Andrew Sterrett
Toano,VA
Summary
Well-versed, extremely motivated, high performing cybersecurity specialist. Actively seeking a position in Risk Management Framework (RMF) or an early career IT Project Manager. Extensive experience in secure environments to include SAPs.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Information System Security Officer - ISSO
JMA Resources Inc
10.2023 - 07.2024
- Ensured compliance with Information Assurance Vulnerability Management (IAVM/IAVA) and security patch management strategies utilizing ACAS through tenable
- Ensured the contracts full migration to the cloud while maintaining compliance with DoD RMF, NIST, and FedRAMP policies and standards
- Executed lines of communication with DISA for certain programs STIGs
- Remediated ACAS findings and recorded corrected findings through eMass
- Created and remediated POAMs for programs transitioning to a cloud environment
- Evaluated system boundary architecture to develop RMF documents for ATO approval
- Developed port and service agreements between systems and coordinated technical data input across seven teams to ensure on time work flows and ATO approval
Security Control Assessor (SCA)
LSINC Corporation
04.2023 - 11.2023
- Serving as the risk advisor to the PO (Program Official), AO (Authorizing Officer), PM (Program Manager), and PSO (Program Security Officer), to determine whether security controls across SAPs are met and/or at acceptable levels of risk for ATO and/or IATT signatures and approval
- Conduct review of the program through STPs (Security Test Plan) with the proper RMF overlays to determine control deficiencies
- Assist in development of POAMs for multiple programs
- Work directly with the program ISSM on a daily basis to remediate deficiencies in program controls and meet POAM timelines
- Developed SOPs, Tests for SOP implementation, and evaluated recovery/ incident response to meet program requirements
- Provided cross agency/department security assessments, recommendations, and policy implementations that enabled continuous improvements for years to come
- Earned a prestigious award of excellence for assessment work and follow through on the approval of a high priority system
Lead Information System Security Officer - ISSO
GDIT
10.2022 - 05.2023
- Cyber Surety Analyst for the Technical Operations Center supporting the Air Force's Intelligence, Surveillance, and Reconnaissance (ISR) missions
- Directly responsible for coordination of all aspects of confidentiality, integrity and availability, pursuant to applicable Defense Intelligence Agency (DIA), Department of Defense (DoD), and Air Force instructions, policies, procedures, and protocols
- Provided information assurance oversight, policy and procedures development, and all related functions to identify risks of operating systems in compliance with NIST 800-53, ICD 503 and CNSSI 1253
- Evaluated all system configurations to help mitigate potential attack surfaces and compliance with current program testing guidelines and measures
- Safeguarded systems against unauthorized modifications, destruction, and data disclosure
- Ensured protection of data against unauthorized disclosure, accidental or intentional loss of data or unauthorized modification
- Served as the Tech Ops Center's Primary Account Manager; supporting Air Force DCGS (AF DCGS) Enterprise system access
- Maintained and ensured 100% accountability of all removable media for the East Coast Tech Ops Center
- Responsible for technical documentation for DCGS network security function
- Reviewed/updated accreditation documentation for the enterprise within AF Intelligence Community (IC) Xacta database through continuous monitoring (ConMon) efforts to mitigate lapse accreditations or ATOs
- Ensured compliance with Information Assurance Vulnerability Management (IAVM/IAVA) and security patch management strategies utilizing ACAS through tenable
- Performed verification and routing for required data transfers across all systems
- Implemented an organized media library allowing the office to pass it’s first audit in 5 years and cut down time while searching for requested media
- Support the RMF workflow by developing, implementing, and enforcing security polices and Standard Operating Procedures(SOPs)
Cyber Test Engineer
AERMOR LLC
12.2020 - 08.2022
- Develop and perform capability/vulnerability assessments of full combat systems to mitigate risk
- Utilized NIST and RMF framework to evaluate threat vectors across multiple platforms
- Coordinate with test program, project offices, and development teams to keep abreast of system design changes and functional requirements to ensure success for current and future systems test & evaluation
- Review and analyze cyber-security architecture and test-ability requirements to identify attack vectors
- Develop POAMs to meet deliverable dates on projects, assist in funding requests, and establish testing timelines to present to stakeholders and reduce overall cost of the program
- Evaluated all system configurations to help mitigate potential attack surfaces and compliance with current program testing guidelines and measures
- Documented Artifacts and Routed proper Test Plan documentation requirements through eMASS to ensure program timelines were met and went to test
- Conduct, analyze, and provide feedback from Test Program Site visits throughout the country; visually inspect systems for physical and network vulnerability and/or access gaps in security
- Prepare, schedule, and present formal check-points and test briefs for Flag-level military, IDA, DOT&E, Red Team, NAVAIR, and other stakeholders to mitigate impact of testing strategies, vulnerabilities, attack surfaces, attack vectors, critical components, and test execution on contract timelines and funding
Network Infrastructure Specialist/SME II
AERMOR LLC
09.2019 - 12.2020
- Maintained a physically operable network from NCDOC to ensure Fleet support and communications are operational with a 99.99% operational availability rate to further enable a positive posture in our national security
- Conducted weekly infrastructure training for new military personnel weekly to ensuring sailors have the proper tools to maintain the network at a 100% availability in the absence of a network specialist
- Ensured the security of $100+ million worth of equipment and hardware within the NCDOC data center
- Provided effective supply-chain management process for all projects, disposal and backstock inventory
- Conducted installation, removal, and maintenance on all hardware within the data center and communication closets according to end-of-life cycles and current cyber warfare needs
- Implemented design, install, test and documentation of infrastructure components according to code and standards
- (e.g
- Cable, circuits, fiber, pipe and conduit)
- Created, updated, and maintained building, electrical, network, and HVAC system diagrams, schematics, and blueprints utilizing Autocad 2020 to effectively speed up network installations and facilities projects resulted in cutting planning and installation time by 50 percent
- Thorough understanding of installation, termination, labeling, testing, troubleshooting and certification of all associated cabling components, to include, CAT 3, CAT 5, CAT 5e, and CAT 6 twisted pair cable; single- or multi-strand multi-mode or single-mode fiber optic cable within government facilities
- Monitored and responded to hardware and software problems utilizing a variety of hardware and software testing tools and techniques to maintain a continuous up-state for the network
- Performed STIG Implementation and vendor specific patches and updates to ensure systems on the network were not vulnerable to attacks
- Worked independently and with teams to ensure successful implementation of upgrades, configuration changes, maintenance and cabling solutions on various networks (NIPR, SIPR, JWICS)
I/O Cable Plant CAD Engineer
Vectrus Corporations Systems
02.2019 - 08.2019
- Designed and drafted a wide scope of AutoCAD plans for the U.S
- Air Force Central Command (AFCENT), for an efficient, safe, secure, and to code network infrastructure to bring more effective communications in support of Operations FREEDOM’S SENTINEL, RESOLUTE SUPPORT and INHERENT RESOLVE
- Constructed all diagrams and designs, abiding all codes, standards, and regulations, for each project consisting of entire base layouts, section layouts, building layouts, and manhole/handhole layouts to give AFCENT a more focused and defensive view of the network
- Worked directly with the project engineers in planning all cable layouts from start point to end user, while ensuring all designs were detailed and easy to understand by any counterparts to help ensure an efficient network while saving costs on time and materials
Outside Plant Technician Supervisor
U.S. Army
02.2015 - 12.2018
- Led an eight person team with superior management, accountability, and leadership delivering exceptional job services to support the DoDs communication efforts, stateside and overseas
- Provided remediation and troubleshooting for network tickets as a helpdesk technician via Remedy
- Conducted STIG implementation across Windows Operating systems
- Verified and validated system backups for data recovery in the event of data loss
- Conducted site surveys followed by the planning, development, and installation of entire base network backbones for positive communication channels
- Managed and conducted Quality Assurance/Quality Control of all site operations to ensure the customers product for achieving their mission was the best available
- Implemented the splicing/terminating copper and fiber optic cables, American and European, to configure underground and aerial fiber rings to stand up a solid network to code, enabling positive communications for overseas defenses, airstrike and raid feeds, and other secure communications
- Provided effective supply-chain management process for our projects, disposal and backstock inventory
- Conducted professional development training to bring a more effective and trained workforce to the DoD
Skills
- University of Maryland Global Campus BS Computer Networking & Cybersecurity
- Pursuing - MS Cybersecurity Management & Policy
Certification
- Certified Ethical Hacker 2022 (ECC7624981053)
- CompTIA Security+ 2019 (COMP001021556017)
- Pursuing CISSP
Timeline
Information System Security Officer - ISSO
JMA Resources Inc
10.2023 - 07.2024
Security Control Assessor (SCA)
LSINC Corporation
04.2023 - 11.2023
Lead Information System Security Officer - ISSO
GDIT
10.2022 - 05.2023
Cyber Test Engineer
AERMOR LLC
12.2020 - 08.2022
Network Infrastructure Specialist/SME II
AERMOR LLC
09.2019 - 12.2020
I/O Cable Plant CAD Engineer
Vectrus Corporations Systems
02.2019 - 08.2019
Outside Plant Technician Supervisor
U.S. Army
02.2015 - 12.2018