George Naih Email & Phone Number

Mechanicsville, Virginia, United States

• Spearheads RMF processes, ensuring systems achieve and maintain Authorization to Operate (ATO) through rigorous control implementation and documentation using eMASS.
• Conduct in-depth vulnerability assessments to identify risks and mitigation strategies across systems.
• Develop and maintain RMF documents, including System Security Plans (SSP), Risk Assessment Reports (RAR), and Plans of Action and Milestones (POA&M).
• Evaluate system compliance with NIST 800-53 controls, DISA STIGs, and SRGs; ensure adherence to DoD security guidelines.
• Perform continuous monitoring of systems, analyzing vulnerability scan results (e.g., Nessus), and coordinating remediation efforts with system administrators.
• Serve as the subject matter expert (SME) for risk management, guiding teams through compliance reviews and technical security configurations.

Bowie, Maryland, United States

• Supported the ISSM and PMO to achieve ATO by creating and updating critical artifacts like SSP, POA&Ms, Risk Assessments, and Contingency Plans.
• Performed security control assessments aligned with NIST 800-53 standards to identify operational and technical vulnerabilities.
• Monitored security control compliance using CSAM, maintaining real-time documentation of systems.
• Led FISMA-compliant assessments, ensuring systems met federal security mandates through continuous monitoring.
• Conducted comprehensive gap analysis of security controls, identifying weaknesses and tracking resolutions.
• Performed full Authorization to Operate (ATO) processes for on-prem and cloud systems.

• Conducted continuous security monitoring, leveraging tools like Nessus, SIEM, and IDS to identify and resolve potential threats.
• Performed vulnerability management, including system scans, security patching, and remediation tasks.
• Led incident response activities, diagnosing and escalating security events for investigation and resolution.
• Developed Security Assessment Plans (SAPs) and performed control remediation based on findings.
• Reviewed vulnerability scan results, prioritized findings, and created detailed POA&M documents to guide mitigation.
• Supported FISMA compliance efforts through control testing, artifact development, and annual system assessments.

Baltimore, Maryland, United States

• Conducted vulnerability scans using Nessus/ACAS, identifying system risks and collaborating with engineers to address findings.
• Performed routine patch management and applied security configurations to protect endpoints and networks.
• Provided support for incident response, investigating security events, and escalating critical issues for resolution.
• Assisted in intrusion detection and prevention by monitoring and analyzing events from IDS/IPS and SIEM systems.
• Conducted security audits and recommended enhancements to strengthen system defenses.
• Troubleshot and maintained hardware/software to optimize system performance and ensure compliance with security policies.