Brandon S. Hall

Germantown, MD ***** • 301-***-**** • ad116v@r.postjobfree.com • LinkedIn

Cyber Information Security Expert

A dedicated cybersecurity compliance specialist with 10+ years of experience leading major technology assignments and delivering innovative solutions to high-level data security issues. Extensive knowledge in cyber operations is key to directing teams on initiatives in the areas of threat prevention, vulnerability testing, and risk reduction. Possess a record of success evaluating performance results and recommending changes that improve project growth and success. Able to design feasible solutions that successfully revamp cyber platform protocols to be safer and better protected.

Areas of Expertise

Security Control Assessments

Security Evaluation & Audits

Technical Solution Development

Security Assessment Plans (SAP)

Cyber Defense Techniques

Team Oversight & Guidance

Curriculum Development & Support

Security Assessment Reports (SAR)

Protocol Implementation

Vulnerability Management

Risk Assessments & Mitigation

Governance Risk Compliance Tools

Professional Experience

SPRY METHODS – Springfield, VA September 2022–Present

Security Control Assessor

Use Assured Compliance Assessment Solution (Nessus) and DISA Security Technical Implementation Guides (STIGs) to govern the rollout of security control assessments designed to detect, analyze, and exploit vulnerabilities of information systems.

Leverage technical knowledge to update security assessment test plans and specify control testing parameters.

Answer client inquiries and offer insights during meetings that aid in the understanding of all assessment goals.

Analyze results using web assessment software, vulnerability scanning tools, and penetration testing tools.

Verify the completion of IAVM scans for CAT 1, CAT 2, and/or CAT 3 findings that comply with best practices.

Translate assessment results into summaries outlining complex vulnerabilities and risks to information systems.

Engage with clients to offer advice on technical designs, strategies, and solutions to strengthen cyber security.

Work alone and with teams to identify system risks and initiate actions that improve security control efforts.

Identify needed improvements and apply proven principles and methodologies that remediate vulnerabilities.

Support the National Geospatial-Intelligence Agency cybersecurity compliance with the Department of Defense.

Perform security control duties as required using NIST SP 800-53A.

Key Achievements:

Able to complete multiple ATO in a Day (AiaD) assessments in a single day.

Successfully completed assessments with over 11k controls alongside a team of 4 people.

Entrusted as an A&A (RMF) subject matter expert with experience testing and assessing cybersecurity solutions.

ALLIED UNIVERSAL – Washington D.C. March 2018–September 2022

Security Control Assessor

Set project scopes, delegated assignments to team members, and oversaw the successful execution of security control assessments, making adjustments as needed so deliverables are met on time and adhere to regulatory compliance measures.

Planned and executed step 4 of RMF using NIST SP 800-53A Rev 4/5 and NIST SP 800-30.

Reviewed vulnerability scan reports and liaised with stakeholders to discuss identified threats and best assessment practices to deploy.

Developed SAPs, SARs, and entered test cases into a requirements traceability matrix.

Uploaded artifacts into a Government Risk Compliance Tool.

Reviewed assessment and authorization packages (CP, IRP, SSP, SAR).

JENKINS LLC – Washington, D.C. February 2015–March 2018

IT Security Analyst

Assessed information systems using GRC Tool and utilized NIST SP800-37 and provided authorizations.

Developed and reviewed SAPs and SARs for both cloud and non-cloud systems.

Monitored selected controls, SSP updates, and scan reviews to gauge the overall health of security controls.

Tested controls using NIST SP 800-53A rev 4/5. Supported the rollout of vulnerability scans and remediations alongside the system administrator.

Developed POA&M for vulnerability scans and security controls that did not pass an assessment.

Organized and facilitated table to exercises.

Reviewed and updated policies and procedures to reflect regulatory requirements.

Used NIST SP 800-18 to updated system security plans.

Performed privacy impact analysis on systems Personally Identifiable Information.

Key Achievements:

Helped draft implementation statements for Technical, Operational, and Managerial Security Controls.

QUALITY INVESTIGATION SERVICES – Washington, D.C. April 2013–January 2015

Computer Help Desk Technician

Engaged with clients and end users to understand their specific operational issues and tailored simulations designed to replicate operational problems.

Evaluated problems with applications, workstations, servers and network components, and identified the root cause of malfunctions.

Collaborated with network services, software systems engineering, and applications development experts to correct core problems.

Key Achievements:

Consistently developed sustainable solutions which lowered or eliminated user problems.

Education

Master of Science in Information Systems Management, Strayer University (Expected: 2025)

Bachelor of Science in Criminal Justice, Strayer University (2019; Magna Cum Laude)

Clearances

Top Secret SCI clearance w/CI-poly • CASP+ • CYSA+ • CISA (In Progress)

Technical Skills

NIST SP 800-Series (800-53, 800-53A, 800-30, 800-18) • XACTA • Service Now • STIGs • SWAP • CPT • SATE • GALAXY ECAM • CAM TRACKER • THREADFIX • GitLab

Contact this candidate