Joel Foyet

• Execute all six phases of Risk Management Framework (RMF) process for systems undergoing Assessment and Authorization (A&A) for both on-premises and cloud systems.
• Provide ongoing Assessment and Authorization (A&A) support for systems undergoing continuous monitoring by managing and assessing changes to information system to determine the security impact to those changes and providing necessary recommendations.
• Ensure management, operational and technical controls for securing IT Systems are in place and are followed according to federal guidelines (NIST SP 800-53A rev. 4/5).
• Develop key security Documentations (SSP, SAP, SAR, RA, ISCP, and IRP) and Artifacts for systems undergoing the A&A process utilizing organizational templates.
• Perform ongoing review and updates of security documentations annually and when required due to changes to the information system such System Security Plan (SSP), Contingency Plan (CP), Incidence Response Plan (IRP), Configuration Management Plan (CMP), Standard Operating Procedures (SOP’s), Hardware inventory, Software inventories, Ports Protocol and Service Management (PPSM), and other policies as needed.
• Provide support for Continuous Monitoring activities for Information Systems, including review of systems and applications security vulnerabilities reports from tools such as Nessus to design and develop remediation plans.
• Interface with the necessary stakeholders and vendors to understand system requirements and to establish a security requirement commensurate with risk.

• Liaised with the assessment team in developing the security assessment plan (SAP) using the NIST 800 53A rev. 4 as a guide, to outline the assessment objectives, scope, test procedures, as well as the assessment schedule prior to the SAP review.
• Conducted Security Control Assessment (SCA) in accordance with NIST SP 800-53A to test the technical, management and operational controls implemented to ensure they have been implemented correctly, are functioning as intended and yielding the right results.
• Developed Security Assessment Report (SAR) detailing the results of the assessment carried out and documenting the corresponding plan of action and milestone (POA&M) to ensure remediation actions and timely mitigation of the vulnerabilities.
• Reviewed test results and scans to address vulnerabilities, gaps, or control deficiencies; worked with stakeholders to establish plans for sustainable resolution of identified threats.
• Determined security controls effectiveness (i.e., controls implemented correctly, operating as intended, and producing the desire results) using NIST 800-53A r4.
• Provided assessment exit briefings to Information System Security Officer (ISSO) and system stakeholders and ensuring that all findings are documented on Plan of Action & Milestones.

• Oversaw and served three teams practicing Safe Agile on data transformation project.
• Cultivated and maintained a strong and good working relationship with stakeholders, facilitating collaboration across the organization to drive project success.
• Coordinated and facilitated scrum events with up to 25 attendees, ensuring shared understanding, implementation, and alignment with project objectives.
• Implemented effective communication strategies utilizing emails, video conferencing, pull communication to maintain ongoing and transparent communications on project.
• Ensured the continuous delivery of valuable outcomes through diligent project planning sessions and comprehensive information gathering.
• Coached and taught a dedicated team of skilled individuals, enabling them to embrace Agile principles and deliver value to end users.
• Coordinated efforts between the core team, extended team and governance for support and clarifications on project artifacts.
• Used the SHUHARI learning curve to empower teams and enforce self-organization.
• Assisted the team in storing vital information and project documents on dedicated repositories (Confluence, Alfresco, sharepoint).
• Guided the teams through the stages/phases of achieving high performing teams based on the Tuckman's model.
• Represented the teams (voice of the team) in release train sync meetings for reporting and escalation of RAID items identified on the team log.
• Worked with PO to ensure the team understands the project’s goals and scope by regularly reviewing the scope of the development effort.
• Identified and removed obstacles to progress through organization of appropriate resources.
• Facilitated sprint planning meetings, daily stand-ups, sprint reviews, demos, and retrospectives.
• Worked with PO to manage backlog, review stories and organize stories by priority and efficiency.
• Tracked daily sprint progress and maintained schedules.
• Worked closely with other team members including developers, test engineers, and other technical staff to ensure sprints are organized and effective by understanding workflows, schedules, and potential risks.
• Tracked and reported on team performance, including capacity, bug-fix rate and throughput.
• Coached teams to establish team agreement and expected achievements for each sprint – ensured voices were heard and risks raised to the PO for prioritization.
• Identified areas of improvement and “lessons learned” from team retrospectives that led to improved efficiency and quality – drove towards improvement by identifying actionable items from “lessons learned” that can be applied in future sprints.
• Identified risks to project completion and escalated appropriately to anticipate potential obstacles or potential blockers and facilitated additional meetings/sessions to overcome.
• Applied Agile methodology to a newer team, driving towards effectiveness in applicable ceremonies.
• Mentored team, peers and business sponsors on methods that are useful for improving development and growth.

· Responsible for taking and maintaining database backups for recovery in the event of disasters.

• Delivered successful database migration projects, ensuring seamless transitions with minimal disruption to business operations.
• Established proactive monitoring solutions that alerted administrators to potential issues before they escalated into major problems.
• Provided timely resolution of critical production issues, minimizing downtime and avoiding potential revenue loss.

· Upgraded MS SQL Server 2005 SP4 servers to MS SQL Server 2016 with both In-place and Side by Side Upgrade for new applications in the company.

· Configured Always On availability groups in a 3-node windows cluster environment where two were on premises and one in a data center for Disaster recovery.

· Planned and coordinated security measures such as TDE, DDM and AE. Applying the principle of least privileged.

· Handled MS SQL Server installation, Configuration, Security, and maintenance following best practices.

· Working with the entire IT team to maintain database response times in 24x7 Production environments by developing automated alert jobs.

· Prioritizing and responding to executing tasks in a high-pressure environment.

· Design, develop, test, deploy and maintain databases, database objects, database security and database recovery solutions.

· Created various maintenance plans for index fragmentation and backups to automate the team’s tasks and ensure better system health and performance.

· Deployment of azure managed SQL instances and databases

· Create and manage AZURE storage accounts.

· Created Azure virtual machines in IAAS.