Cyber Security Compliance and IT Jobs
We talk about the Cybersecurity IT Job Market and the impact of Covid-19. We also breakdown the differences between Risk Management Framework and Risk Assessment
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS
check out the Cyber Security & IT Resume course:
https://securitycompliance.thinkific.com/courses/resume-marketing-for-cyber-security-it
Coupon code: resumefeb2020
50% off (expires 29 Feb 2020)
check out the remote work course:
https://securitycompliance.thinkific.com/courses/find-it-remote-work
Check out the job:
Job Title: Cybersecurity Risk Management Framework SME
Location: #RemoteJob (#WorkfromHome)
Duration: 12 Months (Contract-to-Hire)
Job Description:
Active Secret Clearance Required
· KBRwyle is seeking candidates with Risk Management Framework (#RMF) experience to join a team of experienced RMF professionals that supports the Defense Health Agency (DHA).
Position Description:
· Primary responsibility is to perform tasks related to Assessment & Authorization (A&A) and cybersecurity under the Defense Health Agency (DHA) to obtain and maintain Authorizations to Operate (ATOs) for assigned DoD medical systems (i.e., applications, networks, devices). This position will be a part of a team developing recommended courses of action needed to transition current policies and procedures to the DHA RMF-approved processes.
Primary Responsibilities:
· Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge
· Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities
· Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs
· Actively participate in working group meetings to identify, plan, and execute strategies in response to emerging cybersecurity/RMF policies
· Attend and participate in regular A&A status meetings to facilitate progress and address potential issues of RMF system efforts
· Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
Day-to-day tasks are contingent on related experience and assigned role, and may include the following:
· Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
· Assess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
· Produce evidence as necessary to support compliance status of NIST, DoD, and DHA security requirements
· Work with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides
Minimum Qualifications:
· BS degree and six (6) years of experience with Cybersecurity / Information Technology, or twelve (12) years of hands-on experience with Cybersecurity / Information Technology
· Demonstrated efficiency and experience in one or more of the following areas:
· RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, system/site policies, procedures, and processes, architecture diagrams, and hardware and software inventories
· Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS)
· DISA STIGs/SRGs validation
· NIST 800-53 control validation
· Continuous Monitoring and Risk Scoring (CMRS)
· RMF policy development and strategy implementation
· BIOMED experience (former technician, physician, engineer, etc.) installing, testing, using, maintaining, designing, and/or modifying medical equipment and applications
· Demonstrated experience with Risk Management Framework (experience under DHA a plus)
· Excellent customer service and organization skills
· Excellent oral and written communication skills
· Familiarity with NIST publications
· Active DoD Secret security clearance
· DoD 8570-compliant (CompTIA Security+ certified)
· Ability to obtain OS certification or complete approved related training within 180 days of hire
· Ability to travel up to 25-35%
· Experience with eMASS
360 Mt. Kemble Avenue, Suite 2000 | Morristown, NJ 07960
Office: 973.507.7582 | Fax: 973.998.2599
siddartha.s@artech.com | www.artech.com
NIST SP 800-53, Revision 5 Security Controls for Information Systems and Organizations – 1 overview
To download the slide go to:
https://securitycompliance.thinkific.com
NIST Special Publication 800-53, Revision 5
Security and Privacy Controls
Final Public Draft: October 2018
Final Publication: December 2018
Source: https://csrc.nist.gov/projects/risk-m…
NIST Special Publication 800-53A, Revision 5
Assessment Procedures for Security and Privacy Controls
Initial Public Draft: March 2019
Final Public Draft: June 2019
Final Publication: September 2019
There are 6 major objectives for this update—
-Making the security and privacy controls more outcome-based by changing the structure of the controls;
-Fully integrating the privacy controls into the security control catalog creating a consolidated and unified set of controls for information systems and organizations
-Separating the control selection process from the actual controls: systems engineers, software developers, enterprise architects; and mission/business owners
-Promoting integration with different risk management and cybersecurity approaches and lexicons, including the Cybersecurity Framework
-Clarifying the relationship between security and privacy to improve the selection of controls necessary to address the full scope of security and privacy risks
Check out my FREE courses at: https://securitycompliance.thinkific.com
In this video we read some of your questions about getting IT Security Jobs.
masaki23joe
“I have a B.A in Telecommunications, would this work for this career field.” see the answer at 00:00:45
shawn 08
“Hey Bruce I got my security + and cap. What do you suggest on how to get into the risk management/ security auditing field when someone doesn’t have any experience? I do have 7 years experience in desktop support and data center monitoring just want to try a different field but not sure how to go about this.”
answer at 00:02:53
David petrell
“What training is need to get into the security field? I have a BS in information security and working a MS in Cybersecurity and working on getting my CEH cert. What are ways that I can get into the security field as I don’t have any security experience and most jobs postings are wanting at least 4 to 5 years of experience”
answer at 00:06:26
NIST 800 37 Revision 2 Risk Management Framework for Information Systems and Organizations A System
Download the presentation in this Video & Learn more here:
http://securitycompliance.thinktific.com
This is an overview of NIST 800-37 Revision 2. I discuss the changes, the sources and Cybersecurity Framework.
NIST Special Publication 800-37, Revision 2
Risk Management Framework for Security and Privacy
Initial Public Draft: May 2018
Final Public Draft: July 2018
Final Publication: October 2018
NIST 37-800 Rev 2:
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf
Executive Order:
https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/
OMB:
https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2017/M-17-25.pdf
Cybersecurity Framework:
https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
NIST SP 800-53 (Revision 5):
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft
Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination