Cyber Security SME

Jonallen Riggins

Sr. Cyber Security Consultant / Analyst. Project Manager

https://www.linkedin.com/in/jonallen

*********@*****.***, +253-**-***-***

Years of Experience: 14+

Clearance: Top Secret / Q / SSBI Investigation

Education:

The George Washington University - MA

Maryland Institute College of Art - MFA

San Francisco Art Institute - BFA

Technical Education/Professional Affiliations:

ISACA

ISC2

SANS Institute

Certifications:

CISSP – 2011 Member # 329394

GSLC – 2012, Member #1765849

DSS FSO - 2005

NSA Assessment Methodology – 2004

DISA VMS – 2004

Currently Seeking SEIM and ITIL Certification

Summary of Qualifications

Security Control Assessment and Information System Audits

Project Management

Security Policy Assessment, Revision and Development

Information Assurance / Accreditation and Authorization / Information Security

Risk Management and Risk Assessment

Vulnerability Scan Analysis

Resource Management, Training and Team Leadership

Excellent verbal and written communication

Client Relationship development and Management

Collaboration and Creative Problem Solving

Relevant Experience

03/15 – Present SRA, International

Industry: Cyber Security Analyst Military/Government

In support of the 5th Signal Command USAFRICOM, I provide project management support and guidance for all Systems that fall under the DoD Cyber Security Reciprocity guidance, and have been identified as being connected to the USAFRICON Network, but lack the proper authorization to maintain a connection. My primary duties include verification of all POC information, reviewing any previous Approval to Connect (ATC) documentation, Network Architecture diagrams and Hardware/Software inventories, if available to ensure that no previously unidentified threat or vulnerability is present. Upon completion of all reviews, a recommendation is made to the USAFRICOM ISEC team to either escalate the POR for the ATC or to deny the request for an ATC, until such a time that all weaknesses have been addressed, and the risk level for the connection is reduced to an acceptable level.

11/13 – 02/15 Blue Canopy Group

Sr. Consultant Industry: Government

Support The Center for Medicare and Medicaid Services (CMS) performing Security Control Assessments and independent third party Audits of information systems associated with the Affordable Health Care Act. Ensure all systems, vendors and locations are implementing CMS policies and standards and have sufficient internal guidelines and processes in place, per contractual requirements. Review systems and organizational documentation and oversee technical application testing, including penetration testing and compliance scanning of network components. Provide guidance in the form of SCA Test Plan development, Audit Finding Reports, SCA Report and recommended mitigations for weaknesses related to technical, operational and managerial security control weaknesses.

06/13 – 11/13

Sr. Information Security Analyst Industry: Government

Supported a small project as an independent consultant providing Certification and Accreditation (C&A) services. Reviewed and modified System Security Plans, developed System Assessment Plans and Report’s, Plans of Action and Milestones, based on reviews of network and vulnerability scans from Nessus, Scuba and Burp Suite IA tools. Developed Accreditation Memo’s and presented all documentation to the client. All reviews based on the NIST 800-53A rev 4 and supporting documents. Prepared a Risk Management Framework training course for ISSOs and other agency personnel with system security responsibilities.

09/2012 – 06/2013 Internetworking Consulting Services, Department of State

Sr. Cyber Security Policy Analyst Industry: Government

Provided Cyber Security Policy and security assessment support for Department of State Office of Diplomatic Security (DOSDS) and the Embassies and Consulates around the world supported by Diplomatic Security. Reviewed and updated DoS Cyber Security policies based on applicable government regulations and guidelines and agency guidelines. Disseminated policy updates to embassies and consulates representatives via internal policy cables. Identified and revised internal procedures and process based on new guidance. Reviewed security policy exception request and prepared written responses based on federal policy guidelines, Diplomatic Security policies, and the identified technical, human intelligence threat rating for the location. Participated on behalf of Diplomatic Security in the Committee on National Security Systems performing NSS policy reviews.

11/2011 – 08/2012 Evoke Research and Consulting, NNSA

Security Policy Analyst Industry: Government and Nuclear

Supported the Office of the Chief Information Officer for the National Nuclear Security Administration (NNSA) and NNSA field sites and labs with the creation and modification of information technology and information system security policies, standards and operating procedures. Developed and refined cyber security policy according to organizational business objectives and goals. Translated cyber security goals into functional directives that could be applied across the enterprise. Performed assessments to identify policies and standards that required modifications to reduce negative impact to the agency and field sites. Drafted guidance statements from the CIO’s office based on NEI 08/09, NIST 800-53 and DCIDS 6/9. Supported National Nuclear Security Administration / Department of Energy Site Assistance Visit (SAV) teams with re-visit preparations, including critical systems data and documentation evaluations, identification of required cyber security control risk and weaknesses, assessment of POA&M and mitigation activities and the development of assessment questionnaires to be completed by each locations Information System Security Officer and Business Owners.

05/2008 – 11/2011 NetStar-1/IT Solutions, Dept. of Labor & JTF Cap Med

Security Analyst Industry: Government and Military

Provided Certification and Accreditation (C&A) support for US Department of Labor Office of the Assistant Secretary for Administration and Management (OASAM). Using CSAM, performed C&A activities, as a security analyst, on major and minor IT initiatives. Provided system security support to system owners during the annual review of system security control implementation as well as during the design and development of new IT initiatives. Performed in-depth security reviews, such as the NIST 800-53 Security Test and Evaluation and Risk Assessments. Wrote System Security Plans and POAMS and prepared complete system security documentation packages using the CSAM C&A tool. Assisted the development of DOL IT security procedural guidelines, regarding performing system assessments.

Functioned as the A-123 Review and FISMA Audit liaison, ensuring all requested documentation, interviews and test were performed according the agreed upon scope. Tracked the status of previous year’s findings and new findings to ensure all items were accounted for and documented. Managed DOLs annual security awareness training requirements and tracked status of over 1500 users through several different internal offices for compliance with the annual training requirement.

Provided Certification and Accreditation (C&A) support for the Joint Task Force Cap Med, during the transition of major medical systems from Walter Reed Army Hospital to the National Institute of Health. Conducted kick off meetings with system representatives to ensure all C&A requirements were aligned and in place prior to the system

being moved to the new environment. Reviewed systems security documentation and provided clarification on system requirements based on the MAC and Confidentiality levels for each system.

Note: NetStar-1 was purchased by IT Solutions

06/2007-04/2008 Knight Point Systems, CBP

IA / Security Specialist Industry: Government

Provided information system security support to the US Customs and Boarder Protection Agency at the National Data Center. Conducted C&A activities on the systems related to Continuous Business Processing in support of Business Continuity, Planning and Recovery of COTS applications and systems using NIST 800-34 rev 1 as guidance. Vetted mission critical systems security documentation in preparation for recovery test and exercises to be performed at the John C. Stennis Data Center. Identified and resolved policy and procedural issues between physical and information technology security to control physical access to the raised floor area of the data center. Implemented access control procedures supported by physical access personnel and resources. Maintained and updated security control files, tracking significant changes and revisions to DHS/CBP directive.

11/2004-06/2007 Predicate Logic, Dept. of the Navy, PMW 425

IA Security Specialist Industry: Government/Military

Performed Certification and Accreditation (C&A) on Major Applications for the United States Navy. Involved in Integrated Program Team meetings to help design secured systems. Identified high vulnerabilities on mission critical systems using the DISA Gold Disk and recommended mitigations including implementation of applicable STIGS and compensating controls. Reviewed SCT&E results and provided recommendations to developers and system reps. Researched IA enabled products such as Firewalls, Guards, and Cross Domain Solutions and identified those there were in compliance with DoD and Navy IT security requirements.

12/2003 – 11/2004 Lockheed Martin, Office of the Assistant Secretary for Reserve Affairs

Security Analyst Industry: Government/Military

Performed Certification and Accreditation on Major Applications and General Support Systems using DITSCAP and the Army AR’s as guidelines. Delivered Security Plan, Risk Assessment, Security Test and Evaluation, Security Features Users Guide, and Plan of Action and Milestones. Analyzed systems for security vulnerabilities and provided mitigating solutions.

02/2002-11/2003 Information Management Group, US Army

Information Assurance Instructor Industry: Government/Military

Responsible for providing Information Assurance and DITSCAP training to Army personnel. Developed knowledge and understanding of IA concepts and Army regulations and policies, specifically AR25-2, AR 380-67 and AR380-19. Conducted IA concept and process training for active duty personnel using systems that were prepared for assessment.

10/1999 -01/2002 SAIC, Reserve Component Automation System

Technical Trainer Industry: Government and Military

Provided technical training to Army Reserve and National Guard Unit personnel on the Reserve Component Automation System (RCAS). Responsible for the development of course metrics and assessment criteria and required to participate in unit movement exercises and courses at Fort McCoy Wisconsin.

Contact this candidate