Profiles search
Steve Brady
Information Security Engineer at Electrosoft
Herndon, VA, United States
Details
Experience:
Steve has led security assessment activities for several Federal agencies, including the Administration of Aging (AoA), USPTO, the National Gallery of Art, the Department of the Treasury, and various private-sector organizations, in accordance with NIST SP 800-53A, as a part of the Risk Management Framework described in NIST SP 800-37 Rev.1. These assessments were to ensure that the systems met minimum security requirements. Activities included interviewing the System Owners and supporting staff, reviewing documentation, and testing security controls to ensure that security controls were implemented correctly and working as intended.
He has supported several private companies with the efforts to obtain FedRAMP provisional Authorizations to Operate (pATOs). This includes pre-assessment document creation as well as the actual FedRAMP 3PAO assessment. The documents created in preparation of an assessment include the SSP, PTA/PIA, Configuration Management Plan, Incident Response Plan, Continuous Monitoring Strategy, e-Authentication Plan, FIPS 199 Categorization, and Rules of Behavior.
He has led the assessment of the PIV Card issuance process of various Federal agencies, including NASA, the FAA, and USPTO to ensure compliance with Homeland Security Presidential Directive (HSPD) 12 and FIPS 201-1.
He assisted with updating several NIST Special Publications so that they are compliant with the recent release of Federal Information Processing Standard 201-2. This included updated NIST SPs 800-73 (Parts 1, 2 and 3), 800-85A, 800-85B and 800-79.
Supported annual audits of the Department of Treasury’s Shared Service Provider (SSP) Public Key Infrastructure (PKI) environment. The purpose of this audit was to ensure that the certificate policies, certification practices statements and operations in place are compliant with the Federal Bridge PKI policies and provide an appropriate amount of assurance of the binding of a certificate to an entity.
2011 : Present
Electrosoft
Information Security Engineer
He has supported several private companies with the efforts to obtain FedRAMP provisional Authorizations to Operate (pATOs). This includes pre-assessment document creation as well as the actual FedRAMP 3PAO assessment. The documents created in preparation of an assessment include the SSP, PTA/PIA, Configuration Management Plan, Incident Response Plan, Continuous Monitoring Strategy, e-Authentication Plan, FIPS 199 Categorization, and Rules of Behavior.
He has led the assessment of the PIV Card issuance process of various Federal agencies, including NASA, the FAA, and USPTO to ensure compliance with Homeland Security Presidential Directive (HSPD) 12 and FIPS 201-1.
He assisted with updating several NIST Special Publications so that they are compliant with the recent release of Federal Information Processing Standard 201-2. This included updated NIST SPs 800-73 (Parts 1, 2 and 3), 800-85A, 800-85B and 800-79.
Supported annual audits of the Department of Treasury’s Shared Service Provider (SSP) Public Key Infrastructure (PKI) environment. The purpose of this audit was to ensure that the certificate policies, certification practices statements and operations in place are compliant with the Federal Bridge PKI policies and provide an appropriate amount of assurance of the binding of a certificate to an entity.
2011 : Present
Electrosoft
Information Security Engineer
Company:
Electrosoft
About
Steve has 4 years of experience participating in and leading several types of information security-related assessments, including FISMA, HSPD-12/PIV, PKI, and Kantara Identity Management. He is also a part of the team that is updating NIST Special Publications to address the recent publication of FIPS 201-2.
Profile Photo
