- An extremely focused IT Professional with 5+ years of working experience as an Information System Security Officer. Over the years, I have been able to develop exceptionally strong interpersonal and client relationship combined with strong analytical skills with various clients. Wide experience in assisting multiple Federal Agencies in developing and stabilizing their security Program following NIST 800 series Standards and Guidelines .
Confidential, Lorton, VA
INFORMATION SYSTEM SECURITY OFFICER
- Work with a team of Information System Owners, Developers and System Engineers to select and Implement tailored security controls.
- Reviewed, updated and developed required Plan of Action and Milestones ( POA&Ms ).
- Experience developing and updating system categorization levels using FIPS 199/NIST 800 - 60, selecting the controls using NIST 800-53/FIPS 200, implementing controls and developing SSP and other key deliverable documents.
- Review system vulnerability scans and work with system administrators to remediate findings and document non-remediated findings in the POA&M .
- Interview System Administrators to assist in generating custom reports and/or artifacts in support of the A&A process.
- Reviews and update A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication, Contingency Plan ( CP), Contingency Plan Test ( CPT ), Privacy Threshold Analysis ( PTA ) and Privacy Impact Assessment ( PIA ).
Confidential, Miramar, FL
information security analyst
- Conduct interviews with key client stakeholders to evaluate the current information security practices.
- Support information security governance, risk and compliance activities aligned with the NIST Risk Management Framework (RMF) Designate systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60.
- Conduct walkthroughs to identify threats and vulnerabilities.
- Evaluate Management, Operational, and Technical security policies and procedures.
- Monitor controls post-authorization to ensure continuous compliance with security requirement.
- Analyze and updated System Security Plan (SSP), Privacy Impact Assessment (PIA), and the Plan of Actions and Milestones (POA&M).
- Assist System Owners and ISSO in preparing certification and Accreditation package for companies’ IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.
- Assist system owner for all continuous monitoring (configuration management change control) activities.
Confidential, McDonough, GA
Oracle Database Administrator
- Performed database performance tuning using AWR and ADDM reports.
- Used SQL Tuning advisor and Segment advisor
- Applied latest CPU patches and resolved various bug patches
- Performed 24/7 database support of all Oracle databases, ensured compliance with Oracle license agreement, providing support for both Oracle in a Sun Solaris (UNIX) Enterprise Server environment.
- Administered oracle backup with RMAN for full database backup and incremental backup.
- RMAN scripting for full database restore/recovery, point-in-time recovery, and automated backup and notification.
- Performed general technical troubleshooting and supported developers in tuning DB and apps for optimal performance.
- Monitored space usage and adjust database parameters as needed.
- Monitored backup operations and schedules manual backups as needed.
- Worked with system administrators to configure the system for optimal performance.
- Network & System Security Plan
- Risk Management
- Authentication and Access Control
- Vulnerability Assessment
- System Monitoring & Regulatory Compliance
- Requirements Traceability (RTM)
- Nessus Vulnerability Scanner (SC5)
- Microsoft Office
- Access Windows Server
- SharePoint and VMware