Information Security Issues Management
Resume:
David A. Abdo Resume
703-***-**** November *, ***3
OBJECTIVE: Continue my professional career in Security Governance and Risk, Fraud Investigations, and Information/Cyber Security disciplines. Continue to provide my expertise to Government and Commercial entities in obtaining CMMC, FedRAMP and system certifications and authorizations. I am an expert in many much-needed cybersecurity and compliance skills required by organizations and businesses today. I have personally conducted hundreds of Risk Assessments throughout my career. I am currently a licensed and bonded Compliance Officer and Private Investigator for the Department of Criminal Justice Services (DCJS) in Virginia. PROFESSIONAL EXPERIENCE:
05/09/2022 to
November 2023 Contractor Analyst, Security Information Security Issues Management professional for NFCU.
• Worked in the Security Risk and Governance Section o Investigated Internal Fraud activities.
o Developed and reviewed Suspicious Activity Reports (SAR) o Security Analyst in Information Security Issues Management (SIM)
• Expert in the NFCU Logic Manager Platform
• Aided business units in understanding security issues management.
• Conducted annual cybersecurity evaluations, reviewed the evaluation results with staff, and report on performance.
• Conduct periodic risk assessments of information assets as part of a risk management program.
• Implement policies and procedures based on risk assessments to secure information assets.
• Establish a security management structure to assign explicit individual roles, responsibilities, authority, and accountability.
• Developed remediation and action plans.
10/01/2020 to
5/01/2022 Created a new start-up company (Cavalier Security Services, LLC) to provide cyber- security and compliance consulting services to Government and Commercial Clients.
• Provided Security Manager services to MW industries to prepare them and their over 100- Government supply line contractor/vendors in preparation for CMMC certification.
• Provided various consulting tasks on behalf of 3 GC Pandoblox, LLC a Los Angeles, CA based company to include:
o Cybersecurity Program Risk Assessments
o Policy and Procedure Reviews
o Incident Response
o Virtual Chief Information Security Officer (CISO) o Customer Security Training
o Risk Analysis
1993 to CEO
9/30/2020 Missing Link Communications, LLC. 13241 Woodland Park Road Suite 500 Herndon, VA 20171.
• Driven by entrepreneurial spirit, established and manages Missing Link Communications, LLC, a Service-Disabled Veteran Owned Small Business
(SDVOSB)
• Operational Risk Management Framework (RMF) – Performs Operational Risk assessments to determine the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events, and includes Legal and Reputational Risk.
• Expert in CMMC Framework preparation and obtaining certification.
• Expert in FedRAMP certifications and creating a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
• Performs Risk Analysis, Risk Management, Vulnerability Assessments, Security Posture Evaluations, and Security Assessments & Authorization SA&A.
• Develops Security Plans, Disaster Recovery Plans, and writes Security Policy and Procedures for Government and Commercial customers.
• Performs System and Facility Certification & Accreditation (C&A) activities utilizing DCID 6/3, DITSCAP, DIACAP, NIACAP and NIST Guidelines
• Physical Security Expert – Certifies and Accredits Data Centers, Special Compartmented Information Facilities (SCIFs), and other “Information Facilities.”
• Develops Trusted Facility Manuals (TFM), Security Features Users Guides, (SFUG), Test Plans, and other documentation in support of C&A and SA&A activities.
• Conducts Security Awareness training, Risk Management and “How to Write” Security Policy Seminars for Government and Commercial clients. Served as the company Facility Security Officer (FSO) from 1999 to 2018 where I managed, administered and coordinated the DOD and the industrial security program to ensure compliance with government and company security policies and procedures. Processed and reviewed personnel security clearances and maintained all security documentation, files, and clearance and suitability rosters in accordance with government requirements. Many years of experience utilizing the NISPOM and other Industrial security requirements for DOD and other Federal agencies.
• Built two SCIF’s, certified/accredited, and maintained accreditation on both facilities.
• Managed and maintained the company Facility Clearance (FCL) in accordance with DSS requirements.
• Managed and developed annual refresher training to include preparing necessary documentation in support of the DSS audits.
• JPAS and DISS (Replaced JPAS)
• Scattered Castles Personnel Security Database for Intelligence Community (IC) Additional
Experience Principal Computer Security Analyst and Certification Team Lead at the Federal Bureau of Investigation working on a Sub-contract to Missing Link
(December 2001 – 2009)
As Team Lead of 9 contractors and 1-Government employee on the New Systems Certification Unit
(NSCU), provided Information Security Services and Assistance in support of the Federal Bureau of Investigation (FBI), on-site at the JEH Building, Washington, D.C., and Quantico VA to include:
• Providing secure investigative information systems that directly support the FBI's mission with new technologies to assist investigations and prepare for litigation, where the integrity, availability and security of the information is essential.
• Conduct Certification and Accreditation (C&A) evaluations; apply DCID 6/3, DITSCAP and NIACAP standards to computer systems and provide information security support to the FBI as required.
• Security Certification Officer (SCO) for the first eight deployments of the Joint Terrorism Task Force (JTTF) Information Sharing Initiative (ISI) offering the first ever information sharing effort of its kind for the bureau providing information output to investigators and analysts in key JTTF locations around the country. The key to success for this data warehouse project was balancing the compliance with federal, state, and local laws, rules, and protocols with respect to privacy, security, and integrity of the data contained within the warehouse.
Senior INFOSEC Analyst and Consultant for Cameron Consulting Group, (CCG) McLean VA
As Program Manager, provided Information Security Services and Assistance in support of CCG for the Defense Security Service (DSS).
Senior INFOSEC Analyst & Consultant for DCS Corporation Alexandria, VA Provide guidance and direction to certify and accredit (C&A) existing and proposed Data Centers
(Systems and Facilities) for DCS’s customers meeting the criteria defined in the DITSCAP and User Agency regulations. The evaluations included recommendations for what may have to be done and how long it will take to meet the criteria set up for NIST/NSA conformance for a data center.
Senior INFOSEC Analyst and Consultant for Integrated Technologies, Inc (ITEQ) Silver Spring MD
Provided Information Security Services and Assistance in support of ITEQ for the Defense Information Systems Agency (DISA) Project Eagle Security Transition task to include: Senior INFOSEC Analyst and Consultant for Information Technology Management, Inc (ITM) Alexandria, VA
Provided Information Security Services and Assistance in support of ITM for the Health Resources Services Administration (HRSA), Health and Human Services (HHS) and the Ricky Ray Program to Include:
Senior INFOSEC Analyst and Consultant for Fannie Mae Corporate Headquarters, Washington, DC
Provided Information Security Services and Assistance to Fannie Mae Corporate Information Security Management Office to Include Risk Assessments and Physical Security Inspections of Fannie Mae Critical Applications and key Fannie Mae Business Offices. Senior INFOSEC Analyst and Consultant for Emerson Electric CO. Corporate Division, St. Louis
Prepared Emerson Electric's Corporate Internet and E-Commerce Policies for use by all offices worldwide.
Senior INFOSEC Analyst and Consultant for Logicon Inc., a Northrop Grumman Company
Conducted a vendor Multi-Level Security (MLS) Capability Analysis that included an independent assessment of how the DOD and U.S. Government view multiple vendors MLS capabilities and or plans.
Senior INFOSEC Analyst and Consultant for Corbett Technologies Inc Performed on-site Security Test and Evaluation (ST&E) of the Environmental Protection Agency
(EPA), Washington Information Center (WIC).
Senior INFOSEC Analyst and Consultant for TROY Systems, Inc Program Manager for all INFOSEC Projects in support of the Nuclear Regulatory Commission
(NRC)
Senior INFOSEC Analyst and Consultant for General Research Corporation International, Inc. (GRCI)
Performed on-site Certification & Accreditation activities to include Performing Risk Analysis, Developing Security Test & Evaluation Documentation and System Test Plans for Blue Cross Blue Shield of South Carolina (BCBSSC). 1996 to INFORMATION SECURITY AND RISK MANAGEMENT CONSULTANT 1997 Norman Data Defense Systems, Inc.
Performed multiple on-site Risk Analysis providing clients with Vulnerability Assessments, Risk Management, Security Plans, Disaster Recovery Plans, System and Facility Accreditation, Security Policy and Procedures.
1995 to SECURITY CONSULTANT - EDS CORPORATION
1996
• Performed Certification & Accreditation activities to include Performing Risk Analysis, developing Security Plans, System Test Plans and Evaluation Reports, Trusted Facility Manuals (TFM), and Security Features User Guides (SFUG).
• Developed and conducted formal Security Awareness Training program for EDS and contractor personnel.
• Selected to be member of Technical Consulting Team (TCT) for Corporate EDS. 1993 to AIS SECURITY ANALYST AND COMMUNICATIONS SPECIALIST 1995 Data Systems Analysts (DSA)
• Created Local Area Network (LAN) and Wide Area Network (WAN) contingency plans, and system security plans for B2 and C2 Accreditation.
• Performed risk analysis surveys to provide disaster recovery alternatives for DOD LAN and WAN Network Managers.
1989 to COMMUNICATIONS AND SECURITY MANAGER
1993 Office of the Asst. Secretary of the Air Force, Pentagon, Wash DC
• Managed a worldwide secure communications system in support of high priority, national level, and Special Access Required (SAR) projects.
• Directed operational commands in project implementation, user training, and logistics and communications systems maintenance.
• Managed an annual communications budget of $3 million.
• COMSEC Responsible Officer (CRO) for a worldwide account with over 2200-line items. Reutilized "Program" assets by transferring Top Secret Cryptographic equipment, saving over $1.2 million in communications funds.
• SCI Facility manager for “Special Projects” community. Responsible for the renovation of Pentagon SCIFs and "Program" SCIFs throughout the country. EDUCATION: Master of Science Degree - Computer Information Systems LaSalle University
CLEARANCE: Top Secret, SCI Access, December 2019
Contact this candidate