Security Management
Resume:
Nancy Herbert
Leawood, KS *6209
abjr7i@r.postjobfree.com
913-***-**** (Home)
913-***-**** (Mobile)
Professional Profile
Highlights
Experience
and Commercial
Writing
Extensive C&A
Background
Extensive Proposal
Writing
CISSP Proficiency
Training
Top Secret Clearance
- DoD
Ms. Herbert is a Senior Computer Systems Security Specialist, and has
served the information technology industry for over twenty years. She has
performed security services for several consulting firms including risk
analysis, vulnerability identifications, writing policy, procedures, user
and system manuals, specialized research papers and performed Phase I and
Phase II Certification and Accreditation (C&A), requests for proposal and
grant writing. Ms. Herbert provides analytical, research, and technical
support to projects including recommended solutions and supporting
documentation. She also provides project management services including
developing project initiatives, tasks and schedules. She has completed
proficiency training for Certified Information Systems Security
Professional (CISSP) certification. She is a certified technical writer and
has participated in writing request for proposals (RFPs) for many
government agencies.
Employment
Consultant 2010-Present
Ms. Herbert provides IT consulting services for the IT industry. She
recently completed A-123 security control testing for the United States
Department of Agriculture (USDA). She is currently writing documentation
for a Customer Rights Management (CRM) company and working on several
specialized projects throughout the United States.
The Newberry Group, Inc. 2006 - 2010
Senior Computer Systems Security Specialist
Ms. Herbert provided C&A services including Phase I and Phase II. Managed
projects for the Newberry contractors for the USDA Office of the Chief
Information Officer (OCIO), Cyber Security (CS) for the Cyber Security
Assessment and Management System (CSAM) software application and provided
other security governance services for about two years. CSAM is a software
application that is designed to be utilized as a central repository for C&A
including security control assessments, and other significant A-123 and
Federal Information Security Management Act (FISMA) requirements.
Responsibilities included managing projects for the CSAM help desk
personnel requiring a thorough understanding of United States laws,
authorities, and guidance regarding all aspects of C&A. This requires a
thorough understanding of department and agency C&A policies, procedures
and processes, a thorough understanding of assessing risk and risk
mitigations specific to departmental and agency systems, and a thorough
understanding of compliance requirements from the Office of the Inspector
General (OIG). Ms. Herbert provided security-specific research analysis,
reviewed and analyzed large amount of information for management. Ms.
Herbert also provided RFP writing including development, draft, and
revision of contract language, research, analysis, interviews, rewrites,
project scope including objectives, individual activities, organizational
methodologies, risks, constraints, and assumptions. She was responsible for
language continuity including clarity of text and graphics for thought,
continuity, applicability, and readability.
Ms. Herbert spent approximately five years working as a contractor for the
USDA OCIO, National Information Technology Center (NITC) and Information
Technology Services (ITS), in the governance security areas, including:
Policy, Procedures, Standards, C&A, Compliance Monitoring and Security
Awareness and Training.
. Provided project management, scheduling and tasks for Security
Practice initiatives.
. Provided governance metrics using CMMI Level III processes including
recommendations for account-level service improvements.
. Designed, developed and implemented customer satisfaction surveys,
communication plans including results analysis and recommendations.
. Reviewed, analyzed, and executed CMMI Level III account and project
integration processes processes.
. Provided risk analysis, vulnerability identification, and other C&A
requirements.
. Provided policy and procedures development and design.
. Provided analytics, research and technical support to projects.
. Designed, developed and implemented SharePoint document management
system.
. Provided input to several RFPs.
Senior Information Security Specialist
Ms. Herbert provided compliance assistance to the USDA Branch Chief, Cyber
Security (CS), Information Security Division (ISD).
. Responsible for coordinating with all levels of CS and agency
management for their CSAM C&A efforts including C&A document process
and procedures and inventory reconciliation.
. Team lead for compliance training for information security systems
program managers (ISSPMs) and information technology security
specialists for approximately 25 agencies.
. Team lead for the USDA inventory reconciliation program.
. Worked with senior management to define and implement C&A processes
and procedures and standard operating procedures.
. Assisted CS management with FISMA reporting.
. Assisted some of the agencies in providing information to assist
mitigating their internal security control deficiencies.
At NITC and ITS, Ms. Herbert provided C&A and other governance services.
Additionally, as a member of the core C&A team, led various system risk
assessment and C&A teams.
. Provided Phase I activities for all NITC systems.
. Developed, designed, and implemented Security Awareness and Training
Program.
. Responsible for ensuring that best practice methods and processes are
utilized, meeting all Federal laws and regulatory requirements,
including FISMA, NIST guidance and HIPPA.
. Provided audit responses for IT audits. Member of the Internal Control
development team for NITC.
. Managed over 30 government contractors working in various areas of IT
and IT security.
. Developed, updated, and wrote directives, system security plans and
others C&A documents.
. Performed security reviews and self-assessments for C&A.
. Participated in the redesign the NITC's internal C&A process.
. Performed security reviews for OCIO-CS and NITC for Configuration
Management Plans, System Security Plans, Risk Assessments, Trusted
Facilities Manuals, Security Features User Guide, Privacy Impact
Assessments and Security Control Compliance Matrix documents.
. Assisted the NITC security staff in conducting the NIST SP 800-26 and
NIST SP 800-53Self-Assessments and NIST 800-53 with the NITC system
owners using the OCIO ASSERT and CSAM self-assessment tools.
. Provided research and analytics for security issues and requirements.
. Designed, developed and implemented a SharePoint document management
system.
. Completed client-approved CISSP Proficiency Certification Program at
Peirce University.
L-3 Communications - Titan and SAIC and Tek Systems 2003 - 2006
Project Principal Technical Writer for USDA OCIO Information Technology
Services (ITS)
Wrote and software manuals for an internally designed software product
including the Representative Link Manager (RLM) User Guide, RLM
Administrative Manual, RLM Representation-Roles Manager's Guide and RLM
System Manual. Designed, developed and implemented a Security Awareness and
Training Access database and participated on the core Policy Development
team.
. Wrote policy research documents from applicable authorities including
FISMA and NIST Special Publications (SP) 800 series authorities.
. Assisted the developer with the user interface and database design.
. Assisted developer and ITS management with usability testing.
. Collaborated with client to identify, research, plan, coordinate, and
write the Risk Management Plan, the Risk Mitigation Plan, the Security
Awareness and Training Program Plan and the Security Awareness and
Training Assessment.
. Designed C&A templates and checklists including plan and manual design
for Security Plans, Risk Assessments, Risk Mitigation Plans, Security
Training and Awareness Program Plan, Security Awareness and Training
Assessment, Security Features Users Guide, Security Controls
Compliance Matrix, Privacy Impact Analysis, and Procedure Manual
template and template instruction guide.
. Developed multi-user relational database for Security Training
Awareness Assessments.
. Compiled and analyzed assessment data and wrote the Security Awareness
and Training Assessment Program Plan and Assessment.
. Performed requirements analysis for converting product to a web-based
system.
. Developed Document Control numbering schema, wrote OCIO-ITS Security
Template Guide, designed the Procedure Manual templates, and
collaborated with client in initiating processes to enhance overall
documentation operations.
. Collaborated with Disaster Recovery (DR) Specialist and analyzed the
Strohl's System Software (LDRPS) Disaster Recovery data requirements
and led requirements meetings with team members. Worked with DR
management and agencies to implement an automated procedure for
uploading information into LDRPS.
. Managed deadlines for product deliverables projects using Microsoft
Project.
. Developed technical solutions to address business requirements, e.g.
wrote a VBA export program to automatically export compiled data to
Excel and to run the appropriate analysis in Excel and to populate the
appropriate Word document.
. Provided leadership through the training, tasking, and monitoring of
the new technical writer in collaboration with the client.
. Completed client-approved Technical Writing Certification Program at
the California State University. Completed the following classes:
Project Planning and Research, Usability Research and Testing class,
and Advanced Technical Writing and Editing.
DLR Group 2001 - 2003
Technical Publications Coordinator
. Responsible for collecting, organizing, creating, project scheduling,
and producing project-specific proposals, manuals, addenda and other
related documentation collaborating with architects, engineers,
landscape designers, partners, vendors and other personnel for
projects such as the Kansas Speedway, Lee's Summit High Schools and
St. Teresa's High School.
. Through effective project management, increased documentation billable
hours from 32% to 93%.
. Designed and developed first corporate-sponsored electronic e-book.
. Managed each project with staff of three documentation assistants.
. Assisted to develop an online bid-release system.
. Designed, developed, implemented and documented a Specification Change
Control multi-user relational database.
. Designed architectural specification quality control internal user
processes and procedures documentation.
Presider Consulting Services 1998 - 2001
Owner/Consultant
More than 15 years as a part owner in a software company. Project lead for
design teams, developed and implemented client/server relational database
systems including requirement analysis, database design, project proposals,
technical documentation, and performing market and demographic research.
Performed a variety of services for several healthcare non-for-profit
agencies and commercial businesses located in the Kansas City Metropolitan
area:
. Multiple Agency Client Intake collaborative projects: Managed,
designed, developed and implemented multi-user relational database
system including writing all related documentation. Project lead in
working with agency collaborative with Truman Medical Center to share
patient information to improve the healthcare of the city's poorer
people.
. Wrote all related HIPPA privacy policies (prior to HIPPA's full
implementation) for project agencies.
. Designed, developed and implemented client/server software solutions
to include: Volunteer Tracking System, Instance Handling Tracking
System and Direct Mail Donation Accounting tracking system. Each
product included a fully programmed analysis and reporting system.
Wrote and made presentations to the funding community successfully
funding the project. Negotiated with vendors and purchased computer
server and hardware for 22 seat office. Hired and managed network
installation.
. Responsible for all Y2K initiatives for agencies and trained leaders
in ten other non-for-profit agencies in cost effective Y2K preparation
techniques.
. Performed comprehensive research for technological grants for non-for-
profit agencies and made presentation to trust fund advisors,
resulting in raising approximately $400,000 for these collaborative
efforts.
. Re-engineered an existing Federal Electrical Outage Reporting system
in Visual Basic for Applications for major utility company including
writing user and system documentation. Provided data conversion
routines and data cleansing. Managed project and made formal
presentation to Transmission Services management and engineering
staff.
. Software Development Project - Digital Asset Management System
. Member of the software development team working as a User
Requirements Analyst for the purpose of creating a proprietary
Digital Asset Management software system.
. Project manager of GUI interface design team.
. Performed client interviews and design testing.
. Wrote corporate privacy policy documentation.
. Gave presentations to corporate executives and investors.
Security Clearance
Top Secret - Department of Defense (DoD)
Education and Relevant Certifications/Awards
B.S., Information Security, Peirce University, anticipated March 2011,
Current GPA: 3.74.
Who's Who Among Students in American Universities and Colleges
Certified Information System Security Profession Proficiency Certificate -
Peirce College
Certified Technical Writer - Member of Society of Technical Communications
USDA Security Literacy and Basics - Certificate 2004 through 2010
USDA Privacy - Certificate 2004 through 2010
A-123 Security Controls Testing and Approval Processes and Methodologies
Project Management Institute Training
Federal Information System Management Act (FISMA) - Management Training
Cyber Security Assessment and Management (CSAM) - FISMA Reporting
Cyber Security Assessment and Management (CSAM) - C&A Web
Cyber Security Assessment and Management (CSAM) - Managing POAMs
Cyber Law I - DoD Training
Network Security for Windows 2003
Network System Administration for Windows 2003
Applied Management Concepts
Ethical Information Technology Management
Help Desk and Customer Support
Applied Software Development Fundamentals
Active Defense: An Executives Guide to Information Assurance - DoD Training
Designated Approving Authority (DAA) - DoD Training
Technical Writing Certification
Seven Habits of Highly Effective People - Certified
Rapid Application Development (RAD) - Certified
Word, Excel, Access, Visual Basic - Multiple Certificates
Capability Maturity Model (CMM) Training - Certificate
Introduction to Information System Security Program Management -
Certificate
Risk Management Framework Training - National Institute of Standards and
Technology (NIST)
Memberships/Affiliations: ISACA, ISSA, Pmi, ieee, PEP
Community Volunteer Activities
American Diabetics Association
American Cancer Society
March of Dimes
Secular Franciscan Order - Officer
Contact this candidate