Information Technology Security
Resume:
Brian K. Hungerford, CISSP
*************@*****.*** 703-***-****
SECURITY CLEARANCE: Top Secret/SCI
Executive Summary:
Information assurance and information technology experience involving most phases of Information Security. This includes authoring policies, providing solutions, systems analysis, security analysis, vulnerability evaluations, security controls reviews, and certification and accreditation.
CERTIFICATIONS:
Certified Information System Security Professional (CISSP) ID # 370609
EDUCATION:
BSIT Bachelors of Science in Information Technology - University of Phoenix
AA Degree - Prince Georges Community College
(Computer Science – Computer Programming)
EXPERIENCE:
12/2023 – Present Tytanium Enterprises, Washington DC
Assistant Operations Manager/Information Security Analyst
Prioritize and manage project's milestones, and deliverables
Identify and mitigate risks throughout the schedule
Work with customers to resolve concerns and explain how compliance is achieved
Coordinate the day-to-day activities required to deliver a project on time
Host and attend regular project meetings; deliver status updates
Manage multiple projects and deliverables, maintaining quality and client satisfaction and delivering on-time and within budget
08/2020 – 12/2023 Department of State, Washington DC
Authorizing Official Designated Representative Liaison/System Security Specialist
Assisting CyberOps Authorizing Official Designated Representative (AODR) with the management of Diplomatic Security Bureau (DS) A&A packages.
Research and complete tasks per Branch Chief or government official instruction.
Assist Assessment Team
Lead and Assessment Team members with matters related to project assessments (RMF Step 4).
First point of contact for all A&A matters related to ATO, ATO-C, ATT, and system retirements.
Participate in weekly department risk meetings.
Manage system impact assessments, notification of change, and data type review requests.
Create weekly status reports for management to track progress of CPT testing, significant system changes, technical reviews/data type reviews, and security impact assessments.
Track project assessment progress throughout RMF steps 1 – 6. Identify and address delays in the assessment process.
Proficient using risk management toolkits (Xacta and ArchAngel).
Assist project team members with issues related to RMF Steps 1-3 building of assessment packages.
Manage system expirations and removal of FISMA/asset inventory.
Monitor POA&M resolutions of DS systems.
Monitor and participate in ATO docket meetings to discuss ATO and ATO-C extensions.
10/2016 – 07/2020 Department of State, Washington DC
Assurance Analyst/System Security Engineer
Supporting the A&A of the DoS environment, by providing guidance to, and coordinating the efforts of, relevant system operators across the environment.
Interviewing system owners and operators to elicit and complete system security plans (SSPs), continuity of operations plans (CoOPs), policies and procedures, and other relevant documentation.
Compiling and submitting A&A packages for IA security control assessor (SCA) review and assessment.
Working collaboratively with system owners and operators to respond to SCA findings and identify, implement, and document mitigating controls.
Utilize EXACTA to performed C&A duties.
POA&M management.
IA and DS Liaison managing and tracking the A&A process for all DS systems and applications
Assist DS AODR in managing RMF Step 1 data type reviews and security impact analysis.
Assist CA and DS AODRs in evaluating, RMF Steps 4, RMF Step 5 ATO processes.
Evaluated DoS system migrations to AWS and Azure Cloud environments.
Utilized GRC tool Xacta, Remedy/Case Management applications to manage NOCs, CPTs, and ATO packages
9/2015 – 1/2018 Veteran Affairs, Washington DC
Security Analyst
Develop the Security Risk Assessment Report for each project.
Review software application requirements associated with the project to ensure that the necessary security elements are identified.
Conduct compliance reviews to ensure all products developed are in accordance with VA security standards.
Prepare a Security Control Assessment (SCA) in coordination with PM and Service Delivery & Engineering (SDE), if required by Office of Cyber Security (OCS).
Prepare a System Security Plans in coordination with PM and SDE, in accordance with (IAW) National Institute of Standards and Technology (NIST) SP 800-18 and VA Handbook 6500.3
Interconnection Security Agreement (ISA)/Memorandum of Understanding
(MOU) for external connections, IAW NIST SP 800-47 and VA Handbook 6500.
Provide support services with the preparation of the Risk-Based Decision (RBD) documentation for the project, IAW VA 6500.Post all required security artifacts for Authorization and Accreditation (A&A) in the VA Governance Risk and
Coordinate with the VA Security Manager, such as the ISO, to assure that all requirements (AA) for the Interim Authority to Operate (IATO) and Authority to Operate (ATO) are completed.
Use the following utilities Fortify, Risk Vision, and SharePoint.
7/2014 – 7/2016 USMC, Quantico, VA
Information Assurance Officer (IAO)
Responsible for CSS Systems within the USMC infrastructure operation and ensure that these applications are compliant with DIACAP.
Responsible for migrating Non-FISMA GSS and major applications over to FISMA compliance standards.
Conduct annual security assessments of IAS.
Oversee tabletop exercises for incident response (IR), contingency planning (CP) and disaster recovery (DR) plans.
System re-categorization and security control alignment with the Agency implementation of 8500.2 IA.
Utilize MCCAST to performed C&A duties.
POA&M and remediation.
Generate ATO, ATT, and AFU packages.
Perform quarterly vulnerability scanning of systems utilizing Retina and Nessus.
7/2013 – 7/2014 FBI, Washington, DC
Information System Security Officer (ISSO)
Responsible for twelve general support systems (GSS) and major applications within the FBI infrastructure operation and ensure that these applications are compliant with Federal Security standards (FISMA, NIST).
Assisted in the startup of Risk Vision security assessment application.
Responsible for migrating Non-FISMA GSS and major applications over to FISMA compliance standards.
Conduct annual security assessments on GSS and Major Application Systems.
Oversee tabletop exercises for incident response (IR), contingency planning (CP) and disaster recovery (DR) plans.
System re-categorization and security control alignment with the Agency implantation of NIST 800-53 Rev. 3
Performed Risk Management Frame Work Assessment and Authorization (formerly C&A).
POA&M and remediation.
Generate ATO, ATT, and AFU packages.
Perform quarterly vulnerability scanning of systems utilizing Nessus.
Utilize Risk Vision tool to supports all IA activities, documents, and reports.
Investigate all security incidents (SIRs)
Monitored BOC CIRT, US CERT, and vendor security alerts
CORE EXPERTISE:
Technical Support Network Security IT Infrastructure Incident Response Information Security Data Analysis and Reporting INFOSEC COBIT FISMA NIST Frameworks DIACP Documentation and Reporting Operating Systems Workstations and Server Configuration Vulnerability/Risk Assessment Risk Management Testing and Quality Assurance Active Directory Troubleshooting RMF Framework
TOOLS:
Microsoft Office 365 Xacta Remedy CSAM Linux SQL Citrix Workspace Wireshark E-
Grants EBSS iMatrix Risk Vision Nessus ArchAngel ServiceNow Galaxy iPost Congruence ACAS JIRA-CAM HBSS Carbon Black Response SWAP Continuity Planning Tool (CPT)
REFERENCES:
Available upon request.
Contact this candidate