Profiles search
Leslie Ann Kainoa
Cybersecurity Advisor, Oregon
Portland, OR, United States
Details
Experience:
2022 : Present
Cybersecurity and Infrastructure Security Agency
Cybersecurity Advisor
2021 : 2022
TriMet
Sr. Cyber Security Engineer
Manage, schedule, and perform Continuous Control Assessment (CCA) and Certification and Accreditation Process (CAP) testing for PGE Corporate, Transmission and Distribution, and Generation assets. Extensive experience with auditing and ensuring compliance with NERC CIP, SOX, and HIPAA compliance environments as well handling of confidential and restricted information. Knowledgeable in CIP standards and implementations to support cybersecurity efforts in the transmission and distribution (T&D) and Energy networks. Align corporate cybersecurity policies with T&D policies. Rewrite T&D standards and guidelines. Leads assessments using NIST 800 series and CSC controls to determine the risk posture of systems by performing vulnerability and risk analysis including technical and process testing as well as compliance with current governance requirements. Manage assessment timelines and milestones to ensure timely completion and reporting. Identify and document system and project disparities in the compliance of policies, governance, and industry controls and best practices into a tracking database. Develop a plan of action and milestones for each system to remediation all gaps. Present recommendations to the system owners from the security and risk testing using various delivery methods including meetings and Risk Determination Letters. Provide guidance to management and customers on how to mitigate risk to systems using current security trends and relevant external and internal risks. Mentor coworkers new to cybersecurity on the processes, procedures and nuances of navigating the cybersecurity field. Former IT cyber forensics lead responsible for conducting all HR requested investigations covering IT assets. Employ the proper chain of custody and formal investigation logging to fully document all actions in an investigation. Write the After-Action Reports and hold team out-briefs after the incident investigation was closed.
2014 : 2021
Portland General Electric
Cyber Security Analyst
Serve as the independent validation and verification security tester for Cover Oregon. Developed security test controls using NIST 800-53 controls and IRS 1075 standards. Evaluate the design and operating effectiveness of IT security controls, standards and procedures. Identify security control gaps and deficiencies, propose remediation strategies, and monitor timely resolution. Collaborate with IT process owners to test security controls, evaluate and make recommendations for strengthening the internal control environment. Develop recommendations and prepare technical and executive reports.
2013 : 2014
TekAssociates
Information Technology Auditor
Maintain FISMA standards for over 90 users throughout the Command. Oversee security posture and compliance of Army Intelligence Program of Record systems. Perform security audits to maintain system security posture and obtain theater level system accreditations. Make recommendations to management to improve system security posture, process improvements, system upgrades, and vulnerability remediation.
2011 : 2013
ManTech
Information Assurance Specialist
Cybersecurity and Infrastructure Security Agency
Cybersecurity Advisor
2021 : 2022
TriMet
Sr. Cyber Security Engineer
Manage, schedule, and perform Continuous Control Assessment (CCA) and Certification and Accreditation Process (CAP) testing for PGE Corporate, Transmission and Distribution, and Generation assets. Extensive experience with auditing and ensuring compliance with NERC CIP, SOX, and HIPAA compliance environments as well handling of confidential and restricted information. Knowledgeable in CIP standards and implementations to support cybersecurity efforts in the transmission and distribution (T&D) and Energy networks. Align corporate cybersecurity policies with T&D policies. Rewrite T&D standards and guidelines. Leads assessments using NIST 800 series and CSC controls to determine the risk posture of systems by performing vulnerability and risk analysis including technical and process testing as well as compliance with current governance requirements. Manage assessment timelines and milestones to ensure timely completion and reporting. Identify and document system and project disparities in the compliance of policies, governance, and industry controls and best practices into a tracking database. Develop a plan of action and milestones for each system to remediation all gaps. Present recommendations to the system owners from the security and risk testing using various delivery methods including meetings and Risk Determination Letters. Provide guidance to management and customers on how to mitigate risk to systems using current security trends and relevant external and internal risks. Mentor coworkers new to cybersecurity on the processes, procedures and nuances of navigating the cybersecurity field. Former IT cyber forensics lead responsible for conducting all HR requested investigations covering IT assets. Employ the proper chain of custody and formal investigation logging to fully document all actions in an investigation. Write the After-Action Reports and hold team out-briefs after the incident investigation was closed.
2014 : 2021
Portland General Electric
Cyber Security Analyst
Serve as the independent validation and verification security tester for Cover Oregon. Developed security test controls using NIST 800-53 controls and IRS 1075 standards. Evaluate the design and operating effectiveness of IT security controls, standards and procedures. Identify security control gaps and deficiencies, propose remediation strategies, and monitor timely resolution. Collaborate with IT process owners to test security controls, evaluate and make recommendations for strengthening the internal control environment. Develop recommendations and prepare technical and executive reports.
2013 : 2014
TekAssociates
Information Technology Auditor
Maintain FISMA standards for over 90 users throughout the Command. Oversee security posture and compliance of Army Intelligence Program of Record systems. Perform security audits to maintain system security posture and obtain theater level system accreditations. Make recommendations to management to improve system security posture, process improvements, system upgrades, and vulnerability remediation.
2011 : 2013
ManTech
Information Assurance Specialist
Company:
Cybersecurity and Infrastructure Security Agency
About
Over 19 years experience in cybersecurity. As the CISA Cybersecurity Advisor for the State of Oregon I provide support to critical infrastructure stakeholders to improve cybersecurity resilience. I actively engage with all 16 critical infrastructure sectors including education and houses of worship stakeholders throughout the State to provide cybersecurity support, education, and outreach.
Profile Photo
