Christopher A Onipede
Washington, DC 410-***-**** firstname.lastname@example.org
An Information System Security Officer with vast experience in managing and protecting Enterprise Information Systems, Network Systems and Operational processes through Information Assurance controls, Compliance verifications, Risk Assessment, Vulnerability Assessment in accordance with NIST, FISMA, OMB with industry best Security practices and with impressive successful track record, insightful, and result driven. Expertise in directing a board range Corporate Initiatives while participating in planning analysis, implementation of solutions and software testing. Looking to work in a professional environment where my 6 years of Information Security and Linux System Administrator experience can be adequately utilized.
Education & Training
Associate of Applied Sciences in Information Technology
Bachelor of Science in Information System Management In progress
Implementation of security Controls, Security Infrastructures and the entire Risk Management Framework.
Experience in aspects of Security Authorization and Continuous Monitoring process using National Institute of Standard Publications (NIST) 800-30, 800-37 Rev 1, 800-60, 800-53A, 800-53 Rev- 3 & 4, FIPS 199 FIPS 200, OMB A-130 App. III.
Experience with Federal Information Processing Standards (FIPS) 199 System Categorization, System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Risk Assessment (Impact Analysis), Continuous Monitoring and the Plan of Action & Milestone (POAM).
Proficient in the use of Web Application Pen Testing tools like Cyber Security Assessment and Management (CSAM) tool, Vulnerability Scanning tools such as Tenable Nessus Pro and Security Center; as well as analysis of security scan reports for necessary action.
Strong organizational, communication (verbal &written) presentation, analytical and planning skills.
Broad knowledge of Microsoft Windows (MS Word, MS Excel, Outlook and PowerPoint) and UNIX platforms with excellent communication and writing skills.
Soft Tech Solutions Baltimore, Md 05/2015– Present Information System Security (ISSO Support)
Prepare and updates IT security policies, procedures, standards, and guidelines in accordance with department and federal requirements to safeguard organizational assets, ensure data integrity, availability and confidentiality.
Developed and review System Security Plans (SSP), Plans of Action and Milestones (POA&M), Configuration Management Plan (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation in accordance with NIST SP 800-37 rev 1, 800-18, 800-53 rev 4 and 800-34.
Worked with IT Operations and Network Engineers and other stakeholders to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
Led various client facing interviews and meetings to determine the Security posture of the System and to assist in the completion of the Security Assessment Plan using NIST SP 800-53a test required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
Deep understanding, management and use of CSAM for POA&M management and report generation.
Analyze security reports for security vulnerabilities.
Selected security controls that apply security protections to systems, processes, and information resources using the NIST family of security controls based on NIST SP 800-53a.
Monitored security infrastructure for policy violations or security events, and participates in problem management activities.
Performed monthly vulnerability scans, maintenance and expansion of related tools, identification of new issues, tracking of remediation efforts using vulnerability scanning tools (e.g. Tenable Nessus Pro, Nessus Security Center).
Supported business continuity and ensured compliance with all government and industry regulations.
Performed security investigations and coordinated incident response.
Crest Consulting Group Annapolis, Md 10/2012 – 04/2015
System Security Assurance Analyst (Assessor)
Conduct security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using ISO 27001
Assist with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues and also identify mitigation requirements.
Performs security scan on system using vulnerability scanning tools using Tenable Nessus. Analyze security reports for security vulnerabilities in support of security control assessments.
Work with support and security coordination team to ensure compliance with security processes and controls.
Responsible for developing Security Authorization documents and also ensures System Security Plan, Security Assessment Plan, Plan of Action and Milestones (POA&M), Contingency Planning and artifacts are maintained and updated in accordance with ISO guidelines.