Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Patricia D. Alexander

Woodbridge,VA

Summary

Dynamic professional specializing in people and process improvement, with over a decade of experience in building robust Cybersecurity programs, tools, and teams. Expertise in senior-level Project and Program Management, leveraging Governance, Risk Management (GRC), ServiceNow, and Enterprise Mission Assurance Support Service (eMASS) to drive strategic initiatives. Proven track record of developing multifaceted information security teams from the ground up, along with strong capability in deploying and maintaining comprehensive Cybersecurity tool stacks, including Security information and event management (SIEM) solutions such as Splunk. Recognized for delivering impactful business outcomes through strategic planning and analysis while effectively managing cross-functional teams to provide tailored solutions that meet client needs.

Overview

12
12
years of professional experience
1
1
Certification

Work History

Senior Consultant (Risk Management/Vulnerability Management – Azure FedRAMP)

Booz Allen
12.2019 - 05.2025
  • Strengthen and harden the Veterans Affairs (VA’s) IT security posture, ensuring compliance and risk mitigation for external connections.
  • Facilitates requirements meetings, interview sessions, brainstorming, documentation analysis, and other techniques as necessary under work elements
  • Draft, review, and approve Memorandums of Understanding (MOU) & Interconnection Service Agreements (ISA) for external connections, submitting documentation to VA Change Control Board for implementation.
  • Verify connectivity elements: Sensitive data (PII and PHI), ports, protocols, data encryption. Responsible for assisting in providing analytical and technical support to ensure the proper implementation and compliance of the MOU/ISA requirements.
  • Validate MOU/ISA documents for site-to-site interconnections and cloud connections (VA Enterprise Cloud, AWS, etc.) with Federal Information Processing Standards (FedRAMP), aligning documentation with FIPS 199 Security Categorization standards.
  • Develop standardized MOU/ISA templates, ensuring compliance with NIST 800-53r4/5, NIST 800-37, and VA Handbook policies. Lead preparation efforts for OIG annual inspections, ensuring the VA’s external connections meet security audit requirements.
  • Act as a subject matter expert (SME) on NIST controls, supporting assessment reviews and advising senior leadership.

Cybersecurity Audit Consultant

Cyber Security Research and Solution Corporation
03.2019 - 12.2019
  • Documented security leaks in firewall configurations and curated data for client’s remediation team. Escalated to security operations center via ServiceNow if warranted.
  • Verified fidelity and integrity of data aggregated from multiple consultants
  • Improve overall security posture of network infrastructure.
  • Provide on network operating standards and best practices to the networking teams
  • Maintained thorough documentation of all work performed, ensuring seamless handover among team members or future reference.

Cybersecurity Splunk/Internal Auditor

ASM Research
02.2015 - 03.2019
  • Develop, deploy, and manage custom Splunk monitors, alerts, and dashboards to enhance operational efficiency.
  • Participated in incident response activities, providing timely analysis and reporting
  • Trained junior staff on best practices for using Splunk effectively.
  • Conduct regular audits of Splunk configurations to ensure compliance with best practices.
  • Collaborated with IT teams to ensure compliance with security policies and standards.
  • Performed continuous monitoring of security controls to ensure that they continued to be implemented correctly, operating as intended and producing the outcome with respect for meeting the cybersecurity requirements for assigned IT systems.
  • Conducted self-assessments of security controls, identified weaknesses and tracked remediation activities in Plan of Action and Milestones (POA&M’s)
  • Developed strong working relationships with external auditors, facilitating efficient communication during annual audits.
  • Investigated discrepancies discovered during auditing process.
  • Evaluated compliance with regulatory requirements, mitigating potential risks and protecting organizational reputation.

Vulnerability Compliance Analyst

L-3 National Security Solutions Inc.
11.2014 - 02.2015
  • Analyzed vulnerability scan results and create remediation plans for network teams
  • Conducted regular reviews of company policies and procedures for alignment with regulatory requirements and industry best practices.
  • Prepared documentation and records for upcoming audits and inspections.
  • Improved company's risk management strategy by identifying, assessing, and mitigating potential risks related to noncompliance.
  • Provided hands on technical support to the remediation team to assist in remediation and/or false positive investigation.
  • Built evidence Matrix using ServiceNow that allowed the easy communication to stakeholders and evidence collection.
  • Gathered, consolidated and reported metrics relating to the connection Approval Process, FISMA Compliance, Certification and Accreditation Compliance, Information Assurance Vulnerability Management Compliance and Inspection Compliance Status
  • Developed and implemented comprehensive compliance training program, resulting in increased awareness and adherence across departments.

Technical Compliance Analyst/Service Desk Analyst

NetCentrics
03.2013 - 11.2014
  • Provided subjected matter expertise in quality management of performance metric data, ticket handling and content, as well as applied technical service in an Enterprise Service Desk environment.
  • Worked with internal ServiceNow developers to automate processes that were once manual. Some of these processes later became evidence for ISO controls.
  • Attended weekly team meetings to enhance product and service knowledge and gain insight into beneficial issue resolution strategies.
  • Managed high-volume ticket queues efficiently, prioritizing urgent requests for prompt attention.
  • Conducted regular reviews of service desk metrics to identify areas for improvement and implement enhancements accordingly.
  • Escalated critical incidents appropriately while maintaining clear communication throughout resolution process.
  • Developed comprehensive training programs to ensure staff understanding of relevant regulations and policies.
  • Improved company's risk management strategy by identifying, assessing, and mitigating potential risks related to noncompliance.

Education

Master of Science - Management of Information Systems

Strayer University
Washington, DC
05.2004

Bachelor of Science - Computer and Information Systems

Strayer University
Washington, DC
05.2001

Skills

  • Data-driven decision making
  • Operations management
  • Cross-functional collaboration
  • Information security
  • Cybersecurity management
  • Problem-solving
  • Continuous improvement
  • Team leadership & development
  • Processes and procedures
  • Scalability planning

Certification

CompTIA Security+CE, Certified Scrum Master (CSM)

Timeline

Senior Consultant (Risk Management/Vulnerability Management – Azure FedRAMP)

Booz Allen
12.2019 - 05.2025

Cybersecurity Audit Consultant

Cyber Security Research and Solution Corporation
03.2019 - 12.2019

Cybersecurity Splunk/Internal Auditor

ASM Research
02.2015 - 03.2019

Vulnerability Compliance Analyst

L-3 National Security Solutions Inc.
11.2014 - 02.2015

Technical Compliance Analyst/Service Desk Analyst

NetCentrics
03.2013 - 11.2014

Bachelor of Science - Computer and Information Systems

Strayer University

Master of Science - Management of Information Systems

Strayer University

Similar Profiles

CREATE PROFILE