As a Lead Compliance Analyst for SecureStrux, Heather provides Assessment and Authorization (A&A) for clients within the DoD. She is currently providing Risk Management Framework (RMF) support to KPMG and their clients as part of the Financial Management Overlay Team. The team validates control compliance for financially relevant systems by leveraging both NIST guidance as well as the Federal Information Systems Controls Audit Manual (FISCAM). Heather’s previous experience includes supporting the Joint Service Provider for the Pentagon and as a Security Control Assessor-Representative as well as supporting all steps of the RMF for the United States Patent and Trademark Office. First as a Security Control Assessor and then as a Facilitations Point of Contact. She is well versed in A&A tools such as eMASS and CSAM.
Heather graduated from the University of Maryland University College with a Master’s degree in Cybersecurity. She currently holds a Security + certification from CompTIA as well as the Certified Authorization Professional certification (CAP) from (ISC)2. Heather is currently studying for the Certified Information Systems Security Professional (CISSP) certification from (ISC)2.
Prior to starting her Cybersecurity career, Heather served over six years in the United States Army as a Combat Medic/Healthcare Specialist.