Post Job Free
Sign in

It Security Officer

Location:
Frederick, MD
Salary:
$165000
Posted:
July 14, 2025

Contact this candidate

Resume:

Meghnad Konai, Ph.D.

*********@*****.***

Phone: 240-***-****

CISSP and ISSMP-certified cybersecurity leader with over 20 years of experience delivering enterprise IT security and RMF solutions across the Department of Defense (DoD) and Federal Agencies. Proven success in leading large-scale cybersecurity programs as an ISSE, ISSO, and ISSM. Expert in streamlining Assessment & Authorization (A&A) processes through RMF automation using tools like eMASS and Xacta.

Directed a team of 20+ ISSOs to secure multiple ATOs for DISA’s MNIS systems, reducing ATO package volumes by 66% and ensuring compliance with FISMA and FedRAMP across PaaS, IaaS, SaaS, and CSSP environments.

Demonstrated leadership in developing and implementing Cybersecurity Program Plans, ISCM strategies, and Cross-Domain Solutions (CDS), including a DSAWG-approved automated patching solution. Recognized subject matter expert and contributor to federal cybersecurity policy, including Executive Order 14028.

Security Clearance:

Active TOP SECRET /SCI with CI POLY

Enrolled in the Continuous Evaluation (CE) / Continuous Vetting (CV) program; Agency: OPM

(Continued Enrollment Date - 05/14/2025)

Professional Experience

OST Corporation – Washington, DC

Senior Information Systems Security Officer (ISSO) August 2024 – Present

• Leading the cybersecurity workforce development effort for the Department of Justice (DoJ) to strengthen organizational readiness and expertise.

• Coordinating with ISSOs, ISSRs, and ISSMs to ensure smooth migration from Xacta to the Joint Cybersecurity Assessment and Management (JCAM) platform.

• Providing expert guidance during weekly JCAM sessions, promoting best practices, and minimizing user errors.

• Delivering simulations and live demos to troubleshoot JCAM issues and enhance user confidence.

• Creating clear, user-friendly job aids to support JCAM workflows and stakeholder adoption.

• Driving compliance and continuity by supporting the DoJ’s mandated transition from Xacta to JCAM.

Leidos – Arlington, VA

Senior Information Systems Security Officer (ISSO) July 2021 – July 2024

• Delivered ISSO support to DISA Joint Service Provider (JSP), managing multiple systems through the RMF lifecycle to achieve ATOs.

• Led RMF activities, including:

o System registration in eMASS and DITPR

o Security categorizations, control selection, and assessments o Development of eMASS artifacts ISCPs, CDDOGs, SAPs, POA&Ms, IRPs, and PIAs

• Collaborated with ISOs, ISSMs, ConMon Splunk teams, SCA-R, AODRs, and AOs to secure ATOs and maintain system integrity.

• Managed STIG compliance by updating CKL files, resolving POA&Ms, and coordinating with the Mitigation Team.

• Facilitated weekly GTL meetings to track RMF milestones and ensure timely ATO progress.

• Conducted compliance scans with Assessment Teams and addressed system vulnerabilities.

• Worked with V&V and Splunk teams to enhance system performance across JSP infrastructure.

• Mentored junior ISSOs on RMF procedures and guided them through successful ATO completions. Anglicotech – Arlington, VA

Senior Cybersecurity Analyst, Joint Staff J6

March 2020 – June 2021

• Contributed to the development of Executive Order 14028, advancing national cybersecurity policies and best practices.

• Led J6 Cyber Division initiatives, including:

o Guidance on cybersecurity best practices for system owners o Strategies for emerging technologies

o Modernizing outdated DoDIs and CJCSIs

• Represented Joint Staff J6 at NSA on CNSS Committees, helping shape CNSS policies, instructions, and newsletters to strengthen IT assurance.

• Served as SME on RMF Technical Advisory Group (TAG), refining RMF policies and IA controls for systems managing sensitive data.

• Contributed to NIST SP 800-53 Rev. 4/5 reviews, including the addition of PT and SR control families.

• Engaged in the Endpoint Security Operational Working Group (ESOWG), integrating advanced endpoint protections and technologies.

• Supported Comply to Connect (C2C) implementation, including rollout of 70,000+ Forescout licenses for MUA.

• Developed ISCM strategies using the DoD Continuous Monitoring Framework to improve patching, endpoint security, and CMRS.

• Contributed to Commercial Cloud CDS governance as part of the CCCGWG under CDTAB.

• Led JSAP coordination between Joint Staff J6 and COCOMs to streamline communications and policy responses.

Sekon – Arlington, VA

Senior Cybersecurity Team Lead

May 2019 – February 2020

• Provided SME-level cybersecurity leadership to evaluate risks, ensure protection, and oversee deployment and continuous monitoring of multiple DHA IT systems.

• Advised DHA system owners and technical staff on secure technology development and stakeholder information security responsibilities.

• Led cybersecurity efforts for PEO DHMS, including program planning, CDM, ISCM, and securing ATOs for LMT IL2 and IL5 systems.

• Performed security control assessments and created essential documentation to include: o Incident Response Plans (IRPs)

o Contingency Plans (CPs)

o Standard Operating Procedures (SOPs)

o Tactics, Techniques, and Procedures (TTPs)

• Collaborated with vendors on Nessus scans, imported results into eMASS, and addressed vulnerabilities to maintain system security.

• Evaluated remediation efforts and managed POA&Ms to ensure timely mitigation of security gaps.

• Produced cybersecurity documentation, including policies, SOPs, IRPs, and training materials to support compliance and operations.

• Served as Work Stream Lead for a six-person cybersecurity team, promoting performance and professional growth.

• Represented the ISSM when needed, supporting key PEO DHMS cybersecurity decisions.

• Prepared Privacy Threshold Analyses (PTAs) and Privacy Impact Assessments (PIAs) to meet privacy compliance.

• Supported A&A for LMT at IL2 and IL5, ensuring system readiness and authorization.

• Managed IAVA and SECDEF Scorecard reporting for PEO DHMS in line with DoD requirements. ChandlerCG – Washington, DC

Principal Information Systems Security Officer (ISSO) January 2018 – April 2019

• Evaluated risks and enhanced security for DHS IT systems across a complex environment.

• Conducted security control assessments to ensure compliance and support incident response.

• Supported Continuous Monitoring Program and managed A&A documentation for 10 FEMA systems.

• Tracked POA&Ms and assessed remediation efforts to ensure timely compliance.

• Created and maintained cybersecurity policies, SOPs, and training materials.

• Led ISSO initiatives for Ongoing Authorization, CDM, and ISCM strategies.

• Prepared RMF-compliant security authorization packages per DHS 4300.

• Managed ATO packages and tracked status in coordination with FEMA CSD.

• Reviewed vulnerability scans using ACAS, Nessus and reported results via Continuum.

• Monitored controls and conducted periodic reviews per NIST 800-53A and DHS 4300.

• Updated continuous monitoring checklists and reported findings to the ISSM.

• Coordinated ST&E and audit efforts with Certifying Agents.

• Ensured FedRAMP CSP systems aligned with applicable security controls.

• Managed secure decommissioning of two FEMA systems per DHS guidelines. Octo Consulting – Arlington, VA

Senior Information Systems Security Officer (ISSO) June 2017 – December 2017

• Led Risk Management Framework (RMF) Assessment and Authorization (A&A) efforts for the Department of the Army’s Commanders Risk Reduction Dashboard (CRRD), part of the Army Human Resource Systems (AHRS), utilizing the Enterprise Mission Assurance Support Service

(eMASS) tool.

• Interfaced and coordinated cybersecurity deliverables, including Ongoing Authorization, Continuous Diagnostics and Mitigation (CDM), and Information Security Continuous Monitoring

(ISCM) activities, with the U.S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC) development team.

• Authored critical RMF artifacts, including:

o System Security Plan (SSP)

o Tactics, Techniques, and Procedures (TTPs)

o Standard Operating Procedures (SOPs)

o Supporting documentation for the CRRD system’s ATO process.

• Collaborated with the Facility Security Officer (FSO) team to plan, coordinate, and conduct Security Test and Evaluation (ST&E) activities, ensuring compliance with RMF standards and achieving security objectives.

Strategic Operational Solutions (STOPSO) – Fort Meade, MD Principal Information Systems Security Engineer (ISSE) September 2014 – May 2017

• Led A&A efforts for DISA’s first AWS-based cloud environment (UISS MPE CG), establishing a model for future solutions.

• Coordinated the efforts on Cross-Domain Enterprise Solutions (CDES) implementation to automate critical updates via Raytheon HSG, enabling DoD-wide adoption.

• Led ST&E for CDES at DECC PAC; presented results to DSAWG and AO, securing DoD enterprise deployment approval.

• Oversaw Tech Refresh of Sourcefire sensors and Defense Controllers to strengthen CND services.

• Secured a DoD CIO-approved PKI waiver for all MNIS systems, maintaining operational continuity.

• Streamlined IA A&A processes, reducing package count from 19 to 6 (66% workload reduction), easing FSO and PMO burdens.

• Implemented Sourcefire sensors to enable CSSP services across MNIS systems. Harris Corporation – Fort Meade, MD

Lead Information Systems Security Engineer (ISSE)

October 2007 – August 2014

• Subject Matter Expertise: Supported MNIS PMO in CND, ECDS, CDES, and MPE efforts.

• Operational Readiness:

o Coordinated NetOps exercises and achieved CCER/CSDNA certification. o Implemented NTP solution for CCER and CSDNA.

• Cybersecurity Solutions:

o Worked with CYBERCOMMAND and DISA DAA to deploy HBSS. o Developed Tier 2/3 network defense solutions.

• Leadership in ST&E Efforts:

o Led ST&E visits to DECC Pacific and Columbus, resolving critical issues.

• Accreditation and Authorization (A&A):

o Prepared A&A artifacts (SSPs, SDDs, CONOPs) for multiple MNIS systems. o Led ATO efforts for 19 DISA MNIS systems with ISSM and AO coordination.

• Process Optimization:

o Streamlined DIACAP compliance using VMS and eMASS. o Maintained config control over security documentation.

• Collaboration and Communication:

o Engaged stakeholders and briefed DISA leadership on IA strategies.

• Cross-Agency Engagement:

o Contributed IA expertise to TAGs and Tiger Teams. o Supported DISA and partner agencies in technical CND solutions. ITEQ, Inc. – Washington, DC

Senior Information Systems Security Engineer (ISSE) May 2007 – September 2007

• Led and successfully completed the Certification and Accreditation (C&A) process for the Department of Justice (DOJ) Federal Bureau of Investigation (FBI) Enterprise Systems, achieving Authorization to Operate (ATO).

• Reviewed DOJ Information Security Policies, ensuring alignment with the latest NIST SP series standards and best practices.

• Assessed Requests for Changes (RFCs), presented findings to the Coordination Control Board

(CCB), and recommended security adjustments based on the impact to Information Systems Security (IS Security).

DSA, Inc. – Fort Detrick, MD

Senior Information Systems Security Officer (ISSO) May 2005 – April 2007

• Led the Certification and Accreditation (C&A) process for multiple Department of the Army systems, ensuring compliance and successful accreditation.

• Coordinated all C&A activities with the local Designated Approving Authority (DAA) office, fostering collaboration and ensuring seamless execution.

• Developed Plans of Actions and Milestones (POA&Ms) and designed mitigation strategies for identified security findings to facilitate Authorization to Operate (ATO).

• Authored critical documentation including System Security Plans (SSPs), Contingency Plans

(CPs), Incident Response Plans (IRPs), Standard Operating Procedures (SOPs), and Tactics, Techniques, and Procedures (TTPs) to support Interim Authority to Operate (IATO) and ATO compliance.

• Provided Cross-functional Collaboration with stakeholders including System owners, Designated Approving Officials (DAOs) and Testing teams to resolve issues efficiently, ensuring timely completion of IATO and ATO requirements.

Professional Certifications:

• CISSP, ISSMP, Cloud+, ITIL v3

• Pursuing CCISO Certification

Education:

• MS, IT Systems for Business and Telecommunications, Johns Hopkins University, Baltimore, MD

• Graduate Certificate Novell Networking, George Washington University, Washington, D.C.

• Ph.D., Plant Pathology, Indian Agricultural Research Institute, New Delhi, India

• MS, Plant Pathology, Indian Agricultural Research Institute, New Delhi, India

• BS, Agricultural Sciences, Visva-Bharati University, Santiniketan, India LinkedIn Profile: https://www.linkedin.com/in/meghnad-konai-isse/



Contact this candidate