Dwight Nelson
Smyrna,DE
Summary
Skilled Senior Security Specialist with extensive experience in enhancing security posture and ensuring compliance. Expertise in managing Plan of action and milestones (POA&Ms) and remediating complex issues. Specialize in cybersecurity compliance and risk management, particularly in PCI DSS v4.0, NIST 800-53 Rev. 5, NIST 800-37 Rev. 2, and NIST 800-60 Rev.1 frameworks. Known for strong communication and analytical abilities and strategic planning skills. Have consistently improved security posture across organizations.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Senior Security advisor
Brownstone Consulting Firm
01.2023 - Current
- Directed PCI DSS 4.0 Gap assessment, pinpointing compliance deficiencies.
- Advised on PCI DSS cardholder data environment (CDE) scoping and segmentation, minimizing compliance risks and enhancing the organizations security posture.
- Led the enhancement of the access review program, implementing a process to ensure user access reviews were performed, and only required access was approved.
- Conducted thorough reviews of security audit logs using SIEM tools, ensuring all cardholder data was appropriately tokenized or masked.
- Utilized BlueCat to verify segmentation of the CDE.
- Leveraged confluence to create process documentation, ensuring dissemination to the organization.
- Directed firewall rule reviews and utilized the OpenShift Management console to confirm configuration accuracy and compliance.
Senior Security control assessor
Coalfire Federal
12.2019 - 01.2023
- Coordinated comprehensive security control assessments for Federal Retirement Thrift Investment Board (FRTIB) within the GRC tool CSAM, demonstrating expert proficiency in evaluating, documenting, and reporting compliance and risk management activities.
- Conducted comprehensive cloud security assessments, utilizing NIST 800-53 Rev 5.
- To identify vulnerabilities, assess compliance, and recommend mitigation strategies for cloud environments, ensuring robust protection of sensitive data and systems in multi-cloud and hybrid cloud infrastructures.
- Utilized the National Vulnerability Database (NVD) to meticulously identify vulnerabilities within commercial off-the-shelf products, ensuring comprehensive security assessments and robust risk mitigation strategies.
- Executed rigorous assessments of cloud systems, including cloud systems leveraging the Federal Risk and Authorization Management Program (FedRAMP).
- Performed detailed analysis and evaluations of documentation and technical artifacts such as System Security Plans (SSPs), Contingency Plans, vulnerability reports, and audit logs, to ensure alignment with compliance requirements.
- Utilized NIST SP 800-30 Rev 1 to conduct risk assessments which enabled through identification, analysis, and prioritization of potential risks to organizational assets, thereby facilitating informed decision-making.
- Developed comprehensive assessment documentation, including Security Assessment Plans (SAPs), detailed Artifact Request Lists, Security Control Traceability Matrix, Security Assessment Reports, and Assessment Briefing presentations.
- Led assessment interview sessions using clear and concise questions, simplifying complex controls to facilitate stakeholders’ understanding of control requirements.
- Articulated assessment findings, risks, and recommendations effectively to technical and non-technical stakeholders, including executive leadership, to facilitate informed decision-making and support risk management efforts.
- Leveraged reading rooms to execute thorough security control assessments, ensuring detailed examination of documentation through meticulous preparation and attention to detail.
Information System security officer (isso)
Coalfire Federal
03.2016 - 12.2019
- Led Assessment and Authorization (A&A) process of systems to verify and validate conformance to Federal policies, regulations, FISMA compliance and standards, and meet specified security requirements.
- Analyzed vulnerability, database, and web application scan results using tools such as Tenable and Netsparker to support the documented security posture of the information system.
- Aided in the building of the GRC tool with regard to boundary consolidation.
- Created a Concept of Operations Plan (CONOPS) for the information system.
- Assisted in conducting document reviews of NIST policy documents, and updating procedures resulting from the new guidance.
- Facilitated biweekly briefings and presentations to inform all stakeholders of the continuous monitoring activities.
- Developed, maintained, and communicated a consolidated integrated master schedule that entailed risk management activities and deliverables.
- Aided in the development and creation of the Contingency Plan using NIST 800-34 rev1.
- Collaborated with System Administrators to assist in generating custom reports and or artifacts in support of the A&A process.
- Authored detailed implementation statements per FedRAMP overlay requirements.
- Developed and managed POA&M using the Security Requirements Traceability Matrix (SRTM) for guidance.
- Created a process for which findings within the environment could be placed into the correct boundary.
Security Analyst
Think Tank Inc
09.2014 - 03.2016
- Led meetings with the IT Compliance team to gather documentation and evidence about our security control environment for the National Oceanic Atmospheric Administration.
- Performed Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders.
- Used NIST SP 800-53A to draft interview questions for System Administrators for the purposes of writing implementation statements.
- Worked with ISSOs and subject matter experts to ensure timely identification and remediation of risk related issues and action plans.
- Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.
- Helped mentor and develop less experienced staff.
- Provided subject matter expertise with regards to the A&A process as well as System Security Plan interpretation.
- Inspected information systems to ensure compliance and worked closely with system administrators to maintain security and accreditation status.
Education
B.S - Business Management
Salisbury University
05.2010
Skills
- Policy and Procedures
- Documentation
- FISMA
- Microsoft Office
- Executive Briefings
- Ability to meet high-priority deadlines while multi-tasking
- Telecommunication Skills
- BeyondTrust
- Risk Management Framework
- NIST Publications
- POA&M (Plan of Action and Milestones)
- CSAM
- Xacta
- Jira
- ServiceNow
- Research
- Exceptional Oral and Written Communication Skills
- Complex problem solving
- BlueCat
- OpenShift
- Gitlab
- Miro
- Risk Management
- Policy updates
- Policy Development
- Firewall Management
- Compliance Management
- Cloud security
- Incident Response
- IT Security
Certification
ISACA Certified Information Systems Auditor (CISA)
Professionalexpertise
- Extensive experience collaborating with cross-functional teams to enhance security posture and ensure compliance.
- Expert at managing Plan of action and milestones (POA&Ms).
- Exceptional experience in working with a team to remediate complex issues.
- Experienced in PCI DSS v4.0, NIST 800-53 Rev. 5, NIST 800-37 Rev. 2, and NIST 800-60 Rev.1 frameworks, specializing in cybersecurity compliance and risk management.
- Expert at clear and concise communication with high level officials.
- Possess in-depth knowledge of operations through various roles of increasing responsibilities.
- Experience working with Governance, Risk & Compliance (GRC) tools such as CSAM, Xacta, Jira, and ServiceNow.
Timeline
Senior Security advisor
Brownstone Consulting Firm
01.2023 - Current
Senior Security control assessor
Coalfire Federal
12.2019 - 01.2023
Information System security officer (isso)
Coalfire Federal
03.2016 - 12.2019
Security Analyst
Think Tank Inc
09.2014 - 03.2016
B.S - Business Management
Salisbury University
Similar Profiles
Khalil QureshiKhalil Qureshi
CYBERSECURITY CONSULTANAT at Brownstone Consulting Inc.CYBERSECURITY CONSULTANAT at Brownstone Consulting Inc.
ROBERT A. MCDONALDROBERT A. MCDONALD
Control/Privacy Assessor at Brownstone ConsultingControl/Privacy Assessor at Brownstone Consulting
Rosalind BennettRosalind Bennett
Energy Advisor at ICF via AdNet Consulting FirmEnergy Advisor at ICF via AdNet Consulting Firm
Tymir ForrestTymir Forrest
Retail Worker at Best BuyRetail Worker at Best Buy
Shaun GeddisShaun Geddis
Loan Documentation and Process Associate Analyst at CitiLoan Documentation and Process Associate Analyst at Citi