Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Vestal Lum

DMV

Summary

Information Systems Security Officer with 7+ years of experience leading Authorization to Operate (ATO) efforts for federal and DoD systems. Skilled in developing System Security Plans (SSPs), managing Plans of Actions & Milestones (POA&Ms), and implementing continuous monitoring strategies in alignment with NIST 800-53, NIST 800-37, RMF, and FISMA. Proven ability to harden systems, mitigate vulnerabilities, and maintain compliance with frameworks such as ICD 503, JSIG, CNSS 1253, and NISPOM. Known for collaborating with cross-functional teams and guiding junior ISSOs to streamline ATO processes and strengthen security posture.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Senior Information Systems Security Officer

ACQUISITION PROFESSIONALS
02.2023 - Current
  • Lead development and enforcement of security policies and procedures in accordance with NIST 800-53, RMF, and FISMA, ensuring all ATO documentation meets federal standards.
  • Oversee full lifecycle ATO processes, including SSP creation, POA&M tracking, and implementation of continuous monitoring plans.
  • Mentor junior ISSOs on ATO package preparation, control implementation, and vulnerability mitigation.
  • Collaborate with system owners, IT teams, and auditors to maintain ATO compliance and remediate findings prior to security control assessments.
  • Conduct security impact analysis for system changes, ensuring ATO status is not jeopardized.
  • Apply DISA STIGs and SCAP benchmarks to maintain technical compliance for Windows, Linux, and cloud systems.
  • Maintain detailed audit trails and system documentation to support internal reviews and external ATO reauthorization.
  • Performs Continuous Monitoring of security controls, to include audit log review and archive, security updates and patching, compliance scanning, configuration management, account management, vulnerability management, and control status reporting.
  • Help review new Government requirements and how they can be addressed and perform other duties as assigned.

Information Systems Security Officer Isso

DATA LOGIC
02.2020 - 01.2023
  • Hardened Windows and Linux environments to meet ATO security baselines and pass government security inspections.
  • Performed secure classified data transfers in compliance with ATO boundary requirements and labeling protocols.
  • Conducted risk assessments on system modifications and documented results in ATO update submissions.
  • Supported the ISSM in full-spectrum ATO package preparation for SCI, SAP, and DoD systems, aligning with ICD 503, RMF, JSIG, NISPOM, and CNSS requirements.
  • Coordinated vulnerability remediation to close POA&M items ahead of ATO deadlines.
  • Conducted in-depth research and analysis to assess the security impacts of system modifications, emerging technologies, and malicious code.

Assessor

TROWE PRICE
01.2018 - 02.2020
  • Analyzed vulnerability scan results, determined residual risk, and differentiated false positives from technical reports.
  • Ensured organizations are addressing and conducting all phases of the system development life cycle (SDLC).
  • Assessed proposed changes to Authorization boundaries' operating environment and mission needs to determine continuation to operate.
  • Assessed A&A / ATO packages including SSPs, ISCPs, IRPs, CMPs, vulnerability scan results, and POA&Ms for completeness and accuracy.
  • Provided written recommendations for ATO approval to government stakeholders.
  • Validated vulnerability remediation efforts to confirm closure before ATO reauthorization.
  • Reviewed proposed system changes to ensure they did not impact ATO boundaries.
  • Collaborated with adjusters and property managers and owner to generate new leads worth and increase revenue by 10%.

Education

Bachelor's - Cybersecurity policy management

UMGC
MD
05.2019

Skills

  • NIST 800-53 / NIST 800-37 / NIST CSF
  • Risk Management Framework (RMF)
  • Security Assessment & Authorization (A&A)
  • DISA STIGs and SRGs
  • Vulnerability Management (Nessus, SCAP, ACAS)
  • SIEM Tools (Splunk, ArcSight, QRadar)
  • Windows/Linux System Hardening
  • Security Configuration (GPO, STIG Viewer, SCAP Compliance Checker)
  • Cloud Security (AWS GovCloud, Azure Gov, FedRAMP compliance)
  • Identity and Access Management (IAM)
  • Data Loss Prevention (DLP)
  • Network Security (Firewall/IDS/IPS configuration and monitoring)
  • Compliance auditing
  • Incident response
  • Intrusion detection

Certification

  • CompTIA Security+
  • CISSA
  • CISM
  • CISSP in progress

Timeline

Senior Information Systems Security Officer

ACQUISITION PROFESSIONALS
02.2023 - Current

Information Systems Security Officer Isso

DATA LOGIC
02.2020 - 01.2023

Assessor

TROWE PRICE
01.2018 - 02.2020

Bachelor's - Cybersecurity policy management

UMGC

Similar Profiles

  • Jed Miller

    Jed MillerJed Miller

    Chief Revenue Officer at Parcel Ag (via acquisition of Globally Responsible Production)Chief Revenue Officer at Parcel Ag (via acquisition of Globally Responsible Production)

  • Pamela Montgomery

    Pamela MontgomeryPamela Montgomery

    Corporate Human Resources Manager at Corsicana Acquisition, LLCCorporate Human Resources Manager at Corsicana Acquisition, LLC

  • SKYLER MCMURRAY

    SKYLER MCMURRAYSKYLER MCMURRAY

    Executive Assistant at Office of the Assistant Secretary of the Army (Acquisition, Logistics & Technology)Executive Assistant at Office of the Assistant Secretary of the Army (Acquisition, Logistics & Technology)

  • Rebecca Sande

    Rebecca SandeRebecca Sande

    Senior Program Analyst- OPNAV at CYDECORSenior Program Analyst- OPNAV at CYDECOR

  • JEFFERY ANANE JACKSON

    JEFFERY ANANE JACKSONJEFFERY ANANE JACKSON

    1st Assistant Camera at ArieCan Productions1st Assistant Camera at ArieCan Productions

CREATE PROFILE