David Alston
Education:
Computer Science
University of Maryland Eastern Shore
1994 : 1998
Experience:
• Advise CareFirst BlueCross BlueShield Information Security on developing an enterprise data protection framework by providing project and technical guidance on the implementation of data protection and data loss prevention (DLP) initiatives.
• Lead project planning, design/deploy data access controls consisting of defining sensitive data criteria, scanning file systems, developing custom workflows and reporting, and access restriction.
• Develop data protection solutions and controls, such as data access governance, data classification, data discovery, DLP, and information rights management (IRM) that align with CareFirst business, technology, and regulatory drivers.
• Formalize and update security procedures and technical standards related to data protection guidelines (i.e., data classification, secure data transmission, and encryption) in accordance with HIPAA, FIPS, NIST security/privacy standards.
2021 : Present
DISYS
Information Security Engineer
• Led projects related to risk assessments of internal technology processes, current and emerging risks, and evaluation of design and implementation of existing and target state controls.
• Provided guidance and recommendations regarding existing and target state on-premise and cloud-based technology solutions.
• Advised management and technology stakeholders on risk-related matters to technology programs and activities, including documenting and evaluating IT processes, risks, and controls.
• Assisted security and infrastructure teams with establishing and adhering to new and existing technology processes, procedures, and standards.
2019 : 2021
Freddie Mac
IT Risk Management
• Evaluated Nessus compliance and vulnerability scan findings for AWS cloud-hosted applications; coordinated with stakeholders to address and remediate vulnerability scan findings.
• Acted as the point of contact between IT project teams throughout the security assessment lifecycle, including organizing security assessment-related artifacts, developing, and maintaining system security documentation, reviewing results of the security assessment.
• Coordinated with system stakeholders to remediate Corrective Actions and Plan of Action and Milestones (POA&Ms) of security vulnerabilities, and weaknesses identified through vulnerability scans and/or security assessments.
2019 : 2019
Electrosoft
Senior Cyber Security Analyst
• Trusted risk advisor to Fannie Mae management on matters related to technology and information security programs and activities.
• Executed risk assessments related to subsets of internal technology and information security processes, including assessing design, effectiveness, and implementation of existing and target state control environments.
• Implemented IT/security dashboards and metrics (e.g., Key Risk Indicators, Key Performance Indicators) for cyber/information security and technology processes, platforms, and applications.
• Assisted stakeholders with identifying and evaluating existing and emerging risks and corresponding technology and security controls.
• Addressed IT and Cybersecurity risk events which caused an adverse impact on the availability or quality of IT/security related services, such as performing root cause analyses, specifying reputational, financial, or technical impact, identifying control gaps, and corrective actions.
2016 : 2018
Fannie Mae
Senior IT Risk Advisor
• Privacy Engineering Subject Matter Expert (SME) assigned to the TSA Secure Flight program.
• Ensured compliance with privacy controls and data governance requirements, including internal directives, Privacy Impact Assessments, System of Record Notices (SORNs), data retention schedules, and uses of data throughout the Data Lifecycle.
• Reviewed internal documents to identify Personally Identifiable Information (PII) and Sensitive Security Information (SSI).
• Analyzed formal information sharing agreements, e.g., Memorandums of Understanding (MOUs), regarding shared data elements, information sharing purposes, and retention periods.
2013 : 2016
CSRA Inc
Senior Cyber Security Engineer / Privacy Engineer
Company: DISYS
Years of Experience: 13