Spencer Scriber

During my career, I have had the privilege and opportunity to work within the DoD, federal, health and financial sectors. These opportunities have emboldened me with a keen perspective and best of breed in the Governance, Risk Management and Compliance of security processes and posture as it relates to various security platforms to include FISMA, NIST, ISO and security guidance germane to specific agency efforts. My career started as a field technician/engineer and has matriculated to more than 15 years in the roles of manager and analyst performing cybersecurity support.

As my primary focus has been conducting information security program strategy and risk assessments as part of Continuous Diagnostics and Mitigation, I welcome opportunities to carry out tasks increasing the security posture with security professionals and assessing security issues. I look forward to the opportunity to speak with your team and discuss task requirements and how I may assist.

Information Security Analyst - ECS Federal - United States Postal Service (USPS)

(2019-04)

Support Corporate Information Security Office (CISO) in the development, initiation, maintenance, and revision of policies, standards, procedures, management instructions, and guidelines of security programs and related activities.

• Partner with internal teams to ensure policies meet the needs and goals of CISO and across the organization
• Assist in the policy lifecycle by the monitoring of changes to policy and regulatory landscape as it pertains to the organization
• Actively monitor for new/emerging regulatory requirements on a regular basis and the potential impact to the organization
• Actively coordinate with stakeholders to ensure new/emerging regulatory requirements are assigned to the correct departments/portfolios within the organization
• Partner with internal teams to ensure sensitive data has been identified and that the policy, standards and regulations are in place for the organization that adequately meet the needs and goals of CISO and the organization
• Collaborate with other departments inside and outside of CISO (e.g., Risk Management, Engineering, IT, HR, Legal, etc.) to direct policy and regulatory issues to appropriate channels for investigation and resolution
• Gather and analyze and store artifacts in accordance with corporate CISO standards to ensure programs are effective and meeting goals
• Participate in quarterly assessments to determine the organization's level of compliance against internal policies, external regulations, and other compliance obligations, as required
• Assist in maintaining updated compliance documentation, such as, compliance program plan, process plan, and standard operating procedures (SOPs), to align with organizational policy
• Perform other duties as assigned
• Support CISO Office of Inspector General (OIG) documenting emails, providing status of CISO's response to USPS OIG requests; maintain internal processes and develop content to include dashboard metrics; and report out weekly metrics to senior management

IT Security Consultant - PrismSoft Consulting - Veteran Administration (VA)

(2018-06 - 2018-12)

Deputy Program Manager role with assigned projects, SOW and adhoc tasks. Provided overarching structure, processes and procedures to align with the VA Office of Information and Technology (OIT) objectives.

• Tasked with FedRAMP/AWS implementation goals, status of systems in RiskVision, schedule management, metrics and deliverables
• Reported activities in the form of Quad Charts, Weekly Activity Reports, Executive Briefs and monthly reports
• Revised content for the Veteran focused Integration Process (VIP) as one of many deliverables
• Reviewed and provided recommendations for security impact analysis (SIA) and systems engineering technical reports (SETR)
• Consulted on AWS implementation
• Managed work flow and resources for team of 12 cybersecurity engineers and analysts
• Enhanced current state security architectures and track audit-related performance metrics-LOE, costs, audit requests, to support projected VA objectives, risk/threat landscape

IT Security Consultant - PrismSoft Consulting - United States Census Bureau

(2017-10 - 2018-06)

Information Security Consultant; Supported the 2020 Census.

• Facilitated vendor meetings
• Assessed security controls (NIST) as part of the software development life cycle (SDLC) methodologies securing enterprise-wide systems, applications, network, and infrastructure services with respect to AWS/Azure implementation
• Collaborated with System Owners, Information Stewards and Engineers on the design, architect, and their implementation to the various systems
• Developed deliverables and artifacts for ATO packages

IT Security Consultant - PrismSoft Consulting - United States Treasury

(2017-04 - 2017-09)

• Verified A&A package content during kick offs and subsequent meetings
• Supported the development, assessment, implementation, continuous monitoring, and enhancement of relevant security posture
• Reviewed, edited, and implemented security policies, procedures, and security controls
• Addressed compliance issues based on agency specific documents to recommended solutions

IT Security Consultant - PrismSoft Consulting - United States Coast Guard (USCG)

(2017-05 - 2017-09)

Supported the USCG Electronic Health Records (eHR) Acquisition Solution with a strategy for implementing security requirements.

• Collaborated with team, researched, and recommended procurement solution options for a software solution
• Reviewed and recommended alternative solutions for USCG eHR acquisition as a requirement and submittal of an analysis of alternatives (AoA)

IT Security Consultant - PrismSoft Consulting - CareFirst/Blue Cross Blue Shield (BCBS)

(2017-02 - 2017-03)

Supported the Risk Management Framework (RMF) implemented by CareFirst Security Branch.

• Collaborated daily with engineers, system administrators and system owners to develop policy and procedures

IT Security Consultant - PrismSoft Consulting - Federal Aviation Administration (FAA)

(2016-09 - 2017-01)

Performed Risk Management Framework for FAA Security Assessment Branch. Addressed and managed risk by way of assessments.

• Interviewed System Owners, Information Stewards, and Engineers for the security requirements of NIST 800-53 rev. 4 and documented their implementation to the various systems

IT Security Consultant - PrismSoft Consulting - Conference of State Banks Supervisor (CSBS) State Regulatory Registry (SRR)

(2015-09 - 2016-08)

Direct CISO support to include the analysis, review, and execution of projects to enhance the security posture of CSBS information security programs and systems.

• Mentored team members in OMB, FISMA, PCI DSS, SOX, and NIST guidance
• Represented CISO when unavailable
• Collaborated daily with a variety of stakeholders, project partners including Consumer Financial Protection Bureau (CFPB), system owners, implementation engineers, 3rd party auditors, vendor security teams and AWS/Data Warehouse to develop security artifacts and contractual deliverables
• Developed vulnerability assessment process documentation
• Consulted on various processes for improvement
• Updated control implementation to maintain the existing security postures for FedRAMP Provisional Authority to Operate (P-ATO) for systems

IT Security Consultant - PrismSoft Consulting - United States Postal Service (USPS)

(2014-07 - 2015-08)

• Developed security requirements for a departmental acquisition
• Developed and implemented the IT processes and technology which involved testing cyber security controls, defining remediation, project plans (HP ALM), and policy/procedure development
• Participated in daily scrums (Epics and user stories)
• Developed NIST security requirements in addition to API options
• Recommended options to senior management of additional controls needed to effectively execute alignment to FedRAMP controls in pursuit of a Provisional Authorization-To-Operate (P-ATO) certification

Information Security Analyst - Noblis - GSA's Office of Citizen Services and Innovative Technologies (OCSIT)

(2013-05 - 2014-06)

Information System Security Officer; Supported FedRAMP's Cloud Initiative Program.

• Developed documentation and content with vendors for the FedRAMP security controls supporting the Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) stacks
• Facilitated kick offs and other adhoc meetings for the Cloud Service Providers and Third-Party Assessment Organizations (3PAO)
• Verified deliverables and artifacts
• Reviewed/commented on System Engineering Technical Reviews
• Improved processes that met PMO goals and objectives to ensure system confidentiality, integrity and availability through Continuous Monitoring and tracking of PoA&Ms
• Provided guidance on baseline configuration and security impact analysis

Information Security Analyst - VERIS Group LLC - Office of Procurement Group Cyber Security Division OCIO United States Patent and Trademark Office

(2011-12 - 2013-04)

Senior Information Security Analyst.

• Tested security controls of Automated Information Systems (AIS)
• Analyzed risk to improve code reviews for application security scans (Nessus) and desktop configurations (USGCB)
• Documented security assessment packages against NIST standards and addressed IV&V comments before submission to Designated Accreditation Authority for approval

IT Security Consultant - PrismSoft Consulting - Department of Labor (DOL)

(2011-05 - 2011-11)

Provided consultation services in support of Assessment and Authorization (A&A) packages consisting of System Security Plans, Incident Response Plans, Security Categorizations, Business Impact Analysis, Contingency Plans and Testing, Security Assessment Reports, Security Test and Evaluation.