PATRICK MENJENE
Silver Spring, MD ***** 240-***-**** **********@*****.***
US citizen, with a Secret clearance – granted.
Cyber Security Analyst; Proficient in the following role: ISO, RMF, Fisma, SOC
Summary
I am Insightful IT Cyber Security Analyst professional with 5 years of experience in a broad range of cyber security and Information technology. Bulletproof experience in Analyzing Security Incidents, Network Monitoring, information Security & Network Security functions. Experience with industry recognized SIEM (Security Information and Event Management) solutions such as Alien Vault, Splunk, etc. Experience Protecting large Enterprise data and Network Systems. Assertive implementation of compliance verification, Assurance Controls, Risk Assessment, and Vulnerability Assessment with strict enforcement of FISMA and NIST guideline. Experience in identifying, assessing and providing recommendations to mitigate organizational risk using cyber security frameworks and controls such as ISO 27001/2, and NIST SP 800-37, SP 800-53 Rev.4, SP 800-18 Rev.1, SP 800-60. Skillful in preparing Authorization Package - SSP, SAR and POA&M. I am an excellent collaborative team player who can hit the ground running.
Training and Certification
*CompTia Security+ certified Certification No. COMP001021333868
*CompTia Network+ *CompTia A+
*Splunk fundamental I completed *QA tester training completed
* Preparing for the CAP certification and Undergoing Linux training and Splunk fundament II Splunk enterprise system admin.
Work Experience
Cyber Security Analyst
State Department/Wraps&RPC Feb-2017 to present
My duties include;
Accessing Data log prevention to review and Analyze log activity.
Developing, reviewing, and updating Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with FISMA, NIST SP 800-18, OMB and industry best security practices.
Performing security control assessment (SCA) as part of Certification and Accreditation (C&A) Continuous monitoring testing/projects
Managing third party penetration testing activities and drives remediation efforts across the organization.
Developing baseline Technical Security Requirements (TSRs) / Security Technical Implementation Guide (STIG) for hardening infrastructure networks, servers, computers, and logical designs to enhance overall security.
Performing a review of security documents updated by ISSO to confirm they are FISMA compliant, review and certifying/validation of items uploaded into POA&M tracking tool in support of remediated/closed findings
Performing vulnerability scanning as part of the Assessment and Continuous monitoring, with Nessus and provided remediation to system and application administrators.
Analyzing and updating System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
Assisting System Owners and ISSO in preparing certification and Accreditation package for company's IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.
Experienced in the development of System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management.
Designates systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60
Develops policy and procedural controls relating to Management, Operational and Technical Controls for the Organization.
Assessment & Authorization (A&A) package development and review such as FIPS 199 categorization, E-Authentication risk assessment, System Security Plan (SSP), Privacy threshold analysis (PTA), Privacy Impact Assessment (PIA), POA&M and Contingency Plan, for completeness and compliance with NIST guidance)
Conducts Security Control Assessment on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within a strong security posture.
Updates IT security policies, procedures, standards, and guidelines according to department and federal requirements.
Provided cyber security awareness training to employees in the form of periodic newsletters and security advisories.
Information Security Analyst
NIH / Bethesda MD July-2014 to Feb-2017
My duties included;
• Collaborated with IT, Engineering, and Internal Audit teams to actively improve the security policies and controls of the organization using technical documentation and research.
• Advised and consult with internal customers on risk assessment, threat
modeling, and vulnerability management
• Develops and updates System Security Plan (SSP), Privacy Impact Analysis (PIA), System Security Test and Evaluation (ST&E) and the Plan of Actions and Milestones.
• Monitored and analyzed network traffic, Intrusion Detection Systems (IDS) and Instruction Prevention Systems (IPS), security events and logs.
• Provide analysis and trending of security log data from various security
devices
• Maintain up-to-date knowledge of the IT security industry, including
awareness of new or revised security solutions, improved security processes,
and the development of new attacks and threat vectors
• Provide information security reporting, including security metrics as
required.
• Analyzing and updating System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
Education
Bachelor (computer science) 2018---Current
University of Maryland University College (UMUC), College Park, MD,
Bachelor (General science)
University of Cameroon July 2010
Associate degree (Business & Management)
Catholic University of Yaoundé Cameroon June 2006
Preparing for the CAP certification and Undergoing Linux training and Splunk fundament II Splunk enterprise system admin.
Language
Speak and Write English and French fluently
Skills & Tools
Customer service skills, good communication skills, good analytical skills,
Leadership skills, relation management skill - window 7,8,10, 12; Mac os x; Nessus; Splunk fundamental I; Wireshark; Nmap; TCP/IP; basic understanding of Linux Rapide7;