Information Security Systems
Resume:
BRUCE FORT IV
Cell: 301-***-**** adyzvo@r.postjobfree.com
CYBER SECURITY ANALYST PROJECT MANGEMENT LEADERSHIP
Senior Cybersecurity professional with experience in assessing information risk, reporting on and facilitating remediation of identified vulnerabilities for IT security and IT risk. Expert at security plans, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes. Adept at evaluating and articulating supplier information security requirements; review supplier evidence/answers to Third Party Evaluations and provide information security expertise and guidance to business owners to ensure appropriate understanding of information security risks. Assists in the selection, evaluation, and implementation of information system security infrastructure and strategic and operational planning. Expert-level knowledge of DoD tool eMASS, CSAM, Xacta and NIST publications. Strong ability to multi-task and work in high-volume, demanding environments, and experience working in metric-driven environments.
Clearance Level: Active DOD Secret
Areas of Expertise: Cybersecurity Risk Assessment, Risk Management Framework (RMF), Assessment and Authorization (A&A), Authority to Operate (ATO), National Institute of Standards and Technology (NIST) Cybersecurity Maturity Model (CMMC), IACS (Xacta), NIST, FedRAMP, FIPS, Jira, SIEM platforms
SUMMARY OF QUALIFICATIONS
Leadership:
Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
Manages software solutions by studying information needs; conferring with users; studying systems flow, data usage, and work processes; investigating problem areas; following the software development lifecycle
Lead or attend meetings with stakeholders to discuss statuses of efforts
PROFESSIONAL EXPERIENCE
Senior FISMA Security Analyst
02/2023-6/2023
Gridiron
Coordinated with project stakeholders, technical teams, the Information Systems Security Officer (ISSO), Information Systems Security Manager (ISSM) and other team members to define, implement and maintain an acceptable information systems security posture
Performed extensive analysis to validate established security requirements and recommended additional security requirements and safeguards.
Supported the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports
Coordinate across business lines to lead and support FISMA and Financial Audit Requirements
Translate operational requirements into technical requirements to meet program objectives and have the ability to assist in documenting those requirements
Reviewing and evaluating information technology software, hardware and networks and the overall cyber security posture of information technology systems
Recommending security improvements based on advances in industry or in response to threat intelligence.
Maintain cybersecurity compliance, implement steps to mitigate threats and understand reporting requirements
Provide continuous monitoring security expertise to business units and key stakeholders
Provide timely status updates/reporting on assessments and assigned projects
Create and deliver end user-related briefings and training and policy and/or compliance updates
SENIOR SECURITY ANALYST 02/2021-02/2023
SAP NS2
Develops security assessment plans for systems, including the objectives, scope, schedule, required documentation, possible risks, and other logistical items for security assessments; develops cloud service provider testing approach from security perspective. Coordinate and/or plan, implement, and monitor security measures for information systems and infrastructure to regulate access to computer configuration and data files and to prevent unauthorized modification, destruction, or disclosure of information.
•Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy
•Manages the continuous protection of systems and information assets by contributing to or leading teams in the execution and implementation of information security defense improvements involving architecture, processes, tools and automation
•Assists in establishing, reviewing and maintaining security related policies, plans, processes and procedures to contribute toward the protection of critical business functions from disruption due to system failure or unavailability and to ensure enterprise applications have appropriate protections in place
•Use data collected from a variety of cyber defense tools (e.g., Vulnerability scanning, IDS alerts, firewalls, network traffic logs) to analyze the security posture of information systems
•Perform oversight of 3rd party risks and controls documented in Risk and Control Self-Assessments through execution of periodic assessments and quality assurance reviews
•Assist in the implementation of the required government policy (i.e. RMF, FedRAMP, CMMC, NIST), make recommendations on process tailoring, participate in and document process activities
•Actively participate in developing security governance framework materials (policies, controls, standards) to drive consistent security risk treatment across the enterprise
•Develops and implements security strategies appropriate to application tier and user needs. Working with system administrators and vendors, analyze, recommend, plan and provision appropriate types of security technology to meet requirements
•Assist with adherence to vendor management, risk, and information security policies, standards, and procedures
•Document and address organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle
•Identify, evaluate, mitigate, and minimize risks associated with IT systems, documented network requirements (Whitelisting), documented team tasks and implementation, authored policies and POA&Ms
•Develop, interpret, plan, and apply policy, process, procedure, and strategy in delivery of multi-discipline IT Networking services required to achieve data and system integration/interoperability for assigned systems and applications
SECURITY COMPLIANCE ANALYST (COMPLIANCE AND OVERSIGHT) 10/2017-12/2020
KNIGHT POINT SYSTEMS
Planned, managed, and provided guidance pertaining to IT Security architecture to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation). Involved in diverse projects simultaneously, several of which may have had equally high priority. Developed periodic reporting on 3rd party management risk-based metrics and effectiveness of third-party management practices and controls.
•Liaised with relevant IT divisions to conduct regular security risk assessments on IT systems, ensuring compliance with NIST Risk Management Framework and related Authorization to Operate (ATO) requirements
•Provided consultative support and collaborate with business partners and 3rd party management stakeholders to identify enhancement opportunities to strengthen 3rd party management processes and controls
•Reviewed authorization and assurance documents to confirm that the level of risk is within acceptable limits for each application, system, and network
•Supported project implementation by supplying technical security consultation and implementing technology as needed.
•Coordinated IT security remediation activities (remediation solutions and strategy, ticket creation, item remediation logging, follow up, etc.) to address reported/discovered vulnerabilities
•Categorized information systems, select appropriate security controls based on system categorization, tailor security controls, assess security controls, draft POA&Ms, and develop ATO packages using NIST Risk Management Framework cycle
•Performed system monitoring and analysis support for the detection of cyber incidents and provides recommendations on how to correct findings
•Assisted in conducting basic audits to ensure information systems security policies and procedures are being implemented as defined in security plans and best practices
•Used vendor descriptions, technical documents and or hands-on evaluation of applications or demos to evaluate security controls and worked with Subject Matter Experts (SMEs), developers, network engineers and network support personnel to obtain additional information required for adequate analysis.
•Performs application/infrastructure risk assessments, security reviews, threat modeling, track risks with risk registers, and performs vulnerability management
•Planned, managed, and provided guidance pertaining to IT Security architecture to include all phases of computer security (i.e., hardware, software, and telecommunications equipment, installation and evaluation
SECURITY CONTROL ASSESSOR 01/2017-10/2017
FORTITUDE SYSTEMS
Conducted verification and validation of security policy compliance based on NIST and Organizational defined policies. Utilize technical expertise of computer security theories, principles, practices, and functional tools for a broad range of computer security related areas, including certification and accreditation of government information and telecommunications systems, IT disaster recovery and business continuity planning, and risk management for the Department of Homeland Security’s IT systems.
•Performed analysis of design specifications, design documentation, configuration practices and procedures, and operational practices and procedures
•Provided identification of noncompliance of security requirements and mitigations to requirements that are not in compliance.
•Validated the security requirements of the information system. Verified and validated that system met DHS and NIST security requirements
•Conducted vulnerability assessment of the system and coordinated penetration testing, and provided a comprehensive verification and validation report (certification report) for the information system
•Created information system assessment documentation such as Security Assessment Plans, Security Assessment Reports and input documentation into vulnerability assessment tool Xacta
•Reviewed and interpreted Tenable Nessus Vulnerability and Compliance scans, WebInspect scans, and dbProtect scans
•Produced evidence as necessary to support compliance status of NIST, DoD, and DHA security requirements
INFORMATION SECURITY ANALYST 05/0214-12/2016
HEWLETT- PACKERD
Implemented security control for Information Systems based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199 and ensure compliance with federal and state regulations. Performed vulnerability and baseline scans with analysis, documenting the findings and providing recommendations for future planning to senior leadership.
•Conducted security assessment interviews and developed a security test and evaluation questionnaire to ensure and maintain the company’s authorization to operate, and for security plans, and system categorizations.
•Collaborated with administrators to resolve plan of action and milestones (POA&M) by gathering of artifacts, creating mitigation and residual risk memos, and implementing corrective action plans
•Utilized and updated the cyber security management system with reviews and remediation on POAMs
•Mitigated risks in accordance with the monitoring plan and ensured continuous compliance with all controls and procedures.
INFORMATION SECURITY/ COMPLIANCE ANALYST 01/2013-05/2014
CREST CONSULTING
Monitored security posture of the system and supported the Information Assurance team in risk assessment, vulnerability testing, and security control assessments.
•Compiled and prepared all documentation including security plans, plan of action, and milestone reporting for senior leadership approval and sign off
•Worked with system owner to develop and perform periodic testing of contingency and disaster recovery plan
•including the monitoring of controls post authorization to ensure the effectiveness of plans and security requirements.
•Analyzed technical and non-technical security risks of computer and network systems via network scans,
•interviews, documentation review, and walk-throughs of both new and existing federal information systems for FISMA compliance adherence.
IT/ HELP DESK TECHNICIAN 07/2009-01/2013
COASTAL SECURITY
Serviced customers internally and externally, providing support and resolving issues and complaints, with exceptional open communication and active listening. Manage a wide range of IT, visual information principles and systems analysis concepts and techniques, including new and emerging IT and security methods and principles.
•Delegated activities and tasks to support group, ensuring client concerns were resolved promptly and updates sent to clients on estimated completion dates
•Managed a wide range of IT, visual information principles and systems analysis concepts and techniques, including new and emerging IT and security methods and principles
•Provided software support for users, including basic to advanced software operations and assistance with general use of software, computers, and peripherals
•Created and executed test scenarios, conditions, and scripts, including documentation of results and logging of
•defects and potential options for defect fixes
•Ensured seamless user experiences by supporting and guiding resolutions with customers experiencing network connectivity issues
EDUCATION & CERTIFICATIONS
BACHELORS OF SCIENCE IN BUSINESS MARKETING
VIRGINIA STATE UNIVERSITY
Certified Governance RISK and Compliance (CGRC), ITIL V3, Security+ Training (CompTIA) Certified Information Security Manager (CISM) training
Contact this candidate