Profiles search
Vance H. CISSP, CISA
CISO at U.S. Office of Special Counsel
Culpeper, VA, United States
Details
Experience:
Oversee the development of long-range plans for IT security systems, agency-wide, that anticipate, identify, evaluate, mitigate, and minimize risks associated with IT systems vulnerabilities.
Coordinate the implementation of security programs across platforms and establishes vulnerability criteria.
Recommend modifications and solutions for reducing IT security risks and developing strategies for responding to future IT security challenges.
Oversee the implementation of higher-level security requirements, such as those resulting from laws, regulations, or Presidential directives.
Ensure the confidentially, availability and integrity of IT systems through full compliance with the Federal Information Security Modernization Act, related NIST standards, and agency IT security policies and standards.
Provide supervisory leadership and direction to assigned subordinate federal staff, as well as guiding and directing contractors.
Perform hands-on configuration, deployment, and support of IT systems.
Develop operating policies, guidelines, and standards for the planning, development, integration, implementation, and evaluation of information technology security systems.
Support a Cloud environment life cycle, including infrastructure, IT Service Management, acquisition/procurement.
2022 : Present
U.S. Office of Special Counsel
Chief Information Security Officer (CISO)
Identify and mitigate IT system vulnerabilities through testing, audits, and network assessments. Evaluate new IT systems and products to determine their supportability and impact on IT security and the network. Create system security contingency plans and data recovery procedures. Develop a variety of system compliance documentation and similar reports on network security compliance for delivery to management. Collaborate with end users to understand their technical needs and identifying areas where there may be security vulnerabilities. Prepare and deliver training to end users on information security requirements. Evaluate systems for risk based on the NIST Risk Management Framework 800-37. Ensuring system compliance with all relevant Federal laws and statutes including FISMA, OMB circular A-130, and all Binding Operational Directives
2021 : 2022
U.S. Office of Special Counsel
Senior IT Specialist (INFOSEC)
Plan and carry out an organization’s information security strategy. Develop a set of security standards and best practices for the organization, and recommend security enhancements to management as needed. Develop strategies to respond to and recover from a security breach. Responsible for educating the workforce on information security through training and building awareness.
Develops, manages and communicates organizational security policies and standards to protect company systems and assets
Designs, establishes and recommends security strategy
Documents, reviews, maintains and edits security best practices and policies
Communications and collaborates with IT team to maintain equipment and optimize security of system architecture
Update the annual security training to include information on what employees should do if they encounter an active cybersecurity attack or data breach
Perform regular phishing and social engineering tests on the Funds’ user base to determine how well the annual security training is working and whether more frequent security training updates are required
Create a Fund-specific Incident Response Plan and test it with a variety of simulated cybersecurity incidents such a ransomware attack, a computer virus, a compromised credential, and a data breach to validate the plan will be effective.
Identify the Funds’ critical business processes and ensure they are considered when determining system restoration order in the Disaster Recovery Plan, Business Continuity Plan, and Incident Response Plan.
Formally document the many processes and activities that keep the Funds safe yet are overly reliant on individual staff knowledge.
Experience planning, researching and developing security policies, standards and procedures
2021 : 2021
IAM Pension Fund
Information Security Engineer
Design, plan, and implement security controls to protect data, networks, and computer systems. Prevent organizational data loss and service interruptions. Monitor networks to detect any suspicious or hostile activities, and apply measures to defend against malicious attacks on the systems.
Helped to achieve CoSN’s Trusted Learning Environment Seal
Generate and review sensitive logs and reports.
Receive and clear Sophos alerts and update the Sophos agent software on all computers
Upgrade systems to enable security software
Install and upgrade antivirus software
Test and evaluate new technology
Analyze IT requirements and provide guidance on the use of IT security requirements
2020 : 2021
Chesterfield County Public Schools
Network Security Analyst
Responsible for supporting and maintenance of NIST 800-53 and FISMA accredited systems. Support continuous security monitoring of FAA systems while maintaining system accreditation documentation in FAA System tracking databases supporting regular security inspections. Responsible for system security support for the National Airspace System (NAS) within the Federal Aviation Administration (FAA). Provide analysis and remediation of flaws uncovered by continuous
monitoring team. Maintain and remediate vulnerabilities identified in risk assessments and audits. Act as the organization’s Facility Security Officer (FSO), responsible for creating a secure environment for employees, vendors, and visitors. Developed and updated System Characterization Document (SCD), System Security Plan (SSP), and Information System Contingency Plan and Test Plan (ISCP). Document and update Plan of Action and Milestones (POAM).
2018 : 2020
Concept Solutions, LLC
Security and Infrastructure Lead
Coordinate the implementation of security programs across platforms and establishes vulnerability criteria.
Recommend modifications and solutions for reducing IT security risks and developing strategies for responding to future IT security challenges.
Oversee the implementation of higher-level security requirements, such as those resulting from laws, regulations, or Presidential directives.
Ensure the confidentially, availability and integrity of IT systems through full compliance with the Federal Information Security Modernization Act, related NIST standards, and agency IT security policies and standards.
Provide supervisory leadership and direction to assigned subordinate federal staff, as well as guiding and directing contractors.
Perform hands-on configuration, deployment, and support of IT systems.
Develop operating policies, guidelines, and standards for the planning, development, integration, implementation, and evaluation of information technology security systems.
Support a Cloud environment life cycle, including infrastructure, IT Service Management, acquisition/procurement.
2022 : Present
U.S. Office of Special Counsel
Chief Information Security Officer (CISO)
Identify and mitigate IT system vulnerabilities through testing, audits, and network assessments. Evaluate new IT systems and products to determine their supportability and impact on IT security and the network. Create system security contingency plans and data recovery procedures. Develop a variety of system compliance documentation and similar reports on network security compliance for delivery to management. Collaborate with end users to understand their technical needs and identifying areas where there may be security vulnerabilities. Prepare and deliver training to end users on information security requirements. Evaluate systems for risk based on the NIST Risk Management Framework 800-37. Ensuring system compliance with all relevant Federal laws and statutes including FISMA, OMB circular A-130, and all Binding Operational Directives
2021 : 2022
U.S. Office of Special Counsel
Senior IT Specialist (INFOSEC)
Plan and carry out an organization’s information security strategy. Develop a set of security standards and best practices for the organization, and recommend security enhancements to management as needed. Develop strategies to respond to and recover from a security breach. Responsible for educating the workforce on information security through training and building awareness.
Develops, manages and communicates organizational security policies and standards to protect company systems and assets
Designs, establishes and recommends security strategy
Documents, reviews, maintains and edits security best practices and policies
Communications and collaborates with IT team to maintain equipment and optimize security of system architecture
Update the annual security training to include information on what employees should do if they encounter an active cybersecurity attack or data breach
Perform regular phishing and social engineering tests on the Funds’ user base to determine how well the annual security training is working and whether more frequent security training updates are required
Create a Fund-specific Incident Response Plan and test it with a variety of simulated cybersecurity incidents such a ransomware attack, a computer virus, a compromised credential, and a data breach to validate the plan will be effective.
Identify the Funds’ critical business processes and ensure they are considered when determining system restoration order in the Disaster Recovery Plan, Business Continuity Plan, and Incident Response Plan.
Formally document the many processes and activities that keep the Funds safe yet are overly reliant on individual staff knowledge.
Experience planning, researching and developing security policies, standards and procedures
2021 : 2021
IAM Pension Fund
Information Security Engineer
Design, plan, and implement security controls to protect data, networks, and computer systems. Prevent organizational data loss and service interruptions. Monitor networks to detect any suspicious or hostile activities, and apply measures to defend against malicious attacks on the systems.
Helped to achieve CoSN’s Trusted Learning Environment Seal
Generate and review sensitive logs and reports.
Receive and clear Sophos alerts and update the Sophos agent software on all computers
Upgrade systems to enable security software
Install and upgrade antivirus software
Test and evaluate new technology
Analyze IT requirements and provide guidance on the use of IT security requirements
2020 : 2021
Chesterfield County Public Schools
Network Security Analyst
Responsible for supporting and maintenance of NIST 800-53 and FISMA accredited systems. Support continuous security monitoring of FAA systems while maintaining system accreditation documentation in FAA System tracking databases supporting regular security inspections. Responsible for system security support for the National Airspace System (NAS) within the Federal Aviation Administration (FAA). Provide analysis and remediation of flaws uncovered by continuous
monitoring team. Maintain and remediate vulnerabilities identified in risk assessments and audits. Act as the organization’s Facility Security Officer (FSO), responsible for creating a secure environment for employees, vendors, and visitors. Developed and updated System Characterization Document (SCD), System Security Plan (SSP), and Information System Contingency Plan and Test Plan (ISCP). Document and update Plan of Action and Milestones (POAM).
2018 : 2020
Concept Solutions, LLC
Security and Infrastructure Lead
Company:
U.S. Office of Special Counsel
About
Extremely motivated and detail-oriented IT professional with excellent qualifications in information security, FISMA, NIST, network/system administration, project management and audit. Proven ability to train and mentor end users and colleagues in maximizing functions of technology services. Offer exceptional problem-solving skills, designing and implementing highly effective IT solutions to ensure optimal productivity. Solid background of achievement coordinating and leading large-scale implementation projects. Demonstrated talent for communicating complex technical data to non-technical audiences.
Profile Photo
