Edward Anagho

ISS*/ISSA

ad07oo@r.postjobfree.com Cell : 240-***-****

Talented, results-driven Information Security Professional with versatile, cross-platform experience with 7 years achievement in Infosec. I possess complete knowledge of System development life cycle. Experience in Risk Management Framework (RMF) implementation, Federal Information System Management Act (FISMA), Certification and Accreditation (C&A) processes, Assessment and Authorization (A&A), Ongoing Authorization (OA) control testing, systems/network architecture, and security. Experienced in hardware, software, security technologies, analyzing network security deficiencies and violations, performing risk assessments, audits, vulnerability assessments, and vulnerability management. Delivered solutions, implemented management, operational, technical, and physical controls. Established security management, protection of assets, and compliance.

Demonstrated organizational and interpersonal skills working across departmental boundaries while maintaining strong communications and disseminating information from technical to comprehensible language to management, peers, and users. Performed as a highly motivated, goal-oriented team player with ability to work on projects alone.

TECHNICAL PROFICIENCIES:

NIST 800-37

NIST SP 800-60 FIPS 199

NIST SP 800-53 FIPS 200

NIST 800-18

NIST SP-800-53A

NIST 800-30

NIST 800-34

NIST SP 800-137

C&A/SCA PROCESS

RMF PROCESS

FIPS 199

E-Auth. Assessment

PTA/IPR

PIA

SYSTEM COMPOENTS

BIA

ISCP

ISCPT

SSP

IRP

IRPT

SAP

RTM

SAR

OATO

ATO

POA&M

NESSUS Scan REPORT

FedRAMP

CSAM/TAF/Xacta/CFACTS

User Authentication

Audit Request

RFC / ECAB

Nessus Scan

SDLC

LANs, WANs, VPNs, Routers, Firewalls

MS Office (Word, Excel, Outlook, Access, PowerPoint)

Splunk

Certification:

Comptia Security +

PROFESSIONAL EXPERIENCE

Confidential, Washington DC

March 2017 - Present

Information System Security Officer (ISSO)

Responsibilities:

Providing information security expertise in support of Office of Chief Information Officer (OCIO).

• Establish schedule to drive ISSO activities & requirements from RMF Step 1-6.

• Ensure system categorization for information security requirements (i.e., management, operational, & technical controls), for information & information system is correct (FIPS-199 Form used as well).

• Create criteria questions about the system being assessed to determine if requirements are applicable & to tailor control statements.

• In coordination with the SO, select security controls and identify common controls.

• Document system-level continuous monitoring plan (Controls that will change with changes to the boundary).

• Ensure policies & procedures are in place for all controls, and review them annually.

• Document control status & implementation statements in IACS (XACTA).

• Collect & review Equipment, Hardware, & Software Inventory (including Ports, Protocols, Services Network Diagram, and system users).

• Document & complete Annual Contingency Plan.

• Schedule, conduct, & document Contingency Plan Test.

• Update SSP in IACS by entering in all information in the required fields, & record assessment results.

• Perform self-assessment (control testing).

• Request & analyze WebInspect & DbProtect scan results.

• Review & acknowledge Information Security Vulnerability Management (ISVM) alerts in CDMT (Continuous Diagnostics and Management Tool).

• Create & track POA&M remediation.

• Create Remediation Plan to document corrective action plan for tracking & planning the resolution of information security weaknesses.

• Review audits logs as provided by Splunk for suspicious activities.

• In Coordination with the Security Authorization Manager, complete & submit the ATO package to the management.

Information System Security Officer

Altruist Consult, LLC Rockville, MD

April 2015 to March 2017

Responsibilities:

Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37.

Participates in the development and maintenance of system security plans and contingency plans for all systems under their responsibility.

Planned, System Security Checklists, Privacy Impact Assessments, POA&M, and Authority to Operate (ATO) letters.

Develop Plan of Action and Milestones (POA&M) for identified vulnerabilities and ensure compliance through monthly updates.

Maintain inventory of all information Security System assigned.

Develop a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), Security Assessment Report (SAR), Contingency Plan (CP) and POA&M for review and approval for Authorization Official

Monitor and conduct Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP and NIST SP 800-53 Rev 4

EDUCATION :

Bachelor’s Degree

REFERRENCES: Upon Request

WORK AUTHORIZATION

U.S CITIZEN

Contact this candidate