William Reed
Details
Information Technology
Western Governors University
2015 : 2020
Heartland Business Systems
Senior Information Security Consultant
• Assess all applicable security controls defined in the mandated DHS Compliance Tool and applicable to the systems under their purview
• Assess the completeness and accuracy of the FIPS-199, Privacy Threshold Analysis (PTA), E- Authentication, Contingency Plans (CPs), Contingency Plan Tests (CPTs), Security Plans (SPs), and Security controls leveraging 800.53A test cases
• Develop the Risk Assessment (RA) Package documentation to include Security Assessment Reports (SAR), ATO Letters, ATO Recommendation Memo, Risk Assessment Memos, CFO Designation Memo, POA&M finding matrices, Executive Data Sheet (EDS), OA artifacts (as applicable)
• Ensure risk assessment results are documented completely and accurately in the mandated DHS Compliance Tool at the operating system, application, and database levels.
• Review POA&M closure and waiver packages in accordance with the IAD POA&M Standard Operating Procedures.
• Review RFC or upgrades and provide recommendation on whether this will result in major or minor changes and overall cybersecurity impact and utilize IAD tool for tracking of changes.
• Conduct, evaluate, and analyze vulnerability results from ATO assessments, penetration tests, and vulnerability scans; create POA&M Matrices from results.
• Execute responsibilities as outlined in the RA and OA Standard Operating Procedures and assist the policy manager in the review of these, and other SOP-related processes for updates.
• Provide recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.
• Review team Weekly Status Report (WSR) for quality and accuracy – consolidate for mini team
• Lead findings meeting and prepare results for security controls assessments, penetration tests, and vulnerability scans
• Provide Cross Task Areas support as required
2022 : 2022
Zermount, Inc.
Sr. Security Risk Assessor
• Develop metrics and communicate the compliance posture and effectiveness to Management on a scheduled basis.
• Conduct Security Assessment and Authorization (A&A) document reviews of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Configuration Management Plans, Contingency Plans, Security Categorization (FIPS-199) and other documents as required ensuring that applicable requirements are identified and documented
• Conduct comprehensive security controls assessments (SCA) that determine the condition of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls
• Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions and or controls to address identified vulnerabilities.
• Prepare and submit the security authorization package to the Authorizing Official (AO)
• Gather data, analyze compliance and report results on the condition and progress of the IT Cybersecurity Program, POA&Ms, A&A workflow tools data, FISMA compliance requirements, and ATO packages.
• Provide POA&M management, coordinating with ISSMs and ISSOs to ensure timely mitigation and sufficient artifacts to support closure.
• Track mitigation steps and ensure that risks are managed appropriately and in a timely manner.
• Review and analyze metrics and security reports on a regular basis (e.g. daily, weekly, monthly, etc.).
• Develop and report weekly on statuses of all activities and systems within the agency’s system inventory.
• Support Ongoing Authorization (OA) by assisting the ISSO’s and ISSM’s with the review of the security controls on the agency’s defined timeframes.
2021 : 2022
Zermount, Inc.
IT Cybersecurity Compliance Specialist
Senior cybersecurity compliance specialist for TSA information systems. Responsible for conducting compliance monitoring to assist TSA in completing Monitoring step of the RMF cycle for all of TSA systems.
• Researches major obstacles related to the ever-changing DHS FISMA requirements, which customer will need to overcome on a weekly, monthly, and yearly basis.
• Tracks customer information system weakness remediation efforts using the appropriate processes, ATO expirations, Information Security Vulnerability Management (ISVM) compliance, DHS Performance Plan requirements, DHS Scorecard requirements, audit efforts, and CDM support efforts.
• Creates dashboards, tracking, and monitoring tools as required for, but not limited to the following items : High Valued Assets, ISVMs, Plan of Action & Milestones (POA&Ms), and system scores.
• Ensures information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. Supports customers at the highest levels in the development and implementation of processes.
2021 : 2021
Zermount, Inc.
Sr. Compliance Specialist
• Served as the Senior Manager for an enterprise service desk providing virtual desktop infrastructure (VDI) services to global stakeholders enabling real-time full-motion video for global distributed processing, exploitation, and dissemination operations
• Responsible for the technical oversight and professional development for over 75 system administrators and desktop support specialists in a 24/7 3-tiered service desk
2020 : 2021
US Army
Sr IT Services Director
Skills
Compliance Management, Computer Hardware, Computer Networking, Computer Network Operations, Contingency Planning, Critical Thinking, Customer Service, Cyber Defense, Cybersecurity, Cybersecurity Compliance, Cybersecurity Incident Response, Cyber Security Risk, Information Security, Information Technology, Infrastructure, Integration, ISSO, IT Director, ITIL, IT Management, IT Operations, IT Security Assessments, IT Service Management, IT Strategy, Leadership, Linux, Management, Microsoft Project, Military Operations, Network Administration, Network Security, Payment Card Industry Data Security Standard (PCI DSS), POA&M Management, Project Management, Risk Assessment, Risk Management, Security, Security Audits, Security Controls Assessment, Security Policy, SOC 2, System Administration, Technical Support, Troubleshooting
About
As a Senior Information Security Consultant at Heartland Business Systems, I provide cybersecurity solutions and services to clients across various industries and sectors. I have more than 24 years of experience in information technology, with a focus on network and systems administration, IT services management, cybersecurity, leadership, and project management.
My core competencies include cybersecurity incident response, cyber security risk assessment and mitigation, and compliance. I have multiple certifications such as CISSP, PCIP, Security+, A+, and Network+. I am passionate about helping clients secure their data and systems to achieve their business objectives. My mission is to leverage my expertise and skills to deliver high-quality and value-added cybersecurity consulting and support.
Profile Photo
