Post Job Free
Sign in

Security System

Location:
Upper Marlboro, MD, 20772
Salary:
120,000 - 124,800 but negotiable
Posted:
November 26, 2013

Contact this candidate

Resume:

Marvenda L. Manley-Scott

**** ***** *****

Upper Marlboro, MD. 20772

Aka Cookie

Email - ************@*****.***

202-***-****

PROFESSIONAL SUMMARY:

As a professional in the Information Technology / Cyber Security field I

have been responsible for the creation and updating of SDLC documents to

include security plans; risk assessments; contingency plans; business

impact analysis; privacy impact assessment statements;, privacy impact

assessment and summaries;, system categorizations; system self / annual

assessments and POA&Ms. I have been responsible for continuous monitoring

of the systems assigned to me and has interacted in behalf of the assigned

systems with Tenable/Nessus and Patch Link scan technicians to request

periodic scans.

I have performed system test and evaluations on systems for certification

and accreditation (C&A); change management; mitigation of risk; and self /

annual assessments to ensure that accredited systems/applications maintain

their Authority to Operate (ATO) and that implemented systems maintain

their initial ATO boundary utilizing organizational policies, NIST, FIPs,

and OMB guidelines.

I have created various memorandums (memos) or letters in the behalf of the

systems assigned to me such as certification and accreditations letters,

contingency plan verification test memos and direct submission of

information to Information Assurance (IA) for signature and/or review by

the appropriate officials.

I have written Standard Operating Procedures (SOPs) that have been approved

for utilization by others within agency Information Assurance

Organizations.

I am knowledgeable in the use of Microsoft office software. I have

performed work/duties as a Program Assistant, Administrative Assistant,

Programmer, Secretary, Account Receivable /General Ledger Representative,

Budget Formulation and Execution Assistant, System Administrator, Database

Administrator, Security Awareness Representative, IT Policy Analyst and

Research Analyst.

I have also worked with individuals who have disabilities or behavior

health concerns as well as those who are in transition (loss of job, home,

etc.); and I provide care within my home for those in need while they are

being processed for Social Security Disability Insurance and/or Social

Services. I have provided a place to stay for parents with children as

well. In some cases I am there spokesperson and assist them with doctor

visits, paperwork. I have worked with those are paralyzed as well to

include grooming and various other assistance.

I am an active volunteer and have designed/created webpages.

CERTIFICATIONS:

Certified FISMA Compliance Practitioner (CFCP) Certification

Identification Number: 112828

OTHER WORK RELATED CERTIFICATES:

DHS Understanding Derivative Classification and Marking Course -

Expires March 1, 2014.

TRAINING:

Agency required annual training courses (Privacy, Security Awareness,

OPSEC, etc.)

WORK EXPERIENCE:

Lay Social Worker

Care provider and/or Life Skills instructor - 1993 -2013

Down throughout the years I have assisted those who are having hard times

(singles, parent with child or children, families) and more recently (2011

- 2013) I continue to work with a person with who has behavior health

concerns and disabilities. I began to gain this experience in 1993 when

it was up close and personal; and I had to be trained to deal with the

incontinent that was paralyzed as well. They had to go to doctor

appointments, therapy, attorney, social security, social services, etc.,

and I would often have to be their spoke person.

There were some that I worked with to teach life skills, budgeting,

parenting skills, etc.

In 2011 when I began to work with the person who has behavior health

issues and disabilities; and because of my efforts they have been properly

diagnosed, has a team that consist of visiting counselors and therapist;

and they now have health insurance and medical coverage. I work daily with

the individual to build their cognitive and executive processing skills.

I can be considered for a Family Investment Specialist in the Maryland

State Government Department of Human Services due to the work I have done

down through the years.

Knowledge Consulting Group

Information System Security Officer (ISSO) August 23, 2012 - November 29,

2012

As a contracted ISSO to the Department of Homeland Security (DHS),

Immigration and Customs Enforcement (ICE), Office of the Chief Information

Officer, Information Assurance Division (IAD) I had the following

responsibilities:

As the System Owner representative for any system or application system I

conducted working groups to mitigate risk identified by the IAD in the risk

assessment; and where appropriate obtained the approval for needed

justifications and/or compensating controls based upon NIST 800-53. I

worked closely with Certifiers to navigate the ICE C&A process and produce

all appropriate accreditation documentation using NIST, FIPs, DHS and ICE

guidelines and policies. The related duties to this task were to:

. Develop and implement documentation outlining system operating

environment, to include the overall mission, floor layout, hardware

configuration, software, type of information processed, user

organizations and security clearances, operating mode,

interconnections to other systems/networks of users, their security

personnel, and associated responsibilities.

. Develop and maintain the overall system security document which

includes the Information System Security Plan, which contains all

necessary security procedures, instructions, operating plans, and

guidance.

. Participate in the development or revision of System-specific

security safeguards and local operating procedures that are based

on the above regulations.

. Provide IT security consulting to system owners as to the other

security documents, for example, security incident reports,

equipment/software inventories, operating instructions, technical

vulnerability reports, and contingency plans.

. Perform monthly vulnerability assessment scans of assigned systems

using Tenable Nessus.

. Provide expertise in classified and unclassified ratings to

customers.

My duties also required me to interact across organizational offices, other

agencies and with other DHS contractors who provided a service to DHS/ICE.

Knowledge Consulting Group

Information System Security Officer (ISSO) May 24, 2010 - August 22, 2012

As a contracted ISSO to the Department of Homeland Security (DHS),

Transportation Security Administration (TSA), Office of Security Technology

(OST), and TSA Systems Integration Facility (TSIF) Site. I had the

following responsibilities:

. Site ISSO and overall site Subject Matter Expert for the 5 existing

programs operating within the TSIF Site as it relates to INFOSEC,

OPSEC, COMSEC and Classified Security. COMSEC and Classified

Security are newly added areas that I oversaw and ensured

compliance.

. Annual TSA Classified National Security Information Self-Inspection

and Nomination of Classified Security Custodians; and inventory of

safe storage containers, etc.

. Monitored the usage of the Classified Briefing rooms; and ensure

all attendees were appropriately cleared via the onsite Physical

Security Officer.

. Ensured compliance for the TSIF Classified Standalone Laptops,

TRACE Laptops and had oversight for compliance to the DHS HSDN

Secure network located at TSIF.

. Reviewed Change Request to assess the impact on security controls

and to identify any risk or potential risk if a change was

implemented.

. Wrote the Business Requirement (BR), Service Request (SR), COMSEC

request memo, SOPs and obtained a Certification Letter for the

Temporary Secure Processing Area and two Classified Briefing Rooms

for the TSIF. The BR and SR request were submitted and approved

and funds allotted for the installation of the DHS HSDN network

with Secure Video Teleconferencing (SVTC) and STEs which was

installed and active since December 5, 2011. Trained users for the

proper usage of the HSDN which was successfully completed for all

users. .

. Submit to INFOSEC the Classified Materials/Handling Annual

Assessment for the TSIF; and had in place, the two required

Classified Custodians for the GS6 Safes and storage area.

Identified COMSEC representatives to receive and monitor the COMSEC

related equipment for the HDSN with SVTC and the STEs.

. Ensured proper usage of the Standalone Classified Laptop that was

used for the creation of classified documents, presentations and

briefings. I provided oversight for the Classified TRACE Laptops as

well. These laptops were controlled and utilized as mandated via

policy and guidelines.

. Conducted monthly reviews of the manual log sheets against the

monthly exceptions and history access report for the LAN Room

within TSIF. I created all classified briefing attendee lists once

the requested/invited attendees were verified. I also monitored

the entire site to ensure proper usage and device usage for TSA

assigned equipment. I reported/submitted Incident Reports to TSA-

SOC and TSA-CSIRT to ensure that any offender of TSA policy was

processed accordingly and a case record was created; and that all

offenders completed the recommendations of TSA-SOC, TSA-CSIRT and

TSA-SD-SO Oversight.

I was the System Owner representative for any system or application systems

that conducted working groups to mitigate risk identified by the IA Office

in the risk assessment; and where appropriate obtained the approval for

needed justifications and/or compensating controls. I worked closely with

Certifiers to navigate the TSA C&A process and produced all appropriate

accreditation documentation using NIST, FIPs, DHS and TSA guidelines and

policies. The related duties to this task were to:

. Develop and implement documentation outlining system operating

environment, to include the overall mission, floor layout, hardware

configuration, software, type of information processed, user

organizations and security clearances, operating mode,

interconnections to other systems/networks of users, their security

personnel, and associated responsibilities.

. Develop and maintain the overall system security document which

includes the Information System Security Plan, which contains all

necessary security procedures, instructions, operating plans, and

guidance.

. Participate in the development or revision of System-specific

security safeguards and local operating procedures that are based

on the above regulations.

. Provide IT security consulting to system owners as to the other

security documents, for example, security incident reports,

equipment/software inventories, operating instructions, technical

vulnerability reports, and contingency plans.

. Perform monthly vulnerability assessment scans of assigned systems

using Tenable Nessus.

. Provide expertise in classified and unclassified ratings to

customers.

My duties also required me to interact across organizational offices, other

agencies and with other DHS contractors who provide a service to DHS (OIT,

OST Budget Office, GSA and Northrop Grumman (e.g. HSDN install).

Position: Information Assurance Analyst

January 3, 2006 - May 21, 2010

I was a Northrop Grumman Corporation, Senior IT Security / Information

Assurance Analyst contracted to the Department of State (DoS) for the

creation/ updating of their System Development Life Cycle documents (SDLC)

using NIST, FIPs, and DOS guidelines and policies. SDLC documentation

included Planned Change Comparative Analysis (PCCA), Annual Control

Assessments (ACA), System Security Plans (SSPs), Contingency Plans (CP),

System Categorization Worksheet (SCW) that complied with FIPS 199,

eAuthentication Worksheets, Privacy Impact Analysis (PIA) and Summaries, CP

related POAMs, CP Test, Test Steps and control selection for ACAs, ITAB

monitoring and updates, and compensating controls for findings for Bureau

of Consular Affairs operating and application systems; and the processing

of these system through the certification and accreditation (C&A) to obtain

a valid Authority to Operation (ATO) from the Chief Information Officer

(CIO); and maintain the FISMA required Continuous Monitoring efforts.

My duties were to:

. Conduct Contingency Plan Test, Training and review.

. Change Request to assess the impact on security controls and to

identify any risk or potential risk if a change is implemented.

. System Owner representative for the application/operating systems

to which I'm assigned and to conduct working groups to mitigate

risk identified by the IA Office in the risk assessment; and where

appropriate obtain the approval for needed justifications and/or

compensating controls.

. Continuously monitored all systems assigned to me to make sure that

a re-accreditation/certification is not required because of

modifications to the system, the environment or NIST requirements;

and appropriately conduct analyses of all changes to in order to

recommend to Information Assurance and the CIO if a full assessment

or target assessment is required.

. Write Standard Operating Procedures (SOPs) that are utilized by the

DoS CA Security Staff.

. Gather and documents business requirements from business users

and/or clients using various techniques such as process flows,

business rules, user cases and business specifications as

appropriate for the situation.

. Translate business requirements into technical requirements and

design for programmers.

. Determine nature and scope of changes to existing applications for

enhancements and other changes; and use high level systems

requirements to prepare detailed technical specifications and

designs for programs, and processes and changes to existing

programs and processes.

. Assist with business impact assessments, communicates priorities,

project status, plans and issues to management.

. Identify and recommend improvements to new and existing

applications; and ensure that system documentation was created or

updated according to standards.

. Perform and/or coordinate testing of systems changes; define tests

plans and perform functional testing and coordinate user-acceptance

testing. Work with clients, project managers, developers, and DBA's

on a frequent basis.

. Stay abreast of the latest IT trends in requirements gathering,

analysis and documentation and on the latest technology trends in

the industry.

. Assist with coaching and mentoring Business Analysts in best

practices, requirements gathering and creating deliverables.

. Works with IT Risk Management to help define, create, and maintain

IT policies and procedures.

. Provide high level analysis for systems enhancements,

modifications, or other changes to existing processes or requests

for new processes; and clarify functional business requirements

presented to IT and translate into systems requirements. Such

analysis would include soliciting information from others within

the IT department as well as business owners / end-users.

. Assist with the implementation of systems changes by managing

implementation plans. Assist with general project planning and

project management, and communication of project progress to

management.

. Determine root causes for issues communicated to IT, and determine

short term and long term corrective measures.

I was constantly called upon to conduct valuable research that was proven

time and time again to be useful to my peers and others outside of CA

Security.

I was constantly called upon to act as a liaison in behalf of CA Security

to obtain information, form successful working relationships and to

pinpoint reliable points of contacts domestically and overseas in order to

work effectively to achieve FISMA requirements, IA deadlines and DOS data

calls.

Position: Information Assurance / IT Security Analyst

December 20, 2004 - December 05, 2005:

I was a Management Technology Incorporated (MTI) employee contracted to GSA

for the updating/creation and modification of their security guides,

conducting vulnerability and risk assessments, and identifying risk

mitigation strategies. I utilized the NIST 800-26, 37, 18, 53, OMB A130,

OMB Memorandum 04-04 and FIPS 199 as well as other federal mandated

guidelines.

I was also task to do the C&A process (to include SSP, RA, SA, testing/test

results and POA&M) for GSA's CFO office for major applications and general

support systems (utilizing the policy written) while tasked to GSA CIO.

I worked for the Publix Grocery Stores Corporation office located in

Lakeland, Florida creating/updating their Disaster Recovery plans for

systems or applications.

Position: Information Assurance / IT Security Analyst (Policy)

June 28, 2004 - September 28, 2004:

I was a SAIC/KForce employee contracted to US Department of Agriculture. I

was responsible for the technical writing of the Trusted Facilities Manual

(TFM) for their Common Computing Environment. My duties were to:

. Write the Security Features Users Guide (SFUG).

. Assist the organization with meeting the OMB A-130, NIST and

FIPs requirements/guidelines for certification and accreditation

of the CCE Project (Win2k network servers and XP workstations)

and its components on or before September 30, 2004; and the

mitigation of identified vulnerabilities from the Risk

Assessment (RA) and proven via the System Testing and Evaluation

Test (ST&E).

Position: Information Assurance / IT Security Analyst

May 19, 2003 to September 30, 2003:

I was a TEKSystems/SAIC employee contracted to the Department of

Transportation (DOT). I completed certification and accreditation for all

Department of Transportation systems assigned to me by September 30, 2003.

This effort was accomplished through the use of the DOT's adopted and

implemented policies, procedures, and guidelines. My duties were to:

. Create security plans, risk assessments, and performed system

test and evaluations on their operational operating systems and

application systems (network servers and Unix Systems).

. Conduct IT audits and/or reviews to determine vulnerability to

attacks, production failures and misuse of data.

. Conduct risk assessments, system testing, evaluation planning

and reports to help ready systems for certification and

accreditation utilizing NIST, FIPs, and OMB.

. I created certification and accreditation letters for signature

for the appropriate official(s); and assist with the mitigation

of risk identified in the Risk Assessment (RA) and proved via

the System Testing and Evaluation Test (ST&E).

Position: Information Assurance / IT Security Analyst

October 3, 2002 to January 17, 2003:

I was a TRIAD/FuGEN employee contracted to the Department of Treasury (HR

Connect) and FuGEN, Inc. I conducted IT audits on systems to assess their

vulnerability to attacks, production failures, and misuse of data. My

duties were to:

Perform risk assessments, system testing and evaluation planning and

reports to help ready systems for certification and accreditation for Main

Treasury's HR Connect application, systems, and creation of policy to

assure certification and accreditation.

I also worked onsite for DOI, BLM in Denver and Portland.

IRS Tenure August 1984 - June 2001

Position: IT Security Analyst

January 1998 to June 2001:

I was an employee of the IRS. I worked with the Office of Security, which

is responsible for Cyber Security, Incident Response, Special Projects,

Certification Program, Security Program Office, Security Evaluation, and

Oversight (Operations, Planning and Reporting, Access Controls, and

Physical) as a Computer Specialist/Security Analyst that specialized in the

Tier 2 and 3 environments. I was crossed trained to cover other

environments to include Disaster Recovery/Business Resumption and Security

Awareness Training.

My responsibilities to the organization and to the customers were to relay

in a professional non-threatening manner system/operational/physical

vulnerabilities that were a risk to the Service and the Services' Business.

Vulnerabilities and observations were discussed with site staff and

Director's (Campuses, Districts or Computing Center) and have included

Safeguard Reviews (reviewing state sites that shared/utilized IRS

data/information). The systems were assessed from the system administration

standpoint down to applications, user access, risk management, personnel

security, security awareness, configuration management, test plans,

contingency plans, and rights on a system utilizing the proper form for

system usage. The systems were measured against system manuals, site

documentation, IRS written policy; Treasury's TD-71-10, NIST, FIPS, OMB and

the Rainbow Series. I was also instructed and trained for the usage and

implementation of the Common Criteria.

The depth and scope of ensuring the security of the systems and/or

physical, operations and telecom as they related to IT systems, kept me

abreast of the Services requirements including offsite storage,

Certification and Accreditation, Test Plans, Disaster Recovery and Business

Resumption, Contingency Planning, Risk Management, Configuration

Management, System Life Cycle as it pertained to a specific system or

systems, Public Key Infrastructure, Wide Area Network and Local Area

Networks, Internal Regulations Manuals (IRM's). Sites and systems were

measured against these documents and weaknesses/vulnerabilities were

properly noted. Some of my duties were to:

. Assist with the rating of potential hires based on Federal Civil

Service procedures/policies/practices and the needs of the

office. I also had responsibilities as assigned for the IT

security awareness training and compliance program.

. Conduct audits on the HR Manager System, Payroll System, and

Personnel Action System to the IT assurance levels required by

the IRS I had to learn the system and how it functioned.

. Document and discuss vulnerabilities on site with the site staff

and Directors for the express purpose of solving any weakness

found in a system that could cause a breach to the Services'

Business. The documentation and discussion of these findings

were handled in such a way as not to lay blame or to find fault

while concurring with a way or means of addressing

solving/mitigating the weakness. Sites that had good practices

that could be implemented throughout the service were duly noted

and passed on to the appropriate office. I also covered

compliance/review and audit under the Safeguard program (State

and Federal effort to protect data/information). This allowed me

the opportunity to work jointly with State officials and staff

to ensure data/information they received from the IRS was

protected properly under the appropriate guidelines and

procedures.

. Write guidelines for Secure Windows NT Configuration issued

September 23, 1999 and Basic UNIX Requirements that are in the

process of being implemented service wide. I handled the Post

Implementation Reviews of new UNIX systems implemented in the

IRS Service Centers and have written procedures on how to

conduct a system review against the original Test Plans, system

structure and system manuals for which the system has an interim

certification or certification.

. Conduct live audits of Tier 2 and 3 systems; and to monitor

system administration security efforts and user usage.

. Gather and documents business requirements from business users

and/or clients using various techniques such as process flows,

business rules, user cases and business specifications as

appropriate for the situation.

. Translate business requirements into technical requirements and

design for programmers.

. Determine nature and scope of changes to existing applications

for enhancements and other changes; and use high level systems

requirements to prepare detailed technical specifications and

designs for programs, and processes and changes to existing

programs and processes.

. Assist with business impact assessments, communicates

priorities, project status, plans and issues to management.

. Identify and recommend improvements to new and existing

applications; and ensure that system documentation was created

or updated according to standards.

. Perform and/or coordinate testing of systems changes; define

tests plans and perform functional testing and coordinate user-

acceptance testing. Work with clients, project managers,

developers, and DBA's on a frequent basis.

. Stay abreast of the latest IT trends in requirements gathering,

analysis and documentation and on the latest technology trends

in the industry.

. Assist with coaching and mentoring Business Analysts in best

practices, requirements gathering and creating deliverables.

. Work with IT Risk Management to help define, create, and

maintain IT policies and procedures.

. Provide high level analysis for systems enhancements,

modifications, or other changes to existing processes or

requests for new processes; and clarify functional business

requirements presented to IT and translate into systems

requirements. Such analysis would include soliciting information

from others within the IT department as well as business owners

/ end-users.

. Assist with the implementation of systems changes by managing

implementation plans. Assist with general project planning and

project management, and communication of project progress to

management.

. Determine root causes for issues communicated to IT, and

determine short term and long term corrective measures.

I was on the Problem Resolution Visits/Reviews to help sites to solve the

problems identified in a formal review/audit. I worked to find interim

solutions if necessary; while diligently searching for a long-term

resolution. I was crossed trained to review telecom, operations, personnel

and physical security to help lighten the load of when a key representative

could not travel to cover any particular discipline.

Position: IT Security Analyst (Policy)

August 1994 to January 1998:

I was an employee of the IRS. I was transferred to the Security Branch,

which was responsible for IT policy, compliance, security awareness and

compliance training and IT security. I wrote policies and procedures to

ensure the security of the service's application systems and operating

systems using NIST, FIPs, OMB, and IRS guidelines and policies. My duties

were to:

. Conduct compliance reviews were conducted to assure that policy

and procedures were comprehended and implemented service wide to

cover more than 8,000 employees.

. Conduct security awareness and compliance training one on one or

as part of the team for the Agencies annual security awareness

training.

I was responsible for basic Unix Security, basic NT security, and the virus

program. I wrote policy for the basic UNIX and NT security that was

implemented service wide. The virus program insured that adequate virus

protection was purchased via contractors that were implemented service wide

for all platforms requiring protection.

I also interacted with the System Administrator of the WAN to help

construct and implement the Services' Firewall that had to operated and

protect beyond Main Treasury's firewall. Although Main Treasury has a

Firewall that all Treasury Bureau's are connected, due to the nature of the

business that is conducted by the IRS, the Service had the responsibility

of implementing a full proof Firewall nationwide.

Position: Computer Specialist (Programmer)

August 1984 to August 1994:

I was a Computer Specialist-Programmer Analyst/Applications Liaison for the

Information Systems Database, which was appropriated through Congress and

is the Service's budget for IT related issues. The application was designed

to monitor spending of dollars for IT systems, software, telecom etc. this

would help the service conduct its business. The database was used during

the budget cycle to execute funds and to monitor spending. It was also used

to formulate the budget request that would be presented to Congress for the

next fiscal year. My duties were to:

. Code the application in Informix SQL and 4GL after it was converted

from Dbase 3 to Informix. The application was documented to show

all changes and modifications to schemes, indexes, tables etc.

. Write the user's guide for this application and taught the customer

how to navigate throughout the application.

. Ensure that only approved users could access the UNIX system to

access the database and once they gained access they accessed areas

within the application designated for them (Database

Administrator).

. Work closely with the owners of the application to insure that

their request for changes and modifications where relay easily

between the programmers and themselves. This application or the

system on which it was housed never crashed or was down for any

reason other than updates to the application. The owner of this

application gave me the opportunity to purchase according to the

required specifications, a Pyramid system on which to house their

application and for their customers to access.

Gather and documents business requirements from business users

and/or clients using various techniques such as process flows,

business rules, user cases and business specifications as

appropriate for the situation.

. Translate business requirements into technical requirements and

design for programmers.

. Determine nature and scope of changes to existing applications for

enhancements and other changes; and use high level systems

requirements to prepare detailed technical specifications and

designs



Contact this candidate