ARIA RAHIMI
Silver Spring,MD
Summary
Cybersecurity Leader Over 18 years of experience in information systems technology, client services, and intelligence analyses. Have worked closely with the clients to assess, advise, enhance and implement client’s needs to reduce business-relevant cyber risks. Experience in pursuit processes by leveraging relationships for insights and influence, including determining “win” themes, aligning messaging with client needs. Experience managing large, diverse teams; executing detailed cyber risk assessments; and analyzing specialized risk, vulnerability, and cyber threat issues for client’s critical infrastructure assets. A highly accomplished, team spirited and performance driven leader who has demonstrated the ability to lead diverse teams to new levels of success in a variety of highly competitive industries, cutting-edge markets, and fast-paced environments Key Areas of Expertise Experience in C-suite level client facing orals and presentations Integrated Control Frameworks Using Leading Practices /Standards Such as NIST CSF, NIST 800-53 Proactive to identify, assesses risks and issues, propose solutions, negotiate across stakeholders, resolve conflicts/roadblocks, build teams, and address performance issues. Strong management skill-set in all administrative tasks , financial planning , analysis of accrual data, and the delivery of materials for projects Experienced practitioner in development of contracts including SOWs, project proposals, cross-organizations agreements Endpoint Compliance Project Management and execution; Governance & Risk Compliance Project Management Certified Senior Intelligence Specialist, Information and Operations (IO) Education and Training Specialist: Constructed and led socio-cultural Information Integration Courses
Overview
16
16
years of professional experience
1
1
Certification
Work History
Senior Education and Training Specialist
- Constructed and led socio-cultural Information Integration Courses (SIIC) and Middle East Cultural Integration Courses (MECIC) introducing students to a narrative approach to the socio-cultural component of the information environment that shape how individuals and groups perceive themselves and others, widespread cultural values, and major political, economic, and religious organizations that impact society and the information environment
- Managed, developed, and conducted 80-hour courses that introduced U.S Military, commissioned and non-commissioned officers to a narrative approach to the socio-cultural component of the information environment, providing them with the skills necessary to analyze, plan, and operate in that environment.
Advisory Cyber Risk – Manager
Deloitte & Touche LLP, Across
04.2015 - Current
- Lead and assist in strategic cyber risk programs that adapts to a rapidly changing threat landscape, changes in business strategies, risks, and vulnerabilities and by using situational awareness, threat intelligence, and building a security culture across the organizations.:
- Lead teams and engaged in planning, managing, and executing program standard releases for a major global pharmaceutical company managing multiple streams, keeping track of daily activities to enhance and harmonize manufacturing and R&D network security, reducing risks from legacy network ecosystems and enabling secure collaboration with third parties in Manufacturing and R&D network security architecture, including micro-segmentation, monitoring, access management, information protection, and onboarding of external business partners
- Performed a phased approach assessment of the efficacy of the Client’s current policies and procedures
- Based on the assessment, provided recommendations to update and formalize the policies and procedures to align with industry leading practices
- The key objectives addressed in the engagement include:
- Lead to oversee endpoint compliance project implementation deployment of Forescout CounterACT (CounterACT) on clients four global regions: deployment focus on providing endpoint visibility by allowing for the discovery of endpoints on the corporate networks
- Deployment focus on providing endpoint visibility by allowing for the discovery of endpoints on the corporate network
- Lead a management team, assessing cyber-attack surfaces and threat landscapes of a major U.S investment banking and financial services company
- Working closely with clients to assess, advise, enhance and implement client’s network defense capabilities to reduce business cyber risks
- Managed the cyber threat intelligence assessment teams to provide the firm with a moment-in-time assessment of its exposure to actors commonly targeting the financial and investment management sectors
- Delivered external threat landscape assessments by analyzing the company’s keywords and domains using public and proprietary tools
- Lead team developing a cyber-threat intelligence plan for the power and utility industry where cyber-attack poses a critical risk to not only public infrastructure but a financial and reputational risk for the power and utility companies themselves
- Identifying the current state of power and utility threats and vulnerabilities, customer data theft, operational disruptions, utilities disruption power outages, infrastructure damage, and supply chain disruption
- Lead “Tiger Team” to perform and assist in a Threat Assessment, Security Controls Assessment, and Risk Assessment and integrate a Governance and Risk Compliance Process (GRC) based on NIST Security Control nomenclature
- Create formal security controls-based policy and documentation and update annually through change management processes
- Conducted a Threat Assessment to formally identify threats and adversaries that are most likely to seek to exploit the organizations dependence on cyber resources that would process, store, and transmit Controlled Unclassified Information (CUI)
- Develop NIST SP 800-53 Documentation – Develop National Institute of Standards and Technology (NIST) based policies, and procedures
- IS Security Risk Assessment – Conduct an IS Security Risk Assessment through the review of Company’s IS security documentation, recent security assessment and testing results, distribution of and analysis of the responses to a tailored NIST SP 800-53 based questionnaire, and execution of interviews with identified security stakeholders and subject matter specialists
- Conducted Risk Analysis & Response Planning – Analyze IS Security Risk Assessment results to risk rank identified gaps and develop a security risk Plan of Action and Milestones (POA&M) establish current and desired maturity levels for each in-scope NIST SP 800-53 security domain, group identified gaps into remediation work threads, prioritize identified work threads based on cost vs
- Benefit analysis
Intelligence & Operations –Liaison Officer, Senior Specialist, Liaison Officer
DYNCORP INTERNATIONAL
11.2012 - 04.2015
- Senior Intelligence Subject Matter Expert, to the National Media Exploitation Center (NMEC), Joint IED Defeat Organization (JIEDDO), Department of State (DoS) and Financial Crimes Enforcement Network (FinCEN)
- Lead a team of intelligence analysts at NMEC conducting human network analyses by applying forensics methodologies and analytical processes to identify, extract, exploit, and disseminate intelligence information from captured enemy documents and media
- Managed FinCEN access information sharing among COCOMs, DoD agencies, and law enforcement agencies enabling variety of areas support in combating money laundering and funding of enemy networks
Lead Intelligence Analyst
BAE SYSTEMS, Intelligence
10.2011 - 10.2012
- In support of Special Operations Forces (SOF), Operation Enduring Freedom (OIF)
- Managed the process of development of HUMINT deliverables at the tactical and operational level
- Lead an analyst team providing input to multiple government requirements and objectives; assisted and managed the production requirements from stakeholders; translated requirements for intelligence analysts; and managed output
Intelligence & Operations, •Liaison Officer
JB MANAGEMENT
03.2008 - 09.2011
- Intelligence and operations Analyst at the 1st Information Operations (IO) Command
- Supporting Special Operation Forces (SOF) by providing research and analysis of intelligence requirements and products for Information Operations target support folders on High Value Individuals (HVI)
- Assisted in strategic planning, development, and implementation of General David Petraeus Strategic Communication Plan, Afghanistan
- Developed new and analyzed existing intelligence products detailing weaknesses, exploiting fissures of high value targets
- Provided intelligence assessments, predictive and pattern analysis, as well as briefing products on HVIs
- Established and managed communications with multiple intelligence organizations initiating and maintaining contact to facilitate collaboration on issues affecting Information Operations, public affairs, and public diplomacy
Education
BA - Humanities
Thomas Edison State College
undefined
US
Skills
- Clearance: Top Secret SCI (Dormant)
- Industries:
- Power and Utility
- Life Sciences (Pharmaceutical, Medical Device, Biotech)
- Health Care
- Financial Services
- Technology Media & Telecom
Certification
Obtained certificate of completion of the PMTraining PMP 35-hour preparation course.
Obtained CISSP (ISC)² certificate of course completion (40hrs) – Certification exam scheduled , March 18, 2022
Languages
Persian
Full Professional
Timeline
Advisory Cyber Risk – Manager
Deloitte & Touche LLP, Across
04.2015 - Current
Intelligence & Operations –Liaison Officer, Senior Specialist, Liaison Officer
DYNCORP INTERNATIONAL
11.2012 - 04.2015
Lead Intelligence Analyst
BAE SYSTEMS, Intelligence
10.2011 - 10.2012
Intelligence & Operations, •Liaison Officer
JB MANAGEMENT
03.2008 - 09.2011
Senior Education and Training Specialist
BA - Humanities
Thomas Edison State College
undefined
US