DATRICE AFRIYE-OPOKU
**** ***** ***** *****, ******** Park, VA 20111 703-***-**** ( E-Mail:
***********@***.***
CYBER SECURITY ANALYST
Eager to contribute highly skilled knowledge of IT security best practices
and the ability to develop and monitor a program that will provide
oversight and protection of critical assets and resources
PROFESSIONAL PROFILE
( Seasoned IT security professional with comprehensive business/technical
skillset and expertise in evaluating the security posture of federal
IT systems
( Diligent and dedicated security analyst with successful results in
recommending cost-effective mitigation strategies
( Motivated achiever who guides organizations in accomplishing mandated
compliance of security policy objectives
AREAS OF EXPERTISE
IT Security Methodologies
( Risk Management Framework (RMF)
( System Development Life Cycle (SDLC)
( Process Improvement
( Independent Verification and Validation (IV&V)
( Certification and Accreditation (CA)
( Customer Support
Operating Systems/Environments:
( Windows XP, UNIX, IBM Mainframe
Software Applications:
( Microsoft Office (Word, Excel, PowerPoint, Access, Visio)
( SQL
( SharePoint
( FTP Client
( Crystal Reports 10&11
( Clear Quest
( Remedy
( eTrust Admin
( Entrust
( Qualiy Center
( TrustedAgent FISMA (TAF)
Education:
( BS, Information Security, Strayer University (In Progress)
Certifications:
( CISSP
( Security +
Clearances:
( Top Secret/SSBI, Nov 2007
PROFESSIONAL EXPERIENCE
SRA International, Inc., Fairfax, VA, December 2002 to Present
Cyber Security Analyst, April 2009-Present
Cyber Security Analyst supporting the Bureau of Engraving and Printing's
Certification and Accreditation (CA) process that will assist them in
getting their IT systems FISMA compliant. Responsible for developing C&A
package artifacts such as system security plans (SSPs), security
categorizations, privacy impact assessments (PIA), and contingency plans
(CP). Work with system owners (SO) and administrators to identify and
document the status of their systems and provide recommendations to get
their systems NIST 800-53 rev 3 compliant. Conducting system impact
analysis (SIA) on changes proposed for accredited systems and determining
if those changes pose any significant change that could possible threaten
the security posture of the system and its underlying general support
system (GSS). Additionally, responsible for revamping the bureau's
continuous monitoring program and assisting the various system owners in
keeping track of their semi-annual and annual requirements that will ensure
that their systems maintain their authority to operate (ATO) during re-
certification.
Cyber Security Analyst, March 2008-April 2009
Supporting C&A efforts for both Department of Homeland Security (DHS) and
United States Department of Agriculture Forest Service (USDA FS) by
assisting system owners' in determining system categorizations for their
systems, developing C&A artifacts such as the system security plan (SSP),
security requirements traceability matrix (SRTM), and risk assessment (RA)
that followed OMB and NIST requirements and guidance. These artifacts were
developed using DHS templates and uploaded into TrustedAgent FISMA (TAF).
In addition, I conducted independent verification and validation (IV&V)
using checklist developed by the USDA FS. Responsible in reviewing C&A
package artifacts and providing recommendations to correct weaknesses found
in the documents following guidance from NIST SP 800-37 Rev 1 and 800-53
Rev 2. In addition, developed a process flow and diagram that illustrated
in detail where major deficiencies and critical findings were in their
process, so that they could create more streamlined policies and procedures
that help correct these weaknesses and mitigate risk to an organization-
acceptable level. Moreover, I lead an effort to re-develop a C&A package
for a highly visible major application (MA) that faced rejection twice by
the US-CERT and ultimately received its authority to operate (ATO) and
named "the best package received by the USDA FS".
Test Engineer, July 2007-March 2008
I supported the corporate infrastructure by conducting functional testing
on all corporate applications and reporting findings to developers and
stakeholders. Duties included executing test cases via Mercury Quality
Center, crafting and revitalizing test cases, writing test reports,
reviewing defects, and coordinating test schedule dates with project teams.
Security Analyst/Crystal Report Developer, FDIC, February 2005 to July 2007
In the security analyst position, I was part of a PKI/Mainframe support
team for the Federal Deposit Insurance Corporation (FDIC). In this role, I
was responsible for being an administrator for the Entrust Registry
Authority, eTrust Administrator via Active Directory (AD), and Safeword
Console. I resolved internal and external digital certificate user issues,
administered dataset access and resource rules via ACF2, TSO/ISPF, and
CICS, and created modified and deleted ACF-2 user accounts. Moreover,
developed and revised standard operating procedures (SOPs), executed daily
UNIX jobs to audit system processes, participated in POA&M meetings and
various other client meetings to provide suggestions on ways to improve
system processes and procedures, and acted as a primary point of contact
(POC) to resolve issues relating to the EXTCM (External Certificate
Manager) application. This is a tool used to issue external digital
certificates. In addition, I was a crystal reports developer and was
responsible for developing and modifying various reports, updating and
creating access tables to cross-reference service-level agreement metrics,
and performed queries to analyze and cross-check report results via Remedy.
ISTAR Defects / Enhancements Manager, November 2003 to February 2005
The defects and enhancement manager position was to support the Energy Star
website via iSTAR. Duties included creating, monitoring, and testing
defects and enhancements submitted through Rational Clear Quest, running
weekly metric reports, participated in formal peer review, CCB, and
requirements gathering meetings to determine which resolved defect and
enhancements would go into which system release.
Technical Lead/Help Desk Specialist, August 2002 to November 2003
The Helpdesk Analyst position was to support National Practitioner Data
Bank and the Healthcare Integrity and Protection Data Bank support center.
This was an initiative sponsored through the Department of Health and Human
Services. Duties included providing support to approximately 1,400 weekly
end-user questions and request via phone and email in support of the
Integrated Query and Reporting System (IQRS), supported the installation
and maintenance of the Interface Control Document Transfer Program (ITP).
Executed reprints of practitioner self-queries via UNIX, analyzed and
resolved entity account issues such as re-queuing report verifications,
updating user account passwords and user IDs, unlock user accounts, track
errors in reports, and separated rejected document control numbers (DCNs)
in the batch to allow user's access to their completed DCNs via SQL.
Resolved third-party input and output files to detect errors. Analyzed and
resolved web connectivity problems. Received and reviewed submission files
sent for testing. Resolved printer issues relating to user request. Running
weekly reports via Interaction Client and Pivotal and running monthly and
quarterly metrics for the Internal Project Review (IPR) Slides.