Sajjad M.

Details

About

• Over 11 years of experience in managing/directing NIST based security testing across various Federal agencies

• SA&A Management experience managing teams of security controls assessors in order to obtain Authority to Operate (ATO) for Federal systems

• Over 4 years of experience with FedRAMP (obtaining ATO & Continuous Monitoring)

• Experienced with NIST Special Publication 800-53Rev4, SP 800-37, and 800-60

• Experience with NIST 800-53 based security testing of Windows (XP, 2003, & 2008), Mainframes (RACF, ACF2, Top Secret), Unix/Linux, Oracle/SQL Databases, and Cisco Routing devices

• Experienced with all facets of the Risk Management Framework (RMF) to include, but not limited to, security categorization (based on FIPS-199), continuous monitoring (vulnerability scans & POA&M Management), to developing policies and procedures such as Contingency Plan, Incident Response Plans, System Security Plans, etc.

• Experienced in Governance and Risk Compliance (GRC) as it pertains to security control implementation, continuous monitoring, and all facets of the Assessment & Authorization process

• In-depth experience with using CSAM to carry out A&A activities both as an ISSO and a Security Controls Assessor

• Strong multitasking and problem-solving capabilities

• Self-starter and team-oriented player

• Highly organized individual with strong communication skills, both written and oral

• Currently hold an active DoD Secret Clearance

• Attained CISSP Certification on 7/1/2014 (in good standing)

• Attained Security + Certification on 10/31/2009

• Language proficiency in English, Urdu, Punjabi