California State University San Bernardino

On-the-job Training

• IT Project Management
  • Perform needs analysis to determine opportunities for new and improved business process solutions.
  • Provide advice on project costs, design concepts, or design changes.
  • Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
  • Resolve conflicts in laws, regulations, policies, standards, or procedures.
  • Review or conduct audits of information technology (IT) programs and projects.
  • Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
  • Develop and document supply chain risks for critical system elements, as appropriate.
  • Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
  • Act as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully.
  • Coordinate and manage the overall service provided to a customer end-to-end.
  • Ensure that appropriate Service-Level Agreements (SLAs) and underpinning contracts have been defined that clearly set out for the customer a description of the service and the measures for monitoring the service.
  • Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
  • Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs).
  • Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
  • Work with other service managers and product owners to balance and prioritize services to meet overall customer requirements, constraints, and objectives.
  • Conduct import/export reviews for acquiring systems and software.
  • Develop supply chain, system, network, performance, and cybersecurity requirements.
  • Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
  • Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).
  • Lead and oversee budget, staffing, and contracting.
  • Draft and publish supply chain security and risk management documents.
• Database Administration
  • Analyze and plan for anticipated changes in data capacity requirements.
  • Maintain database management systems software.
  • Maintain directory replication services that enable information to replicate automatically from rear servers to forward units via optimized routing.
  • Maintain information exchanges through publish, subscribe, and alert functions that enable users to send and receive critical information as required.
  • Manage the compilation, cataloging, caching, distribution, and retrieval of data.
  • Monitor and maintain databases to ensure optimal performance.
  • Perform backup and recovery of databases to ensure data integrity.
  • Provide recommendations on new database technologies and architectures.
  • Performs configuration management, problem management, capacity management, and financial management for databases and data management systems.
  • Supports incident management, service-level management, change management, release management, continuity management, and availability management for databases and data management systems.
  • Maintain assured message delivery systems.
  • Implement data management standards, requirements, and specifications.
  • Implement data mining and data warehousing applications.
  • Install and configure database management systems and software.
• IT Program Audit
  • Develop methods to monitor and measure risk, compliance, and assurance efforts.
  • Provide ongoing optimization and problem-solving support.
  • Provide recommendations for possible improvements and upgrades.
  • Review or conduct audits of information technology (IT) programs and projects.
  • Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
  • Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
  • Conduct import/export reviews for acquiring systems and software.
  • Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
• Forensic Analysis
  • Develop a plan to investigate alleged crime, violation, or suspicious activity utilizing computers and the Internet.
  • Establish relationships, if applicable, between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies, vendors, public relations professionals).
  • Analyze incident data for emerging trends.
  • Perform file and registry monitoring on the running system after identifying intrusion via dynamic analysis.
  • Read, interpret, write, modify, and execute simple scripts (e.g., Perl, VBScript) on Windows and UNIX systems (e.g., those that perform tasks such as: parsing large data files, automating manual tasks, and fetching/processing remote data).
  • Identify and/or develop reverse engineering tools to enhance capabilities and detect vulnerabilities.
  • Analyze organizational cyber policy.
• Vulnerability Assessment
  • Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
  • Conduct and/or support authorized penetration testing on enterprise network assets.
  • Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
  • Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
  • Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
  • Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
  • Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
  • Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).