Raymond A. Pettis
Overview
12
12
years of professional experience
1
1
Certification
Work History
ISSO/Contractor for Department of Air Force (DAF)
CACI
08.2025 - 12.2025
- Worked as an ISSO for DAF in a classified capacity ensuring systems under my purview received authorization and utilized eMASS as the authorization package management system.
- Review of system scans to identify and document vulnerabilities, enhancing system security posture.
- Updated policies and documentation to NIST SP-800-53 rev 5, ensuring compliance with current security standards.
- Coordinated with system engineers and stakeholders on system documentation, findings, and program related matters as they develop.
- Assisted in completing documentation for SIPR connectivity, aligning with requirements from DISA and DCSA to facilitate secure communications.
- Draft and publish documentation following the CACI draft approval process
- Knowledge of governing national security policies, instructions and manuals.
- Completion of derivative classification training, NATO brief, Special markings and classification training
ISSO/Contractor for DHS Science and Technology Office of the Chief Information Officer
Blackwire Technologies
04.2023 - 07.2025
- ISSO for a multi-cloud (AWS, GCP, Azure) research and development environment that was able to attain its initial ATO.
- Environment utilized DevSecOps framework
- Daily use of each cloud’s security posture management tool; Azure Defender for cloud, GCP Security Command Center, AWS (Security Hub, and GuardDuty)
- Ensured endpoints were secured with CrowdStrike Falcon sensor.
- Monitored and tracked changes to the environment through merge requests and review of IaC (Terraform or Cloudbuild) in GitLab
- Review of requested PaaS and SaaS services to be used in the environment
- Developed controls and supporting ATO documentation adhering to NIST SP 800-53 rev4, rev5 and DHS Policy Directive 4300A ITSSP, facilitating successful ATO attainment.
- Review and Creation of Jira epics and stories to track work activity in the environment
- Facilitated Technical Exchange Meetings (TEMs) with cloud engineers and project stakeholders, ensuring alignment on project onboarding requirements.
- Evaluated VPCs and VNETs for potential integration into the environment
- Queried Splunk to track activity.
- Review the suppression of AWS findings, Muted findings in GCP, and exemptions in Azure
- Analysed cyber security requirements, technologies, risks, or issues
- Participated in design of solutions, defence and mitigation approaches
- Provide independent assessment overview of the implementation of policy and procedures
- Analyzed security vulnerabilities and provided actionable recommendations to enhance overall security posture.
- At the project level provided support to all Incident Response and Risk and Vulnerability Assessment areas
Operations Security Advisor I
ASM Research
Fairfax
09.2018 - 06.2023
- Reviewed system packages for Authority to Operate (ATO) for LPDH, ensuring compliance with security standards.
- Reviewed checklists for systems undergoing ATO assessment for Cerner to ensure thorough evaluation.
- Cyber analyst for DSAID working as a system level ISSO for ATO review and submission
- Review all documentation, STIGS, findings summary, and generate POAM for final CSD review and approval
- Tracked and reported vulnerabilities identified by Cerner delivery engineers during authorization and accreditation tasks, contributing to risk mitigation.
- Reviewed and quality assured cyber-STIG checklists within the enclave prior to submission to VA for final approval, ensuring compliance and security standards.
- Assisted in migrating DSAID system to cloud hosting environment, enhancing system accessibility and performance.
- Analyst that supported the DHA Cyber Authorization of Cerner’s Implementation of the Cerner Electronic Health records within the Veterans Administration
Cyber Security Services Branch Engineer
CSRA
Leesburg
04.2018 - 09.2018
- Perform daily vulnerability assessment, threat assessment, mitigation and reporting activities in order to safeguard agency information assets
- Completed vulnerability scanning on information systems, verifying implementation of protection measures
- Recommended technological and architectural upgrades to strengthen Agency's Information Systems Security architecture
- Assess and review current technology infrastructure to identify key risks areas, and ensure adequate level of control is in place
- Researched latest viruses, worms, and technological advances to enhance defenses against unauthorized access
- Scan applications within the FAA and DOT environments on a scheduled and adhoc basis
- Provide incident response functions when appropriate and coordinate activities with site Incident Handlers
- Support Information Assurance asset deployments, upgrades, and maintenance; including servers, databases, network assets and wireless intrusion detection (WIDS) LAN security
- Write guidelines, standards, policies, procedures and other technical documentation
Cyber security Analyst
ASM Research, an Accenture company
Fairfax
07.2013 - 09.2016
- Lead security analyst for a large Army system
- Coordinated with program management offices to complete DICAP process, ensuring compliance and system readiness
- Conducted application scanning using IBM Appscan and HP Fortify.
- Tested systems against DoD Security Technical Implementation Guides (STIGS) as required by the DoD DIACAP process, ensuring system was secure to connect to Air Force Network
- Developed executive package for Designated Accrediting Authority (DAA) and Certifying Authority (CA) containing critical system information and Plan of Action and Milestones (POAM)
- Performed system documentation maintenance under DIACAP and the transition to RMF
- Utilized NIST SP 800 series and FIPS standards for compliance and security assessments.
- Scanned all instances of the network utilizing eyeRetina and multiple versions of ACAS, with latest versions being 4.8 and 5.1
- Completed a DAR, which enabled the purchase of Checkmarx, for updated static code scanning needs
- Conducted SCAP scans, utilized STIGS (both automated and manual checks), and Vulnerator for viewing results
- Upon moving from DIACAP to RMF system was being entered into eMASS.
- Completed all appropriate documentation specific to the type of system being accredited and ensured compliance
- One of only two analysts working on the first two systems ASM Research hosted in the cloud via AWS
Education
B.S. - Computer Information Systems (Computer Security Concentration)
Strayer University
Woodbridge, VAB.A. - English
James Madison University
Harrisonburg, VASkills
- NIST standards
- Impact assessments
- ACAS
- EMASS
- WebInspect
- Checkmarx
- HP Fortify
- Tenable io
- AWS
- GCP
- Azure
- SCAP
- CSAM
Certification
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
Accomplishments
- National Society of Collegiate Scholars
- Patent US8024872B2, 09/27/11
- FY22 Q4 Awards
- Leadership Recognition Program
- Achieving Eagles Program
Citizenship And Clearance
US Citizen, Active SECRET Clearance
Timeline
ISSO/Contractor for Department of Air Force (DAF)
CACI
08.2025 - 12.2025
ISSO/Contractor for DHS Science and Technology Office of the Chief Information Officer
Blackwire Technologies
04.2023 - 07.2025
Operations Security Advisor I
ASM Research
09.2018 - 06.2023
Cyber Security Services Branch Engineer
CSRA
04.2018 - 09.2018
Cyber security Analyst
ASM Research, an Accenture company
07.2013 - 09.2016
B.S. - Computer Information Systems (Computer Security Concentration)
Strayer University
B.A. - English
James Madison University