Information Security Specialist with FEMA Experience

Location:

Lorton, VA

Posted:

December 16, 2025

Contact this candidate

Resume:

Rickson J. Ramsingh

**** ******* ***** *******, **********,VA 22315

703-***-**** (cell)

*********@*******.***

Professional Summary

Experience Information Security professional with a thorough understanding of Information Assurance (IA), Security Authorization (SA) processes, and project management in various environments. These skills are supported by an education in computer science and twelve years of experience in information technology, networking, application development and customization, end user support, and system administration.

Technical Summary

CompTIA Security + certification

CASP CE Certification

CISA AES Certification

Proficient in: Webinspect, Retina, Nessus, NMap, DISA Gold Disk, DISA SRRs, AppDetective, DoD 8500.2 IA Controls, Application Security.

Eight years experience with and NIST FISMA S&A Processes

Knowledge of, and experience with, the NIST 800 series publications to include: 800-30, 800-37, 800-53 and 800-53a, 800-137, 800-47. 800-60, 800-61, 800-39.

eMASS, Exacta, CSAM

Computer Science/languages: Assembly, BASIC, C, Clarion, Java, VB

OWASP testers guide.

20 Critical Security Controls

DHS Public Trust

Education/Activities

SANS: Auditing and Implementing the 20 Critical Security Controls

Certified Ethical Hacking course, Online

CISSP boot camp, Secure Ninja, Alexandria VA

Professional Experience

Delviom LLc, Vienna VA

Cyber SME, FEMA Cyber Security Division 1/2021 to 8/19/2025

Responsible for reporting activities of FEMA systems on all phases of the Security Authorization to FEMA management to ensure compliance and provide guidance on IT Security requirements for FEMA’s Information Systems.

Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of FEMA.

Act as liasion on behalf of FEMA Office of Cyber Security and FEMA Regional ISSO’s to support FEMA accredited Infrastructure and Mission systems and provide oversight to meet monthly goals.

Track security activities of assigned systems and brief senior leadership on said activities and advise ISSOs on successful completion of System Security Plans, Contingency Plans, Contingency Plan Tests, FIPS 199 and E-Authentication Workbooks.

Support Enterprise Network modernization project and ensure product reviews are conducted on all assets, verify assets are FIPS-140-2 certified, ensure all assets are tested in TDL successfully prior to Production deployment, coordinate meetings with Engineering, SOC and NOC to ensure proposed implementations on network are scrutinized by design and testing.

Coordination with Engineering and the Change Control Board to verify that all ISSO’s presenting change requests met the predefined requirements for approval ( identify software/Hardware, Perform scans, Articulate change, Identify system dependencies)

Ensure all Windows OS, Linus OS, Databases and Network devices are DISA STIG. Execute STIG viewer on assets checklist, oversee engineers applying DISA STIGS and ensure SCAP tools are used for compliance testing.

Responsible for implementing NIST Risk Management Framework 800-37 and NIST Information Security Continuous Monitoring 800-137 on FEMA Enterprise Infrastructure system and collaborate with FEMA management in executing all phases of the Risk Management Framework.

Responsible for Cloud Modernization across the enterprise and ensure Cloud implementation included security requirements and consistent with GSA standards and FEDRAMP compliant.

Perform Risk Assessments and Vulnerability Assessments on Cloud system and ensure Continuous Monitoring strategy is implemented.

Alpha Omega Intgration, Vienna VA

Certification Agent Lead/SCA, FEMA Cyber Security Division 1/2021 to Present

Responsible for Cloud Modernization across the enterprise and ensure Cloud implementation included security requirements and consistent with GSA standards and FEDRAMP compliant.

Information System Security Manager, Iron Mountain, Reston VA

(June 2018 – June 2021)

Responsible for oversight and governance of security compliance for all federal government programs.

Responsible for all FEDRAMP accreditations and customer engagements with cloud technologies

Provide guidance support and validation of system security documentation for Information System Security Officers

Prepare and present IT security for executive management

Participates as a security engineering representative on engineering teams for the design, development, implementation and/or integration of secure networking

Participates as a security engineering representative on engineering teams for the design, development, implementation and/or integration of IA architectures

Applies knowledge of IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments

Proven track record of developing a strategy and architecture framework in both digital and data domains

Installation and development of workflows and decision trees for Integration and automation in the cloud based solutions

Provide internal and external advocacy on Cloud Technology

Develop solutions that take advantage of external cloud technologies and feature sets to facilitate the organization’s strategic direction

Provides technical expertise in cross-functional and intra-departmental efforts

Work well independently or in a group and maintain a positive attitude

Contribute to and encourage a collaborative team environment by being a team player and helping define the team itself

Certification Agent/ISSO Lead, Dogwood Management Partners, DC

(December 2014 – March 2018)

Support the implementation of the Managed Trusted Internet Protocol (MTIPS) to the FEMA Enterprise Network (FEN) accreditation boundary in coordination with AT&T.

Support the implementation Managed Trusted Interned Protocol (MTIPS) to the FEMA Lab boundary in coordination with AT&T.

Coordinate with FEMAs Cyber Security office and FEMAs SOC in support of FEMAs Critical Vulnerability project to upgrade all FEMAs End of Life (EOL) and End of Support (EOS) assets (Operating systems, Databases, Network Devices)

Coordinate with FEMAs Engineering and the Change Control Board to verify that all ISSO’s presenting change requests met the predefined requirements for approval ( identify software/Hardware, Perform scans, Articulate change, Identify system dependencies)

Lead brown bad meetings to mentor FEMAs Program level ISSOs on FEMAs Mission Essential Systems, Enterprise Systems and the Program level systems dependencies on the FEMA Enterprise systems (APS, FEN, TDL, FWS, Common Controls, Hybrid Controls, System Specific Controls)

Responsible for Cloud Modernization across the enterprise and ensure Cloud implementation included security requirements and consistent with GSA standards and FEDRAMP compliant.

Perform Risk Assessments and Vulnerability Assessments on Cloud system and ensure Continuous Monitoring strategy is implemented.

Provide network infrastructure, web application and database vulnerability assessments to ensure the systems security controls are sufficient to meet FISMA, NIST 800-53, and other technical standards & guidelines. Ensure databases, operating systems and applications are patched regularly. Utilize penetration testing methods, assessment tools and manual methods to ensure compliance & continuous monitoring requirements.

Perform vulnerability assessments and identify vulnerabilities by classifying and prioritizing vulnerabilities in affected, applications, databases and network infrastructures and providing weekly risk determination to FEMA’s Cyber Security office for awareness and risk background to understand the threats to its environments and likelihood of threats being exploited and financial impact.

Ensure security testing of major applications and general support systems using ISS, Retina, Nessus, IBM Appscan, WebInspect, BurpSuite etc. as part of C&A activities.

Developed appropriate security test reports and provide final recommendations for systems Security Authorizations.

Developing Plan of Actions and Milestones to track the correction of any security deficiencies as well as assisting the customer in correcting the deficiencies while utilizing the Secure Content Automated Protocol Methodology (SCAP).

Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of FEMA.

Act as liaison on behalf of FEMA Office of Cyber Security and FEMA Regional ISSO’s to support FEMA accredited Infrastructure and Mission systems and provide oversight to meet monthly goals.

Ensure metric for DHS scorecard is accurate and meets DHS requirements.

Key member in FEMA’s Thirty day Cyber Security Sprints mandated by DHS to cleanup scorecard.

Provide SME guidance to FEMA’s ISSO community on Security Authorization activities.

Act as the Subject Matter expert in creation of Plan of Action and Milestone as a result of an assessment and report results to FEMA management.

Act as the subject matter expert for on enterprise level Systems within FEMA. Provide peer review of critical security design of IT infrastructures and systems. Examples of projects are Authentication Systems, DLP deployment, Cloud deployment, Virtualization, data center network segmentation and DHS Enterprise level Common Controls.

Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of FEMA.

Responsible for ensuring assigned systems are decommissioned and Disposed according to DHS and FEMA Media Sanitization Policies.

Information Security Consultant, Mainstay Enterprise Inc, Annapolis, MD

(July 2014 – December 2014)

Implement Agencies security vulnerability compliance testing strategy that addresses measured system security weaknesses and gaps.

Determine the technical scope and conduct agency or business unit vulnerability assessment and penetration testing.

Perform enumeration activities to identify, classify and assign risk for systems, devices, and network services available on agency or business unit networks.

Conduct network and application vulnerability scanning and penetration testing activities, internally, or in conjunction with trusted external third party resources.

Select and develop tools to support efficient security assessment methodologies.

Communicate information related to security threats, assessment, mitigation activities and incident response to a wide audience ranging from users to technical peers to executive management.

Provide subject matter expertise to state agencies, partners and stakeholders for vulnerability assessment and penetration testing.

Create detailed assessment reports and security briefings related to vulnerability and mitigation activities found during vulnerability and penetration assessments to management.

Primary Assessor, Knowledge Consulting Group, Reston, VA

(January 2012 – July 2014)

Responsible for implementing NIST Risk Management Framework 800-37 and NIST Information Security Continuous Monitoring 800-137 on TSA Enterprise Infrastructure system and collaborate with TSA management in executing all phases of the Risk Management Framework.

Performed security testing of major applications and general support systems using ISS, Retina, Nessus, IBM Appscan, WebInspect, BurpSuite etc. as part of C&A activities.

Developed appropriate security test reports and provide final recommendations for systems Certification & Accreditation.

Utilize Nessus, Appdetective and IBM Appscan assessment tools to ensure compliance & continuous monitoring requirements.

Responsible for reporting activities of TSA systems on all phases of the Security Authorization to TSA management to ensure compliance and provide guidance on IT Security requirements for TSA’s Information Systems.

Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of TSA.

Implement DHS Ongoing Authorization Methodology on TSA’s accredited

Infrastructure and Mission systems and provide oversight to meet monthly goals.

Ensure metric for DHS scorecard is accurate and meets DHS requirements.

Act as the Subject Matter expert in creation of Plan of Action and Milestone as a result of an assessment and report results to TSA management.

Act as the subject matter expert for on enterprise level Systems within TSA. Provide peer review of critical security design of IT infrastructures and systems. Examples of projects are Authentication Systems, DLP deployment, Cloud deployment, Virtualization, data center network segmentation and DHS Enterprise level Common Controls.

Develop unified guidelines and procedures for conducting Authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of TSA.

Responsible for ensuring assigned systems are decommissioned and Disposed according to DHS and TSA Media Sanitization Policies.

Senior Application Security Engineer, Vigilant Services, Lorton, VA

(October 2010 – November 2011)

Provide FISMA, NIST 800-53 certification and accreditation (C&A) engineering support for National Institute of Health, Child Development Center contracts throughout the U.S.

Conducted vulnerability assessments using various scan tools (Nessus, Retina, App Detective and manual Checklists)

Developing Study Center Security Plans for system accreditation detailing the system’s compliance with NIST SP 800-53 rev 3.

Performing Risk Assessments and formal Study Center Security Assessments to document the effectiveness of security controls.

Developing Plan of Actions and Milestones to track the correction of any security deficiencies as well as assisting the customer in correcting the deficiencies.

Assisting in developing any additional certification and accreditation documentation such as Contingency Plans, Configuration Management Plans and Incident Response Plans.

Senior Security Engineer, Network Security Systems Plus, Falls Church, Virginia

(November 2008-May 2010)

Conduct web application and system testing/assessments using penetration testing tools and checklists.

These tools include Webinspect and AppDetective, Retina, Disa Gold Disk and Nessus.

Carefully considers OWASP top 10 vulnerabilities among many others.

Provide DIACAP certification and accreditation (C&A) engineering support for Department of Defense, Military Health Service (MHS) / Tricare Management Activity (TMA) contracts throughout the U.S.

Provide C&A documentation support for several MHS/TMA commercial and government client sites.

Lead engineer on multiple teams to support C&A efforts for applications and systems.

Develop update, and test cyber security documentation for several TMA commercial client sites.

Interact with system developers, administrators, government personnel to ensure that the systems was developed in accordance with specific guidelines.

Develop timelines, technical, and managerial documentation to support reporting to Designating Approving Authority and TMA management.

Conduct Ports and Protocols audits in compliance with DoD policy, directives, and guidance.

Contact this candidate