Security Professional Experience
Resume:
Ghislain Nchotu
A highly motivated IT Security professional with over 7years of experience providing IT services to business professionals and consumers from diverse business arenas while maintaining organizational Service Level Agreement. Seeking a position that will allow me to gain the necessary experience and grow as a key player in the development of an organization.
Core Strength:
Customer service oriented, able to manage quality control and provide quality service
Outstanding communication and interpersonal skills
Analytical thinker with strong problem solving and conflict resolution skills
Possess excellent time management skills and ability to work in a team environment
Record management and document control
Technical Summary:
Hardware/systems; PC – installation, application, configuration, repair, troubleshooting, and optimization; Windows 7-8, Window 10, Unix, Microsoft Windows Server 2008-2016, VMware Mirage, Active Directory, ESET Endpoint Antivirus, Altiris, Web Inspect, Symantec PCAnywhere, System Center Configuration Manager, Global Protect VPN, Remote Desktop Connection, Nmap, Cisco NAC/ISE, BMC Remedy, Microsoft Office 2003 -2016, Microsoft Outlook 365, Service-Now, Nimsoft, Nessus, SolarWinds, Barracuda Email Security, Mainframe, PeopleSoft, Oracle 11i, SQL Server, Cisco IDS, Linux, FedRAMP, AppDetective, AIX, NIST-800-37, 53, 53Ar4, 60 Volumes 1&2, 137, 30, 18, 34, 92,60, FIPS 199/200, FISMA, PCI, HIPAA, OMB A-130, SOX, DIACAP, ZenApps, Palo Alto Networks, Bomgar
Professional Experience: Security Engineering & Operations Annapolis, MD
MD - Administrative Office of the Courts (AOC) May 2014 – present
Develop Assessment & Authorization (formerly known as Certification and Accreditation C&A) package for compliance with NIST guidance, including System Security Plans (SSP), System Categorization documents, FIPS 199 Security Categorizations, and Risk Assessments, Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), maintained and updated in accordance with (NIST 800 Series); SP 800-60/FIPS 199, SP 800-53/FIPS 200, SP 800-30, SP 800-18, SP 800-53A, SP 800-37-RMF and Contingency Plans.
Developed skills to clearly articulate complex issues for customer and management review.
Reviewed authorization documentation for completeness and accuracy for compliance
Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities on asset vulnerabilities
Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4
Developed Disaster Recovery Plans, Incident Response Plans/Training, Memorandum of understanding and Configuration Management
Authored recommendations associated with findings on how to improve the customer's security posture in accordance with NIST controls
Assisted team members responsible for monitoring of multiple tools, portals, processes, and environments for email based threats, Web Filtering and End point protection of Malware.
Reviewed Mainframe and Active Directory logins security logs to ensure compliance with policies and procedures and identifies potential abnormalities
Prepare Information Security Assessment and Authorization Documents for General Support System (GSS) and Major Applications (MA)
Uploaded supporting docs in the System's Artifact Libraries, and CSAM
Updated, reviewed, and aligned SSP to the requirements in NIST 800-53, rev4; so that assessments can be done against the actual requirements and not ambiguous statements
Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network
Reviewed SAR post assessment; created and completed POAM's milestones to remediate findings and vulnerabilities
Monitored security controls post authorization to ensure continuous compliance with the security requirements
Professional Experience: Information Security Analyst Vienna, Virginia
DELL/EMC/Virtustream October 2012 to May 2014
Responsible for ensuring that Security Authorization packages such as System Security Plan (SSP), Plan of Action and Milestones (POA&M), Security Assessment Report (SAR) are maintained reviewed and updated in accordance to NIST guidelines.
Performed Federal Information Security Modernization Act (FISMA) audit reviews using NIST 800- 37 rev 4
Participate in client interviews to determine the security posture of the System.
Supported the Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, vulnerability testing and scanning.
Prepare and submit Security Assessment Plan (SAP) for approval.
Develop and update Security Plan, Plan of Action and Milestones (POA&M).
Monitor controls post authorization to ensure continuous compliance with the security requirements.
Prepare and update the Security Assessment Report (SAR)
Analyze and perform technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation review and walk-through of both new and existing federal information systems for FISMA compliance using NIST guidelines and controls.
Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems (IDS), Virtual Private Networking (VPN), Security Monitoring Tools and Intrusion Prevention Systems (IPS).
Conduct Risk Assessment on all mission critical systems for changes.
Conduct policy development research and analyze information system issues.
Re-assess remediated controls for effectiveness.
Professional Experience: Service Desk Analyst Alexandra, Virginia
IMTAS/United States Patent and Trademark Office (USPTO) April 2010 – October 2012
Utilize remote computer control technologies such as Symantec PCAnywhere/ System Center Configuration Manager/Bomgar to effectively troubleshoot and resolve problems.
Monitor Remedy/Service-Now queue for new call tickets to resolve them
Install software and drivers using Altiris Quick Delivery/VMware Mirage Console and other remote access tools
Provided feedback to the management on the performance of Tier 1 analysts
Keep track of individual ticket assignments and ensure that customer issues have been addressed and resolved to their satisfaction.
Acquire and maintain a competent level of knowledge on relevant products, current support policies, and methods of support delivery
Create, troubleshoot, document, and escalate incidents and service requests within the specified timeframes as explained in the workflow
Advanced ability to troubleshoot and resolve reported technical problems
Frequent contributor to the knowledge base by creating new articles and maintaining existing articles.
Professional Experience: Technical Support Specialist Gaithersburg, MD
National Institute of Standards and Technology (NIST) February 2009 – April 2010
Support all D.O.C employees using Bizflow e-Approval Application.
Assists off-site users with desktop application and provide user training.
Troubleshoot hardware and software issue with application.
Create and modify all government forms using SharePoint.
Log all service desk interactions and follow standard service desk procedures.
Instruct users on changes from Bizflow 11.5 to 12.2
Conduct training class for new e-Approval users
Perform daily monitoring checks
Perform windows patch testing for Test and Production Environments
Experience with daily monitoring and response to security alerts using Nimsoft
Education:
University of Maryland, University College 2014
Bachelor of Science in Cyber Security
Certification: Security Plus
Extensive experience with the Microsoft Office suite.
Working to obtain Microsoft CAP
Experience working with Microsoft Active Directory Services
Working to obtain CISSP
Extensive Hardware repair and software troubleshooting experience
US Citizen
15776 Easthaven Ct, Bowie MD 20716 – 240-***-****
Contact this candidate