Summary
Overview
Work History
Education
Skills
Software
Certification
Awards
References
Timeline
Generic

Sasha Valentine

Cybersecurity
Parkton,MD

Summary

Continuous Monitoring Lead at NASA Jet Propulsion Laboratory (JPL) tasked with identifying, prioritizing, strategizing, and managing on-going cybersecurity risk across Mission support and Infrastructure plans. Led Assessment and Authorization, authored and implemented an assessment strategy, playbook, and supporting templates to gain efficiencies, comply with NASA hA&A policy and cut significant costs. Previous lead assessor for NASA for over three years using the NIST SP 800-53 RV4 and RV5 control framework for over 80+ plans. Worked on Cybersecurity strategy projects for Fortune 100 and National level entities in the US and MENA region.

Overview

20
20
years of professional experience
1
1
year of post-secondary education
5
5
Certifications

Work History

A&A Team Lead

Telophase Corporation (Jet Propulsion Laboratory)
03.2023 - Current
  • Leading Continuous Monitoring (ConMon) Strategy to ensure an acceptable level of risk is being satisfied by controls across the Laboratory.
  • Created ConMon Strategy at Lab level and designed a Splunk dashboard to capture key indicators for reporting and analysis.
  • Updated ConMon plan for system level tasks mapped to Agency Organizational Defined Values (ODVs) time intervals to drive Continuous Monitoring for Laboratory at an acceptable level to include a maturity plan.
  • Leading Assessment and Authorization (A&A) team and developed a strategy complying with Federal Guidance, Agency NASA, FFRDC JPL, and NIST 800-53 RV5 requirements for annual assessments across the Jet Propulsion Laboratory to determine cybersecurity risk and compliance for plans.
  • Authored the A&A Playbook and supporting templates to quickly uplift junior assessors for annual assessments.
  • Creating templates and training security stakeholders in all areas of RMF to mature the Laboratory more efficiently.

A&A Team Lead

Telophase Corporation (Jet Propulsion Laboratory)
11.2022 - Current
  • Leading Continuous Monitoring (ConMon) Strategy to ensure an acceptable level of risk is being satisfied by controls across the Laboratory on an on-going basis
  • Created a ConMon Strategy at the Lab level and designed a Splunk dashboard to capture key indicators for reporting and analysis
  • Updated the ConMon plan for the system level tasks mapped to Agency Organizational Defined Values (ODVs) time intervals to drive Continuous Monitoring for the Laboratory at an acceptable level to include a maturity plan
  • Leading the Assessment and Authorization (A&A) team and using a developed a strategy complying with Federal Guidance, Agency NASA, FFRDC JPL, and NIST 800-53 RV5 requirements for annual assessments across the Jet Propulsion Laboratory to determine cybersecurity risk and compliance for plans
  • Authored the A&A Playbook and supporting templates to quickly uplift junior assessors for annual assessments
  • Creating templates and training security stakeholders in all areas of RMF to mature the Laboratory more efficiently.

Senior ISSO

Telophase Corporation (Astrobotic Technology)
02.2023 - Current
  • ISSO for a Commercial Lunar Lander partnered with NASA ensuring that the appropriate operational security posture is acceptable for the plan boundary to ensure secure operation
  • In support of the Information System Owner (ISO), tracks and conducts risk management framework (RMF) tasks and status
  • Work with the Information System Security Engineer (ISSE) and System Administrators (SA's) to ensure baseline configuration and technology solutions are implemented appropriately to support control baseline
  • Create and track POA&Ms and RBDs to completion, conducting internal assessments as part of the system's Continuous Monitoring plan, update the System Security Plan (SSP) and provide security and compliance advice to the ISO regarding securing the system.

Cybersecurity Engineer- Senior Principal

ASRC Federal, NASA
10.2019 - 11.2022
  • Performed security control assessments as lead assessor using NIST 800-53 framework to assess cybersecurity risk and compliance for 80+ plans across NASA Centers
  • The plan documentation was reviewed, a security assessment plan (SAP) was developed, technical testing was completed thru scripts and interviews were performed to help identify weaknesses
  • Residual risks were rated and paired with recommendations to remediate and enhance the security of the plan
  • An overall residual risk rating was assigned, and a recommendation is made whether to issue or renew the authority to operate
  • Prepared all formal documentation for the assessments
  • Perform security control assessments as lead for critical high-profile missions such as Mars 2020 Operations, Space Telescope Science Institute (STScI), James Webb Space Telescope (JWST), and Hubble Space Telescope (HST)
  • Ensured GSFC programs/projects comply with the OMB, DHS, NIST, NASA and GSFC security requirements in their architectures, design, and implementations.

Lead Technologist

Booz Allen Hamilton
05.2017 - 10.2019
  • Strategic level cybersecurity assessments of people, process, and technology for Fortune 100 companies in US
  • Participated in helping create Cybersecurity risk management policy for a country in MENA region as part of Vision 2030
  • Baselined country's sectors and completed risk management research to select an appropriate framework
  • Additionally, worked for international counter terrorism coalition based in the Middle East to support IT PMO activities in an air-gapped environment
  • Identified progress, risks, issues and ensured organization aligned to best practices and frameworks
  • Worked on business development projects and contributed to winning proposals in support of DoD work.

Senior SAP Basis Administrator

Johns Hopkins Hospital
12.2006 - 05.2017
  • Led various technical projects including database conversion, database upgrade and Solution Manager 7.2 upgrade activities
  • Performed BASIS Administration support tasks for the Johns Hopkins ERP project on the 24/7 SAP systems landscape
  • Installed SAP software for sandbox, development, quality assurance, training, and production system landscapes
  • Upgraded and continual maintenance of SAP products to include Solman, PI, GRC, ECC, SRM, Portal, BI, BOBJ
  • Performed business analysis, change control procedures, and interfaced with functional teams to resolve issues and implement new solutions
  • Designed Solman technical monitoring for landscape.

Senior IT Auditor

FTI Consulting, Inc
08.2005 - 12.2006
  • Independently conducted audits for management to assess the effectiveness of IT controls, accuracy of financial records, and the efficiency of operations
  • Prepared and submitted audit findings and presented recommendations to senior management
  • Identified and implemented process improvements that had a direct benefit to the business, and or detected weaknesses in the control environment
  • Coordinated the internal audit effort with the corporate and divisional controllers to address any issues or concerns they may have about the field operations
  • Prepared the plan and conducted the internal audit review of the IT compliance of Sarbanes Oxley (SOX) including general controls (GCC) and application controls.

SOX IT Audit Consultant

Resources Global Professionals
04.2004 - 08.2005
  • Conducted General Computer Control reviews for the IT components of Sarbanes Oxley
  • Identified and documented key controls and risks for financial applications and sub-systems to ITGI/COBIT standards
  • Created test plans and programs to examine effectiveness of identified controls
  • Communicated with all levels of a company including management to recommend remediation of gaps that may have contributed to material weakness on financial statements.

SAP Basis Consultant

RGII Technologies, Inc.
11.2003 - 03.2004
  • Provided SAP BASIS Administration support to the DOD Navy ERP project
  • Executed tasks for testing and implementation of installations, upgrades and migrations, SAP performance and testing, transport configuration, client copies, set up and testing of SAP servers, coordination with SAP help desk and OSS, administration and application of SAP hot packs and repairs and any SAP suggested code changes, technical performance
  • Participated with team lead in matters related to performance and service level delivery, related IT processes, standards, and procedures, testing and implementation of other bolt-on and non-SAP packages.

Education

Suborbital Astronaut Certification - Scientist Astronaut: Project PoSSUM

International Institute For Astronautical Sciences
Melbourne, FL
03.2022 - 12.2022

Certificate - Cybersecurity: The Intersection of Policy And Tech

Harvard Kennedy School
Cambridge, MA
05.2001 -

Certificate - Cybersecurity Strategy Certificate

Georgetown University
Washington, DC
05.2001 -

Master of Science - Master of Science in Information Technology

Johns Hopkins University
Baltimore, MD
05.2001 -

Bachelor of Arts - International Studies

College of Notre Dame of Maryland
Baltimore, MD
05.2001 -

Skills

Top Secret Clearance

NIST 800-53 RV4/RV5

DOD Experience

International Experience

IT Audit

Cybersecurity Strategy

Software

SharePoint

Confluence

JIRA

ServiceNow

Splunk

AWS

RSA Archer

SAP

Certification

CompTIA Security+: COMP001021163905

Awards

NASA CIO Special Act Award for outstanding leadership in enabling NASA missions through robust and continuously improving security engineering and risk management practices and services- July 2022

References

REFERENCES UPON REQUEST

Timeline

A&A Team Lead

Telophase Corporation (Jet Propulsion Laboratory)
03.2023 - Current

Senior ISSO

Telophase Corporation (Astrobotic Technology)
02.2023 - Current

A&A Team Lead

Telophase Corporation (Jet Propulsion Laboratory)
11.2022 - Current

Suborbital Astronaut Certification - Scientist Astronaut: Project PoSSUM

International Institute For Astronautical Sciences
03.2022 - 12.2022

Cybersecurity Engineer- Senior Principal

ASRC Federal, NASA
10.2019 - 11.2022

Lead Technologist

Booz Allen Hamilton
05.2017 - 10.2019

Senior SAP Basis Administrator

Johns Hopkins Hospital
12.2006 - 05.2017

Senior IT Auditor

FTI Consulting, Inc
08.2005 - 12.2006

SOX IT Audit Consultant

Resources Global Professionals
04.2004 - 08.2005

SAP Basis Consultant

RGII Technologies, Inc.
11.2003 - 03.2004

Certificate - Cybersecurity: The Intersection of Policy And Tech

Harvard Kennedy School
05.2001 -

Certificate - Cybersecurity Strategy Certificate

Georgetown University
05.2001 -

Master of Science - Master of Science in Information Technology

Johns Hopkins University
05.2001 -

Bachelor of Arts - International Studies

College of Notre Dame of Maryland
05.2001 -

Similar Profiles

CREATE PROFILE
Sasha ValentineCybersecurity