact Analysis (SIA)s, and any open/outstanding Plan of Action and Milestones (POA&Ms) using CFACTS.
• Apply comprehensive knowledge across key tasks and high impact assignments at the direction of the federal government.
• Submit Monthly and Quarterly data collections for parent and outside federal oversight agencies.
2020 : 2022
ASSYST
Cyber Risk Advisor
As the Lead Information Systems Security Officer provided support for a variety of enterprise security and DevSecOps FISMA systems under CMS and healthcare sector.
• Administer security and privacy risks through control selection, implementation, and assessment in compliance to federal agencies acceptable risk safeguards and NIST 800-53 Standards.
• Provide annual reviews and draft updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis/Privacy Impact Analysis, System Security Plan, Contingency Plan, Contingency Plan Test, Interconnection Security Agreements, and other FISMA and FedRAMP related security documentation.
• Support all assessment activities by responding to interview questions and working with team members to gather appropriate FISMA and FedRAMP artifacts during assessments.
• Review all change requests for potential impact to the systems’ security posture and complete Security Impact Analyses.
• Manage and maintain RMF Security Documentation using CFACTS.
• Review and update monthly POA&Ms.
• Review scan results and deploy configuration/patch/and vulnerability management plans.
• Facilitate Contingency Plan Tabletop tests with all security teams as well facilitate Acter Action Reports and Lessons Learned.
• Revamp the Security Impact Analysis template and process for the Information Security and Privacy Group to ensure all critical aspects of system security were captured.
• Led onboarding of new employees, covering organizational policies, process, and practices.
2019 : 2020
ASSYST
Information System Security Officer
Company:
Sparksoft Corporation
Years of Experience:
6
Spoken Language:
Chinese, English, Korean
Skills
Adobe Creative Suite, Analytical Skills, ATO, Chinese, Cloud Computing, Contingency Planning, cyber-security, Cyber Policy, data analysis, Enterprise Risk Management, FedRAMP, Identity & Access Management (IAM), Information Assurance, Information Security, Information Security Management, International Relations, IT Audit, IT Governance, IT Risk Management, kali linux, malware analysis, Management, Microsoft Office, Nessus, network security, NIST, nist 800-53, POA&M Management, Public Speaking, Risk Management, Security, Snort, Threat & Vulnerability Management, U.S. Federal Information Security Management Act (FISMA), Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning, Oil Painting, Acrylic Painting, Relief Printmaking, Screen Printing, Intaglio, Lithography, Art History, Photography, Social Networking, Contemporary Art, 2D art, Figure Drawing, Collage, 2D Design, Fine Art Handling, Museum Preparator, Social Media, Higher Education
About
Who I am as an Artist informs who I am as an Information Security Professional. Like drawing a model from life, I make decisions based on what I can observe rather than what I perceive. From my art background, I think critically and creatively and am able to communicate complex and seemingly abstract technical concepts clearly and concisely. I value compassionate and empathetic approaches to continuously improve and find solutions in information and cybersecurity.
Profile Photo
