Anwar Shahid CISSP, SSCP, CHFI, CDPSE,  ITIL, DOD Secret Clearance

I am a Secret cleared Department of Defense Certified Information Systems Security Professional (CISSP) with over 17 years of experience. I also hold a B.S in Computer Information Systems. Experience includes performing Cloud Assessments, Application Assessments, Medical Systems Assessments and Network Assessments per the Risk Management Framework, NIST 800-53. Providing cybersecurity subject matter expert managing information systems security engineering for cloud, networks and applications. Experience also includes information security governance, risk management of an enterprise network, managing network operations in a 24/7/365 environment. Computer Network Defense Services Providers (CNDSP), Cybersecurity Service Provider (CSSP) operations customer support. Expertise in information assurance, Certification and Accreditation(C&A), DoD Information Assurance Certification and Accreditation (DIACAP) and Risk Management Framework (RMF) Assessment & Authorization (A&A) garnishing an Authorization to Operate (ATO).


Cloud Assessments 

Performed assesessments on Azure AWS and Google Cloud (IaaS, PaaS and SaaS) as an Information Systems Security Engineer responsible for conducting information system security engineering activities.
Captured and refined information security requirements and ensure they are effectively integrated into the
environment through purposeful security architecting, design, development and configuration.
Traced security controls (which are high‐level cybersecurity capability needs), with the Cyber team members working NIST 800-53 Risk Management Framework, to the actual system security requirements documented in the acquisition process.

Application Assessments 

Provided independent audit and review of the RMF and ISSM professionals Authorization and Assessment packages representing the security posture of DOD developmental and production Logistical systems. 
Developed Security Assessment Report (SAR) assessing risk of DoD systems in terms of Confidentiality, Integrity and Availability provided to the Authorization Official (AO) in accordance with (IAW) NIST SP 800-30 Guide for Conducting Risk Assessments.

Medical Systems Assessments 

Performed complete system-level risk assessments of all existing DIACAP/RMF/NIST 800-53 documentation to identify gaps in Information Assurance objectives and security compliance and update as necessary for DIACAP/RMF/NIST 800-53 compliance for medical systems. Performed Risk Assessments that included Privacy Impact Asssessments (PIA) as well to demostrate the securing of importain Health Privacy information. 

Also have performed Risk Managment Framework NIST 800-53 Civil Engineering and Network Assessments.