Abdul Pirzada

• Assessment & Authorization (A&A) Team
• Complete and manage the Assessment & Authorization (A&A) process phases which includes Pre-assessment, Assessments, and Authorization.
• Determine scope of assessment coordinating with stakeholders/ ISSOs
• Lead multiple assessments leveraging NIST SP 800-53 rev4 & 5 controls independently for multiple systems.
• Assessed cloud-based systems, applications, Hardware, systems with PII, Federated systems, Low, Moderate, and high systems.
• Populate Artifacts request workbook (ARW), ST&E reports, SAR, RAR and the SSP.
• Tested technical and non-technical controls by utilizing industry best standards guidelines and agencies policy handbook.
• Scheduled and facilitated interview walkthroughs with ISSO, Technical POCS, System owner, and System Admins for designated security control testing.
• Implemented Quality Assurance review process before delivering any final product to client or stakeholders.
• Experience in assessing all NIST 800 53 rev 4 controls.
• Documented system security plan with findings/ compliance description and testing methods.
• GRC tool used CSAM.
• Created SOP for DOE A&A program Security assessment Team.
• Leading assessment remediation and POA&M monitoring phase.
• Facilitated weekly meetings with ISSO leads to discuss systems schedule and Assessment status.
• Utilized Jira software for tracking A&A tasks progress.
• Tracking and Communicating A&A ATO status with our client and the stakeholders on weekly basses.
• Cyber Supply Chain Risk Management Program
• DOE Supply Chain Risk Management Team. Supply Chain Risk Management Program was designed to meet federal requirements and enable leaders to make risk-informed decisions through assessing, treating, and monitoring Information and communications technology (ICT) suppliers.
• Conducted prescreen, rapid and deep dive Supply Chain Risk assessments utilizing NIST SP 800-171/ NIST SP 800-53 rev4.
• Trained stakeholders on how to function DOE SCRM program tool utilizing ServiceNow. (
• Managed SCRM tool/dashboard which lets entities request vendor assessments uniquely to their agency. Entities can review test results on vendor assessed, Level of possible threats and Recommendations.

VA Threat Mitigation (MITRE Framework) Senior Consultant

· Utilized the MITRE framework to conduct qualitative threat analysis.

· Led technical meetings with SMEs (System Admin, Application Developers, Network Engineers, Architects, and Database Admins) to validate the results of our qualitative threat analysis.

· Conducted 230+ Cyber threat identification (IOCs) Scoring sessions for capabilities around endpoints, Mobile, and Cloud.

· Analyzed scoring sessions and Developed recommendation, affirmations, and observations (RAO) reports.

· Let bi-weekly client-facing status meetings and presented our progress, results, and challenges.

· Prepared Monthly Memorandums for Record (MFR) including milestones, accomplishments, planned activities, metrics, deadlines, and risk log for the PMO team to support client-facing reporting
Successfully accomplish ad hoc/ Weekly assigned deliverables.

NIH / IAM GSS HIGH Security Control Implementation (Junior/ Senior Consultant)

· Conducted gap analysis in accordance with NIST SP 800-53rev4 controls and agency policy handbook as part of our implementation process due to transition from a moderate system to a FISMA high system

· Led security control validation meetings with System admins, Network engineers, System owner scheduling interview questions with the control owners, assigning document request list, creating test cases as part of our implementation.

· Updating ATO Package and supporting attachment like Policy and Procedures, Contingency Plan, Incident Response plan (IRP), Business Impact Analysis (BIA), System Security Plan (SSP)

· Lead Plan of Action & Milestones (POA&M) meetings and validated closed POA&Ms in accordance with the Security Operation team.

· Briefing system owner and internal Deloitte leadership with status and project progress

· Successfully facilitating technical / validation meetings for the controls completed with the ISSO.

· Understanding and assessing of Supply Chain Risk Management process/ Tool. Including prescreen, Rapid and Deep dive assessments on suppliers.

GAO Audit Readiness Control Assessments Team (Junior Consultant)

· Collaborating with a team to test NIST 80053- Rev4 controls against systems

· Testing technical security controls to harden NIH network devices and device configuration settings

· Analyzing Network devices/firewall configuration files to validate compliance checks in accordance with the CIS benchmark

· Coordinating with the client to review/ validate device configuration analysis and providing them with updated analysis reports

GAO Audit Coordination Team (OD) (Junior Consultant)

· Performing audit coordination for clients like CIO and Deputy CIO

· Coordinating technical and NON-Technical Document Request Lists (DRLs) from GAO auditors

· Attending meetings/workshops collectively with the leadership for GAO DRLS review

· Scheduling meetings with the appropriate DRL POCs and reviewing/tracking DRLs through the ServiceNow platform

· Reporting Document request status and any communication with auditors to leadership.

· ServiceNow experience creating and assigning IRTM tickets to the assignee group in accordance with technical and non-technical requests from the GAO auditors

· SharePoint team’s collaboration experience

Building Client relationships

• Selected FY18 A-123 systems control according to HHS Policies and Procedures
• Generated New Security Controls for Client Systems in compliance with NIST800-53A Rev 4, FISCAM, System Security Plan (SSP), and OS Procedures Handbook
• Mapped new Nist800-53 rev4 controls to critical elements of FISCAM and HHS A-123 Sub Cycles
• Developed FY18 Test sheets for seven financial systems which included control implementation statements, assessment procedures and Artifact request
• Drafted FY18 Implementation statements for each control in accordance with System specific HHS policies/procedures, System Security Plans(SSP), NIST SP 800-53 Rev 4 and FISCAM Control activities
• Developed PBC request based on System specific implementation statements
• Maintained PBC request trackers and documented status, due dates, and assigned stakeholders
• Tested IT General and application-level controls in accordance with HHS-A123 Policies and Procedure
• Held interviews, examined documentation, and conducted technical testing of both manual and automated control
• Provided long-term solutions for deficiencies identified during FY18 internal assessment.

• Researching for special agents on requested research related to Dark Net/Dark Web, and Tor Network
• Researching on requested Security Technologies
• Computer/ Mobile Forensics (Reassembled cell phones, laptops) Inserted new parts/ took out parts for further investigation
• Cell phone Chip offs (Memory cards on smart phones iPhone, Samsung galaxy) tool used (Semi automated SMT rework)
• Created HTML/CSS Web Design training PowerPoint
• Paired with Forensic agent, course instructors, helped with instructing Web Design class for undercover agents
• Maintaining Public Trust Clearance.

• Updating weekly status reports and Formed an Incident Response report in compliance too NIST800-61 guidelines
• Documenting change management actions in compliance too NIST800-53 REV4
• Researching on Password complexity – helping the department with new strong password policy, before updating their new password Policy (Online sources, NIST800-63)
• Attending weekly Meetings with Security/IT team Regarding Change management, current events, security awareness, and different vendors offering security tools
• Researching / communicating with vendors regarding password management tools, password policy enforcer tools for Mac and windows
• Researching/ Communicating with vendors regarding Encrypted cellphones
• (Black phone)
• Creating Multiple Microsoft excel spread sheet for the active printers - IP addresses, Mac addresses, the name and location
• Creating a vlookups method to look up the content with efficiency
• Attending vendor workshops (VERA file encryption Enterprise vendor) testing new software involving users from different department
• POC Audit Confirming all the checkout transaction machines are secured and original which are being used in the gift shops
• Monitoring users, events, notable behaviors alerts using Rapid7 Insight IDS (Incident Detection system)
• Investigating and escalating incidents
• Monitoring alerts regarding users connected to unknown access points
• Investigating and escalating incidents
• Tools using Pwnie Pulse Management Service
• Understanding of Analyzing Palo Alto firewall logs (With Supervisor supervision)
• Understanding of Qualys’s Vulnerability scanner (Web Applications, vulnerability management) (With Supervisor supervision)
• Detect any rouge access points using tools such as Pwnie express pad (Kismet)
• Conducting Wireless Survey to determine the signal strength through access points
• Using Air Magnet Software Tool
• Basic Understanding of Sophos management platform (Antivirus Alerts)
• Monitoring Cisco Cloud Lock Management software (Behavioral risks, Data risks, App risks, policies and incidents)
• Web Scanning Nat Geo websites determining vulnerabilities
• Generating developer’s/ Executive’s reports (Acunetix Software)
• Pen Testing using tools such as (Armitage, Metasploit, NMAP, kali Linux VMware)
• Working with kali Linux O.S, Mac, and Windows 10
• Using ZENMAP to detect open SNMP ports which are weak and then updating the version and the community strings
• Using SNMP Walk tool to scan and validating printer’s community strings.

• Advised customers regarding payment options, loans, and leasing
• Documented and managed daily operations; records of sales and orders
• Effectively coordinated with other departments to close deals
• Successfully generated sales using dealership management & Marketing software
• Managed inventory and website
• Organized and secured paperwork, titles, and orders
• Generated reports on vehicle specifications
• Created multiple Microsoft excel sheet for vehicle inventory and VLOOKUP’s methods to find fast results
• Administered compliances and regulation policies
• Built relationships with customers
• Monitored customer leads through email, phone, and meetings
• Coordinated deals with third party organizations
• Trained new employees
• Collaborate as a team for goal-oriented results and provided excellent customer service skills.