Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Rachel Hosterman

Sierra Vista

Summary

With over a decade of experience in utilizing emerging VMware and Azure cloud technologies, motivated and dedicated information technology professional. Specializes in conducting cybersecurity assessments and effectively managing threats. Excels at identifying cyber threats and mitigating risks to ensure the security of organizations postures in the face of the evolving digital landscape. Committed to advancing cybersecurity practices, contributing to collective knowledge, and safeguarding the integrity of digital infrastructures. Extensive experience in cybersecurity risk management solutions, successfully supporting critical operations for globally distributed Department of Defense (DoD) mission partners and private businesses.

Overview

12
12
years of professional experience
1
1
Certification

Work History

IT Cybersecurity Specialist (INFOSEC)

Federal Employee DoD at DCMA/DIBCAC
02.2025 - Current
  • Lead assessor performs DMCA / DIBCAC cybersecurity assessments for IT contractor compliance in NIST SP-800-53, NIST SP-800-171, DFARS clauses, DOD standards, and DCMA guidance
  • Responsible for implementing RMF, SIEM solutions, and Cyber Risk Quantification (CRQ) for asset acquisitions (DFARS 204.7304), threat-analysis and Security Control Assessor – Validations (SCA-V)
  • Evaluates the acquisition processes and procedures used to store, retrieve, transport, and dispose of assets to determine IT contactors compliance with NIST cybersecurity requirements

Cybersecurity Engineer

Empower.AI
10.2022 - 02.2025
  • Led cybersecurity team into risk management integration by implementing threat intelligence into incident handling procedures, enabling faster threat detection / prevention, vulnerability containment, and remediation of security incidents as part of RMF
  • Responsible for implementing RMF, SIEM solutions, and Cyber Risk Quantification (CRQ) for asset acquisitions (DFARS 204.7304), threat-analysis and Security Control Assessor – Validations (SCA-V)
  • Led as primary Cybersecurity Assessor, Strategist, and Risk Management professional while conducting cybersecurity compliance evaluations of customer networks, hardware, and software to include AWS Cloud, VMware Cloud, Azure, Windows, Citrix, Linux, and Mac machines
  • Responsible for renewal of Security Assessment and Authorization (ATO) process for the Enterprise Energy Data Reporting Systems (EEDRS), Supervisory Control and Data Acquisition (SCADA) systems, and Commercial Off-The-Shelf (COTS) technology baselines which include but are not limited to:
  • Implemented threat analysis and security testing of miscellaneous configurations for proper hardening of desktops, routers, switches, firewalls and virtual systems which included VMware, Windows, Linux, MAC servers, and Intrusion Detection & Prevention System (IDS/IPS), etc
  • Led technical engineering and cybersecurity efforts on a multi-million-dollar task in support of Industrial Control Systems (ICS) / Utility Monitoring and Control Systems (UMCS) lab development and deployment for the Army
  • Managed RMF ATO package via eMASS by developing and maintaining Plan of Action and Milestones (POA&M’s) that identified and tracked security vulnerabilities of systems affected, and the steps needed to remediate or mitigate the identified risk
  • Performed on-site security validations SCA-V’s that included but not limited to:
  • Led cybersecurity CRQ testing and threat evaluations of Windows, Linux, and Mac systems for CIS, CSF standards and NIST SP-800 series (NIST SP 800-37 | NIST SP 800-53 | NIST SP 800-61)
  • Knowledgeable in Security Operations Center (SOC) threat hunting, threat modeling, and risk analysis
  • I interviewed the organization’s staff and collection of supporting evidence on-site to conduct a more accurate Risk Management assessment and wrote a Risk Assessment Report (RAR) and Recommendation memorandum
  • Identified organizational risks and areas of non-compliance with security controls
  • Additionally, advised and proposed fixes with mitigation strategies POAM’s for security vulnerabilities
  • Managed ATO package renewal in accordance with SIEM solutions, NIST, and DFAR’s compliance standards across SOC, Cybersecurity team, Governance Risk & Compliance (GRC) team and various cross-functional teams for establishing organizational RMF
  • Conducted threat management and analysis of a wide array of virtualized cloud systems and devices for STIG compliance using endpoint and SIEM security tools by configuring rules for real-time event alerts
  • Security tools include Assured Compliance Assessment Solution (ACAS), Tenable SC, CrowdStrike, RunZero, Splunk, DISA SCC, McAfee / Trellix and STIG Viewer
  • Created and maintained Standard Operating Procedure’s (SOP’s), Security Implementation Guide’s (SCG’s), and System Support Plan’s (SSP’s) for industry with latest approved Change Control Board (CCB) requests

VMware & Azure Cloud Security Engineer

Prime Technical Services
11.2021 - 09.2022
  • Led cyber risk analysis, evaluations, and management of Army & Navy cloud systems (to include VMware virtualized cloud platforms, Windows, Linux, and Mac Virtual Machines (VMs) as outlined in NIST SP 800 series, NIST SP 800-37, NIST SP 800-53, NIST SP 800-61, and SOC 1 & 2 standards
  • Managed Navy’s VMware Cloud infrastructure consisting of numerous VMware vCenters and storage networks consisting of NetApp and Cisco Unified Communication System Managers (UCSMs) for enterprise Domain Controllers’ (DC) supporting hundreds of ESXi hypervisors hosting thousands of VMs running a multitude of OS's including Citrix Virtual Jump Boxes, Microsoft Windows 2008 | 2008 R2 | 2012 | 2012 R2 | 2016 | 2019, Red Hat Enterprise Linux (RHEL) machines, and Citrix servers
  • Created Navy Marine Corps Intranet (NMCI) systems policies and Standard Operating Procedure’s (SOP’s), Security Implementation Guide’s (SCG’s), and System Support Plan’s (SSP’s) for industry customers, team, and government understanding of deficiencies, threats, and future adversarial opportunities with the cyber domain
  • Evaluated a wide array of virtualized cloud systems and devices for STIG compliance using endpoint security tools and configuring rules for real-time alerting in SIEM tool for events (Assured Compliance Assessment Solution (ACAS), Tenable SC, CrowdStrike, DISA SCC, McAfee / Trellix and STIG Viewer) and manually applied hardening configurations
  • Hardened systems include Windows, Linux, and MAC servers, desktops, routers, switches, firewalls, Intrusion Detection & Prevention System (IDS/IPS), jump boxes, etc
  • Utilized advanced threat finding techniques and tools (Tenable SC, CrowdStrike Falcon, Run Zero, Splunk, Microsoft PowerShell, Windows Batch, Linux Bash scripting) to identify and analyze threat intelligence data, identify potential vulnerabilities
  • Accordingly, crafted strategic mitigation plans to include manual or automated patching, software upgrades, and/or decommissioning efforts
  • Experienced in deploying, managing, and upgrading VMware cloud systems including vCSA, vRA, vROPS, Lifecycle Manager, Log Insight, and Workspace ONE
  • Supported DoD policies, regulations, and STIGs by proactively deploying software, firmware, application upgrades, and installations to patch, fix, and remediate IT security findings in accordance with NIST SP 800 series
  • Implemented the development of a Plan of Action and Milestones (POA&M) that identified and tracked the vulnerabilities of systems affected and the steps needed to remediate or mitigate the identified risk
  • Experienced in working with Agile teams in a Scaled Agile Framework (SAFe) environment
  • Utilized Agile tools and software, such as Jira and Confluence to track project development, security implementation, and customer satisfaction

VMware & Azure Cloud System Administrator

Information Systems Solutions
03.2018 - 11.2021
  • Managed Army’s cloud infrastructure of multiple VMware & Azure cloud platforms consisting of hundreds of vCenter's with cloud-based storage consisting of Hewlett-Packer Service Manager (HPSMs), NetApp, and UCSMs for enterprise-wide Data Center’s (DC's) hosting hundreds of ESXi’s hosting thousands of VMs running various virtual cloud OSs including all flavors of Microsoft Windows, Azure, and RHEL systems
  • Evaluated Army's virtualized cloud infrastructure and physical devices for STIG compliance using endpoint security tools (ACAS, Tenable SC, DISA SCC, and STIG Viewer checker) and manually/automatically responsible for implementing hardening configurations
  • Hardened systems included VMware, Azure, Linux, and Mac servers, desktops, routers, switches, firewalls, IDS, jump boxes, and IoT devices
  • Conducted AR 25-2 cyber risk assessments and threat management responsibilities of Windows, Linux, and Mac virtual cloud machines for AR 25-2, NIST SP 800-37, NIST SP 800-53, NIST SP 800-61, NIST SP 800-171, and SOC 1 & 2 standards
  • Applied fixes to identified vulnerabilities on systems by automating the implementation of patching and software upgrades via PowerShell scripts to virtualized cloud infrastructure
  • Responsible for implementing DoD policies, regulations, and STIGs compliance by proactively deploying software, firmware, application upgrades, and installations to patch, fix, and remediate IT security findings
  • In addition, created Standard Operating Procedure’s (SOP’s), Security Implementation Guide’s (SCG’s), and System Support Plan’s (SSP’s) for industry compliance
  • Experienced in deploying, managing, and upgrading VMware & Azure cloud supported IT systems including vCSA, vRA, vROps, Lifecycle Manager, Log Insight, and Citrix
  • Maintained and upgraded data centers, both physical and virtual via software applications such as NetApp, UCSM, and HPSM
  • Managed information security implications as outlined by AR 25-2 in Army’s Global Enterprise Fabric (GEF) organization, program, and other areas of responsibility to include strategic, personnel, cloud infrastructure, security requirements, policy enforcement, emergency planning, and security awareness
  • Utilized Remedy IT Service Manager (ITSM) tools and software to track project development, security fixes, and customer satisfaction in an Information Technology Infrastructure Library (ITIL) framework environment

Software & Application Test Analyst / Network Security Integrator

Avaya Government Solutions
10.2014 - 02.2018
  • Led the integration and deployment of Avaya Unified Communication software and hardware products for test and evaluation services to meet DISA APL capability requirements
  • Conducted APL interoperability testing of software’s, applications, and networks across multivendor Unified Communication system environment at JITC (GNTF lab)
  • Demonstrated expertise in computer system protocol analysis, computer operations, data base structuring and management
  • Installed and managed network platforms for the specific beta-testing of Avaya UC and VoIP software’s and application
  • Provided technical support for multiple Avaya software and applications for DoD and commercial environments
  • Managed the integration of Avaya software’s and applications in different cloud networking environments (AWS, Google Cloud, VMware & Azure Cloud, Local Area Networks (LANs), Wide Area Networks (WANs), Virtual Private Networks (VPNs), etc.) for the purposes of STIG UC / VoIP collaboration testing of vendors such as Cisco, Intel, Microsoft, Nippon Electric Company (NEC), GENBAND, REDCOM, and Avaya
  • Created daily, weekly, and monthly Standard Operating Procedure’s (SOP’s), Security Implementation Guide’s (SCG’s), and System Support Plan’s (SSP’s) for industry customers, team, and government that outlines the current cyber threat information on adversarial capabilities, tactics, and techniques that could harm critical vulnerable assets
  • Evaluated vendor devices for interoperability and STIG compliance using SIEM tools (ACAS, Tenable SC, DISA SCC, Wireshark and STIG Viewer) and manually or automatically applied hardening configurations
  • Hardened systems included VMware, Azure, Citrix, Windows, Linux, and Mac servers, desktops, routers, switches, firewalls, IDS, jump boxes, and IoT devices
  • Experienced in ISSO hosted systems in AR 25-2, NIST SP 800-37, NIST SP 800-53, NIST SP 800-61, NIST SP 800-171, and SOC 1 & 2 standards for FedRAMP cloud environment for threat hunting, threat modeling and analysis

AESS - Service Desk Specialist

Information Innovators Inc.
08.2013 - 09.2014
  • Responsible for supporting Army Endpoint Security System (AESS) 24x7x365 Platform-as-a-service (PaaS) model to deliver real-time situational awareness on a global basis for secure problem management, call management, and customer service requests
  • Provided Army enterprise customers with McAfee Enterprise’s most advanced endpoint security technologies, analytics, expertise, and process integrations, resulting in stronger cyber protection, detection, and response
  • Utilized ITIL processes of Service Transition and Service Operations for on-boarding processes of new AESD customers
  • Handled Remedy ITSM suite in IT service management to streamline and automate Tier 0 to Tier 1 security incident management
  • Responsible for providing Army Enterprise Service Desk (AESD) customers with network troubleshooting expertise, continuous security monitoring, and operational analysis of AESD services
  • Resolved AESD customer requests and/or provided proper escalation of inquiries to appropriate technical teams for secure, accurate and reliable resolution

Education

Bachelor of Science - Business Management

Rocky Mountain College
Billings, MT
01.2012

Skills

  • Cybersecurity analysis
  • Network security
  • Threat detection
  • Incident response
  • Security protocols
  • Data protection
  • Intrusion prevention
  • Firewall management
  • Compliance standards
  • Encryption techniques
  • Penetration testing
  • Security monitoring
  • System hardening
  • Endpoint protection

Certification

  • Active Secret Clearance
  • CompTIA CASP+ Certified
  • Infosec Certified SCADA Security Architect
  • ISC2 Certified in Cybersecurity
  • CompTIA Security+ CE
  • (ITIL) v3 Certified

Timeline

IT Cybersecurity Specialist (INFOSEC)

Federal Employee DoD at DCMA/DIBCAC
02.2025 - Current

Cybersecurity Engineer

Empower.AI
10.2022 - 02.2025

VMware & Azure Cloud Security Engineer

Prime Technical Services
11.2021 - 09.2022

VMware & Azure Cloud System Administrator

Information Systems Solutions
03.2018 - 11.2021

Software & Application Test Analyst / Network Security Integrator

Avaya Government Solutions
10.2014 - 02.2018

AESS - Service Desk Specialist

Information Innovators Inc.
08.2013 - 09.2014

Bachelor of Science - Business Management

Rocky Mountain College

Similar Profiles

  • Tamikia Ahomed

    Tamikia AhomedTamikia Ahomed

    Project Office / Exec. Assist to AD at ASRC Federal/ Army DoDProject Office / Exec. Assist to AD at ASRC Federal/ Army DoD

    View Profile
  • Darrell Wilson

    Darrell WilsonDarrell Wilson

    Program Information System Security Manger (PISSM) at DOA Federal EmployeeProgram Information System Security Manger (PISSM) at DOA Federal Employee

    View Profile
  • Sarah Caldwell

    Sarah CaldwellSarah Caldwell

    Business Operations Analyst at GEHA - Federal Employee Healthcare BenefitsBusiness Operations Analyst at GEHA - Federal Employee Healthcare Benefits

    View Profile
Rachel Hosterman