- I have the adaptability to work as a team player or independently to progress vertically through any organization, while having the expertise to grasp technical nuances and effectively communicate.
- I have specialized experience which includes performing work in support of management analysis to evaluate and or improve the efficiency, effectiveness, and productivity of organizations.
- I am a professional with cyber security and IT audit experience with proven abilities to work and excel in highly stressful environments while still achieving positive results by:
- Prepared diagrams, charts, and graphs using Excel and Google Sheets to report information to end users.
- Analytical and solutions - oriented Manager with a successful career leading cross-functional teams to meet milestones and solutions for operation projects.
- Highly skilled in building strong relationships with business partners and communicating effectively across all organizational levels.
- Planning projects to meet quality, scope, and schedule milestone deliverables for process management.
- Develops and constructs departmental reports and presentations to support infrastructure workflow processes, ensures SLAs are met and all processes are followed.
- Conduct and schedule regular vulnerability assessment scans, monitoring and log analysis.
- Used Confidential 199 as standard guide to categorize security controls.
- Worked independently and as a team to make remediation on information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS).
- I am very interested in learning new and advanced skills and abilities within the ever evolving IT field.
- Well-developed organizational, coordination, and problem solving skills, as well as the ability to work under pressure and meet deadlines while working as a team or independently.
- Effective verbal and written communication skills.
- Proficiency in working with computers and information management systems such as: MS word, excel, outlook, PowerPoint, and access, Lotus Notes.
- Strong attention to detail and thoroughness in work product.
- Ability to type 40 wpm with 3 or fewer errors based on a 5- minute sample.
- Knowledgeable of Risk Management Framework (RMF) as defined by National Institute of Technology ( Confidential ) Special Publication (SP) (current revision).
- Experienced in Security Controls for Federal Information Systems and Confidential SP A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems to process activities required in vulnerability identification, reporting, and remediation.
- Familiar with implementing and supporting Splunk Enterprise.
- Current clearance with equitable risk level as of January 2015. I have both Confidential and Public Trust Clearances.
Information Assurance Specialist
- Collaborate with customers to integrate Confidential IA requirements into their projects in a cost effective and sustainable manner.
- Provides support for implementation, troubleshooting and maintenance of IT systems.
- Draft system security plans and other artifacts to satisfy and accreditation requirements.
- Conducts periodic reviews to ensure compliance with established policies and procedures via Media Lab software.
- Ensuring all software, hardware and firmware changes are recorded as required by established configuration management procedures.
- Ensuring systems are operated, maintained and disposed of in accordance with applicable federal security policies and procedures.
- Report to the supervisor periodically on team and individual work s, problems, progress in mastering tasks and work processes, and individual and team needs.
- Attend onsite/offsite meetings to include teleconferences (travel may be required).
- Assist management with producing formal and informal reports, briefings, and input to the customer regarding security and functionality requirements, system architecture, security designs, policies and procedures.
BMS Security Analyst
- Analyze equipment documentation to verify port and service use to compare to those detected in Nessus and Zen Map (Nmap GUI) scans.
- Prepare Security Assessment Reports (SAR) from Security Checklists performed against Building Management System (BMS) devices.
- Verify security requirements using built in web page login, telnet and SSH using Putty and HyperTerminal over Ethernet.
- Construct pivot tables in Google Sheets (MS Excel equivalent) to present statistical correlations between vendors, device types, and vulnerabilities.
- Participate and support the audit team in preparing for recurring client status meetings to report on progress, identify risk and mitigation strategies, and discuss project plan of actions and milestones (POA&M).
- Responsible for briefing and new hires to get them acquainted with the auditing process and tools used to support the overall security assessment control (SCA) process.
- Identify and communicate system and application vulnerabilities to senior management and clients.
- Document status of device approval process and device security information (E.g. IP address, device login password).
- Performed security testing by analyzing outputs using Nessus vulnerability scanning tool to validate applications and information systems security configurations and compliance.
- Conducted Nessus, Nmap, and Web Inspect remediation’s for devices to ensure vendors are in compliance with Confidential SP and client IT policies.
- Research vendor provided documentations to check and assess security controls per Confidential SP A.
- Perform full scope Risk Management processes to include Assessment and Accreditation (A&A), Confidential Self-Assessments, Technical Assessments (vulnerability analysis), Risk Assessments, and Continuous Monitoring.
- Received and assemble devices for testing.
Information Security Analyst
- Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with Confidential, Confidential, OMB App. III A-130,
- Confidential SP and industry best security practices.
- Conduct systems and network vulnerability scans in order to identify and remediate potential anomalies.
- Updated IT security policies, procedures, standards, and guidelines according to department and federal requirements.
- Performed risk assessments to developed/updated and review System Security Plans (SSP),
- Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration
- Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and ther tasks and specific security documentation.
- Perform vulnerabilities scan with the aid of CIS-CAT, Retina, Nessus, NMAP and MBSA
- Vulnerability Scanner to detect potential risks on a single or multiple assets across the enterprise network.
- Coordinate and manage team activities during assessment engagements.
- Establish schedules and deadlines for assessment activities.
- Monitor controls post authorization to ensure continuous compliance with the security requirements.
Information Security Network Engineer
- Interpret policies, procedures, standards, guidelines and regulations for information systems, applications and networks to meet federal guidelines and requirements to include National Institute of Standards and Technology ( Confidential ) and Federal Information Security Management Act ( Confidential ) (categorization of information systems and security control implementation).
- Utilize National Institute of Standards and Technology ( Confidential ) and Defense Information System Agency ( Confidential ) configuration guidance to harden servers, operating systems and appropriate applications; create user groups and access controls to enforce least privileged rules. Responsible for a variety of systems running Windows 2008, Domain controllers, Member servers, and others.
- Develop and review system plans, plan of actions and milestones, security control implementation, configuration management plans, contingency planning, incident response plans, information security policy, Rules of Behavior, vulnerability scans and other task specific security documentation (continuous monitoring).
- Provide organization SCAP results using Confidential SCAP tools.
- Regularly performs Confidential STIGs and IAVM benchmarks implementation.
- Analyze and remediate STIG and Nessus scan findings.