Sidney Spunt, CISSP, CSM
Details
Math, Science
Randallstown Senior High School
1975 : 1977
National Government Services
Information Security Sr. Advisor
Provides risk management and continuous monitoring and process improvement for the Center for Medicare and Medicaid Services (CMS) Enterprise Identity Management (EIDM) Information System (IS). EIDM is a large identity management system that provides the means for more than 450,000 users needing access to CMS applications to identify themselves, apply for and receive credentials in the form of a single factor authentication User Identifier (User ID), Password and/or Multi-Factor Authentication (MFA), and apply for and receive approval to access over fifty (50) applications. EIDM manages the lifecycle of User IDs, passwords and the supporting data collected from the user, from issuance to archive. The Identity Management (IDM) FISMA system is the cloud-based modernization of the EIDM IS.
2017 :
C-HIT
Sr. Information Security Specialist
Provides risk management and continuous monitoring and process improvement for the Center for Medicare and Medicaid Services (CMS) Enterprise Identity Management (EIDM) Information System (IS). EIDM is a large identity management system that provides the means for more than 450,000 users needing access to CMS applications to identify themselves, apply for and receive credentials in the form of a single factor authentication User Identifier (User ID), Password and/or Multi-Factor Authentication (MFA), and apply for and receive approval to access over fifty (50) applications. EIDM manages the lifecycle of User IDs, passwords and the supporting data collected from the user, from issuance to archive.
Control Account Manager (CAM) for the EIDM Security Team providing budget and task scheduling oversight. Reduced cost variances while keeping the Security Team on schedule.
Collaborates with the Chief Architect and the Business Analysts to plan and design security into the EIDM technical solution to enhance system security and reduce the number of security defects by 80%
Using the CMS FISMA Controls Tracking System (CFACTS) 2.0, maintains the Authority to Operate (ATO). Responsible for the successful renewal of the ATO with no findings.
Leads the analysis, development and maintenance of the System Security Plan (SSP), Contingence Plan (CP), Information System Risk Assessment (ISRA), Privacy Impact Assessment (PIA) and other security documents,
Works with infrastructure and datacenter personnel to document, evaluate, and coordinate mitigation activities for vulnerabilities from third-party testing.
Manages the Security Controls Assessments (SCA), Risk and Vulnerability Assessment (RVA) and Annual Attestation for the EIDM FISMA system.
2014 : 2017
QSSI
Sr. Information Security Specialist
Provided security planning, assessment, risk analysis, and maintenance of the Authority to Operate (ATO) for several FISMA applications for the Healthcare Quality Information System (HCQIS) contract for the Center for Medicare and Medicaid Services (CMS); led six member IT Security Compliance Team responsible for 15 major CMS systems; evaluated and documented all FISMA controls and weaknesses based on the CMS Acceptable Risk Standards (ARS) and NIST guidelines; conducted weekly status meeting with ISSO and managers to include progress and status dashboards.
Conducted annual and periodic Security Controls Assessments (SCA) resulting in no unresolved high findings allowing the systems to continue operation
Prepared documentation, coordinated testing activities, completed CMS FISMA Controls Tracking System (CFACTS) resulting in 100% renewal and new ATOs
Documented and mitigated risks and findings in coordination with Engineering teams
Reduced by 75% the open Plans of Actions and Milestones (POA&M) for three FISMA systems
Completed annual attestation of all CMS HCQIS FISMA systems in advance of deadlines
2012 : 2014
General Dynamics Information Technology
Sr. Security Analyst
Performed acceptance testing for an Identity Access Management (IAM) system; completed C&A tests for several FISMA systems, including the network infrastructure at Social Security Administration (SSA) and Energetics/VSE.
Designed and executed functional validation test scripts for new IAM systems (RCM TEC, ARAS, PCAR) using the CA Role Compliance Monitoring application for the SSA
Performed annual FISMA C&A testing of stand-a-alone and network systems, including the network infrastructure resulting in renewal of each system ATO
Performed C&A testing of Energetics/VSE Department of Energy test environment, new web-based data collection system for the Department of Energy resulting in ATO
2011 : 2012
G & B Solutions, Inc.
System Security Engineer
Skills
C&A, CISSP, Computer Security, EMS, Firefighting, Firewalls, Identity Management, IDS, Information Assurance, Information Security, Integration, Linux, Network Security, Paramedic, Penetration Testing, Project Management, Rescue, SDLC, Security, Software Documentation, Sybase, System Administration, System Testing, Vulnerability Assessment, Vulnerability Management, Windows
About
Over twenty-five years experience as Systems Security Analyst, Integration and Test Engineer, Systems Deployment, UNIX and Windows System Administration, Database Administration, Life Cycle Support, and Software Design and Development. Credentialed as a Certified Information Systems Security Professional (CISSP). Provided security planning, assessment, risk analysis, and maintenance of ATOs for several FISMA systems for Center for Medicare and Medicaid Services (CMS), Social Security Administration (SSA) and Energetics. Led six person IT Security Compliance Team responsible for 15 major applications. Evaluated and documented all FISMA controls and weaknesses based on the CMS Acceptable Risk Standards (ARS) and NIST guidelines. Performed acceptance testing for an Identity Access Management (IAM) system for SSA.
Specialties: CISSP, Information Assurance, Certification and Accreditation, System Integration, System Test, Documentation, Linux, Windows, Sybase, System Administration
Profile Photo
