SUMMARY:

• A goal - oriented Information System Security Professional with significant experience in assessing physical and logical security-related controls, Governance, Risk, and Compliance within the RMF Framework. Proven ability to bring benefits of IT solutions to solve business issues within an organization. Ability to develop strategic plans for organization-wide implementation to address client services, quality assurance and information security. A committed, dedicated professional, who is highly organized and motivated, adjusts well to all types of environments, and learns new processes and procedures efficiently and effectively with excellent written and oral communication skills. Strong work ethic and capability of effectively overcoming challenges with collaborative problem solving skills.

TECHNICAL SKILLS:

• Ability to adapt quickly and competently, and interact with all levels of management and leadership within an organization.
• Provide proper guidance to stakeholders to ensure they have a complete understanding of evidence necessary for successful assessment/audit process.
• Verify that assets, threats, and vulnerabilities are properly identified and managed to reduce security risk and maintain organization’s security posture.
• Perform duties with objectivity, professional care, and due diligence according to standards using best practices.
• Ability to conduct site surveys and report any irregularities or vulnerabilities that pose a risk to the security posture of the organization and recommend remediation and mitigation steps.
• Extensive working knowledge of the RMF Framework, Governance, Risk, and Compliance, and adhering to the National Institute of Standards and Technology (NIST) series; to include; 800-Series guidance 800-18, 800-30, 800-37, 800-39, 800-53 rev 4, and 800-115. Refer to guidance as necessary to accomplish risk and vulnerability management tasks.
• Experience with the Federal Information Security Management Act (FISMA), Payment Card Industry (PCI), and Federal Information Processing Standards (FIPS) compliance.
• Experience performing risk analysis, risk assessments, Security Assessment & Authorization (SA&A) with remediation and mitigation resolutions supporting over 35 federal information systems to date, and 15 private industry information systems.
• Knowledge of Security Technical Implementation Guide (STIGs) methodology for standardized, secure installation and maintenance of hardware and software.
• Strong problem resolution skills with capability of finding and utilizing alternative methods to ensure successful end result.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Information Security Analyst | Information System Security Manager

• Serve as the Information System Security Manager (ISSM) for information systems within the Department of Defense (DoD) and intelligence community for the agency’s Cybersecurity program.
• Maintain awareness of current Cybersecurity changes and challenges in order to examine approaches to meet any challenges for the customer while maintaining mission focus.
• Monitor and resolve Plan of Action & Milestones (POA&Ms) in a timely manner with due diligence to mitigate system vulnerabilities.
• Draft and prepare security assessments and author System Authorization and Assessment (SA&A) packages as necessary. Oversight of SA&A packages completed for approval.
• Support information system lifecycle and risk management lifecycle.
• Maintain day-to-day security posture and continuous monitoring of information systems including security event logs and analysis.
• Ensure system security aligns with applicable federal policies.
• Provide accurate assessment of vulnerability impacts and mitigations necessary.
• Completed Risk Management Framework (RMF) for two systems simultaneously with due diligence according to the NIST guidelines and security control requirements.
• These two system packages were completed in advance in their entirety and received full ATO’s.
• Developed Change Control Board (CCB) implementation process for two systems in order to maintain compliance with the NIST guidelines. This development included; implementing a Change Control Board member list, Change Control Board procedure signed by all parties involved including Program Manager’s approval. Initiated a CCB process for two systems with regular meetings, meeting minutes documentation, and voting by all CCB members, as required by NIST, and RMF requirements.
• Developed Code Verification form with required signatures for systems that utilize code development code changes, to ensure due diligence and proper verification before code is released into the production environment.
• Developed Tabletop Exercise Plan for the DSCA Classified Network with procedures, scenarios, recovery, reconstitution, and required members. After plan was developed, led a team of technical professionals, and leadership through a Tabletop exercise in order to meet compliance with NIST guidelines and RMF for assessment and authorization.
• Updated numerous DoD documents to reflect NIST and RMF including but not limited to; System Security Plans (SSPs), Contingency Plans, and Incident Response Plans.
• Current member of a project team in process of a major system upgrade with involvement from various team members, and leadership.
• Brief management and leadership on any and all issues identified on their systems and/or their processes. In doing so, have suggested solutions which provide improved system functionality, improved process functionality, and overall improved workflow for the agency as well as Enterprise-wide solutions.
• Have been tasked with performing Security Control Assessor Duties for the 19 systems under the DoD DSCA umbrella.

Confidential

Owner, Independent Contractor | Security Analyst

• As a security Analyst for the federal and commercial sectors: Conduct security control assessments utilizing Federal guidelines to safeguard the Confidentiality, Integrity, and Availability (CIA) of information systems, to include application and General Support Systems (GSS), which transmit, process or store Personally Identifiable Information (PII) and Sensitive but Unclassified (SBU) data.
• Identify system vulnerabilities and develop assessment plans, Security Assessment Report (SAR), and mitigation and remediation recommendations.
• Ensure all regulations, guidelines, directives, policies and procedures are being followed to establish a standard baseline and to satisfy federal cyber security requirements.
• Provide security guidance and oversight for various information technology and cyber security projects. Including site surveys to educate clients and users in sound cyber security principles and best practices. Propose solutions, tools, and best practices to strengthen overall business and system security to maintain the business or organization’s security posture.
• Review penetration test and vulnerability scan results. Report findings to the business units. Collaborate with the business units to mitigate and/or remediate risks and vulnerabilities.
• Conduct site surveys assessing the Physical and Environmental controls, while also reviewing security-related documentation, conducting interviews, and testing customer logical security controls.
• Develop vulnerability assessment reports, and security controls assessment reports for customers.

System administrator

Confidential

• Was responsible for the physical security of ensuring physical and environmental controls were in place for over 7500+employees and throughout entire health care system buildings and staff which spans four counties. Determine access to restrictive areas of the facility according to role-based responsibilities, or deny access.
• Capable of leading and motivating by utilizing project management skills, ensuring project deliverables to the highest quality and within budget.
• Ability to lead project team with a high level of standards necessary in the healthcare sector, lead meetings, and communicate all milestones to senior management and leadership.
• Performed security audits on a monthly basis to determine access approval was in line with system generated list of staff members.
• Provided troubleshooting and effective problem solving skills to resolve unforeseen issues with projects and system administration. Ability to effectively manage customer and vendor relationships and expectations. Ensured best practice tools and processes for projects and system administration.