My insights as a multifaceted Cyber Security Analyst for years has exposed me to different Technology Auditing, Risk Management, Cyber Security, Data Analytics, and Project Management to say the least. By having directly performed or been involved in numerous Security Assessments of Information and Information Systems, Incident Response and Business Impact Analysis.
I yearn to further utilize my skills in renown frameworks and standards such as NIST, FIPS, HIPAA, FISMA, DIACAP, PCI - DSS and FedRAMP. Being proficient is satisfactory yet I am eager to advanced my expertise in Risk Management Framework (RMF), Information & Information Systems Management, Vulnerability Management, and System Development Life Cycle (SDLC) to a noteworthy level of practice. With the constant changing landscape of Threat Vectors and the Cyber Security tactics aimed at mitigating such vectors, I remain an ardent learner.
Firewall. Knowledge of FIPS 140 (Cryptography), FIPS 199 and 200 (Categorization); NIST (SSP) (Risk Assessment) (Contingency Planning) (RMF SDLC) (Managing System Risk) (Catalog of Controls) A (Assessment of Controls) (Incident Response) (National Checklist for IT Products) (Configuration Management) (Continuous Monitoring) . SORN. FISMA.
Windows: (Word, Excel, MS Project, PowerPoint, Access, Visio, and SharePoint). Gap Analysis. Application Whitelisting and Blacklisting. SNORT. RMF. TrueCrypt. Nessus. Qualys. ArcSight. Wireshark.NMAP. Splunk. SCAP Tool. STIG Viewer. Data Loss Prevention. Data Masking. DbProtect. AppDetective. TCP/IP. IPcop. WebInspect. POA&M: TAF. XACTA. CSAM. SAP GRC. HP Fortify Scanner. LAN. WAN. OWASP. OS Troubleshooting. Hardware and Software Inventory. Patch Management. Networking Devices. System Analysis and Design. Social Engineering. Understanding of AWS, SaaS, PaaS, and, IaaS. Knowledge of FEDRAMP, EMASS, DISA-STIG/SRG, Ethical Hacking/Penetration Testing. education & certifications
INFORMATION ASSURANCE ANALYST
Confidential, BOWIE, MD
- Develops, reviews, and updates Information Security System Policies, System Security Plans (SSPs), and Security baselines in accordance with FISMA, NIST SP, OMB and industry best security practices.
- Performs Security control assessment (SCA) as part of the Security Assessment and Accreditation (A&A) Continuous Monitoring Testing/Projects.
- Manages Third-party Pen Testing activities and collaborate remediation efforts across the organization.
- Supports Baseline Technical Security Requirements (TSRs) /Security Technical Implementation Guide (STIG) for Hardening Infrastructure Networks, Servers, Computers, and Logical Designs to enhance overall Security.
- Conducts reviews of security documents updated by ISSO to ensure FISMA compliance, reviewing and validating of items uploaded into POA&M tracking tool in support of remediated findings.
- Performs Vulnerability Scanning as part of the Assessment and Continuous monitoring with Nessus and provided remediation to System and Application Administrators.
- Analyses and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
- Assists System Owners and ISSO in preparing of Security Assessment and Accreditation (A&A) for company's IT systems, making sure that management, operational and technical security controls are rectified to a formal and well-established security requirement authorized by NIST SP R4.
- Contributes in the development of System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management.
- Designates systems and categorize its C.I.A using FIPS 199 and NIST SP Vol. 2.
- Develops policy and procedural controls relating to Management, Operational, and Technical Controls for the Organization.
- Prepares Assessment & Authorization (A&A) package development and review such as FIPS 199 categorization, E-Authentication risk assessment, System Security Plan (SSP), Privacy threshold analysis (PTA), Privacy Impact Assessment (PIA), POA&M and Contingency Plan, for efficacy and compliance with NIST guidance).
- Conducts Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that Information Systems are operating within a strong security alignment.
- Updates IT security policies, procedures, standards, and guidelines according to Department and Federal Specifications.
- Administers Cyber Security Awareness Training to employees derived from periodic Newsletters and Open Source Intelligence.
CYBER SECURITY ENGENEER
Confidential, Virginia Beach, VA
- Created and tracked Vulnerabilities in the Plan of Action and Milestones (POA&M) of all accepted risks upon completion of Security Control Assessment (SCA).
- Supported the review of all Cloud Service Providers (CSPs) documentation for compliance and worked with Stakeholders until the Cloud System documentation met FedRAMP requirements.
- Headed the ST&E Kick-off Meeting and populated the Requirements Traceability Matrix (RTM) according to NIST SP A.
- Conducted in-depth technical reviews of new and existing Systems to identify the precise mitigation strategies required to bring such systems into compliance with established policy and industry guidelines.
- Provided Impact Analysis (IA) as required by policy and directives also assisted in the development and approval of DIACAP packages.
- Ensured program approved applications and systems were used and configured per DISA Benchmarks and DISA Security Technical Implementation Guides (STIGs).
- Supported DISA compliance using Security Content Automation Protocol (SCAP), STIG Security Checklist, DISA STIG Viewer Content, and tools for SIPRNET and NIPRNET.
- Prepared and reviewed Vulnerability Scans using Retina and Nessus, and presented scan results to upper management.
- Advised and consulted with internal customers on Risk Assessment, Threat Modelling, and Vulnerability Management.
- Developed and updated System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
- Monitored and Analysed Network Traffic, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), Security Events and Logs.
- Interacted with key Organization Personnel (Technical, Administrative, and Executive) and worked with a consulting team to constitute obligatory documentation (Security Categorizations, Risk Assessments, Contingency Planning, etc).
- Coordinated all Security Assessment and Accreditation (A&A) for existing systems in the System Development Life Cycle (SDLC).
Confidential, GREENBELT, MD
- Introduce students to effective computer skills including typing,word,excel
- Show students how computers tablets and phones can help learning.
- Monitor student performance grades and discipline.
- Document scores attendance and behavior for administration