Laurence L. Long Jr.
Crofton,MD
Summary
Information systems security professional equipped to enhance security posture and protect critical assets. Proven ability to identify vulnerabilities, implement robust security measures, and ensure compliance with industry standards. Strong focus on team collaboration, adaptable to changing needs, and known for delivering results. Expertise in risk assessment, incident response, and security policy development.
Overview
13
13
years of professional experience
1
1
Certification
Work History
SR Information Systems Security Officer (ISSO)
Telos Corporation
06.2022 - Current
- Achieved FISMA compliance and Authority to Operate (ATO) for (HIGH) system based on guidelines from the NIST SP 800-53 Risk Management Framework (RMF).
- Managing cyber risk with compliance automation, continuous monitoring and Ongoing Authorization (OA) using CSAM.
- Tailoring/selecting controls using the FedRAMP package to ensure all systems stay within the compliance mandated by Fedramp.
- Addressing the control implementation statement/ consumer responsibility part as instructed on the FedRAMP package.
- Support the development and maintenance of all security documentation such as the PTA, System Security Plan, Contingency Plan, Contingency Test Plan report, POA&M.
- Analyze vulnerability scans results OS, WEB & Database findings and document them in the system Remediation Plan including weekly meetings to discuss findings and estimation on when findings will be remediated.
- Support annual assessments in accordance with guidance in the DHS Information Security Performance Plan.
- Develops, supports and manages completion of all Plan of Action & Milestones (POA&Ms) to ensure all risks are identified and remediated within the allotted time specified by DHS.
- Review sprint stories, assign tasks, track various processes using JIRA. Conduct daily standup meetings with Risk Analyst Team Lead to discuss daily action items.
- Review audit logs monthly for the system via Splunk Dashboard and provides reporting to management and system administrators.
- Conduct quarterly self-assessment on the systems to ensure that they do not fall out of compliance with NIST 800-53 Rev 5.
SR. CYBERSECURITY ENGINEER (DISA – DEFENSE INFORPMATION SYSTEMS AGENCY)
Blue Sky Technologies
03.2021 - 06.2023
- Provide Security Engineering to DISA in support of the RMF requirements that must be met for accreditation. Support Assessment and Authorization (A&A) activities to support compliance with DoD 8500 series publications.
- Document the protection and sustainment of the cybersecurity requirements to include protection of the operating environments and software, including network, operating systems and databases, integration, and implementation of cybersecurity features for client-server and web enterprises.
- Ensure projects are following DODD and DODI 8500 Cybersecurity series, to meet DoD cybersecurity requirements through the application of integrated layered protection of DoD information systems and networks.
- Draft comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement as needed.
- Provided traceability from the cybersecurity controls to the requirements supporting them, the corresponding design, and the associated cybersecurity testing. Find IT security program implications of recent technologies or technology upgrades, cost, and analyze economics and risk as part of the decision-making processes.
- Review Risk Management Framework (RMF) based policies and develop comprehensive cyber security processes from project start through to implementation, including Risk Assessments, POA&M’s and Authority to Operate (ATO).
- Established an Information Assurance Vulnerability Management (IAVM) program to include IAVM strategy, process flow and other documentation that is needed.
- Ensure that accepted products meet Common Criteria requirements and recommend the government of changes affecting the cybersecurity posture of information system. Monitor, report, and aid the government in maintaining FISMA compliance.
- Strengthen the Information system security engineering process that captures and refines information security requirements and ensures that the requirements are effectively integrated into government information technology products and information systems through security architecting, design, development, and configuration.
SR. CYBERSECURITY ENGINEER
Patriot Strategies LLC
05.2018 - 03.2021
- Provide support and guidance to IA teams supporting 141 Military Treatment Facilities (MTF) globally.
- Evaluated the Defense Health Agency (DHA) cybersecurity requirements to strategize and execute the system (CHCS, AHLTA, Essentris, and CHAS (formerly ICD8) and application migration from Service networks over to the DHA-managed Medical Community of Interest (Med-COI) enclave within the Medical Health System Infrastructure (MHSI) Network.
- Apply system security engineering principles to deliver real solutions premeditated to enhance the security posture including requirements, definitions, testing, test plans and implementation of networked assets!
- Assist Information Assurance (IA) teams in cyber related matters for their supported assets deployed globally in support of the Defense Health Agency (DHA).
- Identify threats and develop suitable defense measures, evaluate system changes for security implications, and recommend enhancements, research, and draft cyber security white papers.
- Analyze vulnerabilities and deficiencies associated to protocols, hardware, and software.
- Central point of contact for various DHA site implementation coordinators as it pertains to cyber security rules and regulations as well as processes that need to be adhered to in order to obtain authorization to operate (ATO) and authorizing official (AO) approval for military health facilities to connect their local network to the DHA medical community network.
- Draft comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement as required.
- Provided vulnerability assessment, analysis, guidance, recommendations, and deficiency resolution implementation ensuring the confidentiality, integrity and availability of supported information systems.
- Created and taught a “Cyber Hygiene” classes to ISSOs and ISSMs at DHA on how to ensure they are meeting their goals by following our Cyber-Hygiene method that we put together to ensure that all areas and tasks are being completed and ready for getting an ATO (Authorization to Operate).
- Sit in on meetings with military health facilities to support any cyber security related question/concerns that may come up as part of their site-specific requirements to obtain approval to move to the MEDCOI community.
CYBER SECURITY INSTRUCTOR
DOD Training Center
01.2015 - Current
- Taught and mentored students for the following certification exams, CEH, CHFI, ECSA, CCISO, Security+, CYSA, and CASP.
- Developed engaging lesson plans to enhance student learning outcomes and maintaining a 98% student pass rate on all certifications.
- Implemented innovative teaching strategies to improve student engagements by giving the students hands on experience.
- Mentored students by providing professional development and guidance within the Cyber Security profession.
- Evaluated and revised and wrote curriculum based on student feedback and performance assessments.
INFORMATION SECURITY CONTRACTOR
DOJ (CJIS: FBI)
10.2012 - 01.2015
- Served as the Team Lead for the F.B.I. as a contractor for NTT Data, including scanning and manually identifying all databases, servers, and applications using the Framework policies that were in place based on the current N.I.S.T Standards.
- Tasked with the quarterly vulnerability assessments for the entire CJIS (F.B.I.) division using Nessus and other toolsets to identify the potential vulnerabilities within each department. All documentation was then forwarded to each department identifying the risks and the remediation plans to fix known vulnerabilities that were identified during the assessment process.
- Coordinated and conducted Web Application Vulnerability Assessments using HP-Web Inspect, BurpSuite, Cenzic Hailstorm and other open-source tools to identify the potential risks that were identified and checked for false positives during the assessment. Once the efforts were complete all documentation along with the remediation plans were documented and forwarded to leadership for review.
- Coordinated full-scoped audits using the FBI framework and performed vulnerability assessments for new systems that were being put into production and needed to meet the requirements for an ATO.
Education
High School Diploma -
Jacksonville High School
Jacksonville, NC06-1992
Skills
- Information system security management
- Experience with Windows and Linux operating systems
- Proficient in security tools for compliance and penetration testing
- Dashboard: CSAM, eMASS, Confluence, CDMT, IACS, JIRA, XACTA, SPLUNK, SOC Reports, FedRAMP
- Active Top Secret clearance
Certification
- C|EH
- C|HFI
- CEI
- C|CISO
- NET+
- Security +
- A+
- Project +
- CASP
- CYSA
- Pentest +
- CIOS
- CIW Web
- CIW V5
- Scrum Master
- CSIS
- E|CSA
- CSAE
- CSAP
Section name
Cyber Security | Instructor-Mentor | Penetration Testing | Vulnerability Analysis
Languages
English
Timeline
SR Information Systems Security Officer (ISSO)
Telos Corporation
06.2022 - Current
SR. CYBERSECURITY ENGINEER (DISA – DEFENSE INFORPMATION SYSTEMS AGENCY)
Blue Sky Technologies
03.2021 - 06.2023
SR. CYBERSECURITY ENGINEER
Patriot Strategies LLC
05.2018 - 03.2021
CYBER SECURITY INSTRUCTOR
DOD Training Center
01.2015 - Current
INFORMATION SECURITY CONTRACTOR
DOJ (CJIS: FBI)
10.2012 - 01.2015
High School Diploma -
Jacksonville High School