Welcome back to our series where we interview the thinkers and doers who make innovation happen at Octo. Whether working at our R&D facility oLabs™ or at a customer site, our employees are bringing new ideas and solutions to help Federal Government agencies and organizations solve complicated problems. Today, we feature Senior Business Systems Analyst Rhonda Holmes-Stewart who supports the Naval Sea Systems Command (NAVSEA) SeaPort program. Rhonda has been with Octo for five years and focuses on system security.
Rhonda, thank you for taking the time to discuss the important work you’re doing. How would you describe the tasks you tackle on a daily basis for NAVSEA?
The tasks I tackle vary, but they all revolve around maintaining the security of the SeaPort system. Some days I work with our client and technical team to address and respond to vulnerabilities identified as a result of system scans. Other days I support testing security patches applied to our system or testing our capability to transition and function in an alternate computing environment should there be an event that causes our current environment to be unavailable. Lately, most of my work has involved working through the Department of Defense (DOD) Risk Management Framework (RMF) process with the goal of retaining the SeaPort system’s authorization to operate within a DOD environment. This has entailed working with our data center hosting provider to ensure our servers are configured in a secure manner, reviewing and updating the security categorization of our system, and updating required system security policies and procedures.
What is one project or work challenge you have taken on, and how are you approaching it?
I have taken on reducing our Plan of Actions & Milestones (POA&Ms) by 50%. A POA&M is essentially a record of a security finding and the plans for remediating the finding. To accomplish this, I categorized the POA&Ms based on what type of effort would be required to remediate them. For example, would a POA&M require updating documentation, code development, configuration updates, or all of the above? Once I categorized the POA&Ms, I began to tackle them by prioritizing them based on the level of effort required, starting with those requiring the least amount of effort. It sounds simple, but when you understand the complexity of the system and everything remediation entails, you know that a 50% reduction is a huge undertaking. But it’s needed to ensure security as well as efficacy.
When you think of the word “innovation” in terms of your work, what comes to mind and why?
The technology available to support the RMF process and the security monitoring of systems within the Navy are both examples of serious innovation through the power of automation. I took this technology for granted until I had the opportunity to help out with RMF efforts for a different organization outside of DOD. There, the process was fairly manual, which made it more tedious. That experience certainly gave me a better appreciation for the innovative technology available at the Navy.
Octo’s tagline is “Jump the technology curve.” How do you help the Navy do that?
The SeaPort application provides a secure, automated procurement process that improves processing time and offers users the ability to take advantage of numerous acquisition reform initiatives, including award term contracting and electronic signatures. This was not always available in the past. Also, we use Agile practices to continue to deliver functionality that the users need and that provide value to the customer. I’d say the combination of security, automation, and agility helps our DOD customers jump the technology curve.
What advice would you give to someone just starting out in cybersecurity?
Cybersecurity is an exciting and evolving field. But it can also be intimidating because there are so many different aspects to cybersecurity and so much to learn. It’s great that there are various career options and paths, but it takes time and effort to find your niche. If you’re just starting out, I would recommend visiting cybersecurity career sites like Cyberseek or the National Initiative for Cybersecurity Education (NICE) to explore the different career options and determine areas of interest. Then identify what training is required and available for you to delve into that area. I would also recommend asking tons of questions. Be a sponge and learn as much as you can. Once you are in the field, continue to take advantage of formal training opportunities, webinars, and literature to keep abreast of changes in the cybersecurity arena because things move and change quickly!
Are you seeking a career where innovation and problem-solving take center stage? Have a look at Octo’s Careers page. We’re hiring technologists and support staff at every level, and you’ll work with experts like Rhonda who are committed to making missions happen. Veterans, start your search here.