Brandon S. Hall
Germantown, MD ***** • 301-***-**** • ad116v@r.postjobfree.com • LinkedIn
Cyber Information Security Expert
A dedicated cybersecurity compliance specialist with 10+ years of experience leading major technology assignments and delivering innovative solutions to high-level data security issues. Extensive knowledge in cyber operations is key to directing teams on initiatives in the areas of threat prevention, vulnerability testing, and risk reduction. Possess a record of success evaluating performance results and recommending changes that improve project growth and success. Able to design feasible solutions that successfully revamp cyber platform protocols to be safer and better protected.
Areas of Expertise
Security Control Assessments
Security Evaluation & Audits
Technical Solution Development
Security Assessment Plans (SAP)
Cyber Defense Techniques
Team Oversight & Guidance
Curriculum Development & Support
Security Assessment Reports (SAR)
Protocol Implementation
Vulnerability Management
Risk Assessments & Mitigation
Governance Risk Compliance Tools
Professional Experience
SPRY METHODS – Springfield, VA September 2022–Present
Security Control Assessor
Use Assured Compliance Assessment Solution (Nessus) and DISA Security Technical Implementation Guides (STIGs) to govern the rollout of security control assessments designed to detect, analyze, and exploit vulnerabilities of information systems.
Leverage technical knowledge to update security assessment test plans and specify control testing parameters.
Answer client inquiries and offer insights during meetings that aid in the understanding of all assessment goals.
Analyze results using web assessment software, vulnerability scanning tools, and penetration testing tools.
Verify the completion of IAVM scans for CAT 1, CAT 2, and/or CAT 3 findings that comply with best practices.
Translate assessment results into summaries outlining complex vulnerabilities and risks to information systems.
Engage with clients to offer advice on technical designs, strategies, and solutions to strengthen cyber security.
Work alone and with teams to identify system risks and initiate actions that improve security control efforts.
Identify needed improvements and apply proven principles and methodologies that remediate vulnerabilities.
Support the National Geospatial-Intelligence Agency cybersecurity compliance with the Department of Defense.
Perform security control duties as required using NIST SP 800-53A.
Key Achievements:
Able to complete multiple ATO in a Day (AiaD) assessments in a single day.
Successfully completed assessments with over 11k controls alongside a team of 4 people.
Entrusted as an A&A (RMF) subject matter expert with experience testing and assessing cybersecurity solutions.
ALLIED UNIVERSAL – Washington D.C. March 2018–September 2022
Security Control Assessor
Set project scopes, delegated assignments to team members, and oversaw the successful execution of security control assessments, making adjustments as needed so deliverables are met on time and adhere to regulatory compliance measures.
Planned and executed step 4 of RMF using NIST SP 800-53A Rev 4/5 and NIST SP 800-30.
Reviewed vulnerability scan reports and liaised with stakeholders to discuss identified threats and best assessment practices to deploy.
Developed SAPs, SARs, and entered test cases into a requirements traceability matrix.
Uploaded artifacts into a Government Risk Compliance Tool.
Reviewed assessment and authorization packages (CP, IRP, SSP, SAR).
JENKINS LLC – Washington, D.C. February 2015–March 2018
IT Security Analyst
Assessed information systems using GRC Tool and utilized NIST SP800-37 and provided authorizations.
Developed and reviewed SAPs and SARs for both cloud and non-cloud systems.
Monitored selected controls, SSP updates, and scan reviews to gauge the overall health of security controls.
Tested controls using NIST SP 800-53A rev 4/5. Supported the rollout of vulnerability scans and remediations alongside the system administrator.
Developed POA&M for vulnerability scans and security controls that did not pass an assessment.
Organized and facilitated table to exercises.
Reviewed and updated policies and procedures to reflect regulatory requirements.
Used NIST SP 800-18 to updated system security plans.
Performed privacy impact analysis on systems Personally Identifiable Information.
Key Achievements:
Helped draft implementation statements for Technical, Operational, and Managerial Security Controls.
QUALITY INVESTIGATION SERVICES – Washington, D.C. April 2013–January 2015
Computer Help Desk Technician
Engaged with clients and end users to understand their specific operational issues and tailored simulations designed to replicate operational problems.
Evaluated problems with applications, workstations, servers and network components, and identified the root cause of malfunctions.
Collaborated with network services, software systems engineering, and applications development experts to correct core problems.
Key Achievements:
Consistently developed sustainable solutions which lowered or eliminated user problems.
Education
Master of Science in Information Systems Management, Strayer University (Expected: 2025)
Bachelor of Science in Criminal Justice, Strayer University (2019; Magna Cum Laude)
Clearances
Top Secret SCI clearance w/CI-poly • CASP+ • CYSA+ • CISA (In Progress)
Technical Skills
NIST SP 800-Series (800-53, 800-53A, 800-30, 800-18) • XACTA • Service Now • STIGs • SWAP • CPT • SATE • GALAXY ECAM • CAM TRACKER • THREADFIX • GitLab