Meet ISC2 Instructor Alan Belshaw

Alan Belshaw, CISSP, CGRC, CSSLP, CCSP

Senior Cloud Security Architect (2022 to Present). Design, documentation and threat model development of multi-service virtual system. Implementation and assessment of cloud focused security and privacy controls to meet RMF compliance mandates. Developed multi-cloud infrastructure (Nutanix) for implementation of Elasticsearch, Logstash, Kibana (ELK) Server for system-wide logging, and Windows Server Update Services (WSUS) server for system-wide updates. Work with customer to develop and staff new business opportunities. Senior IT Systems Engineer (2021 to 2022). Continuous Integration and Continuous Delivery and Deployment (CI/CD) and DevSecOps development using Ansible, Python, PowerShell, Kerberos and Docker. Technical lead working with NSA Commercial Solutions for Classified (CSfC) and Navy virtual environments and Navy Cross Domain Security Office (CDSO) teams to certify cross domain solution. Senior Vulnerability Management Engineer (2019 to 2021). Technical lead on design and implementation of vulnerability scanning and patch management solution using Tenable scanning tool and Tanium endpoint management tool. Senior Risk Management Framework Engineer (2014 to 2019). Developed a software assurance (SwA) as a service capability for Navy programs. Executed the RMF process and prepared security documentation for Systems Engineering Technical Reviews. Provided subject matter expertise in software assurance, STIG compliance, NIST controls and secure system engineering documentation and processes. Performed cyber-risk assessments, including researching system and application threats and attack vectors and developing attack surface analysis and threat models for mitigation path definition. Senior Software Assurance and Security Testing Lead (2009 to 2014). Team lead for software assurance program to interface between system engineering and software development. Implemented Fortify software scanning server and worked with developers to mitigate findings. Implemented Ansible scripts on Jenkins server to verify and update STIG settings and run Fortify scans on code. Cybersecurity lead on configuration review and change management teams. Developed threat model and attack surface analysis model to perform risk assessments. Information Security Risk Manager (2004 to 2009). Assessed, identified, and managed information security risks, and designed and implemented appropriate security capabilities, business and technical processes, and security policies and procedures.

Conducted security assessments and audits for differing standard requirements and assessed security risks. Created and implemented information security plans and procedures to reduce the overall risk, and managed security incidents, awareness, training, and communication programs. Developed and reported metrics to determine the effectiveness of the information security program. Information Security Engineer (1998 to 2004). Designed and implement security solutions including McAfee Foundstone FS1000 appliance, Checkpoint firewalls, McAfee Intrushield IDS/IPS, EnCase forensic software, Symantec Anti-Virus solutions and others. Network Engineeer (1996 to 1998). Implemented and supported a network of Cisco routers and switches for connectivity with Windows, Solaris and Linux servers and desktop systems Windows Systems Administrator (1994 to 1996). Designed and implement security solutions including McAfee Foundstone FS1000 appliance, Checkpoint firewalls, McAfee Intrushield IDS/IPS, EnCase forensic software, Symantec Anti-Virus solutions and others. Network Engineeer (1996 to 1998). Implemented and supported a network of Cisco routers and switches for connectivity with Windows, Solaris and Linux servers and desktop systems Windows Systems Administrator (1994 to 1996). Designed and implement Windows NT4.0, Microsoft Exchange email and Citrix Winframe systems. Installed and supported on-site Windows 95/98, NT4.0, Novell, Macintosh and UNIX operating Systems. Software Developer Various Companies (1990 to 1994). Designed and coded software applications in C, C++, Modula-2 and Pascal.