Traneana Montague Jones

• Lead the cybersecurity function for the business
• Manage Cybersecurity Specialists by ensuring their output aligns with the organization’s goals and priorities.
• Lead my team of cybersecurity professionals to ensure efficient operations and alignment with organizational goals and priorities
• Develop and enforce security strategies, policies, and procedures to protect sensitive data and systems
• Regularly evaluating the effectiveness of security practices and identifying potential threats
• Collaborate with cross-functional teams in other departments to design and implement security controls and measures.
• Identifying new security opportunities and challenges, ensuring that the right actions are taken to avoid risks.
• Developing and delivering cybersecurity awareness and training programs to educate employees on best practices within the RMF process and other cross-functional teams
• Encouraging self-sustaining security practices and behaviors within delivery teams
• Taking ownership and responsibility for reaching objectives and meeting goals
• Perform technical analysis of NIST 800-53 Security Control results after the development of an Assessment Report to ensure each applicable control functioned as intended.
• Leverage client management tools such as XACTA-360, JIRA, StackRox, CHEF, Service+ and CIS Benchmarks to track A&A projects moving through the Risk Management Framework (RMF) process.
• Following security assessments, developed a Risk Assessment Report (RAR) to measure the risk associated with failed security controls to ensure the Authorizing Official could make an informed decision on risk acceptance for the Agency.
• Developed and maintained Plan of Action and Milestones (POAM) documentation for all Program Offices within the Agency to track Information System vulnerabilities which require remediation.
• Provide technical and organizational support to the Agencies Authorizing Official (AO) by providing Risk Management guidance and support to all Program Offices within the Agency.
• Responsible for ensuring that cybersecurity is implemented throughout the life cycle of an Information System and that the Risk Management Framework (RMF) has been implemented appropriately.
• Cross Domain Solutions | Kubernetes Containers, Rancher Containers, Docker containers, OpenShift

• Conduct Security Assessments of Program Management Offices; Create Security Assessment Report & Package at the completion of Security Assessment.
• Recommend ATO approval for Information systems and/or networks based on the results of security assessment and determination of acceptable risk
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network
• Manage and approve accreditation packages (e.g., ISO/IEC 15026- 2)
• Establish acceptable limits for the software application, network, or system
• Ability to coordinate cyber operations with other organization functions or support activities
• Conducted thorough security assessments to identify vulnerabilities and recommend appropriate controls.
• Developed and implemented security policies aligned with organizational objectives and regulatory requirements.
• Evaluated system configurations and access controls to ensure adherence to security standards and protocols.
• Actively participated in cross-functional meetings to discuss issues related to information assurance and risk management processes.
• Developed detailed reports on security control assessment findings for stakeholders to facilitate informed decision making.
• Evaluated and improved security controls by conducting thorough risk assessments.
• Identified potential attack vectors by simulating real-world threat scenarios during assessments.
• Collaborated with IT teams to address identified security weaknesses, fostering a proactive approach to risk management.
• Increased organizational compliance with industry standards such as NIST and ISO, by performing regular audits and reviews.
• Applied a holistic approach when assessing systems, considering both technical aspects as well as human factors influencing overall risk posture.
• Performed risk analyses to identify appropriate security countermeasures.
• Conducted security audits to identify vulnerabilities.

• Provide DAOR Lead back-up support to the Primary Lead as needed by advising Program offices on risk assessment requirements, approving system configuration change request, and addressing risk concerns.
• Perform technical analysis of NIST 800-53 Security Control results after the development of an Assessment Report to ensure each applicable control functioned as intended.
• Leverage client management tools such as XACTA-360, JIRA, StackRox, CHEF, Service+, Galaxy and CIS Benchmarks to track A&A projects moving through the Risk Management Framework (RMF) process.
• Following security assessments, developed a Risk Assessment Report (RAR) to measure the risk associated with failed security controls to ensure the Authorizing Official could make an informed decision on risk acceptance for the Agency.
• Managed Cloud, Cross Domain systems, Kubernetes, Rancher Docker container systems and OpenShift.
• Developed and maintained Plan of Action and Milestones (POAM) documentation for all Program Offices within the Agency to track Information System vulnerabilities which require remediation.
• Provide technical and organizational support to the Agencies Authorizing Official (AO) by providing Risk Management guidance and support to all Program Offices within the Agency.
• Responsible for ensuring that cybersecurity is implemented throughout the life cycle of an Information System and that the Risk Management Framework (RMF) has been implemented appropriately.
• Led cross-functional teams to develop and implement strategic initiatives enhancing client engagement.
• Facilitated stakeholder meetings to align project goals with client expectations and organizational objectives.
• Streamlined communication processes between departments, improving project delivery timelines and efficiency.
• Mentored junior staff, fostering professional development and enhancing team performance across projects.
• Analyzed market trends to inform strategic planning and drive business growth opportunities for clients.
• Established best practices for project management methodologies, promoting consistency in service delivery across teams.
• Enhanced customer satisfaction by promptly addressing inquiries and providing accurate information.
• Streamlined internal communication processes for improved interdepartmental collaboration and efficiency.
• Analyzed sales data to identify areas for improvement and develop targeted strategies for growth.
• Organized and managed training sessions for new employees, ensuring a smooth onboarding process.
• Oversaw inventory management processes, reducing costs by optimizing stock levels and minimizing waste.
• Conducted regular performance reviews for staff members, offering constructive feedback and guidance for professional growth.
• Investigated and resolved customer inquiries and complaints quickly.
• Sought ways to improve processes and services provided.
• Cross-trained and provided backup support for organizational leadership.

• Determined the risk for agency software, managed FISMA Teams and 175 + programs and systems for DOD agencies. Managed 20 personnel, 400 + users and 1000 + assets.
• Software Security Assurance Engineer: Determined the risk of using commercial, government, and open source software within Agency.
• Investigated the software’s provenance and history of use within NGA to determine potential risk.
• Collaborated with internal and external Offices of Primary Responsibility (e.g., Counterintelligence) to determine risks related to foreign owned, controlled, or influenced software.
• Consulted with SWAP tool developers to provide user stories, participate in planning meetings and demonstrations to enable adjustments to the SWAP tool.
• Validated SWAP accuracy, to include Retirement of versions no longer supported by the vendor, non-compliant versions, and SWAP approved software where vulnerabilities have been discovered.
• Recommended process improvement and innovative techniques to strengthen the efficiency of the SWAP process and create Memorandum of Approvals using the SWAP tool.
• Security Control Assessor (SCA): Conducted Security Test & Evaluations (ST&E) for Classified Systems by verifying that each system meets the requirements of ICD-503 or DCID 6/3 (prior to transition).
• The ST&E process consists of performing the following tasks: reviewing all C&A BoE including SSP, SCTM, STP, and all supporting security documentation; conducting a functionality testing of the Information System to ensure the system operates as intended.
• Provided a Security Assessment Report (SAR) and Plan of Actions & Milestones (POAM) to the Authorizing Official (AO) based on system testing results and findings after completing a ST&E.
• Worked directly with each Information System Program to ensure that the systems are hardened and include appropriate access controls, auditing controls, anti-virus, spy-ware, and STIGS.
• Reviewed and analyzed system/application results generated by Retina, WASSP, and SECSCN tools in order to assist programs with remediation guidance.
• Assisted with implementing and enforcing Information System Security policies as well as ensuring that each Information System’s BoE documentation aligned with the Information System in the production environment.
• Utilized NIST Information Assurance (IA) protection capabilities while working in collaboration with system owners, develop implementation and management plans to include updates as guidance and threats change.

• Developed training material, sub-Certificates Authority were at 99% for PKI team. Briefed, collaborated and managed the configuration Management Board.
• Managed and performed government audits of more than 20,000 assets with a 100% satisfaction.
• Public Key Infrastructure Engineer: Installed end user PKI certificates into Internet Explorer, FireFox and configuring Microsoft Outlook for digital signatures and encryption.
• Ensured the sub-Certificate Authority (sub-CA) functionality met the 99.99% availability standard.
• Developed training material for PKI support personnel, users and Tier2 support personnel to familiarize them with PKI in the NGA environment, as well as ensured they understood and followed policies and procedures.
• Lead - Information Assurance Configuration Board Member: Provided Ad hoc consultation and services to seven IT Department Managers creating and developing protocols and procedures in alliance with DOD regulations.
• Briefed, facilitated and managed the IAS Configuration Control Board (CCB), ISM (Program Management Review), Risk Opportunity Management Board (ROMB) with the Program Managers on a weekly, bi-weekly and or monthly basis at the PMR.
• Collaborated with IT Managers about CCB, IAS, ISM and ROMB information on share drive, Information Systems Management Web Page, and coordinated documentation Forced Peer Reviews and provided a tracking report.
• Information System Security Manager: Provide stakeholders with Continuous Monitoring guidance/support in reviewing Continuous Monitoring BoE for Information Systems that have been Authorized to Operate (ATO).
• Provide oversight of Risk Management Framework (RMF) NIST Special Publication 800-37 activities and working to securely integrate and apply agency mission, strategy, policies, and procedures.
• Analyze identified Continuous Monitoring strategies, which supports the best practices for the organization.
• Monitor and evaluate the effectiveness of agency enterprise services and safeguards to ensure they provide the intended level of protection.
• Provided support to Information Systems in AWS and C2S environments; Familiar with FEDRAMP requirements.
• Provide technical and organizational support to the Authorizing Official by providing Risk Management guidance and support to all Program Offices within the Agency.
• Provide ATO recommendation to the AO after analyzing security assessment details within the Security Assessment Report (SAR) that contain results for security control compliance for each Information System.
• Perform technical analysis of NIST 800-53 Security Control results after the development of an Assessment Report to ensure each applicable control functioned as intended.
• Developed a Risk Assessment Report (RAR) to measure the risk associated with failed security controls to ensure the Authorizing Official could make an informed decision on risk acceptance for the Agency.
• Maintained working knowledge of system function, security policies, and technical security safeguards, while serving as technical advisor to the AO.
• Provided Tier-3 support to resolve complex issues for clients and maintain high customer satisfaction levels.
• Migrated legacy systems to modern platforms for increased efficiency and reduced maintenance costs.
• Collaborated with cross-functional teams to develop comprehensive IT strategies aligned with business goals.
• Streamlined processes by automating repetitive tasks using scripting languages such as Python, Perl, or Shell scripts.
• Conducted regular assessments of system architecture, identifying areas for improvement and risk mitigation.
• Oversaw 15-strong team of engineering personnel.

Managed 150 IT systems and programs. Managed and performed government audits of more than 20,000 assets with a 100% satisfaction.

• Assisted with the BRAC initiative for two years, which resulted in the relocation of more than 10,000 systems and decommissioning of 10,000 pieces of equipment.
• Trained 300+ employees on Hand Receipt Holder responsibility.
• Collaborated with programs to manage systems and performed security site visits for assessments.
• Managed and ensured all Information Systems were operating, maintained, and disposed of in accordance with internal security policies and practices.
• Provided guidance to programs to assist with preparing and reviewing documentation to include System Security Plans (SSPs), Risk Assessment Reports, and System Requirements Traceability Matrices (SRTMs) while utilizing XACTA to manage each program's progress and ATO status.
• Provided a monthly briefing to the Site Commander, which outlined the Information Systems that had an expired ATO and provided an updated status on the timeframe in which each Information System should receive a valid ATO.
• Also, provided the Commander a forecasted plan for remediating any vulnerabilities found during the testing of each Information System.
• Maintained and managed NGA property records for the Reston site in accordance with the provisions of Defense Property Accountability System (DPAS) and NGA policies.
• Managed and performed government IT property audits with NGA East and West facilities with 100% satisfaction as scheduled, which included 20,000+ assets.
• As part of BRAC initiative, collaborated with team members during a two-year project resulting in a successful relocation of over 10,000 systems and decommissioning over 10,000 pieces of equipment from several disparate locations in the East to a single NGA Campus (NCE) site.

• Applied basic understanding of software and telecommunications to assist over 4500 employee at Environmental Protection Agency (EPA). Demonstrated track record, maintaining, an inbound call center in both monitoring time and quality monitoring scores. Resolved call center tracking and resolution metrics by creating Remedy tickets for both EPA and Lockheed Martin. Assigned trouble tickets to various departments and technicians throughout the Washington Metropolitan area.
• Help desk coverage of 24x7x365 based on the daily call, e-mail, and Help Desk ticket volume
• Use Help Desk procedures to operate and document information technology systems to train users and personnel on new procedures, and to build and maintain hardware and software diagrams depicting data center flows.
• Answer calls and assign and track help tickets/incident reports using Government-approved automated systems within fifteen (15) minutes of problem identification.
• Monitor all Help Tickets in the state of "Submitted" and "Assigned" until tickets achieve the state of "In Progress", which shall be achieved within 120 minutes of incident discovery by Help Desk.
• Track problems and coordinate corrective actions based on established Government CM procedures.
• Issue e-mail notification for all anomalies, outages, and changes to data, products or services based on established Help Desk procedures and information in the CRM database.
• Provide user notifications and problem escalation based on established Help Desk procedures.
• Provide 24x7 notifications to management utilizing established call trees and procedures.
• Log all Help Desk events and generate performance metrics that include but are not limited to the number of e-mails, calls and tickets per day
• Generate and disseminate a daily event log (includes all actions, all phone calls, e-mail contacts) by 7:00 am local time. [Appendix 15, CDRL OM-02]
• Track problems and coordinate corrective actions based on established Government CM procedures.
• Maintain the Government-furnished CRM database, including users (persons), products, services, satellites, applications, instruments, organizations, and administration, using Government-approved procedures.
• Follow standard Statistical Process Control methodologies, a method of monitoring a process through the use of control charts.
• Establishes and maintains effective working relationships with managers, team members, and customers on routine matters.