Summary of Qualifications
Twenty-five years experience in Information Assurance and Information Technology. His recent work includes Sr. Security Analyst, Systems Security Engineer, ISSO, Integration and Test Engineer, Systems Deployment, UNIX and Windows System Administration, Database Administration, Life Cycle Support, and Software Design and Development. His most recent experiences include working as a SR. Security Analyst responsible for several FISMA systems to include POA&M management and ATO submissions. He has performed Certification and Accreditation (C&A) of Center for Medicare and Medicaid Services (CMS) and Department of Defense (DoD) systems. He has worked as an Information System Security Officer (ISSO) as well as completed System Integration and Test and System deployments and upgrades. Mr. Spunt has completed his CISSP certification.
Sr. Security Analyst
- Manage the Plans of Actions and Milestones (POA&M) for assigned systems and coordinate with system developers, infrastructure teams and test engineers to resolve and close all open findings.
- Working with an independent auditor, conduct annual and periodic Security Controls Assessments (SCA). Ensure preparation of all documentation, coordinate testing activities, and produce necessary documents and CFACTS updates to maintain and renew Authority to Operate approvals.
- Evaluate and document all FISMA controls and weaknesses based on the CMS Acceptable Risk Standards (ARS) and NIST guidelines.
- Assist operational engineering teams to evaluate risks and provide recommendations and implementation strategies to help mitigate weaknesses.
- Ensure the complete and accurate annual attestation of all CMS HCQIS FISMA systems.
System Security Engineer
- Wrote and executed validation test scripts for a new Identity and Access Management (IAM) system.
- Performed annual FISMA IV&V testing of stand-a-alone and network systems, including the network infrastructure.
- Performed IV&V testing of a new web-based data collection system for the Department of Energy.
Staff Systems Engineer
- IA Engineer for the development of three subsystems and the integration of the overall System.
- Responsible for the C&A of the deployed systems and the ITF.
- Wrote C&A documents for the customer accreditors to include the System Security Plan (SSP), Security Concept of Operations (CONOPS), Trusted Facility Manual (TFM), Security Features User Guide (SFUG), and the Security Requirements Traceability Matrix (SRTM).
- ISSO for all the deployed systems.
- Lead engineer for the deployment of two major subsystems.
Staff Systems Engineer
- Developed DT&E and OAT&E plans for new and upgraded system deployments
- Developed and provided Operator and System Admin Training for a new data collection system.
- Performed the CONUS and OCONUS installation and test of new products.
- Trained in the NISCAP process and functioned as the Division ISSO.
- Performed UNIX and Sybase database administration.
- UNIX and PC Systems Administrator responsible for the security and life cycle support of the AEDIS On-Line Drawing and Document library.
- Provided PC-based life-cycle support for the HST LAN Help desk.
- Responsible for all deployments, installations, DT&E and life cycle support for a suite of five client/server UNIX based Collection Mission Management applications
- Installed and maintained Sybase Database and Sybase Database Replication products.