Summary
Overview
Work History
Education
Skills
Certification
Clearance
Timeline
Generic

David Cauraugh

16603 Danridge Manor Dr Woodbridge,VA

Summary

Multi-talented IT professional with over 7 years of experience developing and implementing security solutions in fast-paced environments. Skilled in Security and privacy Control Assessment with proven history of delivering exceptional risk management support. Self- motivated and deadline-oriented with a track record of on-time deliverables. Clear understanding of the SDLC, with outstanding experience in the RMF process. Skilled in assembling authorization package using documents like NIST 800 series, FIPS 199 and FIPS 200, FedRAMP, OMB, FISMA and industry best standard. US citizen, and currently seeking for new opportunities.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Security Control Assessor (SCA)

Silosmashers
04.2023 - Current
  • Schedule kick off meetings with system owners to help identify assessment scope, system boundary and information system's category and attain any artifacts needed in conducting assessment.
  • Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as guide.
  • Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with NIST SP 800-53A Rev 4 and Rev 5 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.
  • Document assessment findings in Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.
  • Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.
  • (CSAM) Request scans and later review scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.
  • Streamlined security control assessment process by creating standardized templates and procedures.
  • Perform assessments OA ongoing authorizations and ATP Authority to Proceed with conditions.

Security Control Assessor

Nolij Consulting
04.2020 - 04.2023


  • Implemented the Risk Management Framework (RMF) in accordance with NIST SP 800-37.
  • Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60 Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.
  • Reviewed and updated the System Security Plan implementation statements of the respective applicable control to assigned systems as need arises using NIST 800-18.
  • Independently put together a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.
  • Created and updated Authorization to Operate (ATO) packages Drafted, finalized, and submitted Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.
  • Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.
  • Evaluated and improved security controls by conducting thorough risk assessments.
  • Recommended improvements in security policies and procedures, leading to enhanced protection against potential threats.

Security Control Assessor

Innovative Defense Technologies
02.2018 - 04.2020


  • Maintained, tracked and reported on third party risks to appropriate stakeholders.
  • Conducted periodic audits/assessment for potential and existing suppliers through questionnaires, site visits, and review of other documentation including assessment reports to identify control gaps and risks.
  • Acted as remediation analyst to work with vendors in remediating findings discovered during onsite/virtual assessment.
  • Performed Vendor risk assessments to identify emerging key risks and reassess current risks.
  • Assessed completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls.
  • Communicated vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
  • Validated evidence from vendors before remediation plans are closed.
  • Planned and executed onsite security/risk assessments for third party vendors.
  • Ensured all risk controls were documented in a Vendor Risk Scorecard in accordance with Third Party Risk Management (TPRM) Policy and the Risk Assessment Matrix.
  • Assessed outsourced products/services for Risks and Criticality.
  • Evaluated and improved security controls by conducting thorough risk assessments.
  • Evaluated the effectiveness of system hardening measures, providing actionable feedback for continuous improvement efforts.

Security Control Assessor

Black Horse Solutions
02.2016 - 02.2018


  • Communicated team plans, reported impediments for escalation and identified risks/concerns to relevant stakeholders to help resolve.
  • Owned scrum lifecycle which included managing progress blockers, removing impediments, communicating progress to plans and coaching teams to correctly apply agile development principles.
  • Coached PO/team on backlog refinement and prioritization Supported the Product Owner through applying effective techniques for managing their product backlog, maintaining focus on delivering features while maintaining high quality.
  • Collaborated with the Product Owner and team members to develop user stories and maintain healthy product backlog.
  • Organized and facilitated scrum ceremonies like daily stand-up meetings, sprint reviews, sprint retrospectives, sprint planning, and other meetings.
  • Tracked and communicated team velocity and sprint/release progress within the agreed reporting framework.
  • Effectively utilized burn-down and burn-up charts to track project's progress Coached the scrum team in understanding the concept and values of the Scrum framework.
  • Evaluated and improved security controls by conducting thorough risk assessments.

Education

Bachelor of Business - Information Technology-Information Assurance

University of Phoenix
Tempe, AZ
05.2003

Skills

  • Microsoft office suite (Word, Excel and PowerPoint)
  • NIST Standards
  • ISO 27001/PCI DSS/HIPAA/FISMA/FIPS
  • Vendor Risk/Third Party security Risk Management
  • Plan of Actions and Milestones (POA&M)
  • CSAM

Certification

  • Comp TIA Advanced Security Practitioner (CASP+) (Expires 12/13/2028)


Clearance

Public Trust

Timeline

Security Control Assessor (SCA)

Silosmashers
04.2023 - Current

Security Control Assessor

Nolij Consulting
04.2020 - 04.2023

Security Control Assessor

Innovative Defense Technologies
02.2018 - 04.2020

Security Control Assessor

Black Horse Solutions
02.2016 - 02.2018

Bachelor of Business - Information Technology-Information Assurance

University of Phoenix
  • Comp TIA Advanced Security Practitioner (CASP+) (Expires 12/13/2028)


Similar Profiles

  • Desmond Johnson

    Desmond JohnsonDesmond Johnson

    Intermediate Business Consultant at Silosmashers, IncIntermediate Business Consultant at Silosmashers, Inc

    View Profile
  • Sharmistha (Misty) Ganguly

    Sharmistha (Misty) GangulySharmistha (Misty) Ganguly

    Sr Business Analyst for EPA Contract at SiloSmashers, Inc.Sr Business Analyst for EPA Contract at SiloSmashers, Inc.

    View Profile
  • Kayla Love

    Kayla LoveKayla Love

    Eye Technician at Arkansas Children HospitalEye Technician at Arkansas Children Hospital

    View Profile
David Cauraugh