Here is what you need to know about the Cybersecurity workforce.
Audio ONLY:
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | RSS
8570
ConvoCourse PodCast: Security Awareness Training
This is an intro to NIST AT security controls (Security Awareness Training for an organization). To see a deeper dive into this and other NIST security controls check out http://convocourses.com
cybersecurity compliance project manager alexandia VA job
check out the courses:
http://convocourses.com
Job Title: #Cybersecurity #Compliance Project Manager
Job Location: Alexandria, VA, US
Project Length: Long Term
Clearance Requirement: Active Secret clearance.
Key Role:
Serve as a Task Lead responsible for the creation of a Cybersecurity Governance, Risk, and Compliance (GRC) team assessment program for a DoD organization. Design, develop, and implement the assessment program independently to measure Cyber GRC metrics, determine readiness for audits and inspections based on DoD policies and NIST standards, identify risks, and provide automated remediation plans. Work to improve communication and enhance the organization’s security posture through risk assessment preparation. Perform blind, non-punitive readiness assessments for organizational units to provide a preparatory remediation plan for upcoming inspections. Measure the effectiveness of the GRC programs and provide leadership with an unfiltered view of the organization’s security posture, measuring the balance between its objectives and risk profile. Recommend strategic enhancements and structural improvements for a compliance division.
Basic Qualifications:
10+ years of experience with Cybersecurity.
Ability to design, develop, and manage the implementation of risk assessment process methodology and tools, including eMASS.
Ability to communicate effectively and professionally in a fast-paced client-environment.
BA or BS degree in a Technology, IT, or Cybersecurity field.
DoD 8140 and 8570 IAM level II Certification.
Additional Qualifications:
Experience with GRC and assessment processes.
Experience with DoD 8500 series, NIST SP 800 series, DoD regulations, and instructions, including DoDI 8140-01, DoDI 8530.01, CJCSI 6510.01, and the Risk Management Framework (RMF).
Experience with briefing senior government officials at the General Officer and SES-levels.
PMP Certification.
Direct: 703-653-0218
karthik@param-solutions.com
https://recruiting-as-a-service.param…
https://param-solutions.com/careers
information assurance engineer maryland Aberdeen
check me out on:
https://securitycompliance.thinkific.com
the Job:
Job Title: Information Assurance Engineer
Location: Aberdeen, MD
Position Type: Full Time
Clearance: Minimum Interim Secret
Must Have IAT Level 3 Certification.
Job Description:
Provides security engineering designs and implementation in all aspects of Information Assurance and Information Security (InfoSec) Engineering.
Assesses and mitigates system security threats/risks throughout the program life cycle; validates system security requirements definition and analysis; establishes system security designs; implements security designs in hardware, software, data, and procedures;
verifies security requirements; performs system certification and accreditation planning and testing and liaison activities, and supports secure systems operations and maintenance.
Mandatory Skills:
Demonstrated experience performing IA activities in support of software and system requirements, design, development, testing and sustainment
Experience with employment of IA requirements, policies, and processes to include authorization and accreditation as part of the RMF process
Experience with risk and vulnerability assessments and mitigation
Demonstrated ability to provide guidance on Intelligence Community (IC) Cyber/IA regulations and requirements to senior customers, senior LM leaders, and the program engineering staff
Experience with Security Information and Event Management (SIEM) correlation tools, Scanning (Nessus), and Host Based
Security System (HBSS)
Please provide the following information
Rate Expectation:
Full Name:
Contact No:
Alternate contact (if any):
Email address:
Current Location:
Relocation:
Availability:
Visa status
Kindly share your detailed resume at zoeyw@etalentnetwork.com
If you are qualified and interested in making a change or know of a friend who might have the required qualifications, please call me ASAP at (877) 733-3555 Ext.267, even if we have spoken recently about a different position. If you do respond via e-mail please include a daytime phone number so I can reach you. In considering candidates, time is of the essence, so please respond ASAP. Thank you.
Sincerely yours,
ZoeyWest
E TalentNetwork
8251 Greensboro Drive, Suite 250
McLeanVA
zoeyw@etalentnetwork.com
(877) 733-3555 Ext.267
dodd 8140 cyberspace workforce management
What is the DoD Directive 8140?
DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience.
Where is the DoDD 8140.01, Cyberworkforce going?
8140 manual may mirror an ongoing initiative that has a lot more categories. Those high level categories would be under a National Initiative for Cybersecurity Education (NICE) framework:
Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.
These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.
http://diarmfs.com
niccs.us-cert.gov
DoDD Cyberspace Workforce Management 11 Aug 2015
The Department of Defense finally released the Directive for Cyberspace workforce management on 11 Aug 2015. This means that the DODI (instruction) is not far behind. The instruction will be more in the weeds. It is where the “magic happens”. Directives are very high level policy that gives instructions their power to exist.
Cyberspace Workforce Management – http://www.dtic.mil/whs/directives/corres/pdf/814001_2015_dodd.pdf
The Cyberspace Workforce Management directive does the following:
- Reissues and renumbers DoD Directive (DoDD) 8570.01 (Reference (a)) to update and expand established policies and assigned responsibilities for managing the DoD cyberspace workforce.
- Authorizes establishment of a DoD cyberspace workforce management council to ensure that the requirements of this directive are met.
- Unifies the overall cyberspace workforce and establishes specific workforce elements (cyberspace effects, cybersecurity, and cyberspace information technology (IT)) to align, manage and standardize cyberspace work roles, baseline qualifications, and training requirements.
Cyberspace Workforce Applies to:
- Office of the Secretary of Defense (OSD)
- Military Departments (Army, Navy, Air Force, Marines)
- Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff
- Combatant Commands
- Office of the Inspector General of the Department of Defense (IG DoD)
- Defense Agencies
- Field Activities
- DoD Components
It is DoD policy does the following:
- Maintains a total force management perspective to provide qualified cyberspace government civilian and military personnel to identified and authorized positions, augmented where appropriate by contracted services support. These personnel function as an integrated workforce with complementary skill sets to provide an agile, flexible response to DoD requirements.
- [Make sure] the appropriate mix of military and government civilian positions and contracted support designated to perform cyberspace work roles is determined in accordance with DoD Instruction (DoDI) 1100.22 (Reference (b))
- Civilian, military, and contracted support personnel assigned to perform cyberspace work roles must meet qualification standards established in supporting issuances, in addition to other existing workforce qualification and training requirements assigned to billets and position requirements (e.g., acquisition, intelligence, communications).
- DoD Component compliance with this directive is monitored via authoritative manpower and personnel systems as an element of mission readiness and as a management review item.
- Nothing in this directive replaces or infringes the responsibilities, functions, or authorities of the DoD Component heads or other OSD officials as prescribed by law or Executive order, assigned in chartering DoDDs, or detailed in other DoD policy issuances or, as applicable, in Director of National Intelligence policy issuances.
- All authorized users of DoD IT receive initial cybersecurity and information assurance awareness orientation as a condition of access, and thereafter must complete annual cybersecurity and information assurance refresher awareness.