GIFTY D. PARRY

*** ****** ****** ***** ***********, md 21158

Phone:410-***-**** Email: ad1e03@r.postjobfree.com

Professional Summary:

An Information security Analyst with Detailed knowledge of security tools, technologies, and best practices with more emphasis on FISMA/NIST. Over 7yrs of experience in system security monitoring, auditing and evaluation, Security assessment & authorization (SA&A) and Risk Assessment of GSS (General Support Systems) and MA (Major Applications).

AREAS OF EXPERTISE

Perform Security Assessment & Authorization in compliance with company standards

Develop, review, and evaluate System Security Plan based NIST Special Publications

Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems

Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A and NIST SP 800-53R4

In depth knowledge of system security Frameworks

Compile data to complete Residual Risk Report and to insert contents into the POA&M

Ability to multi-task, work independently and as part of a team

Strong analytical, quantitative skills and effective interpersonal and verbal/written communication skills.

Education and Certifications:

Networking and Cyber Security - (University of Maryland Global Campus) 2018 - Present

Licensed Practical Nurse – (2009) American institute of Health

Hartford Community College – (2006)

Howard Community College – (2002-2006) Transcript

Ghana-Lebanon Secretariat – (1986-1988) Diploma

CASP (CompTIA Advanced security Practitioner)

CISA (Certified Information Systems Auditor)

Security+

SIEM TECHNOLOGIES & Tools

Nessus

Splunk

Core Skills:

Performed comprehensive assessments and wrote reviews of management, operational and technical security controls for audited applications and information systems

Used checkpoint Firewall Analyzer to access predefined Checkpoint firewall reports that help with analyzing bandwidth usage and understanding security and network activities.

Analyze reports and archive logs from Check Point Firewalls.

Develop and execute Cloud (AWS) Information Security strategy to proactively identify risk and drive remediation

Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the AWS cloud operating model

Participates in Incident Response activities in coordination with other teams as necessary, Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details

Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4

Over 5 years of experience in system security monitoring, auditing and evaluation, C&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications)

Performed Certification and Accreditation documentation in compliance with company standards

Developed, reviewed and evaluated System Security Plans based on NIST Special Publications

Compiled data to complete Residual Risk Report and to insert contents into POA&Ms

Security Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards

PROFESSIONAL EXPERIENCE:

ISSO (Information System Security Officer)

AGO Worldwide Consulting. Severn, MD 08/2018– Present

Provide responses to data calls and all audit requests by due dates and Maintain tracking reports and central repository of data call artefact’s

Prepare and document System's ATO Brief for submission to Authorizing Official (AO) for his adjudication to grant ATO to a new system or for the existing system to continue operation

Schedule, track and manage the monthly and quarterly POA&M review process. Coordinates meetings and tasking with System Owners (SOs), Information System Security Officers (ISSOs) and support remediation of opened POA&M items

Review Information System Security Policies and Procedures, System Security Plans (SSPs), and Security baselines in accordance with NIST, FISMA, OMB App III A-130, and industry best security practices

Assess Security Controls through document review, interview, and test procedures to ensure compliance with FISMA, and NIST SP 800-53A Rev 1

Conducting in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines.

Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc.

Review and validate vulnerability scan results at the operating system (OS) and application level and work with stake holders to architect and implement mitigations.

Monitor and analyze Security Information and Event Management (SIEM) alerts to identify security issues for remediation and investigate events and incidents.

Using wide variety of tools such as Splunk, Cisco Firepower, Symantec, Checkpoint Endpoint Security, etc. to identify, prioritize, and manage potential security incidents

Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).

Create and update the Security Assessment Report (SAR) in compliance with NIST and FISMA regulation.

Assist in the coordination and implementation of major detection enhancements to SOC analytics.

Provide security management, process engineering and operations management to a Security Operations Centre.

Security Control Assessor 10/2015 - 09/2018

H.M CPA LLC, Hartford CT

Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.

Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.

Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination and testing.

Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.

Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool.

(CSAM) Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.

Develop documentation [FIPs 199, FIPs 200, PTA, PIA, e-authentication on new or existing systems.

Provide system/equipment/specialized training and technical guidance.

Serve as liaison with clients, participating in meetings to ensure client needs are met.

Independently research and collaborate with teams to develop knowledge regarding the environment.

take on lead roles within the team and effectively train team members based on inherent knowledge.

Contact this candidate