Profiles search
Jo C.
None
Ft. Washington, MD, United States
Details
Experience:
Establishing and maintaining the governance, risk and compliance (GRC) strategy through evaluation, prioritization, and execution of program goals using RMF, NIST, CIS, CMMC methodologies while ensuring application best practices are implemented and audited.
Performing advanced security reviews as well as quantitative and qualitative risk assessments and producing executive-level reports based on superior expertise in information security and assurance.
Take a lead security position in complex initiatives for DevOps, Cloud and CI/CD strategic importance.
Determining and applying risk analysis methodologies, making recommendations regarding alternate solutions and ensuring methodologies are beneficial to the organization.
Working within the information security governance process to define control recommendations that are both efficient and effective in securing the environment and not causing blocks in process workflows.
Maintains an overall awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information Identifies regulatory changes that will affect information security policy, standards, and procedures, and recommends appropriate changes.
Assisting IT staff in the resolution of reported security incidents by providing Risk and Compliance
viewpoints to responders as well as liaise between IT and other Support organizations
Researching, evaluating, and recommending information-security-related hardware and software, including developing business cases for security investments to include MDM, Vulnerability management, traffic monitoring, data loss prevention (DLP), threat management and IAM.
Implemented a company-wide security awareness training program to meet compliance and create a security-minded approach by all team members which has reduced the overall company security risk score by 34%.
2022 : Present
1
Director of Cybersecurity Governance
Efficient and effective collaboration with cross-functional teams for cybersecurity solutions to meet regulatory compliance to fast-paced incident response.
Lifecycle program development for cybersecurity solutions that meet government and industry regulations including : ISO 27001, CMMC/CMMC 2.0, FSIMA, NIST 800-171, NIST 800-53, DFARS Clause 252.204-7012, GDPR, PCI, ISO 9001, HIPAA, state and local regulations.
Incident Response for a variety of malware attacks including ransomware, command and control, spyware, and bots. Review of external and internal vulnerabilities reports to determine risk and implement threat management solutions.
Utilization of a high level of attention to detail combined with extensive knowledge of cybersecurity skills for assessing client environments in all security areas developing and implementing a strategic security program with defined procedures, policies, frameworks, recurring metrics and program milestones for a successful implementation of a secure environment. Ability to discuss complex cybersecurity threats and risks to all stakeholders and provide short and long-term solutions to protect company assets.
Lead Assessor for Cybersecurity Maturity Model Certification (CMMC/CMMC 2.0) to review security, privacy and compliance programs for Department of Defense contractors and determine areas of risk and assess overall cybersecurity health of environments in the 17 security domains. All recommendations on findings are presented with a comprehensive report and discussion on solutions with risk-based timelines.
Experience with Azure, o365 (E3/E5), GCC-high, AWS, Intune, hybrid environments, Windows Server 2003-2022, Windows 7 - 11, Mac OSs, Linux, legacy and current Exchange Servers, cloud and onsite backups VEEAM, Cisco, Labtech, DUO authenticator, MS Authenticator, Sonic Wall, Malwarebytes, Sophos, Bitlocker, CrowdStrike, Arctic Wolf, RapidFire Network Detective, ConnectWise, Nessus, CyberSaint, Exostar MAG and forensic tools.
2021 : 2022
2
Senior Cybersecurity Engineer/vCISO/Lead Assessor
Successful approval from DCSA of five Authority to operate (ATO) packages using Risk Management Framework (RMF) in eMASS (Enterprise Mission Assurance Support Service) using a comprehensive range of cybersecurity management and assessment tools
Complete understanding and implementation of STIGS, IAVA, IAVM and associated rules and regulations for compliance with current computer security requirements using ACAS, HBSS, SCCM, STIG viewer to support regulations SECNAVINST 5239 & 3052, 44 USC Chapter 35, SECNAVINST M-5510.30, SECNAVINST 5200.35F, NIST CSF 800 series, ISO 270000 series and DoD Instruction 8510 (RMF) Risk Management Framework
Variety of communication abilities to meet the needs of a wide scope of audiences with a knowledge of information flow models to ensure solid communication of risk management throughout the organization
Knowledge of critical infrastructure protection concepts and security controls with the ability to maintain a high level of attention to detail. Experience with Risk Management Framework with self-assessment and FIPS compliance
Understanding of the importance of the direction and goals of a project while dealing collaboratively and diplomatically with customers, staff and stakeholders
Assist the Information System Security Manager (ISSM) and serve as the subject matter expert on Assessment and Accreditation and Continuous Risk Monitoring of the customer systems along with providing recommendations on upcoming cybersecurity issues for various stages of projects
Provide analytical and technical security recommendations to other IT section members and Configuration Control Board (CCB)
Ensure system security requirements are addressed during all phases of the system life cycle
Working knowledge of system functions, security policies, technical security safeguards, and operational security measures
Working experience with RMF, ICD 503, CNSSI 1253, NIST SP 800-53/53A, STIGs, NISPOM Chapter 8, DAAPM Manual
2020 : 2021
3
Information Systems Security Manager
Experience with Windows 10, Windows 7, Server 2008/12/16
Variety of communication abilities to meet the needs of a wide scope of audiences with a knowledge of information flow models to ensure solid communication and understanding throughout the organization
Created a cybersecurity positive environment to allow employees to gain a better understanding of the program and their role in a manner that is easily understood by every user with or without technical backgrounds
Experience with Risk Management Framework with self-assessment and FIPS compliance
Understanding of the importance of the direction and goals of a project while dealing collaboratively and diplomatically with customers, staff and stakeholders
Eliminated outdated assets through government regulated disposal methods to create increased work movement areas and decrease safety hazards. Prepared electronic assets for disposal in accordance with DLA regulations
Administered computer system remediation with SCCM through review of STIGS and ACAS weekly reports to decreased vulnerabilities on patient-care based systems and work cooperatively with departments to identify process improvement to increase system availability and compliance with cybersecurity program
Demonstrated a strong power of analytical reasoning with resolution of networking infrastructure issues with government assets to determine underlying cause of diminished communications to increase system availability by 40% and saving over $10,000 per month in maintenance
Administration and maintenance of Windows Server 2008R2, 2012 and 2016 w/ Hyper-V implementation
2018 : 2020
4
Information Technology Specialist
● AHLTA and CHCS site monitoring and administration including : daily functional checks, diagnostic and resolution
communication with end users, account maintenance, and system operation maintenance
● Multi-media troubleshooting and informational assistance for all local and remote end users pertaining to supported software
and hardware computing platforms
● Provide in-person assistance and education on software and hardware usage, to local end users and phone, email, and video
call assistance to remote end users
● Provide AHLTA/CHCS customer assistance with application issues through troubleshooting and known-issue resolutions
● Create and continuously update a database of known issues for expedited problem resolution
● Convey problems, and possible solutions, to appropriate individual based on established guidelines and procedures.
● Troubleshooting hardware and application software issues identified by AHLTA/CHCS users
● Manage and schedule CHCS and AHLTA data backups on a frequent and consistent basis to exceed compliance guideline
expectations
● Maintain Site Level System Availability
● Provide assistance to System Engineer while monitoring system performance
● Manage identified bottlenecks to system performance under the direction of the System Engineer
● Facilitate resolution of data integrity issues and escalate system anomalies with reporting and documentation (Data calls, Downtime, MICCB, FSW updates) through direct communication and collaboration with Software Engineering / TIER III
2018 : 2018
5
System Specialist
Performing advanced security reviews as well as quantitative and qualitative risk assessments and producing executive-level reports based on superior expertise in information security and assurance.
Take a lead security position in complex initiatives for DevOps, Cloud and CI/CD strategic importance.
Determining and applying risk analysis methodologies, making recommendations regarding alternate solutions and ensuring methodologies are beneficial to the organization.
Working within the information security governance process to define control recommendations that are both efficient and effective in securing the environment and not causing blocks in process workflows.
Maintains an overall awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information Identifies regulatory changes that will affect information security policy, standards, and procedures, and recommends appropriate changes.
Assisting IT staff in the resolution of reported security incidents by providing Risk and Compliance
viewpoints to responders as well as liaise between IT and other Support organizations
Researching, evaluating, and recommending information-security-related hardware and software, including developing business cases for security investments to include MDM, Vulnerability management, traffic monitoring, data loss prevention (DLP), threat management and IAM.
Implemented a company-wide security awareness training program to meet compliance and create a security-minded approach by all team members which has reduced the overall company security risk score by 34%.
2022 : Present
1
Director of Cybersecurity Governance
Efficient and effective collaboration with cross-functional teams for cybersecurity solutions to meet regulatory compliance to fast-paced incident response.
Lifecycle program development for cybersecurity solutions that meet government and industry regulations including : ISO 27001, CMMC/CMMC 2.0, FSIMA, NIST 800-171, NIST 800-53, DFARS Clause 252.204-7012, GDPR, PCI, ISO 9001, HIPAA, state and local regulations.
Incident Response for a variety of malware attacks including ransomware, command and control, spyware, and bots. Review of external and internal vulnerabilities reports to determine risk and implement threat management solutions.
Utilization of a high level of attention to detail combined with extensive knowledge of cybersecurity skills for assessing client environments in all security areas developing and implementing a strategic security program with defined procedures, policies, frameworks, recurring metrics and program milestones for a successful implementation of a secure environment. Ability to discuss complex cybersecurity threats and risks to all stakeholders and provide short and long-term solutions to protect company assets.
Lead Assessor for Cybersecurity Maturity Model Certification (CMMC/CMMC 2.0) to review security, privacy and compliance programs for Department of Defense contractors and determine areas of risk and assess overall cybersecurity health of environments in the 17 security domains. All recommendations on findings are presented with a comprehensive report and discussion on solutions with risk-based timelines.
Experience with Azure, o365 (E3/E5), GCC-high, AWS, Intune, hybrid environments, Windows Server 2003-2022, Windows 7 - 11, Mac OSs, Linux, legacy and current Exchange Servers, cloud and onsite backups VEEAM, Cisco, Labtech, DUO authenticator, MS Authenticator, Sonic Wall, Malwarebytes, Sophos, Bitlocker, CrowdStrike, Arctic Wolf, RapidFire Network Detective, ConnectWise, Nessus, CyberSaint, Exostar MAG and forensic tools.
2021 : 2022
2
Senior Cybersecurity Engineer/vCISO/Lead Assessor
Successful approval from DCSA of five Authority to operate (ATO) packages using Risk Management Framework (RMF) in eMASS (Enterprise Mission Assurance Support Service) using a comprehensive range of cybersecurity management and assessment tools
Complete understanding and implementation of STIGS, IAVA, IAVM and associated rules and regulations for compliance with current computer security requirements using ACAS, HBSS, SCCM, STIG viewer to support regulations SECNAVINST 5239 & 3052, 44 USC Chapter 35, SECNAVINST M-5510.30, SECNAVINST 5200.35F, NIST CSF 800 series, ISO 270000 series and DoD Instruction 8510 (RMF) Risk Management Framework
Variety of communication abilities to meet the needs of a wide scope of audiences with a knowledge of information flow models to ensure solid communication of risk management throughout the organization
Knowledge of critical infrastructure protection concepts and security controls with the ability to maintain a high level of attention to detail. Experience with Risk Management Framework with self-assessment and FIPS compliance
Understanding of the importance of the direction and goals of a project while dealing collaboratively and diplomatically with customers, staff and stakeholders
Assist the Information System Security Manager (ISSM) and serve as the subject matter expert on Assessment and Accreditation and Continuous Risk Monitoring of the customer systems along with providing recommendations on upcoming cybersecurity issues for various stages of projects
Provide analytical and technical security recommendations to other IT section members and Configuration Control Board (CCB)
Ensure system security requirements are addressed during all phases of the system life cycle
Working knowledge of system functions, security policies, technical security safeguards, and operational security measures
Working experience with RMF, ICD 503, CNSSI 1253, NIST SP 800-53/53A, STIGs, NISPOM Chapter 8, DAAPM Manual
2020 : 2021
3
Information Systems Security Manager
Experience with Windows 10, Windows 7, Server 2008/12/16
Variety of communication abilities to meet the needs of a wide scope of audiences with a knowledge of information flow models to ensure solid communication and understanding throughout the organization
Created a cybersecurity positive environment to allow employees to gain a better understanding of the program and their role in a manner that is easily understood by every user with or without technical backgrounds
Experience with Risk Management Framework with self-assessment and FIPS compliance
Understanding of the importance of the direction and goals of a project while dealing collaboratively and diplomatically with customers, staff and stakeholders
Eliminated outdated assets through government regulated disposal methods to create increased work movement areas and decrease safety hazards. Prepared electronic assets for disposal in accordance with DLA regulations
Administered computer system remediation with SCCM through review of STIGS and ACAS weekly reports to decreased vulnerabilities on patient-care based systems and work cooperatively with departments to identify process improvement to increase system availability and compliance with cybersecurity program
Demonstrated a strong power of analytical reasoning with resolution of networking infrastructure issues with government assets to determine underlying cause of diminished communications to increase system availability by 40% and saving over $10,000 per month in maintenance
Administration and maintenance of Windows Server 2008R2, 2012 and 2016 w/ Hyper-V implementation
2018 : 2020
4
Information Technology Specialist
● AHLTA and CHCS site monitoring and administration including : daily functional checks, diagnostic and resolution
communication with end users, account maintenance, and system operation maintenance
● Multi-media troubleshooting and informational assistance for all local and remote end users pertaining to supported software
and hardware computing platforms
● Provide in-person assistance and education on software and hardware usage, to local end users and phone, email, and video
call assistance to remote end users
● Provide AHLTA/CHCS customer assistance with application issues through troubleshooting and known-issue resolutions
● Create and continuously update a database of known issues for expedited problem resolution
● Convey problems, and possible solutions, to appropriate individual based on established guidelines and procedures.
● Troubleshooting hardware and application software issues identified by AHLTA/CHCS users
● Manage and schedule CHCS and AHLTA data backups on a frequent and consistent basis to exceed compliance guideline
expectations
● Maintain Site Level System Availability
● Provide assistance to System Engineer while monitoring system performance
● Manage identified bottlenecks to system performance under the direction of the System Engineer
● Facilitate resolution of data integrity issues and escalate system anomalies with reporting and documentation (Data calls, Downtime, MICCB, FSW updates) through direct communication and collaboration with Software Engineering / TIER III
2018 : 2018
5
System Specialist
Company:
1
Spoken Language:
English
Profile Photo
