Steve Hong

Experience

• 

  University of Virginia

  May 2019 - Dec 2019

  Undergraduate Research Assistant | Computer Science Department

  -Reviewed recorded footage of students in lecture settings to analyze note-taking habits between analog and digital formats. Worked under the supervision of a professor Human Computer Interaction (HCI) to discuss findings and map appropriate functional requirements for a potential note-taking application.

• 

  Washington Metropolitan Area Transit Authority (WMATA)

  Jul 2020 - now

  -Reviewed Statements of Work (SOWs), Requests for Proposal (RFPs), and other IT-related procurement packages to ensure that cybersecurity requirements were integrated into the supply chain/procurement processes. Assessed vendor responses in Technical Evaluation Teams (TETs) prior to contract award and acquisition.-Supported the procurement of Enterprise-wide technology solutions such as: 8k Rail Car Series, 60ft Battery Electric Buses (BEB), Enterprise Video Systems (EVS), Fire Alarm Systems, and Enterprise Resource Planning (ERP) solution.-Researched and began incorporation of supply chain best practices, documentation templates, and organizational models to formalize the SCRM program in line with NIST SP 800-161 rev. 1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. Show less -Served as a backup facilitator for the Microsoft Modernization and Transformation Project in the Identities and Access Protections Workstream, focusing on the research and implementation of technical controls in Microsoft Azure Active Directory (AAD) -Assessed the maturity of WMATA’s application security program against the Open Web Application Security Project Software Assurance Maturity Model (OWASP SAMM) and presented recommendations for improvement to management.-Conducted a security control assessment of WMATA’s General Support Systems (GSS) against the NIST SP 800-53 rev. 5 security controls. Provided support in the interviewing and reporting of findings for six (6) team members across five (5) GSS domains. -Supported compliance efforts by coordinating vulnerability remediation efforts for the Payment Card Industry (PCI) audit. Conducted risk analysis of outstanding vulnerabilities and formalized risk responses for leadership approval and auditor review. Trained new team members in organizational processes and historical context to support organizational redundancy.-Supported compliance efforts by managing cybersecurity program documentation in support of the International Organization for Standardization (ISO) 9001 certification. Show less -Served as a backup project manager for the STIG IT! project. Conducted training for the use of Secure Technical Implementation Guides (STIGs) and worked to implement secure configuration settings on a variety of platform areas using STIGs and/or Center for Internet Security (CIS) Benchmarks. -Supported organizational compliance by coordinating vulnerability remediation efforts for PCI assets, to include risk analysis of outstanding vulnerabilities, risk reporting to senior leadership, and creation of risk artifacts for submission to the auditors. Show less

  • Cybersecurity Engineer III | Supply Chain Risk Management Team

    Feb 2024 - now

  • Cybersecurity Officer II | Supply Chain Risk Management Team

    Dec 2023 - Feb 2024

  • Cybersecurity Officer II | Business Applications Team

    Sept 2021 - Dec 2023

  • Cybersecurity Officer I | Business Applications Team

    Jul 2020 - Sept 2021