Joshua Taribo

Information System Security Officer

Phone: 240-***-**** Email: ad33nv@r.postjobfree.com

PROFESSIONAL SUMMARY:

Cybersecurity Professional and Information System Security Officer with 5+ years of experience with ensuring, supporting, storing, and securing data safely for multiple users, property, assets, and remote environments. Abreast with categorizing businesses systems, collaborating with engineers and ISO/ISSOs to integrate remediation and mitigation plans to enhance systems and users’ data security, privacy, availability, integrity, and confidentiality. Well-versed with utilizing and referencing the RMF ATO process to assess, and monitor systems, its documentations, and guidelines operating GRC tools such as CSAM, and Archer to improve business resiliency and attain ATO before external audits are performed. Adept at communicating findings clearly with key stakeholders across various teams regarding project needs and evidence for audit/assessing submissions. Articulate, solutions-oriented customer service with extensive customer service experience, precision, compassionate teamwork, and diligent in threat assessment, monitoring surveillance systems, and emergency response. US Army and Active DOD Secret Clearance Certified.

CLEARANCE: Active Secret Clearance (2021)

SKILLS/TOOLS

A&A Documentation Compliance Risk Management/RMF CRM SIEM SQL Scripting NIST 800 Series FIPS 199/200 ISO 27001 FISMA PCI-DSS Vulnerability Management Adaptability Productive Writing Great Teamwork Organization Collaborative Communication Skills

Nessus (Tenable io/Security scanner) RSA Archer CSAM eMASS Splunk Microsoft Office 365 Series ServiceNow Qualys

EDUCATION CERTIFICATIONS

Bachelor of Science CompTIA Security +

University of Maryland College Park, MD CISA (In progress)

(2018)

US Army CBRN School,

Fort Leonard Wood, MO

(2021)

WORK EXPERIENCE

Library of Congress

Information Security Officer November 2023 – Present

●Augment vulnerability management using Nessus and risk mitigation for multiple systems, hardware, and peripherals.

●Lead discussions using Microsoft Teams and other apps, certifying that systems are compliant with and adhere to NIST, FISMA, and ISO 27001 standards and that the best security practices are in place.

●Employ SIEM tools like Splunk to monitor systems and guarantee alerts are met with solutions.

●Utilize the best models for identification/authentication, risk management and access control whilst with the engineers and SOC team.

●Overview camera systems periodically to make sure they are compliant and running as they should.

●Following break out meetings, evaluate vulnerability assessments and other systems for security solutions to verify that they meet guidelines and procedures for processing classified/sensitive information.

●Train in multiple positions, learning quickly, and ensuring job rotation and least privileges are in place alongside coworkers and supervisors.

●Review security artifacts provided by engineers to confirm they are compliant with NIST security controls, such as a configuration management policy.

●Apply DISA STIGS configuration scans to assess systems’ risk and performance matrices.

●Assisting management team with security surveillance and information systems overall daily operations which helped prevent and catch hundreds of potential scams and attacks.

U.S. Army Maryland National Guard

74- D (CBRN/IT Specialist) November 2020 – Present

●Teach, instruct, and prepare multiple units for CBRN defense and response operations.

●Assist in facilitation of remediation plans of POA&Ms, and SSP’s with ISSO’s various teams.

●Implement disaster recovery procedures, security contingency plans, and confirm systems are appropriately patched with engineering team.

●Assess security risks and identify potential threats to hardware, software, and physical location.

●Evaluate and verify that all CBRN equipment and weaponry are cleaned and functioning adequately.

●Stay up to date with CBRN classes, training, policies, SOP’s, procedures, and regulations.

●Input and continuously monitor system documentations, some of which are sensitive PII into their respective government record keeping systems, using eMASS.

Nakupuna Companies

Pentagon Contractor/Assessor November 2021 – November 2023

●Conducted and updated 11 awareness and trainings per year, whilst providing semi-annual progress report to project manager

●Collaborated with teams to manage C&A and provide continuous monitoring of activities utilizing common control frameworks.

●Created effective, robust presentations for Business teams using Microsoft PowerPoint and Microsoft Visio.

●Worked with GRC tools such as JIRA, ServiceNow, and RSA Archer to keep up with POA&Ms and ATO processes.

●Performed security control assessments, referencing NIST 800-53A, and NIST 800-30, as guidance.

●Managed security posture of cloud environments with engineering teams using AWS and/or Azure to remediate and communicate overall risks of environment to identify areas of improvement.

●Utilized Nessus security scanner to assess the vulnerabilities of various systems, collaborated with vulnerability manager and teams on mitigation and remediation steps.

●Verified that SSPs are updated with CSAM and utilized SDLC process with team to generate best results.

●Cooperated with ISSO, system and networking teams to secure ATO packages within 9-to-12-month deadlines achieved within 8 months in preparation for External Auditors/Assessors.

RTG LLC.

Informatica ETL/SQL Developer Jan 2019 – March 2021

●Wrote scripts to mechanize software updates, finishing 6-month project ahead of schedule in 4 .

months and saving 3 programmer hours/mo.

●Collaborated with assessors, auditing, and engineering teams to establish that we adhered to NIST and FedRAMP standards and security best practices.

●Utilizing Nessus security scanner, I assessed the vulnerability risks of various systems, collaborated with vulnerability manager and teams on mitigation and remediation steps.

●Assisted system and networking teams to secure and evaluate security solutions to safeguard that baseline security controls are processed and maintained.

●Extracted high volume data sets from databases, and Excel files using Informatica ETL mappings to

load into business data warehouse files in readable formats for the corporate office.

●Assessed the KPI’s and KRI’s of systems to provide better business performance indicators and potential risk factors for management and clients.

PROFESSIONAL ASSOCIATIONS

Tech is the New Black

Toastmasters Club

Contact this candidate