Laurie J. Novak Phone 719-***-****

**** ******** ** ***

Colorado Springs Colorado

ad32v7@r.postjobfree.com

Qualifications

An extremely enthusiastic friendly outgoing professional with extensive experience understanding client problems and recommending accurate solutions. Possess strong communication background developed through enterprise technical support, project teamwork, and scheduling projects in business solutions environment.

Highly successful in client satisfaction while in customer liaison positions. Strengths include a high degree of motivation, tenacity, and professional attitude. Able to solve problems by understanding business needs, communication ability with diverse personality types, and driven to achieve results.

Strong working knowledge of eMASS, PCI DSS, NIST 800 series, FISMA, DCID’s, NISPOM, and DIACAP, DITSCAP, JAFAN, and JSIG. Wide-ranging working experience in drafting System Security Plans, SA&As, and standard operating procedures (SOPs). Vast working knowledge of computer and network security procedures and principals.

Reviewed security compliance on Government sponsored system using Retina and Gold Disk. Remediated findings (from patching to system settings) to correct any CAT I, II findings. In addition, reviewed RiskVision and Trustkeeper reports for PCI DSS audits (internal and external).

Summary

4 years of experience in telecommunications project management

18 years overall security experience

personnel, physical (to include FFCs, EAPs, SOPs), computer, security education

2 years of experience in project scheduling

Excellent at assessing and allocating limited resources in a high-pressure environment

Motivated, organized, detail-oriented and proactive team player

Skilled understanding writing SA&A packages and technical papers

Experienced with HIPPA, PII, PHI, PCI DSS

Professional Experience

ArmaveL, LLC Oct 2021- Apr 2023

Cybersecurity Analyst

System Steward/Team Lead (trainer): wrote and maintained security assessment core documentation and trained new staff members on policies and procedures.

Risk Assessor: performed risk assessments for multiple banks and credit unions to help prepare them for the approval to operate investigations.

Risk Analyst: performed risk review of many systems for the Veterans Health Administration in preparation for authority to operate investigation. Wrote technical documentation to support any findings with recommendations on how to correct my findings.

TREX Solutions, LLC Oct 2020-Mar 2021

Senior Cyber Security Analyst

Major responsibilities include obtaining approval to operate and maintenance of said systems via the eMASS tool. In-depth control family review for pre-existing (as well as new systems). Monitor and respond to threats and system weaknesses to ensure remediation. Work with other team members to develop best practices across all stages of the system development life cycle. Maintain standard operating procedures as well as other documents in the supporting body of evidence.

FirstData/FISERV Aug 2018- Apr 2020

Security Engineer II

Major responsibilities include implementing industry information security policies, review vulnerability assessments, interpret vulnerability scanning results, RFIs, PCI DSS auditing (both internal and external). As a senior information security analyst, I supported three key clients. Coordinated security assessments, penetration tests as well as reviewing the vulnerability remediation activities and management of compliance deliverables. Maintained the business impact assessment and disaster recovery plan documents. Assessed in-house developed applications. Ensured confidentiality of client information and compliance with department standards and procedures (in compliance with FISMA and NIST standards)..

I have also worked with RSA Arjcher.

Apex Systems Aug 2017- May 2018

Information System Security Analyst

Contracted to directly support the Centers for Disease Control and Prevention (CDC) in Atlanta. Primary Security Steward between CDC-US and CDC-Thailand. Responsible for government compliance on nine information systems. Duties include risk and vulnerability assessments of in-country systems to identify vulnerabilities, rules and protection needs, Follow information security policies, methods, standards, Federal Information Security Management Act (FISMA/National Institutes of Standard and Technology (NIST) standards and practices to organizational information systems, IT Reference materials and interpret regulations. Creation and annual updates of system security assessment and authorization packages for compliance, ensure protection of sensitive data, document standard policies and procedures on each system, stand-up of highly-sensitive system for ZIKA study. Communicate with Information Systems Security Officer (ISSO), CDC organizations and organizational staff.

Lockheed Martin Aeronatics Aug 2015-Aug 2016

Senior Computer System Security Analyst

An integral Information Assurance Team member, primarily assigned to SAP/SAR networks. Duties include compliance with the most current Government cyber-security guidance and regulations, preparation and maintenance of JSIG submittals, auditing of classified information systems, data-transfer agent, appointed SAA by AFOSI. Ensures system operations maintain DoD Information Assurance Certification and Accreditation Process (DIACAP) accreditations, including conversions to RMF.

Booz Allen Hamilton Sep 2014-May 2015

Senior Staff Analyst, Lead Technologist

Primarily serves as Systems Engineering and Technical Assistance (SETA) for the Global Positioning Position (GPS) Information Assurance (IA) Directorate, Provides Department of Defense security engineering, testing, vulnerability assessments, and system accreditation services for multiple GPS systems, Ensures system operations maintain DoD Information Assurance Certification and Accreditation Process (DIACAP) accreditations, including conversions to RMF, Conducts, coordinates, assesses and packages Security Test and Evaluations (ST&Es) for classified systems critical to testing and maintaining GPS accreditation, Routinely uses an array of security assessment tools, i.e., Retina, Security Compliance Checker (SCC), Gold Disk, and Nessus, to identify/verify closure of security vulnerabilities analysts, mission assurance and disaster recovery professionals, system users, and IT auditors to ensure security and privacy requirements are incorporated throughout the systems development life-cycle. Support other IA activities, including risk analysis, weakness remediation, vulnerability management, continuous system monitoring, configuration management, and component oversight, providing technical analysis in applicable situations. Experience with DIACAP/NIST/RMF/C&A/IA package delivery.

The MITRE Corporation Oct 2005-Aug2014

Information Assurance Manager

Approving software and hardware additions to existing LANs/WANs, inspection preparedness for multiple Government agencies, company’s single authorized data transfer agent for newly installed SIPRnet, JWICs, weekly security compliance of all classified networks, staff training and education.

Information Assurance Officer

Performs Information System Security Officer (ISSO) duties, including preparing and maintaining classified system security plans for 5 Secret Collateral labs, as well as SCI and SAP/SAR program networks. Oversee and train the system administrators and LAN users. Design, install, and maintain new networks. COMSEC manager, daily and monthly maintenance, training users and keeping our company compliant with different sponsor’s requirements. VTC set-up, maintenance, and trouble-shooting.

Special Security Specialist/System Administrator

Performed security duties for SCI/SAP/SAR programs. Prepared, maintained, and reviewed DCID 6/3, NISPOM and other various DoD guideline manuals for classified system security plan compliance. Provided security education and awareness to users. Weekly anti-virus checks and updates, daily system administration on internal LANS (including weekly audit trails). COMSEC manager duties to include daily updates and user training. Track personnel security clearances and verification. Proficient in closed area procedures.

Education

Associates of Arts in General Studies at University of Phoenix

Defense Intelligence Agency: SCI Security Officers Course

RH033 Red Hat Linux Essentials

Aegis Research; Automated Info Systems Security Course

DSS-Chapter 8 Certification

Currently enrolled in SEC+ certification course

Recognition

MITRE Director’s Award for recognition for dedication, enthusiasm, expertise and professional conduct in support of the MITRE mission.

MITRE Directors Award for Commitment to the Corporation’s Interest

Accolades from peers, as well as senior management, resulting in selection as COMS

Contract Employee of the Month for April 2003 and September2003

Letters of appreciation from multiple customers for outstanding service

Reference letters available upon request

Contact this candidate