PROFESSIONAL SUMMARY:

• Cyber Security Analyst/Information Security Officer with over 7 years of cyber security working experience and 7 years of IT exposure.
• Working knowledge of NIST SP 800 - 53r4, 37, 60, 53A, 34, 30, 115, 137, RMF, FIPS 199 and 200 and FISMA guidelines to comply with Federal and private agencies.
• Experienced in the development of System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management Plans, System Security Checklists, Privacy Impact Assessments, POA&M, Authority to Operate (ATO) letters,
• Knowledge of FISMA Reports, Standard Operating Procedures (SOP) in accordance with Federal, Agency and Organizational policy, to include FISMA, NIST, OMB, FIPS instructions.
• Possess in-depth ability performing information Security Risk Assessments and Analysis, Risk Mitigation in large-scale networked application environments.
• Working experience with Forensic Tool Kit (FTK)
• Excellent analytical and problem solving skills as well as inter-personal skills in interacting with team members, clients and top management as well
• Familiar with VMware and other Virtual Machine Applications
• Good communication and writing skills
• Knowledge of IT security architecture (Firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus protection technologies

TECHNICAL SKILLS:

Security: Control Testing, Risk Assessment & Risk Management.

Networking: (TC/IP, WAN/LAN,VPN, firewalls, routers, switches, IDS/IPS), MS Suite (Word, Excel, Power point)

Operating Systems: (Windows 2008r2, Unix/Linux, VMware (4.1 ESX1)

FIPS: Standards, Contingency Plans, Network Infrastructures, Security Impact Analysis, Privacy Impact Assessments & Analyses, Standard Operating Procedures.

Network Monitoring: Snort, Wireshark, Vulnerability Assessment and Penetration Testing tools NESSUS, Splunk, Cain & Able and Microsoft Baseline Security Analyzer (MBSA).

WORK EXPERIENCE:

Information System Security Officer

Confidential, Falls Church, VA

Responsibilities:

• Review, evaluate and update ATO packets for compliance such as RA, CPT, CMP, PIA, SAR, SAP, ATO, PTA, IR, MOU, ISA and POA&Ms, SSP and DRP
• Review spreadsheet containing review of control associated with findings (implementation details, evidence, and control status) and any findings that are open or closed within the current fiscal year.
• Act as the main POC expert for all security related matters between the VA and contracting organizations and subject matter expert of Configuration Management Control.
• Advise and provide guidance to system or facility managers, contracting staff, human resources staff, police and facility management staff in addressing, identifying and gathering supporting evidence that properly satisfy the implementation of the security controls at facility level.
• Create and implement Configuration Management Plan template that standardized the Roles and Responsibilities of the CIO, ISO and Privacy Officer, and defined the site Configuration Management Procedures, system name, system description and contact list
• Identified inconsistency among the Information Security Officer (ISOs) staff on monitoring and updating their Security Impact Analyses in accordance with VA Handbook 6500.2
• Set and maintain schedules and ISSO checklists
• Completing control observations for site facilities and finalize report to the system owner.
• Lead a team of 4 ISOs in the creation of the Confidential RMF master evidence list. This list standardized evidence required for each RiskVision control across the Enterprise, thus, reducing the number of evidence lists provided to each site from fifteen to one.
• Support client in creating SSPs, memos and SOPs for systems security controls as evidence for POA&M closure after Schedule Completion Dates
• Support client in creating findings for POAM as part of remediation process.
• Conduct SCA interviews with client using standard SOP in order to determine facility compliance
• Supporting the VA with creating implementation details, mapping evidence for controls and uploading in the GRC.
• Support client with coordinating daily and weekly meetings on current stakes on regions and systems on the VA Confidential and systems delivery and engineering (SDE).
• Support team with trainings on GRC use and POAM remediation guides.
• Support the VA systems in creating Risk Based Decisions as part of POAM remediation.
• Review and evaluating POAMs for compliance with FISMA as part of continuous monitoring and preparation for OIG Audit

Cyber Security Analyst

Confidential, Washington, DC

Responsibilities:

• Create Plans of Action and Milestones (POA&M) for identified vulnerabilities and performed compliance monitoring.
• Developing and/or reviewing Information System Security Policy documentation.
• Identify vulnerabilities applicable to systems and applications, determine their severity and urgency, work with system owners to determine whether and/or when corrective action will be taken, and perform necessary actions to verify corrective actions.
• Conduct the SCA Kick-off Meeting and populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.
• Creating SOPs, reviewing ATO package documents and reviewing POA&Ms as part of continuous monitoring program.
• Collaborate with ISSO’s in remediating audit findings, Security Planning and reporting, and mitigation of security vulnerabilities are completed in a timely manner.
• Monitored and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
• Conducted risk assessment evaluating security of Web applications and related infrastructure, defining risk matrix, providing technical and executive reports with detailed findings, recommending mitigation strategies and performing cost-benefit analysis
• Assessing POAMs on clients systems and making recommendations to client in order to close findings.