Profiles search
Marina Rohnow
Sr. Cybersecurity Specialist at San Diego Gas & Electric
San Diego, CA, United States
Details
Experience:
• Provides security risk management and compliance support for electric utility North American Electric Reliability Corp (NERC) Critical Infrastructure Protection (CIP) systems and assets
• Evaluate and test security controls for High, Medium and Low Impact NERC CIP systems and responsible for implementing new Low Impact requirements
• Reviews architectural designs and network diagrams to ensure they meet IT security requirements
• Participates in security patch management, annual vulnerability security assessments, and creates mitigation plans for patch management and vulnerability assessments
• Contributes to NERC working groups to create industry guidelines for Supply Chain and Information Protection (Cloud) Encryption
• Cybersecurity and compliance SME for application development, company standards, policies and procedures
• Participated in WECC Audit and mock audit as an auditor
2016 : Present
San Diego Gas & Electric
Sr Cybersecurity Specialist
• Lead cybersecurity efforts to support Automated Digital Networking System (ADNS), ADNS Unmanned Carrier Aviator (UCA), ADNS Airborne and ADNS UCLASS
• System Accreditation Project Lead (cybersecurity) for operational support system (OSS) and network development
• Network and application development Cybersecurity SME for ADNS projects and obtained Interim Authority to Test (IATTs)
• Develop and maintain RMF accreditation documentation for system authorization to operate on Navy classified and unclassified environment; identify and document security controls, provided architecture designs, network diagrams, hardware/software lists, vulnerability assessments results, and POA&M
• Uses National Institute of Standards and Technology (NIST) SP 800 series, STIG and SRG to assess client’s system security posture
• Provides Cybersecurity documentation : policy, procedure, system documentation and standard operating procedures (SOP)
• Perform vulnerability assessments using vulnerability scanners (ACAS/Nessus), STIGs and SRGs for authority to operate (ATO) accreditation and created comprehensive vulnerability assessment reports with security recommendations to system engineers and stakeholders
• Evaluate client’s architecture design and security controls to provide security best practice recommendations
• Evaluated and researched vulnerabilities and provided remediation and mitigation strategies
• Configured client’s systems/assets to meet security requirements
• Conducted security assessments to validate security controls were properly implemented and operate as intended
2014 : 2016
Booz Allen Hamilton
Cybersecurity Engineer
• Cyber incident and event analysis, analyze audit trails, review and reconcile cyber security events
• Provide remediation and mitigation strategies for system compliance and POA&Ms
• Analyze system architectures to develop Certification Test and Evaluation (CT&E) plans for Certification & Accreditation (C&A) efforts
• Develop ST&E plans for assessment of systems in production and for preparation for regional Command Cyber Readiness Inspections (CCRI) audit
• Evaluated client’s architectural design, security controls, and provided security best practice recommendations
• Conducted monthly vulnerability assessments, analyze and research scan results for remediation of findings and mitigation/workaround strategies
• Develop policies and procedures for cybersecurity program
2013 : 2014
Phacil, Inc
Cyber Network Analyst
• Lead engineer for enterprise projects and solutions using Microsoft SQL Server and provided Certification and Accreditation (C&A) efforts from the design and development phases through the full DIACAP process
• Developed and implemented Certification Test and Evaluation (CT&E) plans to DoD standards (STIGs/DoD Instructions) for engineered projects and solutions
• Evaluated and updated system documentation for DIACAP accreditation
• Provide remediation and mitigation strategies for CT&E findings to enterprise POA&M(s)
• Cybersecurity SME for system and applications development
• Develop and update SOP to aid administrators in production
• Work with customer to identify, analyze and refine business requirements for functionality in a large enterprise environment
2013 : 2013
HP Enterprise Services
Technology Consultant
• Implemented security configurations to meet DoD requirements
• Supported information assurance (IA) and system engineers with identifying and troubleshooting the effects of STIG requirements and system hardening
• Executed vulnerability scans (Retina), analyze and research scan results for remediation of findings and mitigation strategies to maintain the security posture of the system
• System administrator for SPAWAR networks and applications : NIPR, SIPR and Remedy
• Tested and installed security patches to systems in development and production environments
• System backup and restore (VMWare), reviewed system logs and researched abnormalities; troubleshoot diverse IT issues
2012 : 2012
Serco/SPAWAR Old Town
SharePoint/System Administrator
• Evaluate and test security controls for High, Medium and Low Impact NERC CIP systems and responsible for implementing new Low Impact requirements
• Reviews architectural designs and network diagrams to ensure they meet IT security requirements
• Participates in security patch management, annual vulnerability security assessments, and creates mitigation plans for patch management and vulnerability assessments
• Contributes to NERC working groups to create industry guidelines for Supply Chain and Information Protection (Cloud) Encryption
• Cybersecurity and compliance SME for application development, company standards, policies and procedures
• Participated in WECC Audit and mock audit as an auditor
2016 : Present
San Diego Gas & Electric
Sr Cybersecurity Specialist
• Lead cybersecurity efforts to support Automated Digital Networking System (ADNS), ADNS Unmanned Carrier Aviator (UCA), ADNS Airborne and ADNS UCLASS
• System Accreditation Project Lead (cybersecurity) for operational support system (OSS) and network development
• Network and application development Cybersecurity SME for ADNS projects and obtained Interim Authority to Test (IATTs)
• Develop and maintain RMF accreditation documentation for system authorization to operate on Navy classified and unclassified environment; identify and document security controls, provided architecture designs, network diagrams, hardware/software lists, vulnerability assessments results, and POA&M
• Uses National Institute of Standards and Technology (NIST) SP 800 series, STIG and SRG to assess client’s system security posture
• Provides Cybersecurity documentation : policy, procedure, system documentation and standard operating procedures (SOP)
• Perform vulnerability assessments using vulnerability scanners (ACAS/Nessus), STIGs and SRGs for authority to operate (ATO) accreditation and created comprehensive vulnerability assessment reports with security recommendations to system engineers and stakeholders
• Evaluate client’s architecture design and security controls to provide security best practice recommendations
• Evaluated and researched vulnerabilities and provided remediation and mitigation strategies
• Configured client’s systems/assets to meet security requirements
• Conducted security assessments to validate security controls were properly implemented and operate as intended
2014 : 2016
Booz Allen Hamilton
Cybersecurity Engineer
• Cyber incident and event analysis, analyze audit trails, review and reconcile cyber security events
• Provide remediation and mitigation strategies for system compliance and POA&Ms
• Analyze system architectures to develop Certification Test and Evaluation (CT&E) plans for Certification & Accreditation (C&A) efforts
• Develop ST&E plans for assessment of systems in production and for preparation for regional Command Cyber Readiness Inspections (CCRI) audit
• Evaluated client’s architectural design, security controls, and provided security best practice recommendations
• Conducted monthly vulnerability assessments, analyze and research scan results for remediation of findings and mitigation/workaround strategies
• Develop policies and procedures for cybersecurity program
2013 : 2014
Phacil, Inc
Cyber Network Analyst
• Lead engineer for enterprise projects and solutions using Microsoft SQL Server and provided Certification and Accreditation (C&A) efforts from the design and development phases through the full DIACAP process
• Developed and implemented Certification Test and Evaluation (CT&E) plans to DoD standards (STIGs/DoD Instructions) for engineered projects and solutions
• Evaluated and updated system documentation for DIACAP accreditation
• Provide remediation and mitigation strategies for CT&E findings to enterprise POA&M(s)
• Cybersecurity SME for system and applications development
• Develop and update SOP to aid administrators in production
• Work with customer to identify, analyze and refine business requirements for functionality in a large enterprise environment
2013 : 2013
HP Enterprise Services
Technology Consultant
• Implemented security configurations to meet DoD requirements
• Supported information assurance (IA) and system engineers with identifying and troubleshooting the effects of STIG requirements and system hardening
• Executed vulnerability scans (Retina), analyze and research scan results for remediation of findings and mitigation strategies to maintain the security posture of the system
• System administrator for SPAWAR networks and applications : NIPR, SIPR and Remedy
• Tested and installed security patches to systems in development and production environments
• System backup and restore (VMWare), reviewed system logs and researched abnormalities; troubleshoot diverse IT issues
2012 : 2012
Serco/SPAWAR Old Town
SharePoint/System Administrator
Company:
San Diego Gas & Electric
Profile Photo
