Profiles search
Bryan Smith
Cybersecurity Professional
United States
Details
Experience:
– Army Major Command (MACOM) Staff level position.
– Performs customer service responsibilities while embedded within subordinate USAREUR Network Enterprise Centers (NEC) or Major Subordinate Commands (MSC).
– Assists customers by ensuring A&A Enterprise Mission Assurance Support Service (eMASS) packages are prepared and maintained in accordance with DoDI 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT).
– Enters and verifies systems in Army Portfolio Management System (APMS) and processes individual accreditation packages within eMASS.
– Collects artifacts and develops / refines System Security Plans, Concept of Operations (CONOPS), System Integration Plans, Contingency Plans, Disaster Recovery Plans, Standard Operating Procedures (SOPs), Tactics, Techniques and Procedures (TTPs) and security policy as needed to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication 800-53 and Committee on National Security Systems Instruction (CNSSI) 1253.
– Ensures requirements for all A&A Cybersecurity Controls are addressed/satisfied and prepares RMF packages for final submission to the Authorizing Official (AO) for Authorization to Operate (ATO) processing.
– Performs pre-validation Testing & Evaluation (T&E) evaluations in order to validate local Information Assurance (IA) policy and compliance with DoD regulations, Security Technical Implementation Guides (STIGs) and Best Business Practices (BBP).
– Assesses and evaluates severity of risk while performing Security Control Assessor – Validator (SCA-V) duties as member of USAREUR G6 RMF T&E assessment teams.
– Assists customers in the development of Authority to Connect (ATC) packages for connection of Program Management (PM) systems to the USAREUR NIPR/SIPR enterprise networks and RMF Assess Only packages for NETCOM utilization approval of above-baseline software.
2016 : Present
General Dynamics Information Technology
Principal Information Security Analyst - Security Control Assessor / Validator
- Command-level ISSM; supported Chief Information Security Officer in execution of cybersecurity duties/responsibilities
- Interpreted Defense Intelligence Agency and Intelligence Community security directives; developed, implemented, maintained and enforced risk-based, cost-effective security policy; established procedures for detecting, reporting, and responding to security incidents; ensured confidentiality, integrity and availability of information resources while meeting mission goals and objectives.
- Performed Assessment and Authorization (A&A) / Certification and Accreditation (C&A), risk assessment, risk mediation, security configuration review and security testing in accordance with ICD-503’s risk management framework on DoDIIS systems.
- Ensured information security controls meet NIST 800-53 standards.
- Maintained and tracked A&A/C&A status of all assigned Intelligence, Surveillance and Reconnaissance (ISR) systems/sites within the Xacta Information Assurance Manager assessment engine.
- Developed and maintained RMF artifacts in support of System Security Plans (SSPs) such as Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM) Plan of Action and Milestone (POA&M).
- Reported and maintained information assurance security metrics as defined by the Federal Information Security Management Act (FISMA).
- Identified system vulnerabilities, executed automated security scans, analyzed and interpreted output utilizing automated security tools such as Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS) and ArcSight Logger.
- Tested and evaluated effectiveness of information security policies, procedures, and practices; performed security program reviews of subordinate units to ensure policy compliance; established and maintained processes for planning, implementing, evaluating, and documented remedial actions to address deficiencies.
2012 : 2016
HQ USAFE-AFAFRICA
Information System Security Manager
- Performed Windows Security Log and Unix System Log (SysLog) audit reviews and archives.
- Conducted vulnerability assessments with sanctioned DoD security tools - hands-on experience with Windows Automated Security Scanning Program (WASSP) and Unix based Security Scanner (SECSCAN).
- Developed and drafted Plan of Action and Milestones (POAM).
- Performed risk assessments and security configuration reviews.
- Drafted and maintained short-form System Security Authorization Agreements (SSAA).
- Collected and input data for baseline inventories of Information Technology (IT) hardware and operating systems.
- Collected data for, drafted and maintained Tempest Addendum to the Fixed Facility Checklist.
- Conducted investigations of incidents involving loss, compromise, inadvertent disclosure or mismanagement of classified data, recommended corrective measures to prevent recurrence, briefed results to local chain of command and reported deviations to higher headquarters.
- Responded to, contained, sanitized, and reported on malicious code (computer virus) activity.
- Performed TEMPEST inspections.
- Engineered and implemented solutions for unique system security implementations; drafted Exception to Policy documents; coordinated and authored Service Level Agreements (SLA)
- Interpreted Department of Defense and Air Force security directives and provided guidance, assistance and training to users.
2010 : 2012
General Dynamics Information Technology
Information System Security Officer
- Performed technical tasks consisting of system integration, diagnostic testing and repair, calibration, installation, configuration, operation and upgrade of laptop, desktop, thin client, Voice Over Internet Protocol (VOIP) and desktop Video Teleconference (VTC) systems.
- Provided technical guidance and expertise for staging, movement and upgrade of the Information Technology (IT) systems during initial fielding and/or deployment.
- Performed associated technical tasks of installation, configuration, diagnostic testing and upgrading software and firmware.
- Troubleshot and resolved network connectivity issues, hardware/software issues, remote access issues, configuration issues, login issues and user account issues.
- Provided IT hardware maintenance (break/fix) and support.
- Configured and monitored hardware and software for system operation, data flow control, and client-server multi-user support.
- Responded to trouble calls and performed micro-computer fault isolation and restoration actions.
- Controlled, managed and inventoried IT resources.
- Coordinated and performed preventive maintenance.
- Deployed to remote locations with customers and performed on-site maintenance support functions.
2006 : 2010
General Dynamics Information Technology
Senior Systems Engineer
- Performed system administrator functions on Solaris-based Global Command and Control Systems - Maritime (GCCS-M) servers at six separate Marine Corps installations
- Configured network and client/server connectivity for laptop workstations
- Maintained four deployable Intelligence and Analysis Systems (IAS) hardware/software suites consisting of communication servers, external RAID-array data storage systems, network routers and switches
- Performed Common Operating Picture (COP) Manager duties
- Conducted Command Control Personnel Computer (C2PC) and Intel Office (IO) application training
- Administered management and content routers for web-based intelligence data-mining tool
- Provided on-site garrison and deployment support
2005 : 2006
Computer Sciences Corporation
C4I System Analyst
– Performs customer service responsibilities while embedded within subordinate USAREUR Network Enterprise Centers (NEC) or Major Subordinate Commands (MSC).
– Assists customers by ensuring A&A Enterprise Mission Assurance Support Service (eMASS) packages are prepared and maintained in accordance with DoDI 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT).
– Enters and verifies systems in Army Portfolio Management System (APMS) and processes individual accreditation packages within eMASS.
– Collects artifacts and develops / refines System Security Plans, Concept of Operations (CONOPS), System Integration Plans, Contingency Plans, Disaster Recovery Plans, Standard Operating Procedures (SOPs), Tactics, Techniques and Procedures (TTPs) and security policy as needed to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication 800-53 and Committee on National Security Systems Instruction (CNSSI) 1253.
– Ensures requirements for all A&A Cybersecurity Controls are addressed/satisfied and prepares RMF packages for final submission to the Authorizing Official (AO) for Authorization to Operate (ATO) processing.
– Performs pre-validation Testing & Evaluation (T&E) evaluations in order to validate local Information Assurance (IA) policy and compliance with DoD regulations, Security Technical Implementation Guides (STIGs) and Best Business Practices (BBP).
– Assesses and evaluates severity of risk while performing Security Control Assessor – Validator (SCA-V) duties as member of USAREUR G6 RMF T&E assessment teams.
– Assists customers in the development of Authority to Connect (ATC) packages for connection of Program Management (PM) systems to the USAREUR NIPR/SIPR enterprise networks and RMF Assess Only packages for NETCOM utilization approval of above-baseline software.
2016 : Present
General Dynamics Information Technology
Principal Information Security Analyst - Security Control Assessor / Validator
- Command-level ISSM; supported Chief Information Security Officer in execution of cybersecurity duties/responsibilities
- Interpreted Defense Intelligence Agency and Intelligence Community security directives; developed, implemented, maintained and enforced risk-based, cost-effective security policy; established procedures for detecting, reporting, and responding to security incidents; ensured confidentiality, integrity and availability of information resources while meeting mission goals and objectives.
- Performed Assessment and Authorization (A&A) / Certification and Accreditation (C&A), risk assessment, risk mediation, security configuration review and security testing in accordance with ICD-503’s risk management framework on DoDIIS systems.
- Ensured information security controls meet NIST 800-53 standards.
- Maintained and tracked A&A/C&A status of all assigned Intelligence, Surveillance and Reconnaissance (ISR) systems/sites within the Xacta Information Assurance Manager assessment engine.
- Developed and maintained RMF artifacts in support of System Security Plans (SSPs) such as Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM) Plan of Action and Milestone (POA&M).
- Reported and maintained information assurance security metrics as defined by the Federal Information Security Management Act (FISMA).
- Identified system vulnerabilities, executed automated security scans, analyzed and interpreted output utilizing automated security tools such as Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS) and ArcSight Logger.
- Tested and evaluated effectiveness of information security policies, procedures, and practices; performed security program reviews of subordinate units to ensure policy compliance; established and maintained processes for planning, implementing, evaluating, and documented remedial actions to address deficiencies.
2012 : 2016
HQ USAFE-AFAFRICA
Information System Security Manager
- Performed Windows Security Log and Unix System Log (SysLog) audit reviews and archives.
- Conducted vulnerability assessments with sanctioned DoD security tools - hands-on experience with Windows Automated Security Scanning Program (WASSP) and Unix based Security Scanner (SECSCAN).
- Developed and drafted Plan of Action and Milestones (POAM).
- Performed risk assessments and security configuration reviews.
- Drafted and maintained short-form System Security Authorization Agreements (SSAA).
- Collected and input data for baseline inventories of Information Technology (IT) hardware and operating systems.
- Collected data for, drafted and maintained Tempest Addendum to the Fixed Facility Checklist.
- Conducted investigations of incidents involving loss, compromise, inadvertent disclosure or mismanagement of classified data, recommended corrective measures to prevent recurrence, briefed results to local chain of command and reported deviations to higher headquarters.
- Responded to, contained, sanitized, and reported on malicious code (computer virus) activity.
- Performed TEMPEST inspections.
- Engineered and implemented solutions for unique system security implementations; drafted Exception to Policy documents; coordinated and authored Service Level Agreements (SLA)
- Interpreted Department of Defense and Air Force security directives and provided guidance, assistance and training to users.
2010 : 2012
General Dynamics Information Technology
Information System Security Officer
- Performed technical tasks consisting of system integration, diagnostic testing and repair, calibration, installation, configuration, operation and upgrade of laptop, desktop, thin client, Voice Over Internet Protocol (VOIP) and desktop Video Teleconference (VTC) systems.
- Provided technical guidance and expertise for staging, movement and upgrade of the Information Technology (IT) systems during initial fielding and/or deployment.
- Performed associated technical tasks of installation, configuration, diagnostic testing and upgrading software and firmware.
- Troubleshot and resolved network connectivity issues, hardware/software issues, remote access issues, configuration issues, login issues and user account issues.
- Provided IT hardware maintenance (break/fix) and support.
- Configured and monitored hardware and software for system operation, data flow control, and client-server multi-user support.
- Responded to trouble calls and performed micro-computer fault isolation and restoration actions.
- Controlled, managed and inventoried IT resources.
- Coordinated and performed preventive maintenance.
- Deployed to remote locations with customers and performed on-site maintenance support functions.
2006 : 2010
General Dynamics Information Technology
Senior Systems Engineer
- Performed system administrator functions on Solaris-based Global Command and Control Systems - Maritime (GCCS-M) servers at six separate Marine Corps installations
- Configured network and client/server connectivity for laptop workstations
- Maintained four deployable Intelligence and Analysis Systems (IAS) hardware/software suites consisting of communication servers, external RAID-array data storage systems, network routers and switches
- Performed Common Operating Picture (COP) Manager duties
- Conducted Command Control Personnel Computer (C2PC) and Intel Office (IO) application training
- Administered management and content routers for web-based intelligence data-mining tool
- Provided on-site garrison and deployment support
2005 : 2006
Computer Sciences Corporation
C4I System Analyst
Company:
General Dynamics Information Technology
About
Motivated, focused and diligent. 20+ years cyber security experience. Active TS/SCI clearance. MAJCOM Information System Security Manager and Security Control Assessor - Validator experience: Develops information assurance security policy; conducts security program reviews; oversees Assessment and Authorization/Certification and Accreditation (A&A/C&A); performs A&A Test and Evaluation (T&E). Certified Information System Security Professional (CISSP)
Profile Photo
