Summary
Overview
Work History
Education
Skills
Certification
Affiliations
Memberships and Awards
Timeline
Generic

Jessica Little

Baltimore,MD

Summary

Dynamic cybersecurity professional with extensive expertise in technical control implementation, compliance documentation, and adherence to current policies. A robust background in systems engineering, integration testing, firewall administration, Domain Name System (DNS) management, and systems administration complements a proven track record as a cloud security assessor. Proficient in collaborating with Joint Approval Board (JAB) assessors and coordinating with the Computer Emergency Response Team (CERT) as needed while delivering Continuous Monitoring (ConMon) reports. Committed to staying informed on emerging trends and events affecting cloud system components to ensure an optimal security posture.

Overview

18
18
years of professional experience
1
1
Certification

Work History

Security Controls Assessor

Goldbelt Nighthawk, LLC
11.2019 - Current
  • Support with assessment and authorization (A&A) efforts under the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and Federal Risk and Management Program (FEDRAMP) on behalf of a federal civilian agency as a contractor and identifying potential risks associated with system configuration and advise on mitigation strategies.
  • Work with and identify key stakeholders in support of A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
  • Promote an environment of continuous process improvement, learning and team collaboration.
  • Provide support to the A&A team whenever needed by conducting full security control assessments, which includes;
  • Develop the Security Assessment Report (SAR), work with the Information Systems Security Officer (ISSO) in development of the System Security Plan (SSP) in accordance with their security categorization and NIST 800-53 rev5, create draft Plan of Action and Milestones (POA&Ms), Security Assessment Report (SAR), and Risk Assessment Report (RAR)

Information Systems Security Advisor

General Dynamics Information Technology
01.2018 - 11.2019
  • Joint Authorization Board (JAB) reviewer responsible for the review of the Cloud Service Provider (CSP) documentation, as they undergo the process to become Federal Risk and Authorization Management Program (FedRAMP) certified.
  • Review the System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&Ms), Risk Assessment Report (RAR), and all documentation associated with Continuous Monitoring (ConMon), and Annual Assessment documentation associated with assigned CSPs, to help them to remain FedRAMP Compliance.
  • Facilitate discussions as a lead reviewer among JAB reviewers, the CSP, the Government and the Program Management Office (PMO) on a regular basis or calling impromptu meetings if the need arises due to drastic changes identified in the security posture of the CSP.
  • Submit monthly Continuous Monitoring reports, to prepare them for the monthly briefing to the PMO. Ensure that all documentation is compliant with FedRAMP policy, which is governed primarily by the NIST 800 series, Federal Information Processing Standards (FIPS) 199, the RMF and other FedRAMP mandated guidelines.

Firewall Team IA Specialist

NES ASSOCIATES LLC
12.2013 - 01.2018
  • Created firewall rules and diagrams based on the requirements defined by the architect associated with Request for Changes (RFC’s) that were sent from the customer.
  • Tested the integration of applications such as WANDL, Splunk and Domain Name System (DNS) in the lab environment prior to production installation

Systems Integrator E-Health Management Systems

Science Applications International Corporation
08.2010 - 12.2013
  • Provided technical support for installation and scheduling of multiple testing interfaces.
  • Documented entire process, including the compilation, build, and the installation instructions. Upon completion of installation, ensured that the appropriate Security Technical Implementation Guides (STIGS) were run.

Systems Integration Tester
09.2007 - 03.2009
  • Provided technical support for test planning and scheduling of multiple testing interfaces.
  • Reviewed technical documents for completeness and accuracy, including verification of required software, changelog, and complete installation instructions.
  • Analyzed testing results using Test Director, which included isolating and addressing findings reported during the test event.

Education

A.A. - Computer Science

Sullivan College
Louisville, Kentucky
06-1989

B.A. - Music

Eastern Kentucky University
Richmond, Kentucky
08-1985

Skills

  • NIST 800-53 Revision 5 compliance assessment
  • Effective troubleshooting skills
  • Written communication
  • Collaborative teamwork
  • Security protocols
  • Security vulnerability assessment
  • Expertise in risk evaluation
  • Security control evaluation
  • Compliance auditing
  • Cloud Security Assessment
  • Security assurance
  • Security needs assessment

Certification

ISC2 Certified Information Systems Security Professional (CISSP) November 2017 to November 2026

Affiliations

  • Internet Society – DC Chapter
  • ISC2 National Capitol Region Chapter Member since 2017

Memberships and Awards

IPv6 Council of Japan - IPv6 Appli-Contest 2003 Idea Award for Promotion Winner

Timeline

Security Controls Assessor

Goldbelt Nighthawk, LLC
11.2019 - Current

Information Systems Security Advisor

General Dynamics Information Technology
01.2018 - 11.2019

Firewall Team IA Specialist

NES ASSOCIATES LLC
12.2013 - 01.2018

Systems Integrator E-Health Management Systems

Science Applications International Corporation
08.2010 - 12.2013

Systems Integration Tester
09.2007 - 03.2009

A.A. - Computer Science

Sullivan College

B.A. - Music

Eastern Kentucky University

Similar Profiles

CREATE PROFILE