SUMMARY:

• Cybersecurity Principal and proven leader with 10+ years of experience managing security assessments, compliance audit, delivering reports; specializing in risk management and assessment of systems including cloud systems in Federal sector using NIST 800 Publications/Agency policy FedRamp guidelines/analyzing scan results, generating SAP, RTM, SAR, POAM Tables, reviewing security documents, oversight of POAM closure and regulatory compliance for clients primarily in the federal government sector. Worked with ISO, ISSOs, Engineering team and other stakeholders to accomplish security assessment tasks. Supervised team security control assessment of general support systems and major applications.

PROFESSIONAL EXPERIENCE:

Principal, Cyber Security Analyst

Confidential

• A US Citizen and Holder of inactive DHS Public Trust Clearance
• Active Cyber/information security qualifications (ISC2 - CISSP and ISACA-CISM)// (ISC)2 System Security Certified Practitioner (SSCP) - Work-in-Progress
• Over 10 years of work experience in a security assessment/risk management role in DHS component based on NIST Publications including NIST Cybersecurity Framework
• Team Lead and Management of security control assessment of general support systems and major applications of DHS/USCIS
• Experience preparing for or conducting a NIST/FEDRAMP security assessment
• Ability to collaborate with auditors to assess the security implementation (SP800-53A)
• Performed information security risk assessments based on the NIST RMF (SP800-37)
• Reviewed the categorization of systems based on risk profile (SP800-60, FIPS 199)
• Reviewed the the System Security Plan identifying appropriate security controls (SP800-53, FIPS 200)
• Reviewed the documentation and implementation of Security Policies, Procedures and Controls (SP800-24, SP800-61)
• Extensive knowledge of the Federal Government security standards and practices
• Interfaced with software engineers and developers to ensure that all applications are functional and secure before deployment
• Ability to support implementation of client-facing systems and security in the AWS or Azure clouds or GovCloud and monitors security controls to ensure compliance with NIST guidelines and ISSI security policies.
• Ability to Implement procedures and methods for auditing and addressing non-compliance to information security standards and monitor security controls on a recurring basis to assure information security (SP 800-37/137/53 A)
• Managed and presented risks in security assessment reports
• Analyzed system scan results and writing management reports
• Performed and documented security audits and assessments in security assessment reports
• Experience with the analysis of scan results of the following tools: SPLUNK, Nessus, DbProtect, Fortify, McAfee, HPWebInspect and Twistlock and to analyze the scan results of any tool and write the reports including the recommended mitigation/fixes
• Security Control Assessment of DHS component systems including Cloud-based systems using NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53/53A/37/137/171
• Review of System Security Policy/Assessment plans and other security-related documentation for kickoff meetings for security assessment projects.
• Mapping of the findings to National Institute of Standards and Technology Special Publications (NIST SP 800- 53) security controls as well as Government Agency policies and procedures
• Generation of Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M) Table from Security Assessment Results
• Conducted quality assurance review of security documentation which includes Security Plans, E-Authentication workbooks, Contingency Plans, Contingency Plan Testing (CPT), FIPS 199 workbooks, and Privacy Threshold Assessment (PTA) for compliance with Government Agency Component standards and requirements as part of authorization process
• Worked with Information Security System Officers, Technical teams and other stakeholders during the security assessment of DHS component systems
• Creation of the POA&M tables after the completion of security assessment and Generation of Security Assessment Report (SAR)
• Review of POA&M items/artifacts submitted by the ISSOs for POAM closure
• Oversight of POAM closure

Principal, Cyber Security Analyst

Confidential

• Team Lead and Management of full security assessment for DHS component/Office of Information and Technology (OIT) Major Applications (MAs) and General Support Systems (GSSs) as part of the certification and authorization process, using with NIST Special Publications as well as DHS/component policies and procedures
• Lead security assessment teams in several security assessment projects/assignments
• Documented all results, findings, and analysis from the security assessment report (SAR) and reviewed assessment reports with Information System Security Officers (ISSOs) and Government Lead
• Developed the Security Assessment Report (SAR) and related documentation for OIT acceptance before granting the Authority to Operate (ATO).
• Conducted quality assurance reviews of system documentation which includes Security Plans, E-Authentication workbooks, Contingency Plans, FIPS 199 workbooks, Interconnection Security Agreements (ISAs), Privacy Threshold Assessments for compliance with Government Agency Component standards and requirements as part of authorization process
• Generated system security plans and other system documentation for gateway and kickoff meetings
• Managed and closed POA&Ms (arising from SAR documents) by using an information assurance tool, IACS and working with the stakeholders such as ISSOs, System Owners (SOs), etc.
• Maintained Continuous Monitoring strategy to audit and track emerging threat vectors and manage volatile security controls

Network Engineer/Analyst

Confidential

• Provisioned/Troubleshooting ADSL network infrastructure devices Gateway Routers, Switches, Alcatel DSLAMs, Lucent ATM/Frame switches and networks using tools such as Alcatel Workstation AWS, NavisCore, proprietary software involving ATM and Frame Relay Technologies etc.
• Experienced with Trouble Ticketing Automation Software (Remedy)
• Deployment of Proprietary software at Verizon Sites
• Performing Tier II Technical Support

TECHNICAL SKILLS

Team player, Cross: team collaboration, Security Assessment Plans, System Security Assessment (including cloud systems), Risk Analysis and mitigation, Security Assessment Report using NIST 800 Publications, Log Analysis, Generation of POAM Tables, Security Document Review, Oversight of POAM Closure, Analysis of Tool Scan Results.

CISSP: June 2014 to June 2020