Serena L. Edmond
Ft Washington
Summary
Dynamic professional with over 20 years of progressive experience in Cyber Security, Information System Management, Information Technology, Information Assurance, and Network Infrastructure. Recognized for a strong commitment to ethical practices and superior customer service, consistently delivering exceptional results throughout a diverse military and civilian career. Extensive background in defense and intelligence organizations, having successfully held various leadership roles at strategic, organizational, and tactical levels. Proven ability to navigate complex challenges while fostering collaboration and driving operational excellence.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Cyber Security Specialist | IT Specialist
Defense Information Systems Agency
09.2020 - Current
- Production support covers the practices and disciplines of supporting 16 different IT systems/applications which are currently being used by the end users. A production support person/team is responsible for monitoring the production servers, scheduled jobs, incident management and receiving incidents and requests from end-users, analyzing these and either responding to the end user with a solution or escalating it to the other IT teams. These teams may include developers, system engineers and database administrators. Other duties consist of work and processing an ATO package include documentation of the security control assessment. The package provides the Authorizing Official (AO) with the essential information they need to make a risk-based decision about whether to authorize the operation of your application or a designated set of controls.
- Support of Division / Business System Capabilities Portfolio Goals Coordinate and participate in activities that supported the Services Development Business System Division portfolio goals included but not limited to: Increased business services adoption and usage; improved cybersecurity posture, accessibility, reduced delivery costs, improved cross-program coordination, supported adoption of usage for enterprise services, converged business system offerings, keep branch and division leadership informed of program status, and coordinate plans for a modernization-centric future. Provided highly useful technical support to other SD2 programs while minimally maintaining fully successful support for my assigned RMF compliance functions.
- Cyber IT Specialist responsibilities include managing and overseeing the building of Authority to Operate (ATO) packages for 16 business IT systems based on NIST SP 800-53 Revision 4 authorizations.
- Experience as an IT Specialist includes testing and validating controls for compliance of business and information systems, building implementation plans, risk assessments, and bulk processing of system controls. Also, adding Financial Overlays which affect all financial business systems. These are additional controls that affect systems that provide financial information to customers and require stricter compliance to protect the controls. Other areas may daily responsibilities focus on areas set for these systems such as hardware and software baselines, ports and protocols, import/export, findings that include STIG’s and on vulnerability scans. Mitigate the vulnerability findings and on scans External Vulnerability Status. Initiate Plan of Action Milestones, (POA&M’s) when vulnerability findings require artifacts such as cyber documentation or system patching.
- Build reports imported from artifacts dashboards that provides summary report for system artifacts. Assessments are based on current and historical assessment test results. Continuous monitoring in which is a summary of system metrics over time against defined thresholds. Historical packages provided from summary of historical package decisions. MITRE ATT&CK Framework which provides a summary of control compliance mitigating techniques and tactics. Resource/Application providing assets such as device, application, container, or Cloud scans resulting from sensors or uploaded scans. Other reports are system security controls uploaded from sensors or uploaded scans. Provided information regarding the applicability and status of benchmarks (e.g., STIGs) to the system. Asset inventory reports, end point tagging and summary of system terms and conditions issued as part of an authorization, assessment, or connection decision. Create Change requests related to these 16 business systems.
- Other duties are working with mission partners such ServiceNow and DISA Marketplace involving inheritance, inheritability, and association relationships for maintaining compliance of the controls. Create Authority to Connect (ATC) and administration for annual reports. Legacy systems IA tools used daily are DITPR, ESPS and SAM Account access, CMRS, Mapping Terrain & Alignment, JIRA, ITSM+ to produce trouble tickets, MAPS 365, eMASS, RTS, and CMIS.
- Other duties consist of updating the Orders, DTO’s, CTO’s triage in which is a matrix tracker to track all upcoming DISA.
- Tasking Order’s (DTO), Computer Tasking Orders, (CTO’s), and OPORD’s. Solely responsible for briefing the branch on all new incoming Orders and the requirements involved for SIPR and NIPR. Classified and Unclassified.
- Responsible for organizing and arranging several briefs to leadership and others on a weekly basis. Other responsibilities include scheduling and reporting ASI’s for temporary system outages due to patching or other maintenance updates for the temporary scheduled system interference. ATO Conditions are other areas of responsibility. These are conditions that need to be met when the ATO or ATC was authorized yet this is unfinished requirements to meet the compliance IAW NIST SP 800-53.
- Endpoint Security Solution are updates with System Engineers to ensure anti-malware, configuration, endpoint agent, host firewalls, host IP’s port control, software inventory and vulnerability patching, and end point tagging status of the system assets.
- Others areas of responsibilities consist of: ATO Conditions, Endpoint Security Solution, tracking External Vulnerability Status, Test and validation of RMF IA Controls, compiling Hardware/Software List, report AWS control findings, report and address ACAS findings, implement Financial Management Overlay controls for financial business systems, create and update CONOPs, ISCP, SSP, TTP’s, PPSM, Ports, and protocols, consolidate cyber documentation for Cloud Connections, Policies, Plans, DISA Doctrine , and FIPPs 199.
- Gathered business requirements from stakeholders and defined technical objectives and solutions that meet desired business outcomes. Serves in multiple roles to proactively lead product stakeholders throughout the DevSecOps process for complex products or information systems. Serves as an advisor to the designated System Owner on all matters involving the security and privacy posture of one or more products or information systems. Performed duties of a Contractor Officer's Representative (COR) or Task Order Manager (TOM) to support the planning and execution needs for a product or information system. Other duties consist of identifying, implementing, and ensuring the application of security procedures and tools. Providing authoritative advice to management and other technical specialists in areas such as disaster recovery, capacity planning, applications development, hardware strategy, and operating systems security as it relates to web and cloud-based solutions.
- Participate with a team to execute the deployment of virtual and cloud-based technologies release into Testing, Staging, and Production environments. Responsible for the development of high-level project plans and schedules for the design and management of virtual and cloud-based environments, content, applications, features, and capabilities, as well as the operation of the hardware and software platforms on which they run. Team members to coordinate multiple high profile IT projects and maintain independent responsibility for following and/or implementing project and program management principles, such as cost and schedule control, risk analysis, and management. Developing and reviewed contractual documentation including Statements of Work (SOWs) and Statements of Objectives (SOOs) and (POWs) for acquisitions of IT systems and equipment to support software development projects and ensures software development project milestones are met on time, within funding parameters, in accordance with OIG objectives.
Cyber Watch Officer | IT Specialist
United States Army Cyber Command
08.2015 - 03.2020
- Responsible for the operations of the Army Cyberspace Integration and Operation Center which operates, maintains, and defends all Army networks consisting of 817,000 Windows assets, 33,000 servers, and 71,000 mobile devices across six theaters of operation. Conducted full spectrum Cyber Operations: Department of Defense Network Operations, Defensive Cyber Operations, and Offensive Cyber Operations, Current Operations, and Intelligence operations for 1.1 million users experiencing thousands of cyber events per month. Focused primarily on nation states, non-state actors, criminal and terrorist organizations, hackers, crackers, and other threat actor operations within the Command's global area of responsibility (AOR) with respect to policies and planning of targeting efforts.
- Knowledgeable with the following technologies: Remedy Ticketing, Big Data Analytics (Splunk), Endpoint Threat Detection and Response (Tanium), SIEM (ArcSight), Intrusion Detection System, HBSS, ACAS, Wire Shark, Share Point, and Log Collector. Experience with the identification and implementation of countermeasures or mitigating controls for deployment and implementation in the enterprise network environment. Advised the Commanding General on information technology and Cybersecurity management. Formulated Information Technology/Cybersecurity policy, guidance, and established business processes.
- Conducted risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, rules, and protection needs. Knowledge of Federal IT security laws, regulations, policies, and requirements. Performed site security assessments and contractor system oversight. Conducted network security vulnerability and risk assessment. Written and developed senior staff briefing or white papers. Assisted with the development of organizational policies, procedures, and IT security programs to ensure confidentiality, Integrity, and availability of information systems and to prevent and defend against unauthorized access to systems, networks, and data. Applied knowledge of IT security theories and concepts, practices to emerging issues, the infrastructure protection environment, and new IT security developments. Developed programs to ensure that systems, network, and data users are aware of, understand and adhere to system security. Policies, procedures, and practices in the delivery of IT services
Education
Master of Science Degree - Information Security, Information Assurance
Western Governor's University
Salt Lake City, UT06.2018
Master Business Administration - MBA, Information Technology
Webster University
St. Louis, MO10.2009
Bachelor of Science - Information Systems Management
University of Maryland
College Park, MD10.2007
Skills
- Cybersecurity awareness training
- Vulnerability assessment
- Access control measures
- Mitigation strategies for vulnerabilities
- Technical documentation specialist
- POAM's/Scans/Controls
Websites
Affiliations
- Association of Information Technology Professionals
- Toastmasters
Certification
- Computer Ethical Hacker, (CEH), and Computer Forensics Hacking Investigator, (CFHI)
- Advanced Security Practitioner Certification, (CASP), Security +, Network +, and A+
Languages
English
Interests
- Community Cleanup
- I enjoy helping others and giving back to the community
- Participating in local clean-up initiatives
- Offering time and support to shelters for the homeless, women, and animals
- Exploring famous landmarks, historical sites, and cultural attractions in a new destination
- Cooking
- Volunteer Travel
Training
- CISSP Course
- CISM Course
- PMA
- CASP
- Cyberspace Planner’s Course (ACOPC)
- Information Assurance Officer Course
- Action Officer’s Course
- Networking and Packet Analysis
- Network Exploitation
- Network Defense
HIRING ELIGIBILITIES
- Veterans’ Recruitment Authority (VRA)
- Veterans Employment Opportunity Act (VEOA)
- Schedule A Appointing Authority
- 30-point Veterans’ Preference
Timeline
Cyber Security Specialist | IT Specialist
Defense Information Systems Agency
09.2020 - Current
Cyber Watch Officer | IT Specialist
United States Army Cyber Command
08.2015 - 03.2020
Master Business Administration - MBA, Information Technology
Webster University
Bachelor of Science - Information Systems Management
University of Maryland
Master of Science Degree - Information Security, Information Assurance
Western Governor's University
Similar Profiles
Baylee SkeltonBaylee Skelton
Contract Specialist at DEPARTMENT OF DEFENSE: DEFENSE INFORMATION SYSTEMS AGENCYContract Specialist at DEPARTMENT OF DEFENSE: DEFENSE INFORMATION SYSTEMS AGENCY
Shondell GainesShondell Gaines
IT Specialist (Customer Account Analyst) at Defense Information Systems AgencyIT Specialist (Customer Account Analyst) at Defense Information Systems Agency
Jeffrey KimeJeffrey Kime
IT Specialist, Enterprise Services Team at Defense Information Systems Agency (DISA)IT Specialist, Enterprise Services Team at Defense Information Systems Agency (DISA)
Dana GeeDana Gee
Paramedic at District of Columbia Fire and EMS DepartmentParamedic at District of Columbia Fire and EMS Department
Kyler TownsendKyler Townsend
SECURITY TRAINING AND DEVELOPMENT PARTNER at MGM ResortsSECURITY TRAINING AND DEVELOPMENT PARTNER at MGM Resorts