Brian K. Hungerford, CISSP

***** ****** ***** ********, ** 22025 ad3g5l@r.postjobfree.com 703-***-****

SECURITY CLEARANCE: Top Secret/SSBI with CI/Poly

Executive Summary:

Over twenty-six (26) years of information assurance and information technology experience involving most phases of Information Security (INFOSEC). This includes authoring INFOSEC policies, providing INFOSEC solutions, systems analysis, security analysis, vulnerability evaluations; security controls reviews, and certification and accreditation. Over fifteen (15) years of program/project management and supervisory experience in the Government sector utilizing methodology and tools such as ITIL and PMBOK. Experienced in most areas of technical support for secure software development, conducting security controls reviews, developing technical evaluations for various operating systems, developing/executing security test and evaluation plans and procedures; and knowledge of the interrelationships of requirements from COBIT, FISMA, NIST, and Public Laws.

Government Experience:

Department of State

Department of Veteran Affairs

United States Marine Corps

Department of Justice

Department of Labor

Census Bureau

Census Bureau

District of Columbia

DC Lottery

Certifications:

Certified Information System Security Professional (CISSP) ID # 370609

Project Management Professional (PMP) – Test planned fourth Quarter 2024

EXPERIENCE:

08/2020 – 12/2023 (End of Contract) Department of State, Washington DC

Authorizing Official Designated Representative Liaison/System Security Specialist

Assisting CyberOps Authorizing Official Designated Representative (AODR) with the management of Diplomatic Security Bureau (DS) A&A packages.

Research and complete tasks per Branch Chief or government official instruction.

Assist Assessment Team

Lead and Assessment Team members with matters related to project assessments (RMF Step 4).

First point of contact for all A&A matters related to ATO, ATO-C, ATT, and system retirements.

Participate in weekly department risk meetings.

Manage system impact assessments, notification of change, and data type review requests.

Create weekly status reports for management to track progress of CPT testing, significant system changes, technical reviews/data type reviews, and security impact assessments.

Track project assessment progress throughout RMF steps 1 – 6. Identify and address delays in the assessment process.

Proficient using risk management toolkits (Xacta and ArchAngel).

Assist project team members with issues related to RMF Steps 1-3 building of assessment packages.

Manage system expirations and removal of FISMA/asset inventory.

Monitor POA&M resolutions of DS systems.

Monitor and participate in ATO docket meetings to discuss ATO and ATO-C extensions.

10/2016 – 07/2020 Department of State, Washington DC

Assurance Analyst/System Security Engineer

Supporting the A&A of the DoS environment, by providing guidance to, and coordinating the efforts of, relevant system operators across the environment.

Interviewing system owners and operators to elicit and complete system security plans (SSPs), continuity of operations plans (CoOPs), policies and procedures, and other relevant documentation.

Compiling and submitting A&A packages for IA security control assessor (SCA) review and assessment.

Working collaboratively with system owners and operators to respond to SCA findings and identify, implement, and document mitigating controls.

Utilize EXACTA to performed C&A duties.

POA&M management.

IA and DS Liaison managing and tracking the A&A process for all DS systems and applications

Assist DS AODR in managing RMF Step 1 data type reviews and security impact analysis.

Assist CA and DS AODRs in evaluating, RMF Steps 4, RMF Step 5 ATO processes.

Evaluated DoS system migrations to AWS and Azure Cloud environments.

Utilized GRC tool Xacta, Remedy/Case Management applications to manage NOCs, CPTs, and ATO packages

9/2015 – 1/2018 (100% Part-time Remote) Veteran Affairs, Washington DC

Security Analyst

Develop the Security Risk Assessment Report for each project.

Review software application requirements associated with the project to ensure that the necessary security elements are identified.

Conduct compliance reviews to ensure all products developed are in accordance with VA security standards.

Prepare a Security Control Assessment (SCA) in coordination with PM and Service Delivery & Engineering (SDE), if required by Office of Cyber Security (OCS).

Prepare a System Security Plans in coordination with PM and SDE, in accordance with (IAW) National Institute of Standards and Technology (NIST) SP 800-18 and VA Handbook 6500.3

Interconnection Security Agreement (ISA)/Memorandum of Understanding

(MOU) for external connections, IAW NIST SP 800-47 and VA Handbook 6500.

Provide support services with the preparation of the Risk-Based Decision (RBD) documentation for the project, IAW VA 6500.Post all required security artifacts for Authorization and Accreditation (A&A) in the VA Governance Risk and

Coordinate with the VA Security Manager, such as the ISO, to assure that all requirements (AA) for the Interim Authority to Operate (IATO) and Authority to Operate (ATO) are completed.

Use the following utilities Fortify, Risk Vision, and SharePoint.

7/2014 – 7/2016 (100% Remote Full-time) End of Contract USMC, Quantico, VA

Information Assurance Officer (IAO)

Responsible for CSS Systems within the USMC infrastructure operation and ensure that these applications are compliant with DIACAP.

Responsible for migrating Non-FISMA GSS and major applications over to FISMA compliance standards.

Conduct annual security assessments of IAS.

Oversee tabletop exercises for incident response (IR), contingency planning (CP) and disaster recovery (DR) plans.

System re-categorization and security control alignment with the Agency implementation of 8500.2 IA.

Utilize MCCAST to performed C&A duties.

POA&M and remediation.

Generate ATO, ATT, and AFU packages.

Perform quarterly vulnerability scanning of systems utilizing Retina and Nessus.

7/2013 – 7/2014 FBI, Washington, DC

Information System Security Officer (ISSO)

Responsible for twelve general support systems (GSS) and major applications within the FBI infrastructure operation and ensure that these applications are compliant with Federal Security standards (FISMA, NIST).

Assisted in the startup of Risk Vision security assessment application.

Responsible for migrating Non-FISMA GSS and major applications over to FISMA compliance standards.

Conduct annual security assessments on GSS and Major Application Systems.

Oversee tabletop exercises for incident response (IR), contingency planning (CP) and disaster recovery (DR) plans.

System re-categorization and security control alignment with the Agency implantation of NIST 800-53 Rev. 3

Performed Risk Management Frame Work Assessment and Authorization (formerly C&A).

POA&M and remediation.

Generate ATO, ATT, and AFU packages.

Perform quarterly vulnerability scanning of systems utilizing Nessus.

Utilize Risk Vision tool to supports all IA activities, documents, and reports.

Investigate all security incidents (SIRs)

Monitored BOC CIRT, US CERT, and vendor security alerts

11/2012 –12/31/2012 Department of Labor – Washington, DC

Security Analyst

Responsible for two major applications (E-Grants and EBSS) within the Department of Labor infrastructure operation and ensure that these applications are compliant with Federal Security standards (FISMA, NIST). Utilized CSAM tool to document and report that E-Grants and EBSS major applications meets security standards. Duties also include:

Responsible for IA for ETA GSS and Major Application Systems.

System re-categorization and security control alignment with the Agency implantation of NIST 800-53 Rev.

Performed Risk Management Frame Work Assessment and Authorization (formerly C&A).

POA&M and remediation.

Produced Risk Assessment Reports.

Conducted IA hardware/software assessments, including desktop videoconferencing, multifunction devices, e-mail load balancing, Wi-Fi access and encryption.

Use engineering services for vulnerability assessment and provide ATO for all systems maintained by engineering.

Utilize CSAM tool to supports all IA activities, documents, and reports.

Monitored BOC CIRT, US CERT, and vendor security alerts

11/2011 – 10/28/12 (End-of-Contract) SAIC - Suitland, MD

Senior Security Analyst

Ensure that the Census Bureau infrastructure operation is compliant with Federal Security standards (FISMA, NIST) to ensure a secure network. Assist Federal Government in documenting and reporting that network meets security standards, and Census employees and contractors have a secure and reliable network. Duties also include:

Provided security risk assessments for all configuration changes to the system and applications

Provided NIST 800-53 security controls to be used for application security testing

Assisted SAs by recommending solutions for securing servers

Validated Nessus vulnerability scan reports

Assisted with Certification & Accreditation and Continuous monitoring

Identified tasks that are required to complete POA&Ms

Developed or updated security related SOPs

Performed audit log reviews to detect anomalies/incidents for all servers via manual review process or Tripwire tool.

Ensured the SAs conduct benchmark and vulnerability scans before and after a system change

Maintained security baseline configurations for Unix and Windows platforms and applications.

Ensured operational servers are configured according to the secure configuration baseline checklist and approved list of waivers

Monitored BOC CIRT, US CERT, and vendor security alerts

7/2011 -10/2011 TekSystems. – Suitland, MD

Senior Security Analyst (Temp)

Ensure that the Census Bureau infrastructure operation is compliant with Federal Security standards (FISMA, NIST) to ensure a secure network. Assist Federal Government in documenting and reporting that network meets security standards, and Census employees and contractors have a secure and reliable network. Duties also include:

Provided security risk assessments for all configuration changes to the system and applications

Provided NIST 800-53 security controls to be used for application security testing

Assisted SAs by recommending solutions for securing servers

Validated Nessus vulnerability scan reports

Assisted with Certification & Accreditation and Continuous monitoring

Identified tasks that are required to complete POA&Ms

Developed or updated security related SOPs

Performed audit log reviews to detect anomalies/incidents for all servers via manual review process or Tripwire tool.

Ensured the SAs conduct benchmark and vulnerability scans before and after a system change

Maintained security baseline configurations for Unix and Windows platforms and applications.

Ensured operational servers are configured according to the secure configuration baseline checklist and approved list of waivers

Monitored BOC CIRT, US CERT, and vendor security alerts

5/1995 -11/2010 (End of Contract) Opportunity Systems Inc. - Washington D.C.

Information System Officer

Operate the computer facility for the District of Columbia On-line Lottery. In this capacity, responsible for performing annual reviews and maintenance of system security plan, business continuity plan, and disaster recovery plan. Primary point-of-contact for all agency matters (requests for software services, system discrepancies, helpdesk issues, report requests, and agent issues). Responsible for the maintenance of change control and configuration management, oversaw incident response team, maintained access control of financial databases and production of adhoc reporting servers that house Impromptu, Access and Gware databases. Duties also included:

Serving as a subject matter expert and technical authority on a wide range of complex security policies.

Managing vulnerability scanning including scan analysis, scheduling, vulnerability tracking, notification, and reporting.

Handled maintenance contracts for UPS, generator, mainframes, and PCs.

Responsible for creating incident reports of hardware/software malfunctions.

Responsible for the management of all operation documentation (operation procedure manuals, emergency procedure manuals, personnel handbook, bcp and drp documents).

Point-of-contact for annual BCP, DRP, CAFR, and SAS70 reviews.

Responsible for FISMA support for over 50 major systems.

Ensuring that systems were compliant with departmental rules & FISMA.

Developed C&A (certification and accreditation) and self-assessment documents on major systems using NIST guidelines (NIST 800-18, NIST 800-34, NIST 800-37, NIST 800-53, and NIST 800-60).

Developed documents including System Security Plans, Security Test & Evaluation Plans, Risk Assessments, Contingency Plans, and other security plans.

Managed the continuous monitoring process for the infrastructure, which included monitoring and mitigating POAM, conducting self-assessments.

2/1990 - 5/1995 Opportunity Systems Inc. - Washington D.C.

Supervisor of Computer Operations

Maintained system software for the DC Lottery Gaming System. Supervised/conducted software testing and installation of lottery gaming software. Served as a backup to the LAN Administrator maintaining centralized access control over network and online gaming systems (monitoring and managing system clipping levels). Developed and maintained the physical access to facility and control room via passcard system (CCURE System). Managed the day to day operations of the control room, trained, supervised, and evaluated personnel. Attended weekly meetings with management, staff, and technical support from the D.C. Lottery to resolve system problems. Developed database applications to monitor software malfunctions, new software request, configuration management, and tape storage. Created and maintained operational checklist and procedure manuals to be added to the business continuity plan due to risk mitigation or addition of new process. Participated in the SDLC process of all system and software installations and upgrades. Reviewed audit logs and checklist on both a daily and weekly basis to identify anomalies. Trained new personnel in security awareness within the organization. Investigated intrusion detection system (What’s Up Gold) violations involving the remote logging system, distribution center, and claim center. Duties also included:

Software security and functionality testing, implementation, and maintenance while focusing on quality assurance.

Managing new projects encompassing emerging technologies and security technology assessment

Vulnerability scanning.

Supervising 24x7 incident response.

Real-Time Situational Awareness.

3/1987 - 2/1990 Opportunity Systems Inc. - Washington D.C.

Shift Supervisor

Responsible for the day to day operations of control room activities, training, and supervision of computer operators. Performed software testing and participated in the creation of test scripts. Monitored on-line system processing and in the event of system malfunctions prescribed the corrective action while notifying management of the system malfunctions. Responsible for the prevention of data leakage, media destruction and participated in the certification and accreditation of hardware and software. Delegated to develop and maintain change control documentation and procedure manuals.

TECHICAL SKILL:

Operating Systems: UNIX, Solaris, Redhat, VMS, VOS, MS Windows Server, Netware 3.12, Windows 2000 Professional, Windows Vista, Windows XP Professional, Windows 9x.

Networking: Management of Wi-Fi, TCP/IP, Virtual Private Networking, and Windows Users and Groups. Configure user profiles, enable encryption protection, and maintain LAN networks.

Hardware: Cisco PIX 506E, Cisco 2600 and 4000 series, Cisco Catalyst 2950, Datacyptor 64, VAX mainframes, Alpha2100, Stratus R35, IBM xSeries 235/8611, PC’s and laptops, Inkjet and Laser Printers, Modems, Network Interface Cards, Wireless Network Devices and computer hardware accessories.

Languages: SQL, Java, Visual Basic, COBOL, C, C++, Fortran, RPG II, Basic, HTML, XHTML, Paradox, Access, and FTP.

EDUCATION:

BSIT Bachelors of Science in Information Technology- 2007 - University of Phoenix

AA Degree - 2001 - Prince Georges Community College

(Computer Science – Computer Programming)

Novell System Administration Certification - 1996 - Wave Technologies

Control Room Fundamentals Course Certification - 1993 - Gtech

Data Processing Certification - 1986 - Yorktowne Business Institute

REFERENCES:

Available upon request.

Contact this candidate