Thiery Tchassem
T
Forest Hill,MD
Summary
Lead Compliance Analyst with years of experience in cybersecurity and information assurance, currently supporting USDA's cybersecurity division. Expertise in SA&A processes, risk management frameworks, and developing contingency plans. Seeking a Compliance role under Cybersecurity umbrella to leverage considerable expertise in enterprise-class SIEM technologies, Governance, Risk, and Compliance (GRC) tools, and cybersecurity tactics.
Overview
15
15
years of professional experience
1
1
Certification
Work History
Compliance Analyst
U.S. Department of Agriculture
01.2019 - Current
- Implement risk management framework and ensure adherence to information assurance program through comprehensive documentation and alignment with approved USDA methods and regulations
- Conduct thorough cybersecurity data analysis, formulate recommendations to mitigate risks, and develop essential disaster recovery and business continuity plans
- Coordinates efforts to obtain and maintain FedRAMP certification
- Provides advisory consulting services, manages assessments, and conducts quality assurance reviews
- Leads in the development, testing, configuration of Cloud-based enterprise-wide technologies, including the development of Microsoft Azure Cloud computing services such Infrastructure as a Service (IaaS), Platform as a Service (PaaS)
- Manage security operations and engineering efforts, including overseeing threat and vulnerability assessments, security incident response, and the maintenance of security event and log management systems
- Lead compliance assessments for external service providers, ensure implementation of controls, and maintain documentation and remediation plans for identified vulnerabilities
- Collaborate across departments to develop and advocate for strategic cybersecurity policies, contribute to enterprise risk assessments, and support continuous improvement through integration of industry trends
- Evaluate the design and operational effectiveness of IT controls and determine exposure to risk
- Assist with providing guidance to remediate identified security and control risks
- Facilitate compliance reviews to increase awareness and knowledge of compliance requirements and identifying ways to streamline or improve the control environment without increasing overall risk
- Communicate complex technical issues in simplified terms to the relevant teams and stakeholders
- Provide inputs to strategic cyber roadmaps with a focus on innovation and continuous improvement
- Evaluate the latest industry trends in cyber security and bring those into the enterprise as applicable
- Flexibility in competently juggling competing priorities and changing expectations
- Ability to handle confidential and sensitive information with a high degree of professionalism
- Engages with business units to identify risks and track the implementation of risk mitigation plans
- Assesses risk management tools, techniques, and procedures to enhance risk management capabilities throughout the enterprise
- Supports the development of metrics for the Information Security risk management reporting dashboard including the status of the security governance, risk remediation
Sr Information Systems Auditor
ISHPI Inc/Bureau of Engraving and Printing (BEP)
01.2017 - 01.2019
- Developed and executed a project schedule for Security Assessment and Accreditation, aligning task dependencies and personnel allocation to ensure timely Authorization to Operate for multiple systems
- Provides advisory consulting services, manages assessments, and conducts quality assurance reviews
- Managed vulnerability assessments by reviewing scans and Security Technical Implementation Guide (STIG) checklists, addressing findings by documenting or remediating in accordance with Plans of Action and Milestones (POA&Ms)
- Manages, develops, and maintains an organization's FedRAMP compliance program
- Established and enforced IT security policies, verifying that all personnel with system access met authorization requirements and were trained in security practices
- Documented security control implementation in accordance with Federal Information Security Management Act (FISMA) standards, contributed FedRAMP expertise to cloud service projects, and led the development of continuous monitoring programs
- Skill in applying IT Project Management techniques to conduct all phases of the IT project life cycle on creating and/or modifying and improving enterprise-wide cloud-based infrastructure, service applications and tools
- Knowledge of Microsoft Azure architecture to design, configure, implement, maintain and optimize SaaS, PaaS, and IaaS products for agency-wide use in meeting business and security requirements
- Tracking IT security risks by monitoring POA&Ms that exceed the remediation timelines established in the Vulnerability Management Plan and ensuring valid Risk Mitigation Plans (RMPs) are in place
- Ensure that IT systems are operated, used, maintained, and disposed of by internal security policies and practices
- Enforce security policies and safeguards on all personnel having access to the IT System for which the ISSO has responsibility
- Ensure users and system support personnel have the required authorization and need-to-know; they have been indoctrinated and are familiar with internal security practices before accessing the IT System
- Consult with control owners such as system administrators, database administrators, application owners and others on developing complete and repeatable control processes including control documentation such as procedures, control evidence, narratives, control matrices, metrics reports, etc
- Develop an understanding of each compliance standard and the validation requirements to satisfy the standards, including any policies, rules and regulations or laws governing the area reviewed
IT Security Specialist/Cybersecurity
Internal Revenue Service (IRS)
01.2010 - 01.2017
- Developed expertise in Splunk Enterprise Security and ArcSight, using these SIEM tools to monitor and analyze data across diverse systems for cybersecurity defense
- Completed certifications in Symantec DLP, Splunk Enterprise Security, ArcSight, SIEM, and Nessus, enhancing knowledge and application of cybersecurity measures
- Collaborated with incident response teams to refine alert response procedures, utilizing DLP and UBA technologies to identify and investigate security incidents
- Crafted and optimized Splunk queries and dashboards, focusing on security and IT operations, which enabled the creation of a comprehensive Master Device Record
- Conducted vulnerability scans and supported Security Test and Evaluation activities, documenting and presenting findings to improve organizational security posture
- Request and review vulnerability scans and STIG checklist and ensure that open findings/vulnerabilities are properly documented on POA&M or remediated immediately
- Tracking IT security risks by monitoring POA&Ms that exceed the remediation timelines established in the Vulnerability Management Plan and ensuring valid Risk Mitigation Plans (RMPs) are in place
- Ensure that IT systems are operated, used, maintained, and disposed of by internal security policies and practices
- Experience assigns groups of users to the roles that best fit the tasks the users will perform and manage in Splunk Enterprise Security
- Experience with the following cybersecurity areas: endpoint protection, network security, security operations, incident response policy, vulnerability management, FISMA compliance, and related areas
- Ensuring that Analysts receive and analyze alerts from various enterprise-level sensors and determine possible causes of such alerts
- Assist in implementing technical threat response actions
- Detect adversary activity on the Network and provide a mitigation plan to defeat/detour the threat
- Responsibilities include directing project-specific staff in support of customers and third-party teams
Education
Doctorate - Information Assurance & Cybersecurity
Colorado Technical University
Denver, CO10.2024
Master's degree - Cyber Security Management & Policy
University of Maryland University College
College Park, MD03.2019
Master's degree Certificate - Cyber Security Management & Policy
University of Maryland University College
College Park, MD07.2018
Bachelor of Science - Information System & Cyber Security
ITT Technical Institute
Indianapolis, IN07.2016
Associate of Applied Science - Computer Forensic Analyst
ITT Technical Institute
Indianapolis, IN09.2013
Skills
- Network / Operating Systems
- Microsoft Windows OS (Desktop & Server)
- SmartCert 322
- SmartCert 34
- Tifims
- Ubuntu (Desktop & Server)
- Web Content Filtering (WCF)
- Microsoft Visio
- Microsoft Office Suite
- Wireshark
- Metasploit
- Nmap
- Nessus / ACAS
- VMware/vSphere
- Splunk
- Data Loss Prevention (DLP)
- Security Technical Implementation Guide (STIG)
- Csam
- RSA Archer/Elastic
- Continuous Diagnostics and Mitigation (CDM)
- Jira/Confluence
- Creating and Managing Assessment and Authorization (A&A) Documents
- Applying System Development Lifecycle (SDLC) Methodologies
- FedRamp
- SaaS
- PaaS
- IaaS
- Microsoft Azure
Certification
- Data Loss Prevention (DLP), 2017
- Governance, Risk and Compliance Tools (Archer, Smart cert, eMass and CSAM), 2011
- International Association of Privacy Professionals (IAPP), 2017
- ISACA Professional Membership, Active
- Collaborative Institutional Training Initiative (CITI PROGRAM), 2021
- Analyzing Cyber Risk with the New CDM Agency Dashboard, 13 Hours Certified
- Certified Information Security Manager (CISM), Active
- Project Management Professional (PMP), Active
- Certified Information Systems Auditor (CISA), Active
- AWS Certified Cloud Practitioner Certificate, Active
- Certified Information System Security Professional (CISSP), In progress
Accomplishments
Qualitative research with Colorado Technical University
Languages
French
Native or Bilingual
Timeline
Compliance Analyst
U.S. Department of Agriculture
01.2019 - Current
Sr Information Systems Auditor
ISHPI Inc/Bureau of Engraving and Printing (BEP)
01.2017 - 01.2019
IT Security Specialist/Cybersecurity
Internal Revenue Service (IRS)
01.2010 - 01.2017
Doctorate - Information Assurance & Cybersecurity
Colorado Technical University
Master's degree - Cyber Security Management & Policy
University of Maryland University College
Master's degree Certificate - Cyber Security Management & Policy
University of Maryland University College
Bachelor of Science - Information System & Cyber Security
ITT Technical Institute
Associate of Applied Science - Computer Forensic Analyst
ITT Technical Institute
- Data Loss Prevention (DLP), 2017
- Governance, Risk and Compliance Tools (Archer, Smart cert, eMass and CSAM), 2011
- International Association of Privacy Professionals (IAPP), 2017
- ISACA Professional Membership, Active
- Collaborative Institutional Training Initiative (CITI PROGRAM), 2021
- Analyzing Cyber Risk with the New CDM Agency Dashboard, 13 Hours Certified
- Certified Information Security Manager (CISM), Active
- Project Management Professional (PMP), Active
- Certified Information Systems Auditor (CISA), Active
- AWS Certified Cloud Practitioner Certificate, Active
- Certified Information System Security Professional (CISSP), In progress
Similar Profiles
Kenneth WisemanKenneth Wiseman
Rural Broadband Policy and Funding Specialist at U.S. Department of AgricultureRural Broadband Policy and Funding Specialist at U.S. Department of Agriculture
Afrina BrishtiAfrina Brishti
ORISE Post-Doctoral Research Fellow at U.S Department of Agriculture (USDA)ORISE Post-Doctoral Research Fellow at U.S Department of Agriculture (USDA)
Douglas C. EdwardsDouglas C. Edwards
Budget Analyst at U.S. Department of AgricultureBudget Analyst at U.S. Department of Agriculture