Profiles search

Elizabeth Foster

Cybersecurity Consultant - CMMC (Registered Practitioner), Certified CMMC Professional (CCP), FedRAMP, ISO 27001
Chantilly, VA, United States

Details

Education: a Bachelor's Degree

Computer Networking

Strayer University

2004
Experience: * Provide support with FedRAMP with either developing the security documentation for the cloud service provider or assisting the 3PAO with assessments.

*Assist commercial firms with implementing and implementing CMMC, FedRAMP, DFARS, ISO, FISMA, HIPAA, SOC, and NIST SP 800-171 compliance requirements. This includes developing and documenting policies, procedures, system documentation (e.g., incident response, contingency plan, configuration management, system security plan, etc.) and providing security engineering support.

* Assist federal and local government agencies with meeting NIST SP 800-53.

* Assist non-profit, civil agencies and commercial organizations with implementing their organization's security framework by using guidance and requirements from NIST, FISMA, HIPAA, FedRAMP, SOC, etc.

*Evaluate the security design for applications and networks. Work within the team to designs, test, and implements state-of-the-art system security architecture.

* Responsible for conducting security and risk assessment activity.

* Work with clients on accomplishing predefined objectives and strategies as defined in the statement of work.

2011 : Present

Various Companies - Consulting

Independent Cybersecurity Consultant

* Provide security engineering support to ensure security requirements (e.g., CNSSI 1253, ICD 503, DOD 8500 (series) and NIST) are properly deployed into an information system.

*Participate in all phases of the DOD certification & accreditation (C&A) process.

* Participate in configuration management activities. This consists of evaluating system modification to determine potential vulnerabilities and providing risk mitigation strategies and ensuring all security documentation is current.

2010 : 2011

Argotek

Information System Security Engineer (ISSE)

*Evaluate and document the security framework for applications and network architecture.

*Evaluate and provide recommendations for the security design for applications and networks.

*Document the existing threat modeling for applications

*Analyze requirements for security aspects of enterprise-wide infrastructures.

* Work within the team to designs, test, and implements state-of-the-art secure operating systems, networks, and database products.

* Responsible for conducting security assessments and monitoring how NIST IA security controls are implemented and maintained.

* Assist federal agencies with determining Federal Information Security Management Act (FISMA) compliance level.

* Assist clients with analyzing, implementing and/or enhancing their information system security policies, standards, and processes.

* Develop various forms of security documentation in support of Risk Management Framework.

* Responsible for managing teams that deploy within the continental United States that conduct a security assessment for federal government agencies.

* Work with clients on accomplishing predefined objectives and strategies as defined in the statement of work.

2008 : 2010

Various Companies - Consulting

Information Assurance Consultant

* Work with US Army program managers, system developers and engineers to define security requirements for systems that will be used to support various government entities. This also includes briefing government representatives on the new technology and the security that will be used.

* Draft enterprise security standards and guidelines for system configuration.

* Responsible for utilizing various security tools (e.g., Retina, SECSCAN, WASSP, DISA Scripts etc) to evaluate the security posture of an information system.

2007 : 2008

SNS One

SR System Security Specialist

* Assist organizations with meeting all FISMA compliance requirements.

* Perform network and host based scans using vulnerability assessment tools. These security tools consist of Retina, Harris Stat, Nessus, CIS Benchmark tools, Microsoft Baseline Security Analyzer, DISA Scripts and Gold Disk etc.

2005 : 2007

Consulting - Various Companies

Consultant
Company: Various Companies - Consulting
Years of Experience: 35

Skills

Amazon Web Services (AWS), Business Strategy, C, Christianity, CISSP, Cloud Computing, cloud security , Computer Security, DIACAP, DoD, Enterprise Architecture, Entrepreneurship, FedRAMP, Firewalls, FISMA, Government, IaaS security , IC, IDS, Information Assurance, Information Security, Information Security Management, Information Technology, Integration, IV&V, Leadership, Military, Networking, Network Security, NIST, Policy and procedure development, Program Management, Risk Assessment, Risk Management, Risk Management Framework , RMF, SaaS security , Security, Security Awareness, Security Clearance, Software Documentation, ST&E, Systems Engineering, u.s. department of defense, Veterans, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning, Policy and procedure

About

• Provide hands-on security engineering and compliance advisory services to federal, commercial, and non-profit organizations on various security frameworks including FedRAMP, CMMC, ISO, and SOC. The support includes the following services.

o Assist with audit readiness by conducting a gap analysis.

o Provide interpretation on security control implementation and requirements.

o Develop all security documentation (e.g., system security plan, policies, procedures, plan of action & milestones, incident response plan, contingency plan, etc.) required by the security framework and clients.

o Utilize vulnerability assessment tools to evaluate the security posture of an information system.

o Assist with continuous monitoring support.

o Conduct risk management activity.

• Perform independent security assessment support as part of an independent auditor's team.