SUMMARY

• Well - rounded IT Security Professional, with deep knowledge in DoD RMF, Assessment and Authorization (A&A), Vulnerability Assessment and Risk Management in compliance to FISMA, using applicable NIST SP 800 Series and FIPS Standards, to maintain the Confidentiality, Integrity and Availability (CIA) of Information, and Information Systems.
• Lead Continuous Monitoring Review Checklist for Cloud Service Providers, CSP. Provide subject matter expertise on patch and vulnerability management including leveraging best in class tools for scanning and testing.

TECHNICAL SKILLS

• Information Security
• Information Systems
• Information Assurance
• Network Security
• Teamwork / Collaboration
• Intrusion Detection
• SDLC
• Leadership
• Agile
• Scrum
• Project Management
• Risk Management
• Security Awareness
• Vulnerability Screening
• System Monitoring
• Regulatory Compliance
• Threat Modeling
• Verbal and Communication
• MS Office
• Tenable Nessus
• Nmap
• OWASP ZAP
• WebInspect
• Burp Suite
• Industrial Defender
• Imperva Scuba
• NIST 800 Series
• FIPS 199
• FIPS 200 eMASS
• POA&M Mgt
• SAR.
• SSP
• PCM Ticketing
• CSAM
• STIG
• NIST Standards
• FedRAMP Compliance.

PROFESSIONAL EXPERIENCE

Confidential, Hollywood, MD

Information Assurance Analyst/Navy Qualified Validator

Responsibilities:

• Providing support to Navy programs to develop and conduct Assessment & Authorization (A&A) and Life Cycle Management documentation of systems and/or networks.
• Assist with the development and maintenance of all necessary A&A documents for achieving either PIT Risk Approvals (PRA) or Authority to Operate (ATO).
• Provide coordination, tracking, and management through all aspects of the A&A process for the PM for the purpose of bringing Systems into compliance with applicable laws, orders, directives, and instructions.
• Ensure and maintain IAVA and STIG compliance and review all change requirements of the systems.
• Perform assessments of new technologies being implemented at the various stages of the Systems Engineering Lifecycle.
• Evaluate and review proposed architectures, and designs within the current and future system design. Determine how to correctly remediate and mitigate system vulnerabilities. An automation-focused approach should be used when remediating systems.
• Review, prepare, and update Navy authorization packages
• Advise the Program Manager and other program stakeholders regarding cybersecurity matters, including change control, Information Assurance Vulnerability Management (IAVM), and DoD, DoN, and NAWCTSD policy
• Notify customer when changes occur that might affect authorization
• Perform security self-assessment, using the DISA Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP) and the Assured Compliance Assessment Solution (ACAS)
• Perform Independent Assessments as a Navy Qualified Validator (NQV), including developing the Security Assessment Plan (SAP), validating the program Self-Assessment, using the above-mentioned tools, and completing the Security Assessment Report (SAR)Develop system-level policy documentation to address NIST control requirements
• Develop system-level policy documentation to address NIST control requirements

Confidential, Mechanicsburg, PA

Solution Consultant

Responsibilities:

• Work with System Owners to Categorize Systems using FIPS 199, and identify the systems’ Information Types, using NIST SP Vol. 1&2.
• Take part in Selecting a set of Applicable Baseline Security Controls, from NIST SP Rev4, based on systems’ Categorization, and the minimum requirements of FIPS 200, and document the selected controls in the SSP.
• Work with Assessors and ISO to close Plan of Actions and Milestone (POA&M) entries.
• Analyze vulnerability scans of information systems and assist in remediation tasks.
• Assist assessors complete the A&A process and to put together Authorization Packages (SSP, POA&M, and SAR) to be submitted to the Authorizing Official, for an ATO, in compliance with FISMA.
• Provide oversight and support continuous monitoring of selected security controls, through periodic testing and assessments of controls, using NIST SP, as guide.
• Conduct monthly vulnerability scanning on systems, as part of Organization’s Continuous Monitoring Strategy scanning tools.
• Analyze results and update the SSP, POA&M and other documents as needed. Contribute to team efforts in relations to other tasks.
• Develop Assessment and Authorization documentation (SSP, SAR, POA&M) needed to validate the TEMPeffectiveness of the system’s security requirements, in accordance with the Risk Management Framework (RMF), and in compliance with FISMA.
• Excellent customer service and organizational skills.

Confidential, Greenbelt, MD

Vulnerability Management Analyst

Responsibilities:

• Analyze vulnerability information, take ownership of the vulnerability management process and present progress to cross-functional stakeholders and Sr. leadership to ensure the awareness of and ongoing success of the vulnerability reporting and management programs.
• Provide subject matter expertise on patch and vulnerability management including leveraging best in class tools and partners for scanning and testing.
• Assist with the interpretation of the vulnerability scan reports, particularly threats that has been discovered that are of enough severity to fail the scan based on PCI standards.
• Assess vulnerabilities identified in the scan reports and penetration reports to determine and rank risks.
• Monitor patch rotation cycle to ensure critical security patches are deployed.
• Maintain an understanding of information security threats and possible impacts to the enterprise.
• Work closely with other members of the information security and compliance organization in a collaborative and goal-oriented manner.
• Conduct vulnerability management processes, documentation, and improvements as required.
• Analyze vulnerability scans of information systems and assist in remediation tasks.

Confidential, Oklahoma City, OK

Department Manager / Supervisor

Responsibilities:

• Provides supervision and development opportunities for associates by training, mentoring, assigning duties, providing recognition, and assuring diversity awareness.
• Creating action plan to resolve instances of non-compliance, conducting observations and process training programs.
• Coordinates, completes, and oversees job-related activities and assignments by developing and maintaining relationships, supporting plans and meet customer business needs.
• Ensures compliance with company policies and procedures and supports company mission, values and standards of ethics and integrity by implementing related action plans, open door policy and providing direction and guidance on applying these in executing processes and practices.

Confidential, Oklahoma City, OK

Air Transportation Journeyman

Responsibilities:

• Perform anti-hijacking inspection.
• Worked with the security teams in collating data base on issues reports on ticket to update the security policies.
• Perform work with short deadlines and be able to handle sensitive, personal matters requiring discretion and confidentiality.
• Identify characteristics of terminal security equipment.
• Maintains and apply security updates on end-user’s computer.
• Verify passenger eligibility, process passengers and brief passengers on flight information.
• Helps with computer operations, including but not limited to, running mainframe jobs and printing.
• Operate X-ray machine, walk-through metal detection, and hand-held magnetometer.

Confidential, Douala, Cameroon

Scrum Master / Agile Project Manager

Responsibilities:

• Schedule and facilitate all project meetings, identify project team and responsibilities, and serve as a single point of contact for projects.
• Communicate project objectives and scope, oversee development, testing, and implementation.
• Partner with product management team to TEMPeffectively manage the product backlog and ensure the company has a shared understanding of priorities.
• Facilitate Scrum events such as stand-ups, walkthroughs, demos, and retrospectives.
• Support the team in removing impediments or coaching them to remove impediments themselves.
• Support and partner with Product Owners, especially with respect to refining and maintaining the product backlog.
• Responsible to remove impediments by working across teams and departments to remove road blockers.
• Arrange daily stand-up meetings, facilitate, and schedule team meetings, demos, and sprint planning and retrospectives.