Summary
Overview
Work History
Education
Skills
Certification
Areas Of Security Expertise
Timeline
Generic

Marion Eunice A. Forcha

Silver Spring,MD

Summary

Developed skills in cybersecurity and risk management within high-stakes environment. Demonstrated ability to implement effective security measures and manage regulatory compliance. Energetic and detail-focused with robust understanding of cybersecurity principles and risk management strategies. Proficient in network security protocols and vulnerability assessments, coupled with strong foundation in regulatory compliance. Committed to enhancing organizational security posture through diligent monitoring and proactive threat mitigation.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Information System Security Officer

Goldbelt Nighthawk
09.2022 - 01.2024
  • Lead security operations for COTS systems and AWS GovCloud environments, ensuring compliance with FISMA, NIST 800-53, and other regulatory standards
  • Oversee security authorization and accreditation processes (A&A) for new system deployments and changes
  • Conduct risk assessments and perform vulnerability management to identify and remediate potential threats to the system
  • Provide guidance on secure integration of COTS solutions within cloud environments, ensuring that security best practices are applied during the entire lifecycle
  • Collaborate with system administrators and engineers to develop and implement security measures to protect data and systems
  • Prepare and deliver security documentation, including security plans (SSP), risk assessments, and incident response plans
  • Manage cloud security configurations within AWS GovCloud, including IAM roles, security groups, VPC configurations, and ensuring alignment with AWS security best practices
  • Develop and enforce incident response protocols, lead investigations, and report findings to senior management and stakeholders
  • Provide security awareness training to employees, ensuring adherence to security policies and procedures

Security Controls Assessor

Fleury Cyber Solutions LLC
10.2020 - 01.2022
  • Review assigned information systems categorization in accordance with NIST SP (800-37 and 800-60) and FIPS 199
  • Review and validate selected systems security controls such as common controls, systems specific controls and hybrid controls following NIST SP 800-70 and FIPS 200
  • Collaborate with various stake holders to review and validate systems risk assessment report (RAR)
  • Review interim authorization to test (IATT) package for new systems under development
  • Review developed POA&M to verify prompt remediation of vulnerabilities
  • Monitors and assesses selected security controls in the environment on continuous bases to make sure that changes are authorized and documented
  • Ensure systems have all security controls in place and functioning properly in accordance with NIST 800-53A publication
  • Performed IV&V of FedRAMP packages
  • Develop, review and update Information Security System Policies, System Security Plans (SSP) and Security baselines in accordance with NIST, FISMA, OMB, NIST SP 800 -18 and industry best security practices including System Security Plan (SSP) based on findings from assessing controls using NIST SP 800 - 53A rev 4 and NIST SP 800-53
  • Undertake continuous monitoring after authorization (ATO) to ensure continuous compliance with the security requirements
  • Evaluate threats and vulnerabilities based on Nessus tenable reports and Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37
  • Work as a key team member of the RMF process for assigned systems to ensure that the controls are adequately categorized, selected, implemented, assessed, authorized, and monitored
  • Develop system security control traceability matrix (SCTM) or SRTM to ensure each control is accurately assessed
  • Conduct security assessments on assigned systems and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations, and Continuous Monitoring processes
  • Ensure IT systems have all security controls in place and functioning properly in accordance to NIST 800-53A publication
  • Analyzed Nexus Scans, Web Inspect scans and Database Scans
  • Experience with FedRAMP systems hosted by a Cloud Service Provider
  • Collaborate with cloud service providers (CSP) to support 3PAO assessments FedRamp packages for JAB
  • Collaborate with privacy officer to develop, review and assess PTO, PIA and privacy controls per NIST SP 800-37 Rev 2
  • Promptly report incidents in accordance with agency policy for incident response

Security Control Assessor

Graceland Consulting LLC
08.2018 - 10.2020
  • Conduct comprehensive assessments of the management, operational and technical security controls employed within or inherited by the system to determine the overall effectiveness of the control and ensure that the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system
  • Conduct security assessments on assigned systems and collaborate with clients to provide recommendations regarding critical infrastructure, network security operations, and Continuous Monitoring processes
  • Collaborate with ISSOs to ensure systems are properly categorized, their controls selected and implemented based on the systems categorization level
  • Create, update, and revise System Security Plans, FISMA, Contingency Plans, Incident Reports and Plan of Action & Milestone
  • Participate in A&A Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) per NIST SP 800-53A
  • Document and finalize security Assessment Report (SAR) in preparation for ATO
  • Collaborate with SOC engineers to perform continuous monitoring of systems to ensure security and compliance
  • Determine security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements)
  • Evaluate threats and vulnerabilities based on Nessus tenable reports and also Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37
  • Classification and categorization of information Systems using the RMF processes to ensure system Confidentiality, Integrity and Availability
  • Provide audit briefings to agency and Information Systems Security Officer’s (ISSO), to assist in the preparation of independent audit assessments with the agency's goal of improving their operational effectiveness and ensuring that all findings are documented as Plan of Action & Milestones

Security Controls Assessor

Acethia LLC
07.2016 - 08.2018
  • Serves as an assessor for the program and making sure that Security Control Assessments and other advanced-level Continuous Monitoring Activities are implemented in the environment
  • Provide professional and security-based assistance to the incident response team to ensure that security controls are adhered to as stipulated in security policies and procedures
  • Validate respective system security plans to ensure that security control requirements are effectively implemented in the environment
  • Coordinate with system engineers to monitor, investigate, log and report systems activities resulting from unauthorized access and possible modification of sensitive data
  • Collaborate with business and stakeholders to develop security control authorization documentations needed to authorize system operations
  • Collaborate with SOC engineers to scan the environment for possible vulnerabilities using tools like Nessus and others
  • Experience researching and giving recommendations associated with findings on how to improve the customer’s security posture in accordance with NIST controls
  • Monitors and assesses selected security controls in the environment on continuous bases to make sure that changes are authorized and documented
  • Work with stake holders to develop system contingency plan and ensures that the plan is tested, authorized, and maintained
  • Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience
  • Flexibility to adjust quickly to multiple demands, shifting priorities to meet business needs and standards

Education

Masters in Cyber - Cybersecurity Management & Policy

University of Maryland Global Campus
Largo, MD
01.2024

Bachelor of Science - Computer Networks and Cyber Security

University of Maryland Global Campus
Largo, MD
01.2021

Skills

  • FISMA
  • NIST
  • FIPS
  • ISO 27001 Framework
  • PCI DSS Framework
  • Vulnerability management
  • NIST RMF process
  • Collaboration with CSPs
  • Governance, risk, and compliance (GRC)
  • Assessment and Authorization (A&A)
  • OMB Regulations
  • Risk Management Framework (RMF)

Certification

  • CompTIA Security+ CE Certified
  • AWS Solutions Architect

Areas Of Security Expertise

  • Experienced with compliance standards such as FISMA, NIST and FIPS publications.
  • Knowledgeable in the ISO 27001 Framework used in securing systems in international organizations.
  • Conversant in the PCI DSS Framework used in security systems in the financial industry.
  • Knowledgeable in vulnerability management and compliance regulations.
  • Experienced in the NIST RMF process used for managing cyber security risk.
  • Ability to adapt in a fast paced and time sensitive environment.
  • Excellent analytical and problem-solving skills in designing, developing, and implementing security standards.
  • Organized, Self-motivated, and responsible for assigned tasks.
  • Experience with MS Office suite including PowerPoint, Excel, etc.
  • Experience collaborating with CSPs to analyze selected security controls for assigned FedRAMP systems to complete compliance assessments before submitting FedRAMP package to the JAB.
  • Experience with governance, risk, and compliance (GRC) tools such as CSAM, RiskVision and TAF.
  • Experience analyzing vulnerability scanning results obtained from vulnerability scanning tools such as: Nessus, WebInspect and AppDetect.
  • Experience Opening, Creating, Reviewing, Analyzing and Reporting POA&M items.

Timeline

Information System Security Officer

Goldbelt Nighthawk
09.2022 - 01.2024

Security Controls Assessor

Fleury Cyber Solutions LLC
10.2020 - 01.2022

Security Control Assessor

Graceland Consulting LLC
08.2018 - 10.2020

Security Controls Assessor

Acethia LLC
07.2016 - 08.2018

Bachelor of Science - Computer Networks and Cyber Security

University of Maryland Global Campus
  • CompTIA Security+ CE Certified
  • AWS Solutions Architect

Masters in Cyber - Cybersecurity Management & Policy

University of Maryland Global Campus

Similar Profiles

  • Joesph Sanders

    Joesph SandersJoesph Sanders

    Field Technician at Nighthawk Services LlcField Technician at Nighthawk Services Llc

    View Profile
  • Brandon Garwood

    Brandon GarwoodBrandon Garwood

    Operations Manager /Project Manager/Production Manager at Nighthawk Completion Services LLCOperations Manager /Project Manager/Production Manager at Nighthawk Completion Services LLC

    View Profile
  • Gabe Coker

    Gabe CokerGabe Coker

    Gunsmith at Nighthawk Custom FirearmsGunsmith at Nighthawk Custom Firearms

    View Profile
Marion Eunice A. Forcha