Cyber Security SME
Resume:
Jonallen Riggins
Sr. Cyber Security Consultant / Analyst. Project Manager
https://www.linkedin.com/in/jonallen
acq2u0@r.postjobfree.com, +253-**-***-***
Years of Experience: 14+
Clearance: Top Secret / Q / SSBI Investigation
Education:
The George Washington University - MA
Maryland Institute College of Art - MFA
San Francisco Art Institute - BFA
Technical Education/Professional Affiliations:
ISACA
ISC2
SANS Institute
Certifications:
CISSP – 2011 Member # 329394
GSLC – 2012, Member #1765849
DSS FSO - 2005
NSA Assessment Methodology – 2004
DISA VMS – 2004
Currently Seeking SEIM and ITIL Certification
Summary of Qualifications
Security Control Assessment and Information System Audits
Project Management
Security Policy Assessment, Revision and Development
Information Assurance / Accreditation and Authorization / Information Security
Risk Management and Risk Assessment
Vulnerability Scan Analysis
Resource Management, Training and Team Leadership
Excellent verbal and written communication
Client Relationship development and Management
Collaboration and Creative Problem Solving
Relevant Experience
03/15 – Present SRA, International
Industry: Cyber Security Analyst Military/Government
In support of the 5th Signal Command USAFRICOM, I provide project management support and guidance for all Systems that fall under the DoD Cyber Security Reciprocity guidance, and have been identified as being connected to the USAFRICON Network, but lack the proper authorization to maintain a connection. My primary duties include verification of all POC information, reviewing any previous Approval to Connect (ATC) documentation, Network Architecture diagrams and Hardware/Software inventories, if available to ensure that no previously unidentified threat or vulnerability is present. Upon completion of all reviews, a recommendation is made to the USAFRICOM ISEC team to either escalate the POR for the ATC or to deny the request for an ATC, until such a time that all weaknesses have been addressed, and the risk level for the connection is reduced to an acceptable level.
11/13 – 02/15 Blue Canopy Group
Sr. Consultant Industry: Government
Support The Center for Medicare and Medicaid Services (CMS) performing Security Control Assessments and independent third party Audits of information systems associated with the Affordable Health Care Act. Ensure all systems, vendors and locations are implementing CMS policies and standards and have sufficient internal guidelines and processes in place, per contractual requirements. Review systems and organizational documentation and oversee technical application testing, including penetration testing and compliance scanning of network components. Provide guidance in the form of SCA Test Plan development, Audit Finding Reports, SCA Report and recommended mitigations for weaknesses related to technical, operational and managerial security control weaknesses.
06/13 – 11/13
Sr. Information Security Analyst Industry: Government
Supported a small project as an independent consultant providing Certification and Accreditation (C&A) services. Reviewed and modified System Security Plans, developed System Assessment Plans and Report’s, Plans of Action and Milestones, based on reviews of network and vulnerability scans from Nessus, Scuba and Burp Suite IA tools. Developed Accreditation Memo’s and presented all documentation to the client. All reviews based on the NIST 800-53A rev 4 and supporting documents. Prepared a Risk Management Framework training course for ISSOs and other agency personnel with system security responsibilities.
09/2012 – 06/2013 Internetworking Consulting Services, Department of State
Sr. Cyber Security Policy Analyst Industry: Government
Provided Cyber Security Policy and security assessment support for Department of State Office of Diplomatic Security (DOSDS) and the Embassies and Consulates around the world supported by Diplomatic Security. Reviewed and updated DoS Cyber Security policies based on applicable government regulations and guidelines and agency guidelines. Disseminated policy updates to embassies and consulates representatives via internal policy cables. Identified and revised internal procedures and process based on new guidance. Reviewed security policy exception request and prepared written responses based on federal policy guidelines, Diplomatic Security policies, and the identified technical, human intelligence threat rating for the location. Participated on behalf of Diplomatic Security in the Committee on National Security Systems performing NSS policy reviews.
11/2011 – 08/2012 Evoke Research and Consulting, NNSA
Security Policy Analyst Industry: Government and Nuclear
Supported the Office of the Chief Information Officer for the National Nuclear Security Administration (NNSA) and NNSA field sites and labs with the creation and modification of information technology and information system security policies, standards and operating procedures. Developed and refined cyber security policy according to organizational business objectives and goals. Translated cyber security goals into functional directives that could be applied across the enterprise. Performed assessments to identify policies and standards that required modifications to reduce negative impact to the agency and field sites. Drafted guidance statements from the CIO’s office based on NEI 08/09, NIST 800-53 and DCIDS 6/9. Supported National Nuclear Security Administration / Department of Energy Site Assistance Visit (SAV) teams with re-visit preparations, including critical systems data and documentation evaluations, identification of required cyber security control risk and weaknesses, assessment of POA&M and mitigation activities and the development of assessment questionnaires to be completed by each locations Information System Security Officer and Business Owners.
05/2008 – 11/2011 NetStar-1/IT Solutions, Dept. of Labor & JTF Cap Med
Security Analyst Industry: Government and Military
Provided Certification and Accreditation (C&A) support for US Department of Labor Office of the Assistant Secretary for Administration and Management (OASAM). Using CSAM, performed C&A activities, as a security analyst, on major and minor IT initiatives. Provided system security support to system owners during the annual review of system security control implementation as well as during the design and development of new IT initiatives. Performed in-depth security reviews, such as the NIST 800-53 Security Test and Evaluation and Risk Assessments. Wrote System Security Plans and POAMS and prepared complete system security documentation packages using the CSAM C&A tool. Assisted the development of DOL IT security procedural guidelines, regarding performing system assessments.
Functioned as the A-123 Review and FISMA Audit liaison, ensuring all requested documentation, interviews and test were performed according the agreed upon scope. Tracked the status of previous year’s findings and new findings to ensure all items were accounted for and documented. Managed DOLs annual security awareness training requirements and tracked status of over 1500 users through several different internal offices for compliance with the annual training requirement.
Provided Certification and Accreditation (C&A) support for the Joint Task Force Cap Med, during the transition of major medical systems from Walter Reed Army Hospital to the National Institute of Health. Conducted kick off meetings with system representatives to ensure all C&A requirements were aligned and in place prior to the system
being moved to the new environment. Reviewed systems security documentation and provided clarification on system requirements based on the MAC and Confidentiality levels for each system.
Note: NetStar-1 was purchased by IT Solutions
06/2007-04/2008 Knight Point Systems, CBP
IA / Security Specialist Industry: Government
Provided information system security support to the US Customs and Boarder Protection Agency at the National Data Center. Conducted C&A activities on the systems related to Continuous Business Processing in support of Business Continuity, Planning and Recovery of COTS applications and systems using NIST 800-34 rev 1 as guidance. Vetted mission critical systems security documentation in preparation for recovery test and exercises to be performed at the John C. Stennis Data Center. Identified and resolved policy and procedural issues between physical and information technology security to control physical access to the raised floor area of the data center. Implemented access control procedures supported by physical access personnel and resources. Maintained and updated security control files, tracking significant changes and revisions to DHS/CBP directive.
11/2004-06/2007 Predicate Logic, Dept. of the Navy, PMW 425
IA Security Specialist Industry: Government/Military
Performed Certification and Accreditation (C&A) on Major Applications for the United States Navy. Involved in Integrated Program Team meetings to help design secured systems. Identified high vulnerabilities on mission critical systems using the DISA Gold Disk and recommended mitigations including implementation of applicable STIGS and compensating controls. Reviewed SCT&E results and provided recommendations to developers and system reps. Researched IA enabled products such as Firewalls, Guards, and Cross Domain Solutions and identified those there were in compliance with DoD and Navy IT security requirements.
12/2003 – 11/2004 Lockheed Martin, Office of the Assistant Secretary for Reserve Affairs
Security Analyst Industry: Government/Military
Performed Certification and Accreditation on Major Applications and General Support Systems using DITSCAP and the Army AR’s as guidelines. Delivered Security Plan, Risk Assessment, Security Test and Evaluation, Security Features Users Guide, and Plan of Action and Milestones. Analyzed systems for security vulnerabilities and provided mitigating solutions.
02/2002-11/2003 Information Management Group, US Army
Information Assurance Instructor Industry: Government/Military
Responsible for providing Information Assurance and DITSCAP training to Army personnel. Developed knowledge and understanding of IA concepts and Army regulations and policies, specifically AR25-2, AR 380-67 and AR380-19. Conducted IA concept and process training for active duty personnel using systems that were prepared for assessment.
10/1999 -01/2002 SAIC, Reserve Component Automation System
Technical Trainer Industry: Government and Military
Provided technical training to Army Reserve and National Guard Unit personnel on the Reserve Component Automation System (RCAS). Responsible for the development of course metrics and assessment criteria and required to participate in unit movement exercises and courses at Fort McCoy Wisconsin.
Contact this candidate