ConvoCourses

Cyber Security Compliance and IT Jobs

information security

Information Security in CHATTANOOGA TN

by Leave a Comment

 

Title                                                         INFORMATION SECURITY(5263850)
Location:                                                CHATTANOOGA TN 37402-2801
Duration:                                               12 month(s)
Hours:                                                    8:00am to 5:00 pm
Job Description
  • THIS PERSON WILL BE ACCOUNTABLE FOR HAVING FIRM KNOWLEDGE IN A BROAD RANGE OF INFORMATION SECURITY DISCIPLINES AND TO EDUCATE AND DRIVE THE IMPLEMENTATION AND STANDARDIZATION OF THE TVA ENTERPRISE SECURITY PROGRAM. THIS WILL INVOLVE CONTRIBUTING TO THE DEVELOPMENT, MAINTENANCE, AND IMPLEMENTATION OF THE ENTERPRISE SECURITY PROGRAM, AND HELPING TO ENSURE THE OVERALL ACHIEVEMENT AND COMPLIANCE WITH THE SECURITY GOALS, REGULATORY REQUIREMENTS AND COMPANY DIRECTION. THIS PERSON WILL BRING BASIC INDUSTRY INSIGHT AND INFORMATION SECURITY UNDERSTANDING TO TVA. PERFORMS CONTROL AND VULNERABILITY ASSESSMENTS TO IDENTIFY WEAKNESSES AND ASSESS THE EFFECTIVENESS OF EXISTING CONTROLS, AND RECOMMENDS REMEDIAL ACTION
  • REPORTS TO INFORMATION SECURITY MANAGEMENT CONCERNING RESIDUAL RISK, VULNERABILITIES AND OTHER SECURITY EXPOSURES, INCLUDING MISUSE OF INFORMATION ASSETS AND NONCOMPLIANCE
  • PARTICIPATE IN PROJECT REVIEWS, INCIDENT DEBRIEFS AND EVALUATION (SUCH AS AUDIT) REVIEWS TO UNDERSTAND THE ISSUES AND GAPS, FACTOR INTO CONTINUOUS IMPROVEMENT AND ALTER/ENHANCE THE EDUCATION AND COMMUNICATION PLANS.
  • PLAYS AN ADVISORY ROLE IN APPLICATION DEVELOPMENT OR ACQUISITION PROJECTS, TO ASSESS SECURITY REQUIREMENTS AND CONTROLS AND ENSURE THAT SECURITY CONTROLS ARE IMPLEMENTED AS PLANNED
  • COLLABORATES ON CRITICAL IT PROJECTS TO ENSURE THAT SECURITY ISSUES ARE ADDRESSED THROUGHOUT THE PROJECT LIFE CYCLE
  • ASSIST IN BUILDING BUSINESS CASES TO ESTABLISH, GROW AND CHANGE BUSINESS GROUPS, FUNCTIONS AND TECHNOLOGIES AND ESTABLISHES, DEVELOPS AND GROWS INFORMATION SECURITY, RISK AND COMPLIANCE OPERATIONAL SECURITY PROGRAM CONTRIBUTES TO THE DEVELOPMENT OF SECURITY ARCHITECTURE AND SECURITY POLICIES, PRINCIPLES AND STANDARDS.
  • EDUCATION — A BACHELOR’S DEGREE IN COMPUTER SCIENCE, ENGINEERING OR A RELATED FIELD OF STUDY; OR EQUIVALENT EDUCATION, TRAINING & EXPERIENCE.
  • EXPERIENCE — FIVE OR MORE YEARS OF CURRENT AND HANDS ON INFORMATION TECHNOLOGY EXPERIENCE PROTECTING ELECTRONIC AND INFORMATION BASED ASSETS. MUST HAVE SIGNIFICANT EXPERIENCE LEADING PROJECTS/TEAMS. AUDIT/INVESTIGATIONS EXPERIENCE IS HIGHLY DESIRED. OPERATING PLANT EXPERIENCE IS HIGHLY DESIRED.
  • CERTIFICATION/LICENSE, ETC — CISSP, CISM, CISA, CPP, OR EQUIVALENT PREFERRED.
  • KNOWLEDGE/SKILLS/ABILITIES — DEMONSTRATED MANAGERIAL COMPETENCIES IN LEADERSHIP, DELEGATION, ANALYSIS, TEAMWORK, COACHING/DEVELOPMENT, CUSTOMER SERVICE, PLANNING/ORGANIZING, FLEXIBILITY, STRESS TOLERANCE, COMMUNICATION. DEMONSTRATED STRATEGIC AND TACTICAL IT PLANNING. BROAD KNOWLEDGE OF BUSINESS FUNCTIONS AND RELATED EIT SECURITY NEEDS. MUST STAY FAMILIAR WITH FEDERAL LAWS, REGULATIONS, AND INDUSTRY BEST PRACTICES FOR EIT SECURITY STRATEGIES AND TECHNOLOGY. KNOWLEDGE OF IT OPERATIONAL INFRASTRUCTURE INCLUDING DISASTER RECOVERY/BACKUP, DATA MANAGEMENT, AND ABILITY TO DEVELOP/ENSURE SECURITY MEASURES/PROCESSES ARE IMPLEMENTED. EXCELLENT ABILITY TO RESEARCH, EVALUATE AND RECOMMEND TECHNICAL SOLUTIONS. ABILITY TO DEVELOP PLANS AND EXECUTE COMPLEX EFFORTS INVOLVING APPLICATION OF ADVANCED TECHNOLOGICAL KNOWLEDGE. MUST DEMONSTRATE TACT AND EFFECTIVE JUDGMENT DEALING WITH CONFIDENTIAL/SENSITIVE MATERIAL. ABILITY TO OBTAIN AND MAINTAIN SECRET SECURITY CLEARANCE REQUIRED. CANDIDATE MAY BE REQUIRED TO OBTAIN AND MAINTAIN A SECURITY CLEARANCE BASED ON POSITION / ACCESS REQUIREMENTS AND ESSENTIAL JOB FUNCTIONS.
Job Details:
• Previous work experience in the cyber security field.
• Superior written and oral communication skills.
• Strong understanding of TCP/IP communication and network topologies.
• Vulnerability analysis and remediation using automated tools.
• Extreme attention to detail, with emphasis on accuracy.
• Bachelor’s degree in a computer-related field of study or 2+ years of related work experience.

Information Security Analyst in Atlanta GA

by Leave a Comment

Please provide the following information
Rate/ Salary:
Full Legal Name:
Address- (either Full address or at least City name and State name):
Contact No:
Alternate Contact No (if any):
Best time to take call(by Hiring Manager):
Best time to take discussion call(by Accounts Manager):
Email ID/ Email IDs:
Relocation at own Expenses- (Yes/No):
Distance from client’s location- (In Miles, In case candidate is Local or adjoining):
Interview- (In-Person/ Phone/ Both):
End Date of Current Project:
Availability:
Interviews/ Offers in pipeline:
Visa Status- (in case of H1b, please mention validity date of his visa):
Position Title:                                                                    GaDHS – Information Security Analyst ( 1 position )
Position Id:                                                                         49640
Agency:                                                                                State of Georgia – GaDHS
Duration:                                                                             6 Months
Work Location:                                                                 2 Peachtree Street, Atlanta , Georgia  30303
Interview Type:                                                                In person Preferred
Citizenship mandate:                                                     US citizen preferred      
Type
Qualification
Description
Competency
Experience
Candidate Experience
Last Used
Skills
CISSP
Expert
5-6 yrs
Skills
Communication skills both verbal and written
Skills
Information Security
Expert
5-6 yrs
Skills
MicrosoftOffice
Skills
Presentation skills
Skills
Service oriented architecture (SOA)
Description:
  • The Georgia Department of Human Services (DHS), Office of Information Technology (OIT), is seeking candidates for the position of Information Security Analyst. This position is based at 2 Peachtree Street, NW in Atlanta, GA.
  • DHS delivers a wide range of human services designed to promote self-sufficiency and well-being for all Georgians. The department is one of the largest agencies in state government with an annual budget of $1.8 billion and approximately 8500 employees.  DHS is comprised of three divisions and seven offices.
  • OIT is the office within DHS that provides computing, applications management, IT procurement, network and telecommunications services to all DHS divisions and offices.
  • This position reports to the DHS Chief Information Security and Audit Compliance Officer.   The Information Security Analyst will perform a variety of Information Technology security functions in support of the DHS Enterprise.
Under limited supervision, the Information Security Analyst:
  • Assists in planning, directing, and coordinating agency activities, specifically relative to Information Security.
  • Assists in developing and enforcing the organization’s security policies, standards, and guidelines, security awareness, security information portion of the business continuity and disaster recovery plans, and all industry and government compliances issues.
  • Assists in incorporating the design, deployment, management, control, and updating of platform and user specific security policies on a diverse range of internal hardware platforms supporting various software and operating systems.
  • Conducts risk management analysis to identify areas of risk and to develop security measures to prevent losses.
  • Monitors use of data files and regulates access to safeguard information in computer files.
  • Works with business owners, IT managers, staff, and vendors in order to provide timely and efficient IT coordination of security services to meet agency needs.
  • Create reports on status of agency information security programs and projects, as required.
  • Communicates with senior executives through oral and written reports and presentations, as required.
  • Develops and implements IT system security plans, projects and initiatives.
  • Plans, implements, manages, and coordinates security measures and controls for information systems to regulate access to computer data and prevent unauthorized modification, destruction, or disclosure of information.
  • Serves as Subject Matter Expert (SME) along with or in absence of the Senior Agency Information Security Office representing the agency on all issues relating to information security, as required.
  • Performs other professional responsibilities as assigned by supervisor.
Core competencies:
  • Ability to work effectively with personnel at multiple levels of the organization
  • Ability to work effectively as a dedicated team member; ability to effectively and accurately communicate with other team members
  • Ability to work effectively with a diverse project team in a highly visible, fast paced and changing project environment with aggressive timelines
  • Ability to effectively manage and complete multiple tasks simultaneously
  • Demonstrated performance as a self-motivated and goal-oriented professional who is able to work with minimal supervision, exercise good judgment and keep critical systems operational
  • Exceptional subject matter knowledge, skills and abilities
  • Demonstrated performance as a professional who exceeds requirements and expectations
  • Excellent oral, written, presentation and interpersonal communication skills
  • Strong proficiency in the use of Microsoft Office Suite, Visio and/or standard software applications typically used in a corporate office environment
Required qualification:
Bachelor’s degree from an accredited college or university in information technology, computer
science, information assurance or a related field and six (6) years of information technology
experience, three of which were in information security or information assurance
Preferred qualification:  Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) credentials

Information Assurance Air Force

by Leave a Comment

Information Assurance in the Air Force is probably the most comprehensive of any branch of the US Armed Services.  Air Force Instructions (AFI) 33-210, Air Force Certification & Accreditation (C&A) Program (AFCAP) is the USAF framework for implementing DIACAP.   This includes all information Assurance of the Air Force and has started to incorporated NIST risk management.

The Air Force expects Information Assurance Managers (aka Information System Security Managers) and Information Assurance Officers (aka Information System Security Officers) to maintain situation awareness restore IA posture and conduct internal Information Assurance assessments testing information assurance controls when necessary.

AFI 33-2xx Information Assurance Air Force

The AFI’s are the manuals that cover all rules and regulations of the Air Force.  The AFI 33-xxx series covered all Information Technology rules (I use past tense because the Air Force may change this any day now.. they change everything all the time).  AFI 33-2xx covered Information Assurance, Information Security, and anything dealing with security practices on IT.

AFI 33-210, AFCAP references DoD 8570.01-M and eventually DoD 8140 to describe the certification and skill sets necessary for security practitioners conducting Information Assurance in the Air Force.   AFI 33-2xx are based on:

  • DoDI 8500.02, Information Assurance (IA) Implementation
  • NIST SP 800-53 Revision 3, Recommended Security Controls for Federal
  • DoDD 8500.01E, Information Assurance, 24 October 2002 
  • DoDI 8500.2, Information Assurance (IA) Implementation, 6 February 2003
  • DoD 8570.01-M, Information Assurance Workforce Improvement Program, 19 December 2005

For more info: http://www.e-publishing.af.mil/

http://www.youtube.com/watch?v=cwqn7Ebq94w

X

operational risk

by 1 Comment

In the defense industry operational risk is a big deal.  Operation risk is that risk associated with an organizations activities.  That is a broad term that applies to any organization, but in the defense industry operational risk can also be the risk of human life so its a HUGE part of DIARMF & risk management framework.

Confidentiality, Integrity and Availability in Operational Risk

A big part of operational risk is trusting you people to safeguard the confidentiality, integrity and availability of operational information.

When I was in the military, it meant keeping our mouth shut about missions.  In high profile cases, the media was a huge operational risk because they would try to give away the positions of US Armed services in the middle of a war.  For them its important journalism, for the guy on the ground that kind of operational information is life or death.  In defense, to mitigate operational risk they practice they give the people the least amount of information and privileges they need to do there job.  Because if ONE person knows everything there is a great risk that they will intentionally or accidentally release information that can damage or destroy the operations of the organization by leaking it.  Information leakage is very popular these days, as there is less and less  loyalty and more and more access to all information.

Operational risk is much harder to manage these days.  People are more likely to keep the secrets of something they are stakeholders in than a pumped up since of pride.  I think its because information is so freely available its improbable to promote a one sided view of any conflict or historical perspective.. but perhaps we are getting to sociological and political.

Stakeholders are more interested in hard facts than feel good perspectives of one beliefs.  I think that is why companies like Apple and Google are better at operational risk management than the US government.  But I am sure its also because the US government has an exponentially larger and more critical mission where lives, livelihoods and lifestyle are at stake.  So maybe that is a poor comparison.

Operation Risk vs Profit

Since operational risk does not MAKE profit it is often overlook and ignored by private organizations.  Larger organizations with LOTS of critical data understand the importance of operational risk especially once they see that critical data walk out the door.  When a private organization sees their competition using their exact information due to leaks in confidentiality they realize they must do a little data loss prevention (DLP) which is directly related to Operational risk management.

There are system that are designed to automatically detect data loss such as McAfee Total Protection for Data Loss Prevention.

 

information security specialist

by Leave a Comment

Information Security Specialist is one of the broadest, catch all terms within system security.  Information security specialist is usually the title organizations use when there are so many hats to wear that its a hat store.

The Information Security Specialist Position reminds me of that old In Living Colour Skit “Hey Mon”

And Information Security Specialist is an intrusion analyst, a security analyst, a system analyst, a system security analyst, an information assurance analyst and you document findings!  It seems like a way to get you to do anything they tell you without pinning the position down.

If you want to get an idea of what this job entails you REALLY, REALLY have to read the job description.  The best I can do is tell you what I have done and what I have seen others do while holing this title.

When I was in the USAF I was given title information security specialist and I was an assistant firewall administrator, configured and maintained the base intrusion detection system, wrote the base policy and was acting information system security officer.  So basically, I did everything.

As a contractor, they had me doing system security engineering, information system security officer and Army Information Management Officer (unit help desk guy).

computer network defense

by Leave a Comment

Computer Network Defense is listed in the DoDD 8140, Cyberspace workforce has as a task among the Protect & Defend Category.

Job Description of Computer Network Defense

The actual work of Computer Network Defense covers Protect & defend and Analyze and possibly other categories.  A system security analyst doing CND work is expect to monitor, detect and respond to security incidents on the network.  They need to be familiar with not only information system security tools to monitor network traffic but they must also be able to know what the actual packets look like with certain patterns emerge on the network.  They must be familiar with certain patterns to detect network attacks and be familiar with incident handling.

Tools of Computer Network Defense

System security analyst performing CND work should be able to use a packet sniffer (protocol analyzer) such as wireshark and etherape.  The are also expected to be knowledgeable of certain Intrusion Detection System (such as Snort).  Or they can also have working experience with Intrusion Prevention Systems.  Since there are so many products that do very similar work of IPS, IDS, or packet analyzer knowing one really good and having a little hands on with others is usually ok.  What is important is knowing signature system attacks well enough to detect them when they occur, understanding ports, protocols and services and being intimately familiar with network packets.

8140 cyberpace computer network defense
8140 cyberpace computer network defense

Computer Network Defense Certification

GIAC Certified Intrusion Analysts (GCIAs) – The top of the food chain for security analysts doing pure analyst work.  Highly, highly respect intrusion cert.

GIAC Certified Incident Handler (GCIH) – Help certification to establish yourself.

CISSP – not really relevant or specialized for incident analysis but accepted like a VISA card.

Security+…not so much.. its like bringing a knife to a gun fight.