Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Althea Upchurch

Cyber Security Specialist
Lorton,VA

Summary

Seasoned Cybersecurity Specialist with 16 years of experience supporting federal agencies in contractor roles, offering deep expertise in vulnerability management, risk assessment, and RMF compliance. Experienced in developing and executing validation master plans, authoring and approving validation protocols, and coordinating cross-functional teams to drive successful outcomes. Known for strong problem-solving, decision-making, and communication skills.

Proven ability to operate effectively as both an Information System Security Officer (ISSO) and a Security Control Assessor (SCA), ensuring system security posture aligns with federal standards and mission requirements. Skilled in conducting vulnerability scanning, analysis, and remediation tracking using tools such as Nessus, Splunk, ArcSight, and Tenable.sc.

Adept at interpreting DISA STIGs, assessing system configurations, and advising technical teams on mitigation strategies. Experienced in managing security findings through POA&Ms, vulnerability dashboards, and regular risk briefings.

Well-versed in the Risk Management Framework (RMF) lifecycle, with hands-on experience developing System Security Plans (SSPs), Security Assessment Reports (SARs), and other artifacts necessary for Assessment & Authorization (A&A) processes. Strong working knowledge of FISMA, NIST 800-53, DHS directives, and agency-specific compliance requirements.

Highly detail-oriented and deadline-driven, with a reputation for delivering mission-focused cybersecurity solutions in fast-paced contractor environments. Trusted by stakeholders to support security audits, technical reviews, and continuous monitoring activities.

Overview

17
17
years of professional experience
6
6
Certification

Work History

Security Control Assessor

Crest Assure
01.2023 - 06.2025
  • Performed risk analysis and mitigation strategies to strengthen cybersecurity postures.
  • Work cross-functionally with developers, operations, and security teams to ensure secure system implementations.
  • Manage and ensured security control systems follow NIST 800-53, RMF, FISMA, and FedRAMP security frameworks.
  • Conduct Continuous Monitoring (ConMon) activities to identify and mitigate risks in various cloud environments.
  • Assist in preparing and reviewing risk assessment reports, including risk thresholds, evaluation, and scoring, to improve overall security posture.
  • Conducted security audits to identify vulnerabilities.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Recommend improvements in security systems and procedures.
  • Managed time efficiently in order to complete all tasks within deadlines.
  • Used strong analytical and problem-solving skills to develop effective solutions for challenging situations.

Information Systems Security Officer

Steampunk
10.2019 - 01.2022
  • Assisted in the development of Authorization to Operate (ATO) documentation and Federal Information Processing Standards (FIPS) 199 workbooks, while ensuring the continuous monitoring and auditing of system security measures.
  • Develop, review, and finalize Department of Homeland Security (DHS) Binding Operational Directive (BOD) compliance reports, ensuring adherence to federal standards for cybersecurity.
  • Managed system security plans, network diagrams, and hardware/software inventories using the Cyber Security Assessment and Management (CSAM) tool and facilitated coordination of privacy and incident response plans with relevant agency teams.
  • Monitored Information Security Vulnerability Management (ISVM) and Patch Management processes, analyzed vulnerability scans, and led bi-weekly meetings to address system weaknesses and track remediation tasks using JIRA and Nessus/Tenable tools.
  • Conducted detailed analysis and risk assessments, providing actionable recommendations to improve security posture and reduce risks.
  • Contributed to maintaining compliance with regulatory standards, participated in the Change Control Board (CCB) for security impact analysis and supported security integration in DevOps and cloud migration projects involving AWS GovCloud, AWS, and Azure platforms.
  • Developed plans to safeguard computer files against modification, destruction, or disclosure.
  • Participated in team projects, demonstrating an ability to work collaboratively and effectively.
  • Used strong analytical and problem-solving skills to develop effective solutions for challenging situations.
  • Recommend improvements in security systems and procedures.
  • Conducted security audits to identify vulnerabilities.
  • Performed risk analyses to identify appropriate security countermeasures.

IT/Network/Cyber Analyst

T.M CyberTek
04.2019 - 12.2020
  • Analyzed and monitored network traffic to identify potential compromises and security threats, initiating investigations for affected workstations using tools like ArcSight.
  • Conducted vulnerability scans and assessments using technologies such as Carbon Black, FireEye, and Microsoft ATA to maintain and enhance security postures.
  • Investigated and reported on cybersecurity incidents, including email phishing threats, and performed PCAP analysis to document and communicate emerging security trends and issues.

Cybersecurity Analyst/SCA

Paragon Inc
05.2016 - 11.2019
  • Assist in preparing and reviewing risk assessment reports, including risk thresholds, evaluation, and scoring, to improve overall security posture.
  • Drafted security assessment plans aligning with NIST SP 800-53A Rev 4 guidelines and coordinated with relevant stakeholders to schedule initial meetings.
  • Evaluated the effectiveness of security controls through evidence collection and stakeholder interviews, ensuring accurate representation within security implementation statements.
  • Developed and maintained Plans of Actions & Milestones (POA&Ms) in compliance with FISMA regulations, utilizing XACTA to document and address security deficiencies.
  • Analyzed and documented security controls, configurations, and compliance scans, refining System Security Plans and integrating NIST SP 800-53 Rev4 security control baselines.
  • Monitor patching status and assist with system updates using BigFix, ensuring that systems are updated in accordance with federal cybersecurity policies and procedures.
  • Resolved problems, improved operations and provided exceptional service.
  • Skilled at working independently and collaboratively in a team environment.
  • Strengthened communication skills through regular interactions with others.
  • Identified issues, analyzed information and provided solutions to problems.
  • Versatile professional with strong problem-solving skills and history of adapting to diverse challenges. Applies innovative solutions and technical expertise to deliver exceptional results. Committed to streamlining processes and advancing organizational objectives.

Helpdesk Support Specialist

DHA Group, Inc
06.2017 - 02.2019
  • Provided technical and customer support, troubleshooting network issues and implementing corrective actions to maintain system functionality.
  • Managed Active Directory configuration, including password resets, account unlocks, and profile setups, ensuring secure and efficient access control.
  • Monitored and responded to cybersecurity incidents, conducting forensic analysis and recommending corrective actions.
  • Performed hardware maintenance, including memory and card installations, hard drive replacements, and system reconfigurations, to ensure optimal performance and reliability.
  • Configured hardware, devices, and software to set up work stations for employees.
  • Patched software and installed new versions to eliminate security problems and protect data.
  • Installed new desktop systems and migrated data to new machines.
  • Walked user through series of steps to determine problem and implement likely solution.
  • Responded to inquiries by phone, email and walk-up requests up to 20 a day.

Team Lead Security Specialist

Paragon Inc
05.2014 - 05.2016
  • Assessed cloud security configurations in AWS, Azure, and Google Cloud to ensure compliance with federal standards.
  • Developed and implemented cybersecurity strategies to ensure compliance with FISMA, BOD, and other federal security directives.
  • Conducted comprehensive information security risk assessments, evaluated system vulnerabilities using tools such as Nessus, and assisted with internal audits to ensure alignment with industry standards.
  • Documented and assessed the effectiveness of security controls, contributed to the revision of Information Security System Policies, and maintained compliance with FISMA and FedRAMP regulations.
  • Oversaw a team of security control assessors, coordinating schedules, assigning security control assessments, and managing team logistics, including leave approvals and review of Security Assessment Reports (SARs).
  • Coached team members in techniques necessary to complete job tasks.
  • Managed schedules, accepted time off requests and found coverage for short shifts.
  • Devised and implemented processes and procedures to streamline operations.
  • Assisted in recruitment to build team of top performers.
  • Demonstrated strong organizational and time management skills while managing multiple projects, 5 at a time.

SOC Analyst

USEC Corp
10.2011 - 05.2014
  • Monitored and investigated security incidents, providing recommendations to enhance organizational security posture and process efficiency.
  • Analyzed and responded to complex security events, identifying potential intrusions and mitigating threats through comprehensive tool utilization.
  • Participated in Change Control Board meetings, contributing to discussions on incident response and organizational change management.
  • Worked flexible hours across night, weekend, and holiday shifts.
  • Provided professional services and support in a dynamic work environment.

Security Analyst

Coastal Security Group
06.2008 - 10.2011
  • Analyzed clearance data and expedited processing actions to enhance security measures.
  • Conducted server and security audits, and developed operations plans for backup and disaster recovery initiatives.
  • Investigated breaches and improper computer system use, preserving evidence and implementing countermeasures, while participating in annual third-party security assessments for regulatory compliance.
  • Proven ability to develop and implement creative solutions to complex problems.
  • Reduced security risks by 75% through enhancing protocols and ensuring adherence to regulations.

Education

Bachelor of Science - Cybersecurity

Strayer University
Washington, DC
12.2025

Skills

  • Data Security
  • Implementing Security Programs
  • Project Management
  • Developing Security Plans
  • Vulnerability & POA&M Management
  • Proficient With Commonly Used Open-Source Tools
  • Monitor, Respond and Report Alerts/Alarms
  • Effectively Gather Data and Build Reports
  • SAR Briefings/Reports, SLAs, SOPs
  • FISMA, NIST, DHS BOD, OMB, HIPAA, PCI-DSS
  • RMF Framework Expert
  • Splunk, Nessus, AWS, Blue Coat, HelpNow, Snort, & ArcSight
  • Wireshark and TCPdump
  • FedRAMP, Xacta, CSAM, CDMT, SNOW, JIRA, SharePoint, Maxgov, Microsoft Office Suite
  • Risk assessment expertise
  • Access control

Certification

  • ITIL v4
  • PMP
  • CISM
  • CEH
  • CompTIA Security + CE
  • CompTIA CASP + CE
  • MCSA
  • Oracle Database SQL
  • Ota – in progress

Timeline

Security Control Assessor

Crest Assure
01.2023 - 06.2025

Information Systems Security Officer

Steampunk
10.2019 - 01.2022

IT/Network/Cyber Analyst

T.M CyberTek
04.2019 - 12.2020

Helpdesk Support Specialist

DHA Group, Inc
06.2017 - 02.2019

Cybersecurity Analyst/SCA

Paragon Inc
05.2016 - 11.2019

Team Lead Security Specialist

Paragon Inc
05.2014 - 05.2016

SOC Analyst

USEC Corp
10.2011 - 05.2014

Security Analyst

Coastal Security Group
06.2008 - 10.2011

Bachelor of Science - Cybersecurity

Strayer University

Similar Profiles

CREATE PROFILE
Althea UpchurchCyber Security Specialist