Bruce J.
Details
Information Assurance
Capitol Technology University
2006 : 2008
2010 : Present
FRTIB
Information Security Program Manager
Teaching Incident Response and Disaster Recovery / BCP, as well as Vulnerability Mitigation.
2009 :
Capitol College
Adjunct Faculty
2010 : 2013
Capitol College
Adjunct Faculty
1. Security Team Lead at the Federal Retirement Thrift Investment Board
2. FISMA Compliance
3. IPv6 IA SME
Security Team Lead Responsibilities include :
* Formation of a security team to address FISMA compliance issues and perform continuous monitoring
* Architectural design recommendations and technical security reviews
* On-going Risk Assessment & POA&M
* Policy creation
* Incident response capability
* DNSSEC
* FDCC
Consultant & FISMA Compliance Responsibilities :
* Review and updates of Certification and Accreditation packages for various Government organizations
* Independent Validation and Verification (IV&V) of system security of General Support Systems and Major Applications
IPv6 IA Responsibilities :
* Review of Risks associated with IPv6 Implementation and transition strategies
* Completion of Risk Assessment document
2007 : 2010
Serco North America
Security Lead & Sr Principal Security Engineer
ISSO for two Major Applications : Certification and Accreditation (C&A) duties included NIST based security control testing, change management control (CMC), risk assessment (RA), Plans of Action and Milestones (POAM) management, FISMA Compliance tracking, and Interconnection Service Agreements (ISAs.) Also revised System Security Plans, POAMs, and Contingency Plan documents.
Other ISSO duties included supporting the implementation of system specific security controls, system monitoring and log analysis, development of systems auditing processes and strategy development, consistent with regulatory requirements, NIST, and FISMA standards. Also monitored vulnerability notices from vendors, security agencies, and governmental CERTs and advised the Information Systems Security Manager on the best response or remediation strategies available.
2006 : 2007
First information Technology
ISSO
Skills
CEH, Certified Novell Engineer, CISA, CISSP, CNE, Computer Security, Cyber Security, Disaster Recovery, DoD, eDirectory, Ethical Hacking, Firewalls, FISMA, Incident Response, Information Assurance, Information Security, Information Security Management, Information Technology, Network Security, NIST, Novell Netware, Physical Security, Risk Assessment, Risk Management, Security, Security+, Security Clearance, Vulnerability Assessment
About
I am an Information Assurance (Security) Professional and Network Systems Engineer with seventeen years experience. My current areas of specialization include Security Architecture, Risk Management, and FISMA compliance (based on FIPS 199 & FIPS 200, and on NIST 800-53, 800-18, 800-34, 800-30, 800-37, and 800-39, et al.) My security experience includes NIST based Certification and Accreditation (C&A) (based on 800-18, 00-30, & 800-37), security controls assessment based on the 800-53a, support for System Development Life Cycle (SDLC) security architecture, and independent assessments of security documents, including System Security Plans, Incident Response Plans, Contingency Plans, and Plans of Action & Milestones (POA&Ms.) I have served as an Information Systems Security Officer (ISSO) at both US Customs and Border Protection (CBP) and at Department of Homeland Security (DHS) headquarters. I have also served as an IA manager at Census. I am currently the Information Security Program Manager and ISSM at the Federal Retirement Thrift Investment Board. I hold a Masters degree in Information Assurance (MS IA) and five security related industry certifications.
Specialties: Information Assurance, Certification & Accreditation, Ethical Hacking, Security Architecture, Risk Management, and FISMA compliance.
Security Certifications:
CISSP, CISA, CRISC, CFCP, CEH