Tawfiq Mohammed, Sec +, CCNA, CEH

Greenbelt, MD *0770 240-***-**** ac9frs@r.postjobfree.com

OBJECTIVES:

Seeking Information Security Analyst position in a growth-oriented organization with focus on FISMA and A&A, RMF, risk assessments, and SP 800-53 control assessments.

STANDARD/FRAMEWORK/CONTROL:

NIST, SP 800-53, SP 800-37, FIPS, FISMA, FedRAMP, Risk Management Framework (RMF), Kali Linux, FIPS-199, PTA, PIA, RA, SSP, CP, CPT, RTM, SAR, POA&M, ATO, ISA, MOU, Remedy, IDS, SSH, FTP, Power Point, Visio, Word, SharePoint, Excel, Nessus, Nmap.

EDUCATION:

University of Maryland University College, Adelphi, MD 03/2019

BASc. Computer Networks & Cybersecurity

Prince George’s Community College, Largo, MD 05/2016

Associate in Applied Science, Cyber Security

Associate of Arts General Studies 05/2015

TRAINING/ CERTIFICATIONS/EDUCATION:

CompTIA Security+

Certified Ethical Hacker (CEH)

Cisco Certified Network Associate Routing and Switching (CCNA)

Cisco Certified Technician Routing and Switching (CCT)

EXPERIENCE:

Focused Management Inc, IT Security Analyst Consumer Financial Protection Bureau, Washington, D.C. March 2019-Present

Creating, revising, and reviewing System Security Plans (SSP), Security Assessment Plans (SAP), Plan of Action & Milestones (POA&M), Security Assessment Reports (SAR) for low, moderate and high systems.

Assist System Owners and ISSOs in preparing Assessment and Authorization packages for client IT systems.

Make sure that Management, Operational and Technical security controls adhere to formal well-established security requirements authorized by NIST 800-53 Rev 4.

Worked with C&A team members and senior representatives to establish and define programs, resources, schedules, and risks.

Assessed security controls selection for systems in accordance with the requirements in NIST 800-53A.

Assist in the development of an Information Security Continuous Monitoring Strategy to help agency's in maintaining an ongoing awareness of information security (ensure effectiveness of all security controls), vulnerabilities, and threats to support organizational risk management decisions.

Plan and work with POA&M teams to remediate Vulnerabilities of various Insurance center and Data centers.

iP Plus Consulting Inc, IT Security Analyst United States Department of Agriculture Washington, D.C. May 2016 - November 2018

Conducts FIPS-199 categorization and control selections for the client, develops test plans; and testing procedures.

Supervises and monitors the FISMA testing of the client’s systems.

Prepares and reviews security documentations including System Security Plans (SSP), Security Assessment Reports (SAR), Contingency Plan (CP), Privacy Impact Analysis (PIA), and other artifact required for system’s security.

Supports the remediation actions to correct assessment findings and develops supporting plan of action and milestone (POA&M) reports.

Organizes authorization package for ATO of the client’s systems.

Reviews vulnerability scanning results and identifies weaknesses in our client’s system and recommends corrective actions.

Supports the penetration testing group with information gathering (reconnaissance) and scanning using Nessus and Nmap tools

Costco Company, Help Desk Agent Beltsville, MD, March 2011-November 2016

Good technical knowledge of windows 7, 8, 8.1,10, Internet Explorer, Mozilla Fairfax, and Chrome. Manage Microsoft Suite of tools (Outlook, word, PowerPoint, Excel) and Office 365.

Manage inbound requests via Service Now, telephone calls and emails.

Provide support for over 1000+ users both in the United States and overseas.

Resolve problem via telephone, remote desktop connection, and visits to user locations.

Follow-up and remediation of MacAfee, Malwarebytes, Windows Defender Security Manager

Intrusion reports submitted by ASOC. and report back with actions taken to remediate incident.

Monitor CIRC mailbox for reports of phishing and investigate all phishing emails. Utilize Splunk for centralized location for log data.

Log data consist of DHCP logs, Windows Event logs, IPS Logs, Nessus logs, and BigFix logs. Monitor IPS for suspicious network activity.

Investigate uncategorized sites and send to Symantec for categorization and run vulnerability scan. Run compliance scans via IBM’s BigFix. Install and configure links for VPN tools used by the agency (Cisco AnyConnect, Pulse Secure, and Network Connect)

REFERENCES:

Available upon request

Contact this candidate