SUMMARY:

• Senior Cyber Security Professional with Expertise in Federal Government and Private sector. Highly motivated professional, with over 18 years of experience in Project management with a specialization in Security Assessment & Authorization, Cloud Computing, Business Intelligence, and Strategic Information System Management.
• Completed security authorizations of Large - Scale Multi-Tier Program/System phases from inception through authorization including product evaluation, security analysis, Information Security Management, Risk Management, and business impact assessment.
• Lead successful teams with a proven track record of retaining, establishing, and sustaining a productive, professional relationship with business leaders and owners. Engage and apply Executive leadership skills throughout the process by applying transparency about barriers and risk.
• Firm understanding of the FedRAMP assessment process by applying standards and practices, as well as International Compliance standards, and other security regulated requirements to include ISO 27001, FISMA, FedRAMP, Confidential 800-53R4; 37, 39, 60, 171, and Cloud Computing Standards 500-291.
• Well-versed and comprehends most system integration(s) of IaaS, SaaS, and PaaS through AWS, Azure, and Gov Cloud. Endpoint security tools (McAfee, BigFix), Knowledge Areas: Supply Chain Risk Management, Contingency-Disaster planning, Confidential Risk Management Framework (RMF), Vulnerability scan tools (Tenable, Nessus), and Web Inspect

CORE COMPETENCIES:

• FedRAMP Assessment/Accreditation
• AWS Ops, AWS IAM, AWS EMR
• Identity Access Management (IAM)
• Security Info Event Mgmt. solutions (Splunk, SolarWinds)
• Security Assessment & Authorization - Cloud Systems
• Confluence, Jira, Microsoft Azure, (IaaS), CASB & Others
• Confidential Continuous Diagnostics and Mitigation (CDM)
• ServiceNow, PS Fluid PM, Dropbox, Oracle,
• Cloud Platforms Security & Architecture (IaaS, PaaS, SaaS)
• Cloud Virtualization & Agile Data (Hive)

WORK HISTORY:

Confidential

Responsibilities:

• Principal advisory/analyst for Confidential mission security services for execution/management of 10 enclaves/104+ sub- systems across various Confidential cybersecurity enterprise wide clients. Key enabler to cybersecurity assurance protective actions for multi-level CIO enterprise span of services comprised of 97 entities in 27 states, 10 Program/19 Staff Offices, 4 Power Marketing Admins, 19 Field Sites, 17 National Labs, 4 Tech Centers and 2 Internet gateways.
• Collaborate with stakeholders, program managers, and cyber operations teams to ensure information systems undergo thorough and ongoing risk-based Assessment & Authorization (A&A).
• Serve as the ISSO Lead responsible for supporting DOE’s Identity Assessment Management (IAM) enclave/domain accreditation processes. Apply comprehensive Cybersecurity and privacy analysis to the entire SDLC and compliance life cycle process.
• Maintain responsibility for evaluating, documenting and finalizing Cybersecurity and Privacy policies, programs, and compliance artifacts or standards that support the department’s security compliance and systems accreditation and management and artifacts (SSP, PIA, PTA, CP, ASA, MOU, etc.
• Responsible for the development and periodic monitoring of various IT controls including PTA, PIA/PNA information for several IT systems and interacting with various stakeholders to clarify and document any identified vulnerabilities.

Confidential

Sr. Information Security Analyst/Manager

Responsibilities:

• Managed the Federal Information Security Management Act (FISMA) compliance, audits, and reports including preparing responses for quarterly and annual FISMA reports. Working Knowledge of Confidential RMF and Confidential Publications, including Confidential 800-37 and Confidential 800-53a and their documentation in Confidential ’s systems in CSAM.
• Lead the evaluation of IT threats and vulnerabilities to determine additional safeguards, advise on the impact levels for Confidentiality, Integrity, and Availability for the system, and develop, review, endorse, and recommend action for both the Risk Executive and Authorizing Official.
• Facilitated the FedRAMP security assessment and authorization (SA&A) test process for over 40 systems. Lead the review and updates and technical analysis of cybersecurity artifacts (SSP, PIA, PTA, CP, ASA, MOU, etc.) for the enterprise-wide systems.
• Responsible for the development and periodic monitoring of various IT controls including controls including PTA, PII, SORN information for several IT systems and interacting with various stakeholders to clarify and document any identified vulnerabilities.
• Lead the process of reviewing network architecture diagrams, evaluating network controls, system configuration information and developing recommendations on identified vulnerabilities for executive management.
• Led the performance of Gap analysis, value delivery, and risk management based on COBIT requirements for the OCIO systems
• Lead the performance of IT security program planning and management and identifying, initiating and completing the SA&A process as defined by the DOT/ Confidential using Cyber Security Assessment and Management (CSAM) tool.

Confidential

Sr. Information Security Analyst

Responsibilities:

• Lead the team to support Confidential ’ System Accreditation and Ongoing Assessment and Ongoing Authorization processes and activities to ensure the implementation of Confidential SP 800-53 security controls in the Confidential systems
• Managed all Information Assurance activities, responsible for enabling the ongoing assessment and ongoing authorization of CDM solution utilizing Risk Management Framework (RMF) and automated Security Assessment and Authorization tools.
• Provided support to the Department of Homeland Security ( Confidential with test plans, mitigation strategies, and vulnerability reports and Security Assessment Reports for the Office of OCIO.
• Perform technical analysis and review of cybersecurity artifacts and security documentation for the security assessment and authorization (SA&A) process.
• Analyze and advise on the risk and remediation of security issues based on reports from vulnerability assessment scanners, patch management tools, and emerging threat information.
• Initiate, coordinate and track the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM).
• Participate in the Quality Assurance of Confidential Documentation Process review of e-Authentication, FIPS 199, etc.
• Identify, initiate and complete SA&A process defined by the Confidential using Risk Mgmt. System (RMS) and Trusted Agent FISMA (TAF).

Information Systems Security Officer

Confidential

Responsibilities:

• Responsible for gathering information necessary to maintain security and establish the functioning of security measures.
• Research, develop, implement, test and review an organization's information security to protect information and prevent unauthorized access.
• Define, create and maintain the documentation for certification and accreditation of Confidential PMO by government requirements.

Confidential

Sr. Information Technology Security Analyst

Responsibilities:

• Worked with the CISO, CA and the System Owners within the federal government agency.
• Developed and provided engineering analysis, testing plans, mitigation strategies, and assist vulnerability and generated relevant reports.
• Analyze and advise on the risk and remediation of security issues based on reports from vulnerability assessment scanners, patch management tools, and emerging threat information.
• Initiate, coordinate and track the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM).

Confidential

Information Technology Security Specialist / Social Security Administration

Responsibilities:

• Developed and implement computer security policies, risk assessments, best practices documentation, disaster recovery, and business continuity plans.
• Performed ST&E for different components using Confidential controls and analyzed and recorded results.
• Performed vulnerability scans using security tools such as Nessus, NMAP, Ethereal and manual techniques to identify weaknesses in the networks and devices
• Used eTrust for Identity and Access Management Suite automating and integrating identity and access management across enterprise and developed IT Business Continuity Plans and performed on-site Contingency Plan Tests.