David Alston

CISSP, CIPP

Ft. Washington, MD, United States

Details

Education: Computer Science

University of Maryland Eastern Shore

1994 : 1998

Experience: • Advise CareFirst BlueCross BlueShield Information Security on developing an enterprise data protection framework by providing project and technical guidance on the implementation of data protection and data loss prevention (DLP) initiatives.

• Lead project planning, design/deploy data access controls consisting of defining sensitive data criteria, scanning file systems, developing custom workflows and reporting, and access restriction.

• Develop data protection solutions and controls, such as data access governance, data classification, data discovery, DLP, and information rights management (IRM) that align with CareFirst business, technology, and regulatory drivers.

• Formalize and update security procedures and technical standards related to data protection guidelines (i.e., data classification, secure data transmission, and encryption) in accordance with HIPAA, FIPS, NIST security/privacy standards.

2021 : Present

DISYS

Information Security Engineer

• Led projects related to risk assessments of internal technology processes, current and emerging risks, and evaluation of design and implementation of existing and target state controls.

• Provided guidance and recommendations regarding existing and target state on-premise and cloud-based technology solutions.

• Advised management and technology stakeholders on risk-related matters to technology programs and activities, including documenting and evaluating IT processes, risks, and controls.

• Assisted security and infrastructure teams with establishing and adhering to new and existing technology processes, procedures, and standards.

2019 : 2021

Freddie Mac

IT Risk Management

• Evaluated Nessus compliance and vulnerability scan findings for AWS cloud-hosted applications; coordinated with stakeholders to address and remediate vulnerability scan findings.

• Acted as the point of contact between IT project teams throughout the security assessment lifecycle, including organizing security assessment-related artifacts, developing, and maintaining system security documentation, reviewing results of the security assessment.

• Coordinated with system stakeholders to remediate Corrective Actions and Plan of Action and Milestones (POA&Ms) of security vulnerabilities, and weaknesses identified through vulnerability scans and/or security assessments.

2019 : 2019

Electrosoft

Senior Cyber Security Analyst

• Trusted risk advisor to Fannie Mae management on matters related to technology and information security programs and activities.

• Executed risk assessments related to subsets of internal technology and information security processes, including assessing design, effectiveness, and implementation of existing and target state control environments.

• Implemented IT/security dashboards and metrics (e.g., Key Risk Indicators, Key Performance Indicators) for cyber/information security and technology processes, platforms, and applications.

• Assisted stakeholders with identifying and evaluating existing and emerging risks and corresponding technology and security controls.

• Addressed IT and Cybersecurity risk events which caused an adverse impact on the availability or quality of IT/security related services, such as performing root cause analyses, specifying reputational, financial, or technical impact, identifying control gaps, and corrective actions.

2016 : 2018

Fannie Mae

Senior IT Risk Advisor

• Privacy Engineering Subject Matter Expert (SME) assigned to the TSA Secure Flight program.

• Ensured compliance with privacy controls and data governance requirements, including internal directives, Privacy Impact Assessments, System of Record Notices (SORNs), data retention schedules, and uses of data throughout the Data Lifecycle.

• Reviewed internal documents to identify Personally Identifiable Information (PII) and Sensitive Security Information (SSI).

• Analyzed formal information sharing agreements, e.g., Memorandums of Understanding (MOUs), regarding shared data elements, information sharing purposes, and retention periods.

2013 : 2016

CSRA Inc

Senior Cyber Security Engineer / Privacy Engineer

Company: DISYS

Years of Experience: 13

Skills Agile Project Management, CISSP, Cloud Computing, Communication, Computer Security, Cybersecurity, Cyber Security, Data Privacy, Data Protection, Disaster Recovery, DLP, Enterprise Architecture, Enterprise Software, Federal Information Security Management Act (FISMA), FISMA, Information Assurance, Information Privacy, Information Security, Information Security Management, Information Security Risk Management, Infrastructure, IT Risk Management, Networking, Network Security, NIST, Risk Management, SDLC, Security, Security Engineering, Security Evaluations, Servers, Software Documentation, System Administration, System Architecture, Vulnerability Management, Windows Server

About A results-driven Cyber Security professional with over 20 years of combined experience in Information Security / Data Privacy and Protection / Governance, Risk and Compliance / IT Infrastructure / Systems Engineering and Architecture with extensive knowledge of cloud service models, technical and data safeguards. and regulatory compliance e.g., HIPAA, NIST Cybersecurity/Privacy Framework & Risk Management Framework, Fair Information Practice Principles. Proven success in relationship-building and coordination with management-level business partners.