- Skilled IT Cyber Security Professional with years of experience knowledgeable in assessment and authorization (A&A) process of the risk management framework, System Development Life Cycle (SDLC) and vulnerability management using NIST standard, Federal Information Processing Standards (FIPS), security tools and security operation management. Able to thrive in challenging environments where accuracy and efficiency matters and adapted to meet accelerated client deadline for career growth in an organization that provides a stable and professional work environment.
- US citizen with clearance authorized to work in United States: Experience in working in a moderate to large Information Security environment, validating and monitoring system compliance with Federal Information Security Management (FISMA), and Federal, Department - level, and Component-level security regulations, policies, standards and directives including National Institute of Standards and Technology (NIST) and other IT Security Standards. With a team player mentality through team coordination, experience in managing IT professionals through analysis and reporting. Information gathering and relaying to the ISSO through exceptional interpersonal communication skills. Passionate, motivated and meticulous attention to details, solution /deadline focus with experience in constantly updating live documents (SSP, POA&M, etc.) as well as compiling the necessary documentations for A &A recertification of the assigned systems. Broad knowledge of Compliance Six (6) Step Risk Management Framework Process and Risk Assessments (RAs), usage of CSAM tracking, NIST Security controls and security
- Microsoft Office Suite
- Cyber Security Analyst and FISMA / Risk Management Framework Compliance Analyst
- Internet / NMap / Nessus
- Cyber Security Assessment and Management (CSAM)
Confidential, Largo, MD
Information Security Specialist / FISMA & RMF compliance analyst
- Validated compliance with FIPS, NIST Special Publications, Risk Assessments while maintaining and updating Information Security policies and procedures on the SSP for assigned clients
- Analyzed, reviewed and updated Information System Security documentation, to include but not limited to System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), Risk Assessments (RAs), Privacy Impact Assessment (PIA) and Security Test and Evaluation (ST&E). Maintained the documentation depository; developed, conducted, and tracked open POA&M milestones.
- Maintained and managed the CSAM
- Participated in working groups and attended meetings with stake holders, group team members.
- Provided customer service out-reach and ensured client solutions comply with NIST rev4 (and rev5 soon to be released)
- Maintained all required documentation and their assigned system’s Authority to Operate or systems that were currently on live dates as well as continuously updated all Security Authorization documentation as required by the ISSO.
- Assisted ISSOs to complete timely remediation of audit findings, contingency plans, security planning, security authorization packages and reporting, plus the mitigation or retirement of security vulnerabilities
- Reviewed scan reports, identified critical vulnerabilities and coordinated with ISSO and technical team in remediating vulnerabilities by demonstrating the effectiveness of security controls, monitored live systems to determine real - time threats and ensured systems are continuously protected from threats.
- Supported the risk management process by determining and assigning risk impact ratings for systems in accordance with Federal Information Processing Standards (FIPS) 199, which determines the level of effort required for the certification and accreditation process of a system as well as determine the security controls for the protection of an information system
- Knowledge implementation, reviewed, maintained and monitored the Information Security Management Systems involved in projects as well as designated systems upon categorization of its C.I.A using FIPS 199 and NIST SP
Confidential, Upper Marlboro, MD
IT Security Specialist / POA&M Management Team
- Ensured media is properly sanitized upon end of life cycle to prevent unauthorized retrieval of information and updated equipment inventory to reflect disposal.
- Supported security activities not limited to but including; developed or reviewed security plans, tested plans, and SA documentation; provided recommendations to the client to support each identified security related activity
- Ensured systems and applications security documentation are complete and thoroughly documented in accordance with requisite federal requirement.
- Coordinated and interacted with the client and engineering staff with technical understanding of systems and applications to ensure security requirements are addressed during system planning, development, and operations.
- Identified solutions to meet the user’s needs, conducted trade studies around various technologies and implementations, and integrated these technologies to provide a complete security solution that met a given set of security requirements
- Worked with clients to develop capabilities briefings and presentations in support of the program.
- Worked with agency liaisons, provided accurate, up-to-date POAM information for their bi-weekly meetings and ad-hoc briefings.
- Updated documentation, possessed strong communication skills to brief the ISSO of impending areas of concern and worked with technical teams to complete security related tasks,
- Provided support in implementing new policy/procedures, processes, techniques, metrics/models, and other time/cost saving initiatives; worked with project teams to transition to a new business process and evaluated the success of the reengineered process.