Michelle N. Williams

301-***-**** ad0vcs@r.postjobfree.com

ACCOMPLISHMENT SUMMARY

I function as an experienced Vulnerability Assessment Analyst, I research and write an assessment analysis to determine exposure to risk by business partners, technical practices, and regulatory procedures and policies are on a supply chain rating scale to and make recommendations concerning the best practice. I support government officials to select methodologies for efficient incremental delivery of tools and capabilities. I also work with government and technical vendors to ensure the proposed design and delivered solutions to meet the business needs. I have applied my ability to facilitate alignment of business expectations and IT capabilities to deliver business options/solutions to identify, capture, formulate, prioritize, document, and manage project requirements for applications and systems.

I have functioned as Supply Chain Risk Management, IT Project Manager, Cyber Security (ISSO), Administrative, Business Continuity (COOP) Planner, Mission Assurance Continuity Specialist with over ten years of progressive technical experience. Strong understanding of IS concepts and experience in strategic communication.

.

SECURITY CLEARANCE

Top Secret/SCI w/ Full Scope Polygraph - obtained May 2015, clearance is extended and current.

EDUCATION

2021/2023 – Supply Chain Risk Management and Research and Analysis Courses

2020 – DIA - Procurement Security Processes

2018 May - Personal Improvement – DRI seminars

2020 – DIA - Supply Chain Risk Management

2016 – DRI – Disaster Recovery Institute

2019 – DIA – Acquisition Management Security

2015 – Security +V6 and Network + ASM

Education Center, Rockville, MD

2018 Dec – FBI - Interviewing – Counterintelligence Training Center

2012 – FEMA Certified – Level 1 Professional Continuity Planner – Homeland Security

2018 April - Insider Threat Vulnerability Assessment (ITVA) Carnegie Mellon, Arlington, VA

Bachelors - Syracuse University, Syracuse, New York

CLASSES/CERTIFICATIONS/AWARDS

Certified Business Continuity Professional CBCP, # 49427, April 7, 2016

Level 1 Professional Continuity Planner – FEMA – Homeland Security July 2012

PMP – Project Management Institute methodologies

APPLIED SKILLS

Guidelines in Strategic Communications: Federal Continuity Directive 1 and 2, agency CSS MEFs, Policy 1-4, HSEEP, NIST 800-*, Risk guidelines and policies DoD, and DIA.

Planning Tools: MAAT – Assessment tools/AAR and CAP, BPA, BIA with good writing and verbal communication skills.

Working knowledge of technical: Network Enterprise system, Programing Languages/Databases, Operating Systems, Web Master, Technologies/Frameworks/Platforms/Standards, Security applications.

PROFESSIONAL EXPERIENCE

03/2019 – 5/9/2023 BCT LLC / DIA

Vulnerability ID Analyst (Supply Chain Risk Management)

Developed and executed a systematic process for managing supply chain risk within DIA procurement Supply Chain Risk Management SCRM team within Acquisition Risk Task Force (ARTF):

I support efforts to upgrade and modernize enterprise business tolls and capabilities.

I provided vulnerability information while achieving due diligence in the support of the agency procurement operational mission. Made an IT product analysis consistent with military, intelligence and NIST regulations consistent with ICD 731and DODI 5200-41 to secure agency Information Technology and operations from sabotage, foreign subversion, exploitation, and sabotage.

I have impacted the mission by identifying “Critical” vulnerabilities in IT equipment and products which lead to my receiving Kudo’s from our SCRM team Assessment Director in the monthly meeting (Sept.2019). I was also, named employee of the year, received a coin award.

I fulfilled requirements by identifying Information Technology’s Foreign Intelligence Entity (FIE) concerns/threat/ vulnerabilities and risk of impact throughout the supply chain lifecycle.

I calculated net vulnerability rating with Likelihood of Exploitation, Impact upon systems and overall level of Risk. Able to make appropriate decisions in fact finding, analysis and development of final reports and delivery of presentations related to ICT Expert knowledge of organization and ICT operations and business objectives, with obtaining certified follow-up of my written reports.

10/2017 – 10/2018 Redgate / FBI

Assessment Analyst – Insider Threat Office (InTO)

I worked with stakeholders to ensure business requirements are complete, then translated into functional specifications/requirement/user stories for developers; and conducted data analysis to ensure requirements align to business needs.

I conducted preliminary research to set up the InTO Key Vulnerability program. Examined the vulnerablity, by researching procedures, policies, and practices within the FBI to assess vulnerabilities, and to gain background information. Created vulnerability survey questionnaire as preparation for intake interviews. Wrote a news article, for notoriety and feedback to introduce what our Key Vulnerability team mission is, to the FBI. I worked along with organization psychiatrist to determine the human aspects of Insider threat and the triggers for future attack threat vectors before they occur. Made use of TTPs-tactics, to track human and technical processes, practices and procures in preventing threat and attack vectors, a few are theft of information, cyber base attack, counterterrorism, violence in the workplace, terrorist attacks, and espionage.

01/2017 – 09/2017 – ManTech International Corporation/DIA/NMEC/Bethesda, MD

Senior Task Supervisor

I collaborated with government stakeholders to capture business needs and facilitated prioritization and translation of those government needs into technical requirements.

I functioned as the liaison between organizations to analyze equipment and staff resources to install new sites. In this role, I conducted a deep analysis of IT trends, security forecasts, and took on challenges with the Risk board to improve systems. Ensured the integration of COT/GOT applications to recommend systems, upgrades, and issue management for Operations and Maintenance.

07/2014 – 11/2016- Project Complete/ NSA

Continuity Planner / Mission Assurance

Worked with Federal Government to Support: Support of organizational planning to address disasters, interruptions of business functions and enterprise resilience. Interpret government regulations and applicable directives and advised government COOP planners and leadership on the best course of action to meet program goals, objectives, and compliance with program mandates.

5/2013 – 12/2013, Freddie Mac / InScope

IT Disaster Recovery Specialist

Tested and documented disaster recovery strategies and plans thru use of DR exercises. Analyzed impact on, and risk to, essential business functions and/or information systems to identify acceptable recovery time periods and resource requirements for systems.

Developed emergency management plans for recovery decision making and communications, continuity of critical departmental processes, or temporary shut-down of non-critical departments to ensure continuity of operation and governance. Identified opportunities for strategic improvement. Established, maintained, and tested call trees to ensure appropriate communication during disaster. Interpreted government regulations (NIST, NIMS) and applicable codes to ensure compliance.

08/2012 – 04/2013, United States Security Exchange Commission

IT Disaster Recovery Contingency Planner

Managed project execution of Disaster Recovery for 35 offices ensure adherence to budget, schedule, and scope. – NIST 800-30, 800-128,800-12, 800-53 and 800-145

As a Continency planner, I prepared mitigation documentation in correlation with Developed and update project plans and reports for agency, implementing and maintaining Security Business Continuity Management Program policies for information technology projects including information such as project objectives, technologies, systems, information specifications, schedules, funding, and staffing. Monitored, tracked project milestones and deliverables.

06/2010 – 06/2011, United States Patient and Trade Office (USPTO)

Project Manager

Leveraged key project reviews and activity related meetings, provide agendas, applied for PPA codes.

Met standards of HIT (Health IT Standards Committee) federal requirements. Complied with the planning guidelines in the OCIO SDLC, assisted in evolving the organization to Agile /Scrum Modeling.

09/2009-09/2010, Department of Defense (DoD)

Project Manager

Managed MS Project Plans on MS Project Server

Assisted in the MS Project Server installation, deployment, and maintenance plan. Created templates and wrote project plans on MS Project Server using the SDLC model.

Contact this candidate