David Claggett
Bryans Road,MD
Overview
1
1
Certificate
7
7
years of professional experience
Education
CYBER SECURITY BOOTCAMP
SECURE NINJA
Alexandria, VA2022-12
High School Diploma -
Gwynn Park High School
Brandywine, MD1999-06
Certification
- Security +CE
Timeline
RMF STEP 4-Security Control Assessor
Triple Canopy
2021.11 - Current
Cybersecurity Analyst
Paragon
2020.11 - 2021.11
Telecommunications Technician
Orius
2017.03 - 2020.11
- DEFENSE COUNTERINTELLIGENCE AND SECURITY AGENCY:
-INTRODUCTION TO THE RISK MANAGEMENT FRAMEWORK (RMF)
CS124.16
-RISK MANAGEMENT FRAMEWORK (RMF) STEP 1: CATEGORIZATION OF THE
SYSTEM
CS102.16
-RISK MANAGEMENT FRAMEWORK (RMF) STEP 2: SELECTING SECURITY
CONTROLS
CS103.16
-RISK MANAGEMENT FRAMEWORK (RMF) STEP 3: IMPLEMENTING SECURITY
CONTROLS
CS104.16
-RISK MANAGEMENT FRAMEWORK (RMF) STEP 4: ASSESSING SECURITY CONTROLS
CS105.16
-RISK MANAGEMENT FRAMEWORK (RMF) STEP 5: AUTHORIZING SYSTEMS
CS106.16
-RISK MANAGEMENT FRAMEWORK (RMF) STEP 6: MONITOR SECURITY CONTROLS
CS107.16 - Security +CE
CYBER SECURITY BOOTCAMP
SECURE NINJA
High School Diploma -
Gwynn Park High School
Summary
Competent IT Analyst with 4yrs of experience in safeguarding organizational data, mitigating risks, and ensuring compliance with industry regulations. Highly organized,proactive with team-oriented mentality
Skills
- Knowledgeable in all steps of RMF
- Experience in being a step 4 assessor
- Familiarity with NIST 800-53A
- Familiarity with Xacta,Archangel
Work History
RMF STEP 4-Security Control Assessor
Triple Canopy
Herndon , VA
2021.11 - Current
- Develop and execute a security and privacy assessment plan in accordance with
NIST SP 800-53A for each security assessment project. - Review and update existing information security policy, standards, and procedures
based on federal and departmental regulations. - Perform independent security and privacy control assessments in support of
Security Assessment &Authorization - Conduct assessments of existing and new FISMA systems, including subsystems
in the respective system boundary, and communicate the results and potential
implications of identified control weaknesses. - Reviews and analyze, Assessment&Authorization (A&A) packages to include
System Security Plans (SSP), Risk Assessments, Information System Contingency
Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response
Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists,
Network Diagrams, Data Flows, System Change Requests/Proposals, - Knowledge of NIST standards and guideline: -FISMA (Federal Information Security Modernization Act) -FIPS 200 (Federal Information Processing Standards Publication 200) -FIPS 199 (Federal Information Processing Standards Publication 199) -SP 800-53 (Security and Privacy Controls for Information Systems and Organizations) -SP 800-53A (Assessing Security and Privacy Controls for Information Systems and Organizations) -SP 800-60 Vol 1 & 2 (Guide for Mapping Types of Information and Information Systems to Security Categories)
- Supporting Authorization to Operate (ATO) Process: -Assisting in obtaining ATO, a formal approval to operate a system based on its security posture. -Adhering to NIST guidelines throughout the process. • Documentation and Reporting: -Developing Security Assessment Plans (SAPs) to outline assessment scope and methodology. -Creating Security Assessment Reports (SARs) to document assessment results, including any failed controls and recommended remediation actions
- Analyzing system artifacts (configurations, logs, policies, etc.) to verify control implementation. -Identifying and documenting any control deficiencies
- Providing unbiased and objective assessment findings
Cybersecurity Analyst
Paragon
Washington , DC
2020.11 - 2021.11
- Applies Risk Management Framework (RMF) to manage systems and applications
with NIST SP 800-37 rev 2 - Develop configuration management plans, advises on configurations and reviews
configurations for NIST 800-53 rev 4/5 technical controls - Uses work flows collect and organize artifacts for upload into Governance Risk
Compliance (GRC) Tool - •Conducting Security Control Assessments (A&A):
-Evaluating the effectiveness of security controls within information systems to ensure they meet NIST
standards and protect sensitive data.
-Using NIST SP 800-53A as the assessment framework.
-Conducting interviews with Information System Security Officers (ISSOs) to gather critical information.
-Analyzing system artifacts (configurations, logs, policies, etc.) to verify control implementation.
-Identifying and documenting any control deficiencies.
-Providing unbiased and objective assessment findings. - Supporting Authorization to Operate (ATO) Process:
-Assisting in obtaining ATO, a formal approval to operate a system based on its security posture.
-Adhering to NIST guidelines throughout the process.
• Documentation and Reporting:
-Developing Security Assessment Plans (SAPs) to outline assessment scope and methodology.
-Creating Security Assessment Reports (SARs) to document assessment results, including any failed
controls and recommended remediation actions - Knowledge of NIST standards and guideline:
-FISMA (Federal Information Security Modernization Act)
-FIPS 200 (Federal Information Processing Standards Publication 200)
-FIPS 199 (Federal Information Processing Standards Publication 199)
-SP 800-53 (Security and Privacy Controls for Information Systems and Organizations)
-SP 800-53A (Assessing Security and Privacy Controls for Information Systems and Organizations)
-SP 800-60 Vol 1 & 2 (Guide for Mapping Types of Information and Information Systems to Security
Categories)
Telecommunications Technician
Orius
2017.03 - 2020.11
- Establishes communications systems by installing, operating, and maintaining voice and data telecommunications network circuits and equipment.
- Plans network installations by studying customer orders, plans, manuals, and technical specifications; ordering and gathering equipment, supplies, materials, and tools; assessing installation site; and preparing an installation diagram.
- Establishes voice and data networks by running, pulling, terminating, and splicing cables; installing telecommunications equipment, routers, switches, multiplexors, cable trays, and alarm and fire-suppression systems; building ironwork and ladder racks; establishing connections; programming features; establishing connections and integrations; following industry standards
- Verifies service by testing circuits, equipment, and alarms; and identifying, correcting, or escalating problems.
- Documents network by labeling and routing equipment and cables and recording configuration diagrams and specifications.
- Maintains network by troubleshooting and repairing outages, testing network back-up procedures, and updating documentation.
- Maintains customer rapport by listening to and resolving concerns and answering questions.
- Maintains safe work environment by following codes, standards, and legal regulations.
- Keeps supplies ready by inventorying stock, placing orders, and verifying receipt.
- Updates job knowledge by participating in educational opportunities and reading technical publications.
- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests and exploring opportunities to add value to job accomplishments.
Clearance
- ACTIVE SECRET CLEARANCE
Similar Profiles
Joel DanzaJoel Danza
PSO at Triple CanopyPSO at Triple Canopy
Jesus FranciscoJesus Francisco
PSO Security Gaurd at Triple CanopyPSO Security Gaurd at Triple Canopy
Travis BuchananTravis Buchanan
Armed Security Contractor at Triple CanopyArmed Security Contractor at Triple Canopy