Peter LaMonica
West Melbourne,FL
Summary
Dynamic cybersecurity professional with extensive experience in the government sector, excelling in security control assessments and compliance evaluations. Proven ability to enhance information systems security through effective risk management and collaboration. Skilled in vulnerability assessment and technical documentation, ensuring a robust cybersecurity posture and successful ATO acquisition.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Agent of Security Control Assessor
Booz Allen Hamilton, BAH
Remote, FL
07.2024 - Current
- Performing as the Agent of the Security Control Assessor (ASCA) for clients throughout their system’s lifecycle, including providing support during clients' systems' (re)accreditation process (ATO) using RMF and FISMA standards.
- Utilizing the proprietary audit tool Cyber Workspace to perform FISMA/RMF assessments.
- Assess infrastructure cybersecurity posture on various Launch and Test Range System sub-systems through site visits and detailed analysis of digital evidence, including NESSUS vulnerability scan data, system configuration files, STIG data, Cisco router/switch configuration files, etc.
- Utilize the DISA STIG viewer to review and provide feedback on the client's scan plan, and perform System Impact Assessments (SIA), ensuring that the most relevant and up-to-date Security Technical Implementation Guides (STIG) or benchmarks are used for all associated hardware and software.
- Provide detailed Cyber Risk Assessments to the Information Systems Security Manager (ISSM) and Authorizing Official (AO), identifying any impact of configuration or infrastructure changes related to projects for those systems, and recommend risk remediation activities to harden the information systems infrastructure.
Cybersecurity Vulnerability Assessor
Booz Allen Hamilton, BAH
Remote, FL
04.2024 - 07.2024
- Perform assessments of systems and networks within the network environment or enclave, and identify where those systems/networks deviate from acceptable DOE-established configurations, enclave policy, or local policy.
- Measure the effectiveness of Defense-in-Depth (DiD) architecture against known vulnerabilities.
- Use industry-standard tools such as STIGs, SCAP, SRGs, Tenable, and Splunk to gather information and analyze current vulnerabilities and compliance status.
- Evaluate systems and solutions for compliance with relevant cybersecurity standards (e.g., NIST SP 800-171, NIST SP 800-207, NIST SP 800-53, RMF).
- Working closely with administrators and other technical staff to remediate and bring systems into full compliance for ATO considerations and maintain continuous monitoring and baseline standards.
Information Security Risk Specialist
Booz Allen Hamilton, BAH
Remote, FL
05.2023 - 04.2024
- Monitoring and assessing business needs against security concerns, and recommending necessary changes to enhance information systems security within the VA.
- Managing activities for IT risk control in business operations; ensuring that the server, network operations, and applications are compliant with security procedures, systems, and policies set forth by VA.
- Use industry-standard tools such as STIGs, SCAP, SRGs, Tenable, and Splunk to gather information and analyze current vulnerabilities and compliance status.
- Perform all activities associated with obtaining and maintaining Authority to Operate (ATO), such as management of eMASS, POAM tracking, performing contingency and disaster recovery tests, updating SOPs, collection of control artifacts, change control for patching and upgrading of OS/applications, and control family assessments.
- Manage VA system tasking via JIRA issue and project tracking software and SNOW for incident resolution.
Principal Cyber Systems Engineer
Northrop Grumman
Melbourne, FL
02.2021 - 05.2023
- Assist ISSOs in the implementation of DoD, National Institute of Standards and Technology (NIST), Committee on National Security Systems Instruction (CNSSI), Risk Management Framework (RMF), and Defense Counterintelligence and Security Agency (DCSA) processes, policies, and guidance on multiple collateral networks.
- Work with CSSP to provide technical support for Air Force networks and annual tests within a classified environment.
- Executing technical support via day-to-day administration of Windows/Linux/VM/Cisco environments of SDREN and VIPR test bed CUI enclave.
- Perform vulnerability and compliance assessments via standard DoD tools such as SCAP, ACAS/Nessus, HBSS, and STIGs to support ISSOs' security posture of systems and DCSA on-site audits.
- Assist ISSOs in completing common activities on a regularly scheduled basis to maintain compliance and ATO status.
Principal Cyber Info Systems Security Analyst
Northrop Grumman
Melbourne, FL
11.2019 - 02.2021
- Document the results of Assessment and Authorization activities, technical or coordination activity, and prepare collateral system Security Plans, and update the Plan of Actions and Milestones.
- Perform analyses to validate established Air Force requirements, and to recommend additional security requirements and safeguards for technical staff to implement and maintain compliance.
- Support the formal Security Test and Evaluation (ST&E) required by DCSA through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
- Perform continuous monitoring tasks with system admins related to DCSA guidance to maintain ATO status.
- Investigated security incidents and documented findings for future reference.
- Updated existing documentation, such as disaster recovery plans, incident response plans, SSP, and SOP.
Cyber Security Engineer
Craig Technologies, Inc
Merritt Island, FL
01.2018 - 01.2019
- Analyze the architectures of Air Force IT systems for compliance with DoD policies, develop and execute security test plans, and use security tools such as ACAS, SCAP, Wireshark, and the execution of STIGs.
- Provide cybersecurity enterprise engineering support across the Launch and Test Range Systems (LTRS) enclaves.
- Perform security control and physical assessments of modern and legacy launch and test range systems, with engineering and IT, to satisfy ISSM and Air Force requirements throughout Cape Canaveral Air Force Station.
- Support hardware engineering design teams by assessing network and system security design features, and making recommendations concerning overall security accreditation readiness and compliance, using CS guidance, project requirements, and best practices.
Information Assurance Support Officer
ICF International Inc.
Orlando, FL
01.2016 - 01.2018
- Ensure that all users have completed an Installation Acceptable Use Policy (AUP) and the minimum required user training, as specified in Army Policy, as outlined in AR 25-2.
- IASOs also ensure that the user’s AUP and annual User Awareness Training are uploaded into the Army Training and Certification Tracking System (ATCTS).
- Developed and enforced procedures to ensure system users are aware of IA responsibilities before granting access to Army information systems.
- Ensuring that Army policies 25-2 and procedures are followed to protect information systems from unauthorized access and threats.
- Provide Army personnel and partners with cybersecurity awareness education and training to perform their cybersecurity-related duties and responsibilities, consistent with related DOD and Army issuance.
Cybersecurity Analyst
Craig Technologies
Merritt Island, FL
01.2015 - 01.2016
- Implement, validate, and maintain information assurance controls according to the Federal Information Security Management Act (FISMA), DoD Information Assurance Certification and Accreditation Process (DIACAP), National Institute of Standards and Technology (NIST), and Air Force standards for Eastern Range Launch and Test Range Enclaves.
- Work with system and network administrators on current and legacy operating systems, such as Windows, Linux, Unix, and Cisco-based devices, to remediate outstanding vulnerabilities.
- Prepare DIACAP packages to include policies, procedures, security controls, and other compelling evidence to meet certification and accreditation standards.
- Assist technical staff in performing vulnerability and compliance scans on modern and legacy range systems using DoD tools such as Nessus, STIGs, and SRGs.
- Provide guidance on remediating open vulnerability findings, and identifying any compliance issues.
Education
Bachelor of Science - Information Technology
Excelsior College
Albany, NY12-2013
Skills
- Security control assessment
- Vulnerability assessment
- Risk management framework
- Compliance evaluation
- Continuous monitoring
- Technical documentation
- Cybersecurity standards
- Information assurance
- Problem solving
- Effective communication
- Attention to detail
- Collaboration skills
Certification
ISC(2) CISSP
CompTIA Security+ CE
Timeline
Agent of Security Control Assessor
Booz Allen Hamilton, BAH
07.2024 - Current
Cybersecurity Vulnerability Assessor
Booz Allen Hamilton, BAH
04.2024 - 07.2024
Information Security Risk Specialist
Booz Allen Hamilton, BAH
05.2023 - 04.2024
Principal Cyber Systems Engineer
Northrop Grumman
02.2021 - 05.2023
Principal Cyber Info Systems Security Analyst
Northrop Grumman
11.2019 - 02.2021
Cyber Security Engineer
Craig Technologies, Inc
01.2018 - 01.2019
Information Assurance Support Officer
ICF International Inc.
01.2016 - 01.2018
Cybersecurity Analyst
Craig Technologies
01.2015 - 01.2016
Bachelor of Science - Information Technology
Excelsior College