Vernon Andrews
Summary
Experienced cybersecurity specialist with a proven track record in threat analysis, security assessments, and incident response. Collaborates effectively within teams, delivering tangible results while adapting to evolving requirements effortlessly. Recognized for strong problem-solving skills, strategic mindset, and clear communication. Expertise includes risk management, vulnerability assessments, regulatory compliance, and delivering cybersecurity services to federal and government entities.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Senior Cybersecurity Analyst
Ernst & Young LLP
11.2023 - Current
- Mr. Andrews provides assessment and authorization (A&A) support for the U.S. Department of Energy (DOE) Office of the Chief Information Officer (OCIO).
- Mr. Andrews' responsibilities include a comprehensive review of security and privacy controls, involving Enclave systems, large and small applications, External Service Providers (ESPs) and Vendors.
- Various cloud service providers (CSPs) such as IaaS, PaaS, and SaaS.
- Guided by standards such as FedRAMP, NIST (SP) 800-30, 800-37, 800-53/53A, 800-60 and Federal Information Processing Standard (FIPS) 199.
- Mr. Andrews uses GRC, Cyber Security Assessment Management (CSAM) tools to evaluate systems, review artifacts, and update system security plans.
- Mr. Andrews records the assessment results into the Cyber Security Assessment Management System (CSAM) and prepares the Cyber Security Testing and Evaluation (ST&E) report.
- Successfully lead and assessed multiple systems.
- Successfully lead and facilitated efficient walkthroughs/ARL communication with the stakeholders.
- Completed the documentation in SSP (CSAM), ST&E and SAR reports for completed assessments, including the identified findings and remediation.
- Q&A assessment results/ findings with assessment team and Client.
- Trained & supported with onboarding new members.
- Conducted security audits to identify vulnerabilities.
- Analyzed security incidents post-resolution, identifying areas for improvement in both technical controls and incident response processes.
- Performed regular reviews of user access rights, minimizing the risk posed by insider threats or compromised accounts.
- Performed risk analyses to identify appropriate security countermeasures.
- Ensured compliance with industry regulations by performing comprehensive audits on existing security policies and procedures.
Cybersecurity Analyst
Ernst & Young LLP
03.2022 - 11.2023
- Using the Risk Management Framework (RMF), as well as best practices, policies, and procedures, Mr. Andrews assesses the security posture of various systems and applications for our client.
- By completing an Information Categorization of the system and creating a Security Assessment Plan (SAP), Mr. Andrews tests the implementation of selected NIST 800-53 Rev. 5 controls.
- Following testing, a Security Assessment Report (SAR) and System Security Plan (SSP) are generated, outlining a high-level summary of the testing results.
- For any failed security controls, a Plans of Actions and Milestones (POA&Ms) is created to remediate any found risks to the system/application, which are then uploaded into CSAM.
- This process is repeated annually to maintain continuous monitoring and the Authorization to Operate (ATO).
- In addition to testing security controls, Mr. Andrews helps the team establishes and/or updates privacy documents for the systems, including Business Impact Analysis (BIA), Privacy Threshold Assessments (PTA), Privacy Impact Assessments (PIA), and Privacy Continuous Monitoring (PCM).
- Conducted comprehensive security audits for identifying potential vulnerabilities, leading to strengthened defense mechanisms.
- Improved stakeholder confidence through preparation and presentation of detailed security reports and improvement plans.
- Performed risk analyses to identify appropriate security countermeasures.
Assistant ISS Manager Jr. (Internship)
Georgia Department of Juvenile Justice
03.2020 - 03.2022
- Mr. Andrews was responsible for helping manage and maturing DJJ compliance with Federal Information Security Management Act (FISMA) Risk Managed Framework (RMF) that legislates comprehensive framework to protect state government information.
- He assisted in conducting risk assessments in support of DJJ Supply Chain's Risk Management Framework (RMF) using NIST Supply chain guidelines/publications via electronic Governance, Risk Management and Compliance (eGRC) system.
- Mr. Andrews strategized assessment and close all or most of DJJ's cybersecurity audit findings.
- He also assisted in creating plan of action from recommendations of findings.
Lieutenant
Georgia Department of Juvenile Justice
12.2015 - 03.2022
- Mr. Andrews demonstrated strong and effective verbal, written and interpersonal communication skills with 100% accuracy.
- He followed over 100 policies and responded to threats in regard of security issues.
- He also minimized the number and severity of security incidents by being proactive.
- Selected as Class Section Leader in training
- Participated in ongoing professional development opportunities, staying current on industry best practices and emerging trends in law enforcement.
- Conducted detailed investigations, gathering essential evidence to support legal proceedings.
- Investigated incidents and crimes, collected evidence, and recorded witness statements.
Education
Master of Science - Cybersecurity Management
Columbus State University
Columbus, GA05.2021
Bachelor of Science - Political Science
Columbus State University
Columbus, GA05-2013
Skills
- Proficient in NIST risk management framework
- Cyber Security Assessments
- Identity and Access Management
- Risk assessment
- Incident response
- Network security
- Meticulous attention to detail
- Analytical thinking
- Business continuity planning
- Review and assessment of information security policies
- Security analysis
- Cloud security
Clearance
Secret
Total Years Of Experience
8
Certification
- CGRC – Governance, Risk and Compliance Certification Training - [Aug 2025]
Timeline
Senior Cybersecurity Analyst
Ernst & Young LLP
11.2023 - Current
Cybersecurity Analyst
Ernst & Young LLP
03.2022 - 11.2023
Assistant ISS Manager Jr. (Internship)
Georgia Department of Juvenile Justice
03.2020 - 03.2022
Lieutenant
Georgia Department of Juvenile Justice
12.2015 - 03.2022
Master of Science - Cybersecurity Management
Columbus State University
Bachelor of Science - Political Science
Columbus State University
Similar Profiles
Prathamesh MandrekarPrathamesh Mandrekar
Risk Consultant – Life Sciences at Ernst & Young LLPRisk Consultant – Life Sciences at Ernst & Young LLP
Michelle BienstockMichelle Bienstock
Assistant Director, Experience Management at ERNST & YOUNG LLPAssistant Director, Experience Management at ERNST & YOUNG LLP
Sujit D ChauhanSujit D Chauhan
Manager-CSV Risk Advisory at Ernst & Young LLPManager-CSV Risk Advisory at Ernst & Young LLP
Anagha AsokAnagha Asok
Project Coordinator at Ernst & Young LLPProject Coordinator at Ernst & Young LLP
Darnel Justin Kamgain WatchuengDarnel Justin Kamgain Watchueng
Senior Cybersecurity analyst at RevauSenior Cybersecurity analyst at Revau