SUMMARY:

• A skilled and dedicated Senior Information Systems and Cyber Security professional with more than 8+ years in project management, information systems security, Technical Analysis, Tech. Research Development, Internet of things (IOT), Vulnerability Management, AWS Security, Reverse Engineering, Hardware & Software Asset Management, Cloud Computing Security, Understanding of Databases, Beta Environments, Emerging Cyber Security Threats, Contingency and Critical Planning, Patch Management, FISMA, NIST Risk Management Framework (RMF), POA&M management, System Security Plans, Contingency Plans and other applicable NIST standards. Possess exceptional project management skills, and able to perform in a fast - paced, client-facing environment. Communicate technical information to non-technical personnel. I am highly driven, positive work ethics, time management and prioritization skills with a Master’ of Science in Information Systems and Project Management

PROFESSIONAL EXPERIENCE:

Confidential

Lead System Admin Information System Security Manager

Responsibilities:

• Train new users on security management, privileges, access, and separation of duties within the system.
• (Hands On) Administrative and Privilege user for CSAM (Front-end & Back-end support); technical support in databases; beta environments, and web.config.
• Working directly with the Cloud Hosting division to implement baseline controls and inherited technical safeguards.
• (Hands On) support of Risk Management Framework (RMF) and Cyber Security Assessment Management tool CSAM; utilized Archer, Xacta, and eMass as well.
• (Hands On) Incident Response Testing; Identifying false positives/authenticated threats, analyzing automated scanning alerts, identify hosting boundary and design, determine priority level of a system, analyze audit logs, validate servers and their configurations.
• Direct liaison w/ POC vendors developers for remediation and vulnerability management.
• Able to communicate technical guidelines with non-technical clients or personnel.
• Provide access, RMF support and privilege role to ISSOs, Assessors, System Owners, etc.
• (SME) Management and tracking the status of Plans of Actions and Milestones (POAM's), supporting ISSOs.
• (SME) understanding and updating information systems security documentation (Security Plan, Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, E- authentication, PII, Privacy Threshold Analysis, etc.)
• (Hands On) assisting ISSOs to conduct interviews with System Owners and Administrators; team to gather and understand more about the system and access controls.
• Information systems and technical support in creating security plans and continuous monitoring.
• (Hands On) worked with clients to improve the security posture of their information systems through the implementation of the (A&A/C&A) package.
• Worked with system owner to select and establish the security control baseline, utilizing NIST SP and FIPS 200.
• Participate in the selection of the organization’s common security controls and determining their and reviewing their system boundary.
• Worked directly with the security engineering division in the governance of clients DCN.
• Planned; host; and presentation at monthly webinar conference for over 100 community of interest Fed. IT specialist through Admin Office.
• (Hands On) Provided configuration management (CM) for information system security software, hardware, and firmware and coordinating changes and modifications with the Security Control Assessor (SCA), and Authorizing Official (AO).

Confidential, Catonsville, MD

Information Systems Security Officer/ISSO Security Analyst

Responsibilities:

• Participated in the organization’s Hardware and Software Asset Management team.
• Built research report on current emerging cyber security threats on a Monthly and Quarterly basis.
• Good understanding of Cloud Computing Security. Partook in Cloud Infrastructure testing.
• Knowledgeable in Oracle systems, database, cloud, and SaaS.
• Understanding of critical infrastructure protection and configuration settings management.
• Provide continuous monitoring support for Client’s GSS systems in accordance to FISMA guidelines.
• Utilize Qualys to scan the system on a quarterly basis as a vulnerability management tool.
• Run Qualys against the system for a targeted scan, for weak versions of SSL, open ports and services, and obsolete software to name a few.
• Experience with risk management and security regulatory compliance, such as HIPAA, SOX, and PCI.
• Ensure the implementation and effectiveness of security controls in accordance with customer's IT Security Policy and Procedures.
• Develop recommendations for security issues and vulnerabilities identified during assessments.
• Liaise with external auditors during annual audit and ensured that deficiencies are remediated in a timely manner before recertification follow ups.

Confidential , Rockville, MD

IT Security Analyst/Assessor

Responsibilities:

• Test, Review, and Examine based on assigned controls and the maintenance and update of information security systems documentations, including System Security Plan (SSP, SARs, and Plan of Action & Milestone (POA&M).
• Support the assurance that cyber security policies are adhered to and that required controls are implemented.
• Work with system admins to develop, test, and train on security awareness, contingency planning, and incident response plans.
• Assist with vulnerabilities scans and understanding risk impact via Nessus scanner to detect potential risks on a single or multiple systems or assets.
• Communicate security weaknesses based on reports from vulnerability assessment scanners and patch management tools.
• Implement and communicate security policies and/or plans for data transfer, software applications, hardware, and system components.
• Through network monitoring we identified components and resource management at risk and reported findings; such as weak SSL, hung processes, outdated patches, and routing configurations.
• Assigned Remediation: Timely follow-up, first by creating a Heat ticket; provide incident details, allocate appropriate team and POC for patches and remediation.

TECHNICAL SKILLS

Software /Hardware /Platform: SQL Server, VMware, Windows, ERP, SAP.

Office suite: Microsoft Project, Power Point, Visio, Word, SharePoint, Excel, O365, OneNote, Outlook.

Security Tool experience: ( Nessus, Websense, SPLUNK.)

Dashboard: RSA Archer, CSAM, Xacta, eMass; Jira; SharePoint; Salesforce

Industry Standards: PCI, HIPAA, SOX, etc.