Security Management
Resume:
Qualifications
I have the adaptability to work as a team player or independently to progress vertically through any organization, while having the expertise to grasp technical nuances and effectively communicate. I have specialized experience which includes performing work in support of management analysis to evaluate and or improve the efficiency, effectiveness, and productivity of organizations. A professional with cyber security and IT audit experience with the proven ability to work and excel in highly stressful environments while still achieving positive results. I am very interested in learning new and advanced skills and abilities within the IT field.
Experience
Smartlink LLC, BMS Security Analyst 2014- Present
Analyze equipment documentation to verify port and service use to compare to
those detected in Nessus and Zen Map (Nmap GUI) scans.
Prepare Security Assessment Reports (SAR) from Security Checklists performed
against Building Management System (BMS) devices.
Verify security requirements using built in web page login, telnet and SSH using
Putty and HyperTerminal over Ethernet.
Construct pivot tables in Google Sheets (MS Excel equivalent) to present statistical
correlations between vendors, device types, and vulnerabilities.
Participate and support the audit team in preparing for recurring client status
meetings to report on progress, identify risk and mitigation strategies, and discuss
project plan of actions and milestones (POA&M).
Responsible for briefing and training new hires to get them acquainted with the
auditing process, and tools used to support the overall security assessment control
(SCA) process.
Identify and communicate system and application vulnerabilities to senior
management and clients.
Document status of device approval process and device security information
(e.g. IP address, device login password).
Performed security testing by analyzing outputs using Nessus vulnerability scanning
tool to validate applications and information systems security configurations and
compliance.
Conducted Nessus, Nmap, and WebInspect remediation’s for devices to ensure vendors
are in compliance with NIST SP 800-53 and client IT policies.
Research vendor provided documentations to check and assess security controls per
NIST SP 800 53A.
Perform full scope Risk Management processes to include Assessment and
Accreditation (A&A), FISMA Self-Assessments, Technical Assessments (vulnerability
analysis), Risk Assessments, and Continuous Monitoring.
Received and assemble devices for testing.
UNATEK INC., Information Security Analyst October 2012- April 2014
Develop, review and update Information Security System Policies, System Security Plans
(SSP), and Security baselines in accordance with NIST, FISMA, OMB App. III A-130,
NIST SP 800-18 and industry best security practices.
Conduct systems and network vulnerability scans in order to identify and remediate
potential anomalies.
Updated IT security policies, procedures, standards, and guidelines according to
department and federal requirements.
Performed risk assessments to developed/updated and review System Security Plans (SSP),
Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration
Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and
other tasks and specific security documentation.
Perform vulnerabilities scan with the aid of CIS-CAT, Retina, Nessus, NMAP and MBSA
Vulnerability Scanner to detect potential risks on a single or multiple assets across the
enterprise network.
Coordinate and manage team activities during assessment engagements.
Establish schedules and deadlines for assessment activities.
Monitor controls post authorization to ensure continuous compliance with the security
requirements.
Crest Consulting Group, Information Security Network Engineer 2010- 2012
Interpret policies, procedures, standards, guidelines and regulations for information systems, applications and networks to meet federal guidelines and requirements to include National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA) (categorization of information systems and security control implementation).
Utilize National Institute of Standards and Technology (NIST) and Defense Information System Agency (DISA) configuration guidance to harden servers, operating systems and appropriate applications; create user groups and access controls to enforce least privileged rules. Responsible for a variety of systems running Windows 2008, Domain controllers, Member servers, and others.
Develop and review system plans, plan of actions and milestones, security control implementation, configuration management plans, contingency planning, incident response plans, information security policy, Rules of Behavior, vulnerability scans and other task specific security documentation (continuous monitoring).
Performs Security Testing and Evaluation (ST&E) with manual evaluation and the use of DOD approved vulnerability testing tools which includes vulnerability scans for vulnerability management (ACAS).
Provide organization SCAP results using DISA SCAP tools.
Regularly performs DISA STIGs and IAVM benchmarks implementation.
Analyze and remediate STIG and Nessus scan findings.
Skills
Well-developed organizational, coordination, and problem solving skills, as well as the ability to work under pressure and meet deadlines while working as a team or independently.
Effective verbal and written communication skills.
Proficiency in working with computers and information management systems such as: MS word, excel, outlook, PowerPoint, and access, Lotus Notes.
Strong attention to detail and thoroughness in work product.
Ability to type 40 wpm with 3 or fewer errors based on a 5- minute sample.
Knowledgeable of Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision).
Experienced in Security Controls for Federal Information Systems and NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems to process activities required in vulnerability identification, reporting, and remediation.
Familiar with implementing and supporting Splunk Enterprise.
Current clearance with equitable risk level as of January 2015.
Education and Certifications
Associates of Business Marketing, Southeastern University, September 2005- 2008
Cyber Security
CISSP- in progress
Additional references are available upon request.
References
1.Kunle Fadeyi
Director of Security; Crest Consulting Group
2.Kevin Hawkins
Deputy Project Manager; AJLK Consultants
3.Senai Simon
Supervisor; UNATEK INC.
(240) 418- 4468
Contact this candidate