Written by Paige Langmead
As I reflect on my first year as an Information Security Compliance Analyst, it’s astonishing how much ground I’ve covered and how integral compliance is to modern organizations. The past year has been a whirlwind of learning, adapting, and growing within a field that’s both challenging and immensely rewarding.
When I started my role, the NIST 800-171 framework was the cornerstone of my learning. Designed to safeguard Controlled Unclassified Information (CUI) in non-federal systems, NIST 800-171 provides a comprehensive set of security requirements organized into 14 families (domains). These domains—ranging from Access Control and Incident Response to Media Protection and Risk Assessment—are critical for establishing robust information security practices. This foundation has been essential in developing effective security policies and procedures.
Over the past year, I’ve seen the increasing prominence of the Cybersecurity Maturity Model Certification (CMMC). CMMC ensures organizations have properly implemented the NIST 800-171 controls. With its three maturity levels, each with unique requirements, CMMC is crucial for organizations seeking a comprehensive cybersecurity posture.
In my first year, I’ve engaged in hands-on tasks that have been instrumental in my professional development, including writing documentation and using a GRC Tool for managing compliance efforts. Crafting policies aligned with NIST 800-171 has been a key part of my role, as clear, well-structured procedures are vital for maintaining security and compliance.
Attending conferences has been invaluable. Engaging with industry experts and learning about emerging trends has expanded my knowledge and reinforced the importance of continuous learning. The supportive community surrounding CMMC has been particularly enriching, providing valuable insights and fostering camaraderie.
A major highlight was obtaining my CCP (Certified CMMC Professional). This certification signifies my proficiency in CMMC practices and my ability to help organizations achieve compliance.
Looking ahead, my next goal is to obtain the CCA (Certified CMMC Assessor). This certification will enable me to specialize in assessing compliance with CMMC standards, allowing me to contribute more effectively to the cybersecurity community.
My first year as an Information Security Compliance Analyst has been transformative, marked by significant learning and growth. From mastering the NIST 800-171 framework to navigating the evolving CMMC landscape, this journey has been fulfilling. I look forward to continuing my growth and supporting organizations in their compliance journeys.
Interested in improving your organization’s compliance posture? Connect with me at KTL Solutions for tailored guidance!
