Andrew T. Brown
Alexandria,VA
Summary
Dedicated ISSO with over 10 years of cybersecurity experience in safeguarding federal systems. Proficient in Risk Management Framework (RMF) and NIST SP 800-53 standards, achieving an 81% reduction in system vulnerabilities. Notable for leading successful compliance audits and enhancing security postures through continuous monitoring programs. Passionate about leveraging expertise in risk management and incident response to drive organizational success and ensure robust cybersecurity defenses.
Overview
14
14
years of professional experience
Work History
ISSO Supervisor
U.S. Department of Education
Washington, DC
08.2020 - 08.2025
- Secured federal cloud systems by implementing the Risk Management Framework (RMF), aligning with NIST SP 800-53 Rev 5 standards, and ensuring compliance with FedRAMP policy while collaborating with the Cybersecurity Service Provider
- Achieved an 81% decrease in system vulnerabilities by executing thorough threat assessments, ensuring adherence to FISMA and FIPS regulations, conducting Nessus scans, and applying BigFix patch management solutions
- Executed the Authority To Operate (ATO) and Continuous Monitoring Program through effective oversight of the Plan of Action and Milestones (POA&M) via the Cyber Security Assessment and Management (CSAM) tool
- Formulated a policy enforcement framework by integrating security checks into existing governance, risk management, and compliance tools and processes through Security Assessment Reports (SAR), Security Technical Implementation Guides (STIG), and System Security Plans (SSP)
ISSO
Department of Labor
Washington, DC
11.2016 - 08.2020
- Oversaw continuous monitoring in compliance with NIST SP 800-53 standards and conducted comprehensive system compliance reviews
- Delivered Risk Management Framework (RMF) cybersecurity guidance to internal stakeholders while spearheading FISMA audit preparedness initiatives
- Directed Nessus vulnerability scans and remediation processes, ensuring successful reporting to fulfill audit and compliance objectives
- Leveraged CSAM to centralize ATO evidence, System Security Plans (SSPs), and POA&Ms, facilitating automated reporting readiness
- Acted as Contracting Officer's Representative (COR) for federal IT contracts; managed performance, vendor accountability, and budget compliance
Information Technology Specialist
Small Business Administration
Washington, DC
11.2011 - 11.2016
- Managed risk assessments, ATO compliance reviews, and tracked the status of Plans of Action and Milestones (POA&M) for assigned IT systems
- Spearheaded the deployment of Fortinet next-generation firewalls for the organization’s Security Operations Center
- Delivered and monitored end-user cybersecurity training while overseeing user account provisioning and access control measures
- Supported Information System Security Manager (ISSM) initiatives through effective security project management and coordination with System Owners
Education
Bachelor of Science - Management Information Systems
Albany State University
Albany, GA05-2007
Skills
- Risk Management Framework (RMF)
- NIST SP 800-53
- STIG
- BigFix
- Tenable Nessus
- AWS
- Azure
- Vulnerability Management & Remediation
- Incident Response
- System Security Plans (SSP)
- CSAM
- Cross-Functional Leadership
- ATO Process Management
- Audit & Compliance Readiness
- Security Documentation
- Budget & Contract Oversight
- Vendor & Stakeholder Engagement
- IT Auditing
- Federal Cyber Compliance (FISMA, NIST, DoD)
- Access Control Management
- Two-factor Authentication
- User Awareness Training
- Vulnerability Scanning
- Information Governance
- Cloud Security
Certification
CompTIA Security +
Timeline
ISSO Supervisor
U.S. Department of Education
08.2020 - 08.2025
ISSO
Department of Labor
11.2016 - 08.2020
Information Technology Specialist
Small Business Administration
11.2011 - 11.2016
Bachelor of Science - Management Information Systems
Albany State University