Fredericksburg, Virginia, United States
Stacey Brooks, CEO and Founder of IBIGA, LLC, is a talented Information Security Manager who transitioned from the US Air Force to the Federal Government contractor sector. A highly motivated airman that committed over 20 years of achievements during Air Force career to provide dedicated service to an Information Assurance/Security position. IBIGA LLC qualifications include a Bachelors of Science degree and Certificate in Cyber Security at Champlain College (With Honors); cyber security certifications, comprehensive on-the-job training; and extensive experience in unclassified and classified network operations to include network management, control, information security, cyber security, and administration. Specialties: Cyber Security, Information System Security, and IT Security Audit/Risk Assessment
Bridge address backlog for security design reviews • Modernize and define security architecture practice (artifact library, processes) • Performs or supports security review engagements with agencies and vendors. • Evaluates agency and vendor solutions for compliance with state security standards. • Evaluates agency and vendor solutions for alignment with state approved security mitigations and approaches. • Escalate non-standard or non-compliant approaches to security architects and DCISO for evaluation and solution design options. • Act as security design review meeting facilitator managing dynamic situations based on OCS and project team needs including negotiating approaches during difficult and stressful situations. • Interact and collaborate with project teams ranging from technical staff to CIO/CISO and agency business representatives. • Identify security design review process enhancements to improve security, increase efficiency and better serve agency and WaTech stakeholders. o Perform timely and accurate security design reviews which includes, o Performing request triage to determine routing/handling/approach based on agency and OCS needs o Scheduling design review and workgroup meetings with agencies and vendors o Evaluating documentation for completeness and compliance based on applicable security standards o Holding meetings and conversations with agency and vendor stakeholders o Identifying and resolving complex security and compliance issues o Writing, updating, and contributing to compliance review summaries and other related documentation o Tracking and updating review progress o Creating metrics and associated reports used to measure the effeteness, scope, and timeliness of the review process • Execute a program-level assessment, aligned with NIST CSF (and by extension, CSA CCM, and other frameworks) • Performed oversight of the development, implementation, and evaluation of information system security program policy
• Lead and coordinate the implementation of security control requirements and related processes based on Federal Reserve information security framework and standards, including executing security activities based on NIST frameworks and related assessment activities for FedNow information systems • Review and analyze cloud vendor service provider documentation, e.g, FedRAMP packages, establish control ownership, and identity control gaps and associated risk • Develop and document a detailed data and information element matrix for system services highlighting sensitive and PII data • In coordination with various stakeholders, develop records for system security documentation including system security plans and associated security and operational processes • Identify control gaps and complete risk assessment for control deficiencies • Design plans of actions to address control gaps or risk acceptance • Develop, obtain, and maintain approval documentation • Coordinate security reviews and collaborate with security, assessment teams, and business and technical stakeholders to complete the reviews on schedule • Review assessment results, identify and document residual risks and action plans.
• Responsible for leading and executing security risk and compliance activities following the Federal Reserve cyber security framework for the FedNow Customer Onboarding service. • Lead and coordinate the implementation of security control requirements and related processes based on Federal Reserve information security framework and standards. This includes executing security activities based on NIST frameworks and related assessment activities for FedNow information systems. • Review and analyze cloud vendor service provider documentation, e.g, FedRAMP packages, establish control ownership, and identity control gaps and associated risk. • Develop and document a detailed data and information element matrix for system services highlighting sensitive and PII data. • In coordination with various stakeholders, develop records for system security documentation including system security plans and associated security and operational processes. • Identify control gaps and complete risk assessment for control deficiencies. Design plans of actions to address control gaps or risk acceptance. Develop, obtain, and maintain approval documentation. • Coordinate security reviews and collaborate with security, assessment teams, and business and technical stakeholders to complete the reviews on schedule. Review assessment results, identify and document residual risks and action plans.
• Advise and/or assess 38North clients based on security best practices driven by security regulations and compliance including FedRAMP, DoD SRG, FISMA, NIST 800-171, NIST Cybersecurity Framework, SOC I/II, HIPAA and ISO27000 • Tailor 38North solutions for every client with analytical thinking • Balance business and security needs in the context of tolerable organizational risk • Provide consulting knowledge in areas of cloud security technologies and major services offered by one or more major cloud providers such as AWS, Microsoft Azure, Google Cloud, and IBM Cloud • Provide support to FedRAMP Cloud Service Providers in either an assessment or advisory role
• Perform analysis of network security, based upon the Risk Management Framework, Joint Special Access Program Implementation Guide (JSIG), FedRAMP, and the National Institute of Standards and Technology standards • Perform Risk Assessments on RMF documentation in Enterprise Mission Assurance Support Service (eMASS) and make a recommendation to the customer • Evaluate IT threats and vulnerabilities to determine whether additional safeguards are needed • Lead and support the planning, development and execute vulnerability assessment tools and evaluate results for systems undergoing security assessment and evaluation • Perform logging, correlation, and scanning with tools such as Fortify Security Control Analyzer (SCA), Assured Compliance Assessment Solution (ACAS), HP ArcSight, and Enterprise Security Management (ESM) • Process, submit, and maintain Plans of Action and Milestones (POA&Ms) throughout each systems lifecycle • Provide cyber security technical expertise and analysis for new software and hardware for use on DoD systems • Provide written expert position and recommendations, packages, templates, and guidance to gain approval for new or upgraded software • Write/develop System Security Plans (SSP), Tenant Security Plans (TSP), and supporting artifacts that will meet DoD policy requirements • Ensure DoD policy requirements are implemented and enforced.
• Serves as the Information Systems Security Manager (ISSM) for systems that include cloud and on-premise environments • Administer US government security policies and procedures to assist the Information Systems Security Officer (ISSO) for multiple systems • Assist with the development of certification and accreditation (C&A) efforts • Possess a high degree of originality, creativity, initiative requiring minimal supervision • Perform security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements • Perform certification and accreditation of computer networks using government standards. • Perform data contamination management, including coordinating clean-up efforts and reporting requirements and ensuring auditing requirements are completed. • Maintain responsibility for media control, virus scanning, hardware and software control, and computer security briefings. • Support all disciplines within the security program, ensuring the business needs are met and work with system administrators to ensure all systems security procedures are being followed and audit files are being maintained and reviewed in accordance with government customer requirements. • Analyze problems and provide focused solutions to effectively communicate information to various audiences verbally and through written communications • Interact with internal/external customers or government security officials to perform security duties, address routine information security matters with employees regarding issues, report preparation, system security access briefings, and other duties, as required • Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps • Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations/policies