Khuong T. Nguyen

Serves as the acting ISSM with direct oversight of the EOUSA Enterprise Vulnerability Management System (EVMS), which performs vulnerability and security configuration scans for the entire EOUSA organization and conducts annual review of the EOUSA RMF to assess overall alignment with Federal Regulations, NIST standards and guidelines, and DoJ policies and procedures in the absence of the CSS ISSM.

Supports the Cyber Security Services (CSS) team within EOUSA as the Ongoing Authorization Team Lead to provide guidance and transition from a 3-years Authorization to Operate (ATO) to a more robust and dynamic risk-based annual assessment of information systems to mature the department cybersecurity posture.

Provides guidance and technical training to the department leadership and staff on the Security Posture and Reporting Dashboard (SPDR) tool that computes cybersecurity risk scoring based on the overall status and vulnerabilities of 36 FISMA systems across 94 respective EOUSA districts that CSS supports to help triage and remediation.

Coordinates significant improvements to EOUSA’s SPDR risk scores via reaffirming the ISSO’s roles and responsibilities toward patching and secure configuration for all of the information system security posture across 94 districts within EOUSA to become the highest rated component with the lowest risk score within DoJ's 15 components.

Supports the Federal Information Security Modernization Act (FISMA) of 2014 compliance requirements, Office of Inspector General FISMA Assessment by working with EOUSA staff and Justice Management Division (JMD) to provide the recommended resolutions to the closeout Notice of Findings and Recommendations (NFR) for FY22 FISMA audits.

Facilitates the development of Tenable Security Center identity and access management for federal clients and contractors. Collaborate with application vendors, ISSOs, and management leadership to process and review system change requests to ensure conformance with Federal access standards and policies. Work with system owner, system staff, and other system stakeholders to provide timely responses and appropriate artifacts during Information System Continuous Monitoring (ISCM) to identify which security controls should be implemented for technology implementation and deployment.

Supported the Office of Information Security (OIS) as the Vulnerability and Compliance Scanning Team Lead providing reports that prioritize findings based on risk to allow stakeholders to make risk-based decisions to remediate the most critical vulnerabilities and misconfigurations.

Authored and updated systems security benchmark and baseline to established federal guidelines for compliance. Assessed the functionality and usability of multiple applications to provide access control, information security and assurance within the client’s enterprise infrastructure. Provides support for mission-critical federal Emergency Directives cybersecurity incidents and threats across the federal client’s Enterprise infrastructure.

Developed and updated the OIS Enterprise Scanning Policy per federal cybersecurity requirements. Collaborate with Governance team to develop the Enterprise Coordinated Vulnerability Exposure Policy based on the Department of Homeland Security (DHS) Directive. Manage Plans of Actions and Milestones (POA&M) artifacts and gather evidence and submit for closure in a timely manner. Develops the Tenable Vulnerability Scanning SOP to assist ISSOs in the remediation and closure of their assigned POA&Ms.

Supported OIS in identifying new and emerging guidelines by utilizing Splunk to create visualization dashboards to provide comparative information using multiple data sources to develop high level actionable information to foster effective planning and remediation.

Collaborated with vulnerability and compliance management application vendors, ISSOs, and management leadership to identify and analyze false positives and vulnerability anomalies. Provide technical support to the organization's employees and train non-technical stakeholders on the business's information systems.

Led the development and implementation of the Continuous Diagnostic & Mitigation (CDM) program for the Enterprise for compliant with DHS Directive. Conducted monthly enterprise asset management and vulnerability management within the enterprise to identify cybersecurity risks and monthly trend reports along with weekly status updates.

Conducted risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs, promote awareness of security issues. Performed daily ad-hoc scans on high priority vulnerabilities to generate Remediation Progress Metrics for leadership.

Conducted ACAS scanner and Security Center support via telephone, remote access, and/or on-site as necessary. Created, implemented, and maintained standards for security posture within ACAS. Assessed and hardened operating systems, databases, web servers, web applications, and other IT technologies using DISA IASE STIGS, SCAP, and STIG Viewer.

Developed the Enterprise Transition Plan to modernize the Veterans Affairs (VA)’s Veterans Health Information System and Technology Architecture (VistA) environment to standardize the overall system code, virtualized the VistA environment, and ensure information security protocols are in place.

Monitored computer networks for security threats or unauthorized users; analyzing security risks and developing response procedures. Identified compromised machines and reported on security measures taken to address threats.

Led weekly status calls to provide Data & Documentation Management and ensure all testing and test results were maintained on an online system for use by developers and upper management. Participated in Risk & Vulnerability management working groups and meetings and created POA&Ms. Documented findings and severity levels of risks/vulnerabilities in formalized reporting, as well as written and oral briefs.