SUMMARY

• Confidential /CISA holding current Top - Secret Clearance with Single Scope Background Investigation (TS/SSBI). Sixteen years’ experience as an information assurance professional in teh Federal government and private sectors.
• Extensive experience compiling complete authorization to operate (ATO) packages, including data gathering, analysis, security testing, and POA&M generation/management.
• Use NIST guidance and IA tools to identify and close gaps with FISMA and FISCAM compliance. Project management experience in risk assessment, compliance,and full SDLC/NIST RMF/FedRAMP/Cloud projects.
• Provide independent audits of security documentation to obtain ATOs and ensure compliance with applicable regulations.

PROFESSIONAL EXPERIENCE

Confidential, Washington, DC

Cybersecurity Consultant

Responsibilities:

• Provided expert security and compliance guidance to clients (U.S. Confidential of State) implementing Google G-Suite and Amazon Web Services (AWS) cloud solutions into their organizations.
• Compiled a full security assessment documentation package resulting in teh initial ATO for a new cloud system using G-Suite, AWS, and Slack.
• Collaborated with external auditors to identify security deficiencies and generate POAMs to remediate deficiencies. POAMs included timelines and budget to remediate each finding.
• Worked with Foreign Affairs Network (FAN) management and technical staff to gather data and assemble packages resulting in closing open POAMs.
• Compiled an initial ATO package for a new financial accounting system performing daily transactions, managing over $6T in Federal assets.
• Conducted independent audits of security documentation and closed compliance gaps to obtain ATOs.
• Act as Senior Confidential Engineer/Consultant in a client facing role, directly supporting teh agency’s CISO. Provide client with quick turnaround deliverables and long term strategic advice.
• Led a team of five security analysts supporting teh CIO and CISO of a large Federal agency. Responsibilities included: Cultivating a comprehensive information security program to ensure FISMA compliance, developing policies and procedures, internal auditing and compliance reporting, and working with agency technology leaders to remediate known security deficiencies.
• Performed a full audit of a client’s SAS application using FISMA, NIST, and FISCAM guidance. This audit identified 21 security deficiencies. Drafted new finding and recommendation (NFR) documents for all deficiencies and worked with teh client’s staff to determine timelines and optimum remediation strategies.

Confidential, Washington, DC

Senior Security Consultant

Responsibilities:

• Led data gathering (interviews, documentation reviews, and physical system inspections), auditing, and system security testing initiatives to determine teh posture of Federal information Confidential and identify gaps with FISMA compliance.
• Drafted recommendations based on data gathering findings and presented them to senior management.
• Performed and analyzed results of security analysis and system scans (using NESSUS) to determine optimal remediation strategies, recommendations, and implement innovative technologies and processes.
• Interviewed and evaluated potential employees. Mentored new hires.
• Presented findings to senior management level clients, absorbed feedback, and addresses any concerns.

Confidential, Arlington, VA

10/2007 Senior Security Consultant

Responsibilities:

• Designed and implemented comprehensive management solutions for Federal clients using Federal guidance, analysis, accepted standards, and best practices. · Created and presented project performance metrics for weekly, quarterly, and annual reporting and budgeting both internally and to clients.
• Acted as Operations Manager on a project which implemented a full information security management program dat raised teh client’s Federal security scorecard grade from a D- to an A+ over three years. · Task Lead and primary client point of contact on a project which determined and assigned security classification levels and prepared C&A packages for 100% (16) of a large Federal agency’s major IT Confidential using FIPS 199 guidance.
• Prepared business cases supporting a client’s IT investments (CPIC) and successfully demonstrated earned value in each investment. · Authored 25+ IT security policies and procedures for clients.

Confidential New York, NY

Account Executive Intern

Responsibilities:

• ISC2 Confidential Information System Security Professional ( Confidential )
• ISACA Confidential Information Confidential Auditor (CISA)
• Confidential Information Assessment Methodology ( Confidential ) certified
• Telecommunications engineering and protocols (TCP/IP model), Nessus, Nmap, and HP WebInspect, Cloud services administration (G-Suite, AWS, and Slack)
• Extensive knowledge of Federal information security guidance, including NIST (SP 800-30, SP 800-37, and SP 800-53), FIPS security publications, FISMA/FISCAM, OMB A-123, ISO 27001/2, HIPPA, SOX, FedRAMP, and teh CPIC process
• Twice nominated for Confidential, Inc. Project of teh Year
• Professional Affiliations: ISC2, ISACA, IEEE, IAPP, PMI