SUMMARY HIGHLIGHT:

• With seven years of active duty Air Force experience as an Information Systems Technician, I have aligned myself to become technology savvy and customer driven with thanks to a number of challenging experiences and some remarkable supervisors.
• Major skills I offer to your organization include implementation of proper security measures, implementation and understanding of the six phases of the Risk Management Framework, technical understanding of the Windows operating system and applications, the ability to multitask by prioritizing and organizing work responsibilities, and being proactive as either a team member or supervisor.
• My professional experiences include managing Communications Security procedures and security controls for the Andrews Network Communications System, international technical support of the Confidential Operations Center, coordinator of the information technology department for a 183 - member special operations unit, and maintaining an organized inventory of user account paperwork and high-priced communication equipment over unclassified and classified networks.
• Performed comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems
• Develop and conduct ST&E (Security Test and Evaluation) according to National Institute of Standards and Technology (NIST) SP 800-53A and NIST SP 800-53R4
• Compiled data to complete Residual Risk Report and to insert contents into the POA&M
• Ability to multi-task, work independently and as part of a team
• Strong analytical and quantitative skills
• Effective interpersonal and verbal/written communication skills
• Security Life Cycle and Vulnerability Management, using Federal Information Security Management Act (FISMA) and applicable NIST standards
• Almost five years of experience in system security monitoring, auditing and evaluation, C&A and Risk Assessment of General Support Systems (GSS) and Major Applications (MA)
• Performed Certification and Accreditation documentation in compliance with company standards
• Developed, reviewed and evaluated System Security Plan based NIST Special Publications

TECHNICAL SKILLS:

Systems: Unix-Based Systems, Windows 9X/NT/2000/XP,

Networking: LANs, WANs, VPNs, Routers/Switches, Firewalls, TCP/IP

Software/Artifacts: MS Office (Word, Excel, PowerPoint, Access, Outlook), MS Project, FIPS 199, SORN, E-Authentication, PTA, PIA, RA, SSP, CP, CIPT, ST&E, SAR, POA&M, ATO, 800-53A, ISA, MOU

PROFESSIONAL EXPERIENCE:

Confidential, NC

Risk & Compliance Analyst

• Facilitate timely identification, communication and recommended resolutions of security risks within assigned systems
• Perform Contingency Plan Test and Training to ensure systems' recoverability as defined in IT systems security requirements
• Create remediation strategies for weaknesses based on priorities
• Granted over 200 unit members Unclassified network access as an Information Assurance Officer through account creation and guidance for proper use of the Unclassified network
• Granted over 100 unit members Classified network access as a Trusted Agent Administrator through account creation, formatting and assigning tokens, and guidance for proper use of Classified network
• Sustained and troubleshot all information technology equipment for 183 member unit, to include Desktops, Laptops, Toughbook’s, Defense switched network phones, printers, projectors, iPad, tablets, mobile phones, and all peripheral input/output devices; ensured full function of all hardware/software components
• Maintained inventory and hand receipts of every information technology equipment through Microsoft Excel; spreadsheets included member name, building and room number, equipment serial number, model, and any necessary noted information
• Authorized full access and rights for troubleshooting as an account administrator; operating system expert of Windows 7 and 8 for Dell and Hewlett Packard computers; analyzed computer and network needs to install proper solutions per computer classification; ensured all computers are fully functional and up to date
• Managed maintenance of proper information technology tools within communications work center; ensured all technicians have enough tools to complete job as needed within yearly budget allotted

Confidential

Communications Focal Point IT Specialist

• Provisioned user accounts as a secondary Information Assurance Officer using administrative rights; moved user accounts between base locations during transitional period; granted users access to SharePoint, mission necessary shared drives, as well as organizational and distribution email groups
• Focal and initial point of contact for all communication problems within the Air Operations Center
• Performed client-level information technology support functions, including installing, configuration, management, and troubleshooting for Air Force government computers, printers, fax machines, radios, and telephones
• Facilitated all incident management issues; monitored, reported and produced documentation for all communications happenings in the Air Operations Center, Republic of Korea
• Provided service to United States and Republic of Korea Air Force personnel in the Air Operations Center by creating and resolving trouble tickets, managing users computer accounts and keeping accounts up to date to maintain full operational status
• Conducted inventory of Classified government material to ensure they are properly secured

Confidential, MD

Information Security Analyst

• Assisted business units with understanding the risks associated with using a particular vendor and recommending solutions to reduce or eliminate risk
• Prepared written reports after the completion of the assessment
• Categorized systems based on SP 800-60 in order to select the appropriate NIST recommended control using SP 800-53
• Developed, reviewed and updated Information Security System Policies and System Security Plans (SSP) in accordance with NIST, FISMA and industry best security practices
• Performed Assessment and Authorization in compliance with FISMA/NIST Standards.
• Identified vulnerabilities, recommend corrective measures and ensure the adequacy of existing information security controls
• Reviewed and conducted audits to ensure information systems maintained the compliance baseline.
• Reviewed system-level documentation to ensure system security requirements, including SA&A is incorporated
• Participated in the development and/or review of System Security Plans (SSP)
• Liaised with ISSO to update POA&M and to ensure that all findings from the SAR are entered into the POA&M to be remediated
• Coordinated with appropriate personnel to run vulnerability scans on a regular basis and ensure timely remediation actions
• Reviewed, analyzed, and researched scan findings and coordinated remediation efforts in a timely fashion
• Liaised with audit team to investigate and respond to Financial and/or IG Audits
• Performed IT risk assessment and document the system security keys controls
• Implemented the NIST Cyber security risk based framework (FIPS and 800 series special practices); working with System and Data Owners to develop security artifacts (e.g., SSP, PIA, SRA, etc.)
• Performed Security Test and Evaluation (ST&E) - technical controls, document review, and management interviews
• Facilitated and participated in assessments and authorizations (certification & accreditation), compliance reviews, architecture reviews, trainings, plans of action & milestone resolutions, and reports on program status
• Assisted in risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs
• Liaised with Database administrators to provide fixes for vulnerabilities identified in systems
• Updated IT security policies, procedures, standards, and guidelines according to private and federal requirements
• Held Kick-Off meetings with System Owners prior to assessment engagements
• Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies
• Reviewed and revised the following Security Assessment and Authorization (SA&A) artifacts: FIPS 199, Security Test and Evaluations (ST&Es), Risk assessments (RAs), Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action and Milestones (POAMs)
• Conducted IT controls risk assessments with NIST 800-53A, including reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy and compliance with NIST standards
• Managed and coordinated Plan of Action and Milestone (POA&Ms) for DSS accredited approved classified systems

Confidential, MD

COMSEC Responsible Officer

• Secured Classified Communication Security (COMSEC) equipment as a Shift COMSEC Responsible Officer; received material issued by the base COMSEC manager and maintained order in updating requirements for safeguarding, controlling, and destroying COMSEC material when necessary
• Monitored daily work performance and ensured shift members were up to date with on-the-job training as a Shift Training Manager; deliberated on new development training with updates to training binders and assessments amongst other training managers during monthly meetings; evaluated recurring assessments
• Prepared weekly safety briefings as a Shift Safety Monitor; instilled Operational Risk Management (ORM) for 15 member shifts leading to zero mishaps during tenure
• Sustained, troubleshot and repaired standard voice, data, video network, and cryptographic client devices; fully trained up to 5 shift members
• Operated ground radio transmitting and receiving equipment to conduct point-to-point and ground-air-ground communications; successfully completed over 1,000 phone patches assisting Confidential and Navy Commissioned Officers in mission essential operations
• Performed administrative functions such as maintaining Classified codes, issuing Classified documents, and briefing air crew personnel on communications procedures

Confidential,  Rockville, MD

Technical Support (Contractor)

• Installed software and resolved technical issues
• Displayed courtesy and strong interpersonal skills with all customer interactions
• Resolved customer complaints and concerns with strong verbal and negotiation skills
• Resolved Remedy tickets on a daily basis
• Coordinated with other IT groups for remediation of complex issues