Profiles search
Paul Brouse
Senior Information Security Engineer CISSP, CEH, CHFI, Pen Test+, CySA+, Sec+, A+, Net+, Project+, ITILv3, CIW SDA
Lorton, VA, United States
Details
Experience:
Independent consultant conducting different tasks that include risk assessments, vulnerability assessments, cloud security assessments, research and development on Blockchain solutions.
2021 : Present
KSE Consulting Group LLC.
Senior Information Security Engineer Consultant
• Responsibilities include performing tasks related to Assessment & Authorization (A&A) and cybersecurity functions to obtain and maintain Authorizations to Operate for assigned DoD systems (i.e., applications, networks, devices).
• Work as a part of a team developing recommended courses of action needed to transition current policies and procedures into alignment with the Risk Management Framework.
• Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs
• Developing, updating, and/or reviewing system RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&M), and Risk Assessment Reports
• Assessing system compliance against NIST and DoD security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Providing solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge
• Coordinating with other system Subject Matter Experts to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
• Producing evidence as necessary to support compliance status of NIST, and DoD security requirements
• Work with system administrators, engineers, and developers to update system/site policies, procedures, and process guides
• Actively participating in working group meetings to identify, plan, and execute strategies in response to emerging cybersecurity/RMF policies
• Attending and participating in regular A&A status meetings to facilitate progress and address potential issues of RMF system efforts
• Submitting weekly reports to organizational leadership regarding system/program status
2020 :
Business Integra Inc
Information Assurance Risk Management Framework Engineer
Buy, sell, and rent homes
2004 :
Northern Virginia Homes
Licensed Realtor
Local SEO, video creation and marketing, website development, affiliate marketing and Social media marketing.
2008 :
PB Consulting Solutions
Local Seo/Video creation and marketing/website development specialtist/Social Media Marketer
• Conduct independent verification and validation for POA&M management.
• Develop and document policies, procedures, standards and guidelines for the POA&M management team.
• Review technical security controls to ensure the controls meet NIST 800-53 requirements.
• Provide continuous monitoring support for information systems in accordance to FISMA guidelines.
• Document findings in the SAR and the POA&Ms.
• Meet with client to discuss findings and process of remediation.
• Supports the Assessment and Authorization process of the clients’ systems as a Security Analyst.
• Conduct IT risk assessment to identify system threats, vulnerabilities and risk, and generate reports.
• Analyze and suggest updates to information security system documentations, including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices.
• Review authorization documentation for completeness and accuracy for compliance.
• Execute examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
• Ensure cyber security policies are adhered to and that required controls are implemented.
• Validated information system security plans to ensure NIST control requirements are met.
• Assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements.
• Review security logs to ensure compliance with policies and procedures and identifies potential anomalies.
• Analyze vulnerability and compliance scans and provide explanation on what the findings mean to the stake holder.
• Train personnel on the proper way of assessing controls; primarily controls that require great deal of technical understanding.
• Update and close Remedy Case tickets for POA&M management.
• Update and close ServiceNow tickets for POA&M management.
2019 : 2020
PRISM
Senior POA&M Manager/Security Control Assessor
2021 : Present
KSE Consulting Group LLC.
Senior Information Security Engineer Consultant
• Responsibilities include performing tasks related to Assessment & Authorization (A&A) and cybersecurity functions to obtain and maintain Authorizations to Operate for assigned DoD systems (i.e., applications, networks, devices).
• Work as a part of a team developing recommended courses of action needed to transition current policies and procedures into alignment with the Risk Management Framework.
• Conducting risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs
• Developing, updating, and/or reviewing system RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&M), and Risk Assessment Reports
• Assessing system compliance against NIST and DoD security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Providing solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge
• Coordinating with other system Subject Matter Experts to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
• Producing evidence as necessary to support compliance status of NIST, and DoD security requirements
• Work with system administrators, engineers, and developers to update system/site policies, procedures, and process guides
• Actively participating in working group meetings to identify, plan, and execute strategies in response to emerging cybersecurity/RMF policies
• Attending and participating in regular A&A status meetings to facilitate progress and address potential issues of RMF system efforts
• Submitting weekly reports to organizational leadership regarding system/program status
2020 :
Business Integra Inc
Information Assurance Risk Management Framework Engineer
Buy, sell, and rent homes
2004 :
Northern Virginia Homes
Licensed Realtor
Local SEO, video creation and marketing, website development, affiliate marketing and Social media marketing.
2008 :
PB Consulting Solutions
Local Seo/Video creation and marketing/website development specialtist/Social Media Marketer
• Conduct independent verification and validation for POA&M management.
• Develop and document policies, procedures, standards and guidelines for the POA&M management team.
• Review technical security controls to ensure the controls meet NIST 800-53 requirements.
• Provide continuous monitoring support for information systems in accordance to FISMA guidelines.
• Document findings in the SAR and the POA&Ms.
• Meet with client to discuss findings and process of remediation.
• Supports the Assessment and Authorization process of the clients’ systems as a Security Analyst.
• Conduct IT risk assessment to identify system threats, vulnerabilities and risk, and generate reports.
• Analyze and suggest updates to information security system documentations, including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices.
• Review authorization documentation for completeness and accuracy for compliance.
• Execute examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.
• Ensure cyber security policies are adhered to and that required controls are implemented.
• Validated information system security plans to ensure NIST control requirements are met.
• Assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements.
• Review security logs to ensure compliance with policies and procedures and identifies potential anomalies.
• Analyze vulnerability and compliance scans and provide explanation on what the findings mean to the stake holder.
• Train personnel on the proper way of assessing controls; primarily controls that require great deal of technical understanding.
• Update and close Remedy Case tickets for POA&M management.
• Update and close ServiceNow tickets for POA&M management.
2019 : 2020
PRISM
Senior POA&M Manager/Security Control Assessor
Company:
KSE Consulting Group LLC.
Profile Photo
