Summary
Overview
Work History
Education
Skills
Websites
Certification
Accomplishments
Affiliations
Personal Information
Timeline
Hi, I’m

Marion Richburg

Davidsonville,MD
Marion Richburg

Summary

Detailed oriented Cyber Security professional actively seeking a senior-level role whereby application of my technical expertise and leadership experience to align information strategies with business objectives effectively. As an experienced Cyber Security Engineer, successfully implemented and managed security solutions on both on-premise and cloud environments. Proficiency includes conducting security risks assessments, implementing the Risk Management Framework (RMF), Information Assurance with expertise in security certification and accreditation (C&A), reviewing business processes pertaining to technology and security. Skilled communicator, adept at collaborating with cross-functional teams to achieve security objectives and mitigate risks efficiently.

Overview

17

Certified Information Security Manager

2

Certified Information Security Manager

1

AWS Certified Solutions Architect Associate

17

Certified Information Security Manager

17

Certified Information Security Manager

Work History

Department of Justice – Federal Bureau of Investigation (FBI) – Contractor (M SYS, LLC, Washington, D.C.)
Washington , D.C.

Senior Cyber Security Engineer (Alt. ISSM)
06.2011 - Current

Job overview

  • Served both as the Alt. Information System Security Manager (ISSM), and Sr. Cyber Secuirty Engineer responsible for supporting IS requirements throughout each IS’s lifecycle, while maintaining effective communications with ISSOs, Project Managers, Unit Chief and Authorizing Official (AO)
  • Managed activities of one or more ISSOs, who are responsible for daily operational security support to specific systems on behalf of the AO.
  • Performed Certification and Accreditation efforts for the Department compliance efforts in accordance with FIPS 800-53 series and ISO 17799 standards
  • Utilizing the melding of the Agile and traditional SDLC methodology for expediting Conditional Authorization to Operate (C-ATO) on a fast-track basis.
  • Liaised with external auditors and internal control owners to support various internal and external audits assessments such as FedRAMP, ISO 27001, PCI-DSS, SOC 2, and NIST 800-53
  • Reviewed Security Plans, Physical Access Control Policies, Rules of Behavior, Contingency Plans, Incident Response Plans, and other security-related FISMA documents, provided updates as needed.
  • Led the security design and implementation of cloud security solutions including AWS, Azure, and GCP environments, ensuring the confidentiality, integrity, and availability of critical data and resources to support the FBI’s mission
  • Provided technical guidance and support to junior team members, fostering their professional development and enhancing overall team performance
  • Assisted in the implementation of security policies, and procedures to safeguard the organization’s information assets and infrastructure
  • Ensured that all POA&M actions are completed and tested (including verification by third party test team, when applicable.) Developed procedures for responding to security incidents and for investigating and reporting to the Enterprise Security Operations Center (ESOC) any security violations and incidents or vulnerability has been discovered within a system
  • Served in an alternate role as the Security Team’s Change Manager- responsible for proposing, tracking, reviewing, approving, and implementing changes into the FBI environment. Additionally, managedthe Service Manager respository tool used for Request for Change (RFC).
  • Provided guidance to a team of ISSOs\ISSEs on best practices for designing hybrid architectures where AWS services are incorporated into one or more security domain. Effectively communicated recommendations for securely configuring and using cloud services (AWS and Azure). These best practices are were using a cloud-based Cross Domain (CDS) solution.
  • Conducted a series of training classes for ISSOs on the RMF process. The purpose of the training was to develop better and more consistent Authorization to Operate (ATO) packages, minimize common errors in RMF Steps 1 through 6 and brief everyone on the most common errors found in their documentation.

Department Of Justice (DEA) -MSYS - Contractor
Arlington, VA

CSOS PKI Security and Policy Officer
05.2009 - 05.2011

Job overview

  • Championed staff development opportunities empowering coworkers through continued education related to their respective field.
  • Provided detailed reports on program outcomes demonstrating the impact of implemented policies.
  • Developed clear communication materials to convey complex policy concepts to diverse audiences.
  • Monitored and evaluated policy effectiveness, recommending necessary adjustments for optimal results.
  • Established productive relationships with industry leaders, fostering partnerships that informed policymaking efforts.
  • Developed a DEA compliant Forensic Preservation process for the removal and forensic analysis of data and media.

United States Agency For International Development
Washington , D.C.

Sr. Financial Crimes Enforcement Advisor - COP
02.2007 - 04.2009

Job overview

  • Collaborated with internal teams to develop comprehensive financial plans tailored to individual client needs.
  • Delivered a comprehensive and workable solution for improving Indonesia's Financial Crime Enforcement Capabilities with innovative economic development programs.
  • Educated Indonesian Financial institutions and law enforcement groups on the terms of the bank Secrecy Act of 1970 and it applicability for their country.
  • Developed and presented training programs in the areas of Anti-Money Laundering and banking compliance for the financial and insurance institutions.
  • Developed a methodology for Anti-Money Laundering (AML) and Combatting the Financing of Terrorism (CFT).
  • Attended annual meeting on Financial Action Task Force (FATF).

Education

South Carolina State University
Orangeburg, SC

BS from Electrical Engineering
05.1975

University Overview

Skills

  • Cloud Security (AWS, Azure, GCP)
  • Business/Project Management
  • Fraud Examination & Investigation
  • Risk Management Framework (RMF) – 800-53
  • Information Security /C&A/ST&E/I&A
  • Payment Card Industry Data Security Standard (PCI DSS) v40 Compliance – Requirements and Testing\ Software Security Framework\Mobile Payments on COTs
  • Vulnerability Assessment and Penetration Testing (VAPT), Third-party Risk Assessment
  • Public Key Infrastructure (PKI) Standards
  • Jira & Confluence
  • Fed Ramp
  • ISO 27001&2
  • Security Testing & Compliance
  • Amazon Web Services (EC2, EBS, S3, IAM, VPC, NACL, Security Groups)
  • High Speed Guard (HSG)\ Cross Domain Solutions with AWS
  • Configuration Management
  • Machine Learning
  • Project Management
  • Quality Assurance Controls
  • Data Analysis
  • Problem Resolution
  • Excellent Communication
  • IT skills
  • Continuous Improvement
  • Professionalism
  • Team Collaboration
  • Task Prioritization
  • Interpersonal Skills

Websites

Certification

  • Certified Information Security Manager (CISM) - ISACA
  • Certified in Risk and Information Systems (CRISC) - ISACA
  • Certified in Governance of Enterprise IT (CGEIT) - ISACA
  • Certified Fraud Examiner (CFE) - Association of Certified Fraud Examiner
  • Governance, Risk and Compliance Certification (CGRC) - ISC2
  • AWS Certified Solutions Architect Associate - (SAA-C03) - AWS
  • AWS Certified Security Specialty (SCS-C01) - AWS
  • Microsoft Azure Security Technologies (AZ-500)
  • CompTIA – Advanced Security Professional (CASP)+ CE
  • Certified - Google Cloud Professional Security Engineer (Google)
  • Google - Cybersecurity Professional Certificate Course - Coursera (Completion - May 2024)
  • PCI-DSS Course Completed Jan. 2024 - (Pending Exam - May 2024)

Accomplishments

Accomplishments
  • Implementation of Robust Security Measures: Developed and Implemented comprehensive security protocols and measures to safeguard sensitive data and systems from potential cyber threats. This included ensuring the confidentiality, integrity and availability of information assets.
  • Provided Specialized Technical Training for ISSOs and IT Personnel: Offered specialized technical training sessions for team members responsible for managing and maintaining the Bureau’s IT assets. This training covered topics such as Service Manager processing, Overview of the RMF process, Security Assessment and Authorization Process for Agile Development and best practices\recommendations for securely configuring and using Cloud Systems.
  • Conducting Cloud Security Assessments and Audits: By proactively identifying and addressing security issues in the cloud environment, the engineer help enhance the Bureau’s overall security posture and ensure compliance with NIST standards. The key focus was by the utilization of centralized audit logs, generation of compliance reports and automating policy.
  • Accelerated ATO Approval Time: Implemented streamlined processes and automation tools to reduce the average ATO approval time by 30%, enabling faster deployment of critical information systems and applications.
  • Expediated Remediation Time: Reduced the average time to remediate security findings by at least 40% through efficient prioritization, resource allocation, and collaboration with stakeholders.
  • Building Cross-Functional Collaboration: Spearheaded efforts to enhance collaboration between IT, Security and Leadership, fostering a unified approach to cybersecurity risk management. By facilitating regular cross-functional meetings, improved communication and alignment of security objectives with goals resulting in more effective risk mitigation strategies and resource allocation.

Affiliations

Affiliations
  • Association of Certified Fraud Examiners (ACFE)
  • Information System Audit Control Association (ISACA)
  • Federal Information Technology System Professional (FITSP)
  • Association of Certified Fraud Examiner

Personal Information

Personal Information
Title: Cloud Security & Information Assurance Engineer

Timeline

Senior Cyber Security Engineer (Alt. ISSM)
Department of Justice – Federal Bureau of Investigation (FBI) – Contractor (M SYS, LLC, Washington, D.C.)
06.2011 - Current
CSOS PKI Security and Policy Officer
Department Of Justice (DEA) -MSYS - Contractor
05.2009 - 05.2011
Sr. Financial Crimes Enforcement Advisor - COP
United States Agency For International Development
02.2007 - 04.2009
South Carolina State University
BS from Electrical Engineering
  • Certified Information Security Manager (CISM) - ISACA
  • Certified in Risk and Information Systems (CRISC) - ISACA
  • Certified in Governance of Enterprise IT (CGEIT) - ISACA
  • Certified Fraud Examiner (CFE) - Association of Certified Fraud Examiner
  • Governance, Risk and Compliance Certification (CGRC) - ISC2
  • AWS Certified Solutions Architect Associate - (SAA-C03) - AWS
  • AWS Certified Security Specialty (SCS-C01) - AWS
  • Microsoft Azure Security Technologies (AZ-500)
  • CompTIA – Advanced Security Professional (CASP)+ CE
  • Certified - Google Cloud Professional Security Engineer (Google)
  • Google - Cybersecurity Professional Certificate Course - Coursera (Completion - May 2024)
  • PCI-DSS Course Completed Jan. 2024 - (Pending Exam - May 2024)

Similar Profiles

  • Lowanda Hill

    Lowanda HillLowanda Hill

    Supervisory Special Agent at Federal Bureau of Investigation (FBI), Washington, D.CSupervisory Special Agent at Federal Bureau of Investigation (FBI), Washington, D.C

    View Profile
  • Thomas Gaughan

    Thomas GaughanThomas Gaughan

    Task Force Officer at Federal Bureau of Investigation, FBITask Force Officer at Federal Bureau of Investigation, FBI

    View Profile
  • PAUL LOYD

    PAUL LOYDPAUL LOYD

    Operational Support Technician at Federal Bureau of Investigation, FBIOperational Support Technician at Federal Bureau of Investigation, FBI

    View Profile
Marion Richburg