Qualifications

I have the adaptability to work as a team player or independently to progress vertically through any organization, while having the expertise to grasp technical nuances and effectively communicate. I have specialized experience which includes performing work in support of management analysis to evaluate and or improve the efficiency, effectiveness, and productivity of organizations. A professional with cyber security and IT audit experience with the proven ability to work and excel in highly stressful environments while still achieving positive results. I am very interested in learning new and advanced skills and abilities within the IT field.

Experience

Smartlink LLC, BMS Security Analyst 2014- Present

Analyze equipment documentation to verify port and service use to compare to

those detected in Nessus and Zen Map (Nmap GUI) scans.

Prepare Security Assessment Reports (SAR) from Security Checklists performed

against Building Management System (BMS) devices.

Verify security requirements using built in web page login, telnet and SSH using

Putty and HyperTerminal over Ethernet.

Construct pivot tables in Google Sheets (MS Excel equivalent) to present statistical

correlations between vendors, device types, and vulnerabilities.

Participate and support the audit team in preparing for recurring client status

meetings to report on progress, identify risk and mitigation strategies, and discuss

project plan of actions and milestones (POA&M).

Responsible for briefing and training new hires to get them acquainted with the

auditing process, and tools used to support the overall security assessment control

(SCA) process.

Identify and communicate system and application vulnerabilities to senior

management and clients.

Document status of device approval process and device security information

(e.g. IP address, device login password).

Performed security testing by analyzing outputs using Nessus vulnerability scanning

tool to validate applications and information systems security configurations and

compliance.

Conducted Nessus, Nmap, and WebInspect remediation’s for devices to ensure vendors

are in compliance with NIST SP 800-53 and client IT policies.

Research vendor provided documentations to check and assess security controls per

NIST SP 800 53A.

Perform full scope Risk Management processes to include Assessment and

Accreditation (A&A), FISMA Self-Assessments, Technical Assessments (vulnerability

analysis), Risk Assessments, and Continuous Monitoring.

Received and assemble devices for testing.

UNATEK INC., Information Security Analyst October 2012- April 2014

Develop, review and update Information Security System Policies, System Security Plans

(SSP), and Security baselines in accordance with NIST, FISMA, OMB App. III A-130,

NIST SP 800-18 and industry best security practices.

Conduct systems and network vulnerability scans in order to identify and remediate

potential anomalies.

Updated IT security policies, procedures, standards, and guidelines according to

department and federal requirements.

Performed risk assessments to developed/updated and review System Security Plans (SSP),

Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration

Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and

other tasks and specific security documentation.

Perform vulnerabilities scan with the aid of CIS-CAT, Retina, Nessus, NMAP and MBSA

Vulnerability Scanner to detect potential risks on a single or multiple assets across the

enterprise network.

Coordinate and manage team activities during assessment engagements.

Establish schedules and deadlines for assessment activities.

Monitor controls post authorization to ensure continuous compliance with the security

requirements.

Crest Consulting Group, Information Security Network Engineer 2010- 2012

Interpret policies, procedures, standards, guidelines and regulations for information systems, applications and networks to meet federal guidelines and requirements to include National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) (categorization of information systems and security control implementation).

Utilize National Institute of Standards and Technology (NIST) and Defense Information System Agency (DISA) configuration guidance to harden servers, operating systems and appropriate applications; create user groups and access controls to enforce least privileged rules. Responsible for a variety of systems running Windows 2008, Domain controllers, Member servers, and others.

Develop and review system plans, plan of actions and milestones, security control implementation, configuration management plans, contingency planning, incident response plans, information security policy, Rules of Behavior, vulnerability scans and other task specific security documentation (continuous monitoring).

Performs Security Testing and Evaluation (ST&E) with manual evaluation and the use of DOD approved vulnerability testing tools which includes vulnerability scans for vulnerability management (ACAS).

Provide organization SCAP results using DISA SCAP tools.

Regularly performs DISA STIGs and IAVM benchmarks implementation.

Analyze and remediate STIG and Nessus scan findings.

Skills

Well-developed organizational, coordination, and problem solving skills, as well as the ability to work under pressure and meet deadlines while working as a team or independently.

Effective verbal and written communication skills.

Proficiency in working with computers and information management systems such as: MS word, excel, outlook, PowerPoint, and access, Lotus Notes.

Strong attention to detail and thoroughness in work product.

Ability to type 40 wpm with 3 or fewer errors based on a 5- minute sample.

Knowledgeable of Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision).

Experienced in Security Controls for Federal Information Systems and NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems to process activities required in vulnerability identification, reporting, and remediation.

Familiar with implementing and supporting Splunk Enterprise.

Current clearance with equitable risk level as of January 2015.

Education and Certifications

Associates of Business Marketing, Southeastern University, September 2005- 2008

Cyber Security

CISSP- in progress

Additional references are available upon request.

References

1.Kunle Fadeyi

Director of Security; Crest Consulting Group

703-***-****

2.Kevin Hawkins

Deputy Project Manager; AJLK Consultants

301-***-****

3.Senai Simon

Supervisor; UNATEK INC.

(240) 418- 4468

Contact this candidate