Eva Wilson

**** ******** **.

Hanover, MD *****

301-***-**** Cell

ad11n9@r.postjobfree.com

Clearance

TS

DOD 8570 Certification

CompTia Security+ CE

CompTia CASP

CISM

Summary

Motivated and skilled Cybersecurity professional with over 15 years of experience in the Systems Administration and Information Assurance fields. Has the ability to multi task and stay focused on set personal and company goals, while adhering to the policies and procedures set in place. Highly analytical and effectively able to troubleshoot and prioritize needs, requirements and other issues.Currently seeking a challenging position within an organization that can provide career advancement opportunities.

•Information System Continuous Monitoring (NIST SP 800-137 / NISTIR 8011)

•Federal Information Processing Standards (FIPS)

•NIST Risk Management Framework (RMF)

•Federal Information Security Modernization Act (FISMA)

•Cybersecurity Asset Management (CSAM)

Professional Experience

Senior Principle Cyber Information Systems Security Analyst

Northrop Grumman-

May 2017- Present

•Performs assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy. This is achieved through passive evaluations such as compliance audits and active evaluations such as vulnerability assessments.

•Establish strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.

•Assists in the implementation of the required government policy, make recommendations on process tailoring, participate in and document process activities.

•Analyze and validate established security requirements and to recommend additional security requirements and safeguards.

•Identify the overall security baselines in accordance with the Confidentiality, Integrity and Availability requirements to ensure the implementation of appropriate information security controls

•Responsible for the development, prioritization, and execution of IT resources to support the organizations mission and associated goals and objectives

•Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.

•Documents the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M.

•Conducted systems security evaluations, audits, and continuous monitoring of security controls effectiveness, recommending corrective actions, and the rigorous application of cybersecurity policies, principles, and practices

•Responsible for overseeing the Risk Management Framework activities in support of System Assessment and Authorizations

•Successfully transitioned multiple systems to RMF process in accordance with JSIG.

• Provided authoritative guidance on the NIST Risk Management Framework (RMF)

•Ensured cyber functions are included in the configuration management process

Information Systems Security Officer (ISSO)

SeKON- Department Health Agency

November 2015-March 2017

•Efficient in NIST and DoD Security Standards and Risk Management Framework (RMF) processes.

•Worked and documentedd Risk Management Framework processing with end results achieving an Authority to Operate (ATO) for over 5 systems.

•Managed Cyber security using the Enterprise Mission Assurance Support Service (eMASS) repository.

•Ensured continuous monitoring, system auditing, and security policy development.

• Evaluted scan results, and determine remediation steps.

•Generated POA&Ms, including detailed justifications for program-required non-compliant controls.

•Worked with system owners and technical leads to develop and maintain security documentation required for Authority to Operate (ATO) approval.

• Operated as the sole security POC for multiple systems within the Environment

• Coordinated monthly vulnerability scanning activities and analysis results to report to the customer.

•Maintained the security management program including security policy, practices, standards, procedures and processes, coordinate and support regular security audits as part of the comprehensive System Security Policy, standards, practices and procedures, in order to maintain security authority to operate.

•Prepared, validated, and maintained security documentation including, but not limited to: system security plan (SSP), risk assessment (RA), contingency plan (CP), privacy impact assessment (PIA), eAuthentication assessment, FIPS categorization.

•Coordinated and participated in risk assessments and ensured corrective action on any identified security exposures.

• Provided advice and leadership in creating and maintaining contingency plans for any security emergencies.

•Conducted program security awareness training.

•Maintained close working relationships with other team leads and senior management.

• Managed POA&Ms through remediation as well as develop corrective action plans for each POA&M.

•Provided support for a system or enclave's information assurance program.

• Provided support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

• Maintained operational security posture for an information system to ensure information systems security policies, standards, and procedures are established and followed.

•Aided in the management of security aspects of the information system and performs day-to-day security operations of the system.

• Evaluated security solutions to ensure they meet security requirements for processing classified information.

•Performed vulnerability/risk assessment analysis to support Assessment & Authorization (A&A) (Formally Certification and Accreditation (C&A)).

•Provided configuration management (CM) for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes.

•Prepared and reviewed documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM). Supports security authorization activities in compliance with Risk Management Framework (RMF).

Information Systems Security Officer (ISSO) / Technical Writer-

Synergy- National Security Agency

July 2012- October 2015

•Supported and maintained over 30 SSPs.

•Researched, developed, implemented, tested and reviewed the organization's information in order to protect and prevent unauthorized access.

•Informed users of security measures and explain potential threats to ensure awareness.

•Supported NSA's Wireless Prototype development effort as an Information Systems Security Officer and Technical Writer

•Reviewed, applied and maintained information assurance policies and procedures set by defense and intelligence organizations.

•Followed customer's strategic plan for long term direction, goals and objectives. Identified risk assessments, vulnerabilities, threats and risk analysis.

•Created and maintained System Security Plans (SSPs) to prevent loss of information, damage to national security information, sensitive information pertaining to a system's structure, how it functions and how the system is designed.

•Developed Best Practices guides by policies, protocols and procedures according to defense and intelligence policy.

•Evaluated all hardware, firmware and software, security tests, access control and evaluate the process for effective use and access against compliance and noncompliance objectives.

•Provided daily support to the customer and partnering teams also including: effectively editing and writing technical documentation according to organizational documentation standards for format, quality, and graphics.

•Interviewed subject-matter experts (SMEs) and systems engineers to write and refine original technical text, leverages existing resources by working directly with engineering teams to develop documentation support.

•Employed advanced MS Word skills to create document templates, apply appropriate styles, insert cross-referencing links and integrate information from other document tiles.

•Leveraged desk-top publishing applications to create illustrations, icons and screen captures, pictorial illustrations and diagrams.

•Designed and maintained a new project SharePoint site for user accessibility, referencing, storing and implementation protocols.

•Communicated and worked collaboratively with teammates to evaluate processes and recommend procedural changes in order to deliver top-quality documentation.

•Ensured systems integrity as well as assisting in the final stages of the Certification and Accreditation process.

•Reviewed weekly Audit logs for each system and server and report security statuses, incident responses and recordation of outcomes and lessons learned.

•Preparedded and reviewed documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs)

•Supported security authorization activities in compliance with DOD Information System Certification and Accreditation Process and DoD Information Assurance Certification and Accreditation Process (DIACAP).

Information Systems Security Officer (ISSO) – SAIC

National Security Agency

October 2008 – June 2012

•Reviewed, applied, and maintained SAIC, DOD and IC information assurance policies and procedures.

•Coordinated the certification and accreditation of information systems with Program Personnel and DOD.

•Created, review, and maintain C&A documentation packages (e.g., System Security Plans, General/Privileged User Guides, Plans of Actions and Milestones (POA&Ms) etc.

•Colaborated with the Information Systems Security Manager, Program Engineering staff and Lab Managers to ensure adherence to all NISCAP, DCID 6/3, and DSS policies and procedures

•Reviewed system, server, and workstation security audit logs.

•Aided programs in performing risk assessments using current automated tools (WASSP/NISP), producing risk mitigation plans, and/or advising of potential strategies to meet program needs while complying with applicable security requirements.

•Aided in SAIC personnel obtaining PKI certificates.

Systems Administrator (Tier II) - NJVC

December 2007 – October 2008

National Geospatial Agency

Business Integration Specialist – Wood Consulting Services

National Security Agency

April 2007 – November 2007

Systems Administrator (Tier I) – BAE Systems

National Geospatial Agency

January 2006 – March 2007

United States Army

National Security Agency 704th MiBn –

June 2001 – April 2005

Awards

US Army Good Conduct Medal,

US Army Achievement Medal

National Defense Medal,

Certificate of Achievement (x2),

Graduate of Primary Leadership School

Education

-Degree in Cybersecurity Management and Policy with the University of Maryland Global Campus (Pursing)

-National Security Agency Fort Meade

Over 30 courses in collection

Signals analysis, information technology and computer networking

-CompTia Security+ CE

-CompTia CASP

-CEH bootcamp completion

-Federal Information Security Modernization Act (FISMA)

-ISACA CISM

Contact this candidate