Fairfax, Virginia, United States
Kaitlyn’s diverse background allows her to engage with clients to determine how best to tackle their information security goals from a human perspective as well as a technical one. Her focus on IT privacy, enterprise risk, and compliance stems from her experience with many of the NIST frameworks (NIST 800-53, NIST 800-171, and NIST CSF) including FISMA, FedRAMP, DFARS, and CMMC. She specializes in the development of policy and governance documentation, enterprise risk assessments, compliance assessments and remediation, third-party vendor management, and NIST System Security Plan (SSP) composition. Kaitlyn values the importance of training new cybersecurity professionals and actively contributes to the information security community. She has served as a volunteer for the Grace Hopper Women (GHC) in Computing Celebration and the Pace University GenCyber Program, presented at r00tz Asylum at DEFCON, Women in Cyber Security Conference (WiCyS), the Community College Cyber Summit (3CS), and IBM’s Security Americas Early Professional Bootcamp, and guest lectured at multiple colleges and universities across the country. From 2017-2021, Kaitlyn served as the Chief Player Ambassador for the National Cyber League and helped found their Player and Coaches Committees. Kaitlyn was also the recipient of the 2019 WiCyS Rising Leadership Award.
• Oversee the engineering and security teams, manage pipeline solutions, and control the digital transformation while collaborating on initiatives with Department of Defense (DoD) leadership. • Design and build a comprehensive infrastructure and cybersecurity strategic roadmap of frameworks and certifications that meet or exceed the growing needs of the business goals and objectives. • Support, maintain, and improve the federal security-focused cyber governance, risk, and compliance program, which includes cybersecurity risk management, internal audit, continuous monitoring, cybersecurity audits and certifications, third-party vendor management, and authorization. • Define and document System Security Plans (SSP) and other Authority to Operate (ATO) package documentation for FedRAMP environment including Plan of Action and Milestone (POA&M). • Partnered with various teams and implementors to identify solutions and controls that meet regulations, certifications and contractual requirements without detrimental impact on productivity and capabilities. • Manage the operations of technology infrastructure, including identity and access management, monitoring, and recovery of servers, storage, and networking of cloud computing environments. • Conducted comprehensive audits and assessments to identify areas for enhancement, facilitating corrective actions, compliance resolutions and updating accompanying policies and procedures. • Oversee the implementation and maintenance of security controls, including firewalls, encryption, and access control systems. • Manage a team of infrastructure engineers and cybersecurity professionals and provide mentorship and guidance to support their professional growth.
• Quality Manager, FedRAMP Compliance Advisory Board (CAB) • Orchestrated and refined the end-to-end ISO/IEC 17025 quality management system (QMS) processes for FedRAMP 3PAO program. • Served as a subject matter expert, providing guidance and training to team members on quality management practices and FedRAMP compliance standards. • Identify current and relevant industry thought leadership and incorporate this into client services. • Lead cyber security consulting and auditing engagements, primarily in the areas of enterprise risk and compliance, including NIST-800-53 (FISMA/FedRAMP), NIST 800-171 (DFARS/CMMC) and ISO audits, gap analyses, cybersecurity risk assessments, and enterprise risk assessments. • Oversee production of security control testing artifacts including the Security Assessment Plan (SAP), Readiness Assessment Report (RAR), Security Assessment Report (SAR), and Risk Exposure Table (RET) for security control tests, and System Security Plans (SSP) and other Authority to Operate (ATO) package documentation for client FISMA/FedRAMP environments including Plan of Action and Milestone (POA&M). • Verify the validity, clarity, completeness, conciseness, consistency, and accuracy of assessment results in the Security Test Case Procedures. • Manage project activities and budgets to provide accurate analysis of estimates to complete for projects. • Create connections with clients to effectively communicate across business and technical boundaries by offering customized recommendations aligned with business goals and industry best practices. • Identify and pursue opportunities for additional services with existing clients.