Security Officer Information Technology
Resume:
Cynthia D. Brown
ad3w79@r.postjobfree.com
***** ***** *****, ********** ** 22191
SUMMARY
Driven career security professional with outstanding leadership background, a proven record of meeting new challenges, and completing tasks successfully. Skilled Information Technology Security Administrator with 15 years of related experience. A proven ability to implement technologies that decrease costs, increase performance, and cause positive change.
EDUCATION
University of Phoenix, Richmond, Virginia
2008 Master of Business Administration; specialization in Technology Management Longwood University, Farmville, Virginia
2000 B.S. Computer Science
CERTIFICATION
Security+ CE
CLEARANCE LEVEL
DoD TS SCI CI Poly
EXPERIENCE
Information System Security Officer
August 2022-Present- Remote
Octo
•Ensured all IT systems received and Authority to Operate using FISMA guidance Risk Management Framework SP 800-53 Rev 4, SP 800-30 Rev1, SP 800-37 Rev 1, SP 800-39, SP 800-60 vol 1 Rev 2, FIPS 199, & FIPS 200
•Provided assessment and authorization (A&A) support utilizing best practices and entered all documentation in Archer applications
•Reviewed Plan of Action and Milestones (POA&M) reports and tracked remediation progress.
•Attended meetings with government to discuss the progress of the organization systems going through an accreditation process or renewal
•Used a vulnerability remediation tool Security Content Automation Protocol (SCAP) Scanner to scan the systems for a baseline pertaining to compliant or non-compliant IA Controls
•Primary Cyber security liaison between all Tiers within the organization that is responsible for STIG hardening, application development, Vulnerability Management (IAVM) compliance, and patch management. CACI
Parsons Corporation
Perspecta Inc.
Deloitte Services
Information System Security Officer/Security Control Assessor December 2018 – July 2022
National Geospatial-Intelligence Agency-Springfield VA
•Prepared documentation from information obtained from customers using accepted guidelines such as RMF (Risk Management Framework) and decipher and explain in Intelligence Community Directive (ICD) 503
•Provided assessment and authorization (A&A) support utilizing best practices.
•Ensured that all system functions, security policies, technical security safeguards, and operational security measures are in place for all services
•Collected and created documentation for systems in need of an Authority to Operate and entered all documentation in XACTA
•Made recommendations on the protection of classified and sensitive data to management
•Translated technical information and information technology jargon into plain English as needed.
•Determined the risk when faced with security challenges
•Understood complex technical configuration management documents
•Responsible for articulating and documenting information in a well-organized manner
•Accountable for utilizing applicable IC and DoD policies, procedures, and operating instructions when assessing all systems including FedRamp (Cloud Systems)
•Familiar with AWS Cloud Computing Models SaaS, PaaS, and IaaS as a service in a government cloud environment
•POA&M-Vulnerability manager responsible for tracking all Plans of Action and Milestones (POA&Ms) on all organization systems that were a result of system vulnerabilities.
•Performed vulnerability scans as necessary on all systems within the enclave
•Attended all meetings with government, civilians, and contractors on all systems within the organization’s environment
•Viewed IA control vulnerabilities using STIG Viewer and apply to the Security Test Plan when applicable and distributed to developers, system administrators, and Management for review.
•Used SCAP scanner to scan for baseline compliance or non-compliance of IA Controls ManTech International
Information System Security Manager
June 2018 – November 2018
Office of Special Investigations Bolling Air Force Base
•Created strategy for implementation of an Information Security program to meet the needs of the organization
•Created and Implement Standard Operating Procedures to address compliance for all systems on the network following Air Force regulations
•Ensured IT systems received an Authority to Operate using FISMA guidance, Risk Management Framework SP 800-53 Rev 4, FIPS 199, & FIPS 200, and Air Force Special Publications
•Assisted all personnel to include military, civilian, and contractors to carry out Information Security functions
•Implemented security procedures to conduct scans on the network to meet NIST RMF compliance
•Implemented POA&M Management for all systems in need of accreditation
•Implemented a Vulnerability Management program for the organization involved
•Implemented Security Hardware and Software to meet Security System Compliance for the organization. Sekon Enterprise
Information System Security Manager
October 2017 – June 2018
Defense Health Agency
•Ensured all IT systems receive and Authority to Operate using FISMA guidance Risk Management Framework SP 800-53 Rev 4, SP 800-30 Rev1, SP 800-37 Rev 1, SP 800-39, SP 800-60 vol 1 Rev 2, FIPS 199, & FIPS 200
•Implemented policy and procedures when making any changes to data and systems in the network environment
•Reviewed Network Security posture monthly to ensure compliance to policy.
•Advised PM on the posture of Network and IA control implementation changes as necessary
•Ensured System Administrators, Infrastructure team, and Cloud Service Providers created, updated, and maintained documentation for continuous Monitoring and ATO efforts
•Updated System Security Plan (SSP), Incident Response/Contingency Plans.
•Created POA&Ms for all vulnerabilities not remediated promptly.
•Ensured that all hardware & software documentation was accurate and consistent with the system design
•Created & reviewed the Privacy Impact Assessment and discussed it with the team
•Followed up with the Annual Security training cycle and ensured that all new employees had taken the training
•Applied patches to all vulnerable systems.
•Ensured all IT systems received an Authority to Operate using FISMA guidance Risk Management Framework SP 800-53 Rev 4
•Revised system security plans, risk assessments, contingency plans, and all other documentation on Certification and Accreditation using eMASS as the repository for all systems
•Task Manager for Systems Scorecard and System ATO status
•Ensured Program Management Offices created POA&Ms for all vulnerabilities on IAVMs & FRAG ORDs.
•Reviewed hardware & software list to ensure alignment with boundary diagram
•Monitored and updated ports and protocols list
Intelligent Waves
Knight Point Systems
Security Control Assessor/Information Security System Officer September 2015-October 2017
Department of Homeland Security
•Supported the day-to-day execution of the DHS FISMA Compliance program, IAW the DHS Annual Information Security Performance Plan
•Conducted an annual assessment of IA controls for National Protection Police Agency systems to ensure compliant and entered the data into XACTA.
•Ensured adherence to and validation of IT standards according to NIST Publication 800-53 & NIST Publication 800-53A, Rev. 4 and DHS Sensitive Systems Policy Directive 4300A
•Reviewed and evaluated SA documents using XACTA to ensure that SA documentation meets FISMA and DHS requirements.
•Validated SA documents promptly and provided actionable comments to ensure that the documentation complied with DHS requirements and metrics
•Analyzed new systems using XACTA requiring an ATO, conducted an entrance conference with the new SO and ISSO (other pertinent stakeholders) on the required SA activities, planning those efforts, and identifying roles and responsibilities.
•Before the renewal of a system’s ATO, I worked with other ISSO’s and System Owners to establish a schedule to complete security artifacts in preparation for SA activities and coordinate briefings regarding scheduled and planned efforts.
•Provided Continuous Monitoring of systems after ATO approval.
•POA&M Manager responsible for tracking all Plans of Action and Milestones (POA&Ms)
•Tracked all waivers related to POA&Ms.
Onpoint Consulting
Team Lead Information Assurance Security Officer
February 2014-September 2015
844th Communications Group Bolling Air Force Base
•Provided technical leadership, ensured completion of all Information Assurance (IA) tasks promptly.
•Traveled to Air Force units for Information Systems Security inspections, training, & Perform Security Assessment Visits (SAVs).
•Developed Air Force IS awareness program to satisfy Computer Security education and training requirements for the unit’s yearly inspection.
•Ensured all users have the requisite security clearances and supervisory need-to-know authorization before granting access to Air Force ISs.
•Spokesperson and liaison to customers and management, functioned as a technical expert to resolve issues dealing with security and information technology.
•Approved account creation requests for AFDW Enterprise network access to included Privileged/Elevated accounts.
•Maintained current and accessible IA-related documentation; ensured all account management policy revisions were current.
•Corresponded with Engineering and Operational Support Teams to fulfill other IA responsibilities, such as creating a Plan of Action and Milestones (POA&Ms) as needed.
•Created POA&Ms for Information Assurance Vulnerability Alerts (IAVA) for IAVAs that did not meet due dates.
•Knowledge of and experience with DoD and Air Force IA policies and regulations; experience with information networks and architectures, related hardware and software, operating systems, and communications systems.
•In-depth use and understanding of DoD and Air Force IA eMASS repository and Certification and Accreditation validation process.
•Took systems from the DIACAP process to the NIST (Risk Management Process) to include interviewing system owners and administrators about collecting artifacts to be uploaded into eMASS.
•Responsible for the revision of IA policies and Standard Operation Procedures (SOPs) as needed. Engility Corporation
Information Assurance Manager
October 2013-January 2014
MCIA-Quantico
•IAM Professional was supporting SPAWAR technical task order utilizing SP 800-37. Specializing in NIST Security Controls and Risk Management Framework applicable to DODIIS/SCI Accreditation process and ICD 503
•Supported and assist in policy and procedures creation, updates, and modifications, conducting IA Analysis, security assessments, developing the strategic implementation of the risk management framework, supporting certification and accreditation processes, and documentation
•Provided Information Assurance expertise, services, and support to IA Policy, Process, Planning, and Documentation in support of IA Oversight, Technology Review and Integration and Computer Network Defense
(CND) services
•Supported Certification & Accreditation, Assessment, and Authorization processes. Lockheed Martin/Dunson Associates
Information Assurance Security Engineer Team Lead
November 2010 -October 2013
844th Communications Group-Bolling Air Force Base
•Provided technical leadership and ensured that all Information Assurance tasks completion
•Performed Security Test & Evaluations (ST&Es) and IT Security Vulnerability Assessments
•Travel to Air Force units for Information Systems Security inspections, training, & Perform Security Assessment Visits (SAVs).
•Experience with Remedy 7.1 on the Windows platform.
•A spokesperson and liaison to multiple customers and management, often called upon as a technical expert to assist in resolving issues dealing with the Accounts Management process
•Approved Account creation requests for AFDW Enterprise network access to included Privileged (Elevated accounts)
•Performed scans using Retina, Gold Disk, and STIGS and review retina, gold disk, STIG findings, and performed risk analysis
•Corresponded with Engineering and Operational Support Teams to fulfill other IA responsibilities such as assisting with the creation of POA&Ms as needed
•Attended collaboration meetings in support of Vulnerability Analysis
•Created Plan of Action and Milestones (POA&M’s) for IAVM system for IAVA’s that will not meet due dates.
•Ensure IT systems meet and maintain DoD policies and procedures by getting IT systems through the Certification and Accreditation process.
•Knowledge of and experience with DoD and Air Force IA policies and regulations, Security Technical Implementation Guides and Enterprise Information Technology Data Repository (EITDR), and experience with information networks and architectures, related hardware and software, operating systems, and communications systems
•Knowledge of and experience with DoD and Air Force IA eMASS repository and Certification and Accreditation validation process
•Got Information Systems through the ATO process by way of the DIACAP process
•Conducted annual IAAP Assessments and training on Computer Security Information Assurance Assessment Criteria (COMPUSEC) and Telecommunications Monitoring and Assessment Program (TMAP). Manager/Information Assurance Security Officer
August 2004-November 2010
Department of Military Affairs-Army National Guard
•Created Information Assurance Security Department for the Virginia Army National Guard to assess the Network posture.
•According to Army Regulations AR 25-2, applied instructions and pre-established guidelines to perform tasks according to DoD standards.
•Monitored and ensured system security, reliability, and availability; analyzed system performance for potential security problems and mitigated any issues.
•Installed, evaluated, upgraded, and maintained network operating systems software and hardware to comply with IA requirements.
•Monitored defense systems, including IDS, firewalls, grid sensors, etc., and enhanced rule sets to block malicious traffic sources.
•Supported, monitored, assessed, and troubleshot hardware and software IA problems on the Computing Environment; evaluated, recommended, and assisted in the procurement and implementation of hardware, software, and systems.
•Performed scans (Retina, Nessus, Gold Disk, and STIGS); Reviewed findings and performed risk assessment and analysis.
•Attended collaboration meetings in support of Vulnerability Analysis.
•Provided end-user IA support for all Computing Environment operating systems, peripherals, and applications.
•Applied appropriate access controls, established IA security procedures, and complied with responsibilities of assignment.
•Analyzed patterns of non-compliance, took appropriate administrative or programmatic actions to minimize security risk, and reported such risk to the Information Assurance Vulnerability Management system (IAVM).
•Processed all Personally Identifiable Information (PII) incidents within the Virginia Army National Guard; requested and tracked all POA&Ms for the Virginia Army National Guard regarding non-compliant assets.
•Managed the patch process for the Virginia Army National Guard Enterprise Network Information Technology Project Manager
January 2002-August 2004
Department of Military Affairs-Army National Guard
•Evaluated the existing Telecommunications and Budgeting database systems; designed and proposed new system requirements.
•Presented proposed plan to developers for improvement concerning physical construction, hardware, operating systems, programming, communications, and security issues.
•Participated in budget planning by providing current data for cost-effective measures regarding telecommunications management.
•Purchased all Information Technology goods and services utilizing the state procurement rules and regulations.
•Managed projects dealing with telecom issues, procurement issues, finance/accounting, and database management Information Technology Database Administrator/Analyst 2001-2002
Department of Military Affairs-Army National Guard
•Administered and regulated the Virginia Army National Guard’s data resources.
•Prepared project plans and schedules for effective database-related implementation and support efforts.
•Communicated regularly with internal technical, applications, and operational staff, as appropriate, to ensure database integrity, security, and availability.
•Recovered corrupted data, eliminated data redundancy, and used tuning tools to improve database performance.
•Assisted developers with application design and development, specifically for transaction design and client-server applications.
•Planned/scheduled for DBMS installation; planned/coordinated for database systems storage requirements and install/upgrade.
•Planned/implemented the production database operating environment(s), supported utility jobs/procedures, maintained production database system security procedures, and provided day-to-day database support for production systems.
•Vulnerability Assessment (SME) Retina & Tenable
Archer application
•SCAP Scanner
•STIG Viewer
•XACTA application
•eMASS application
•McAfee ePolicy
•Networks (TCP/IP)
•Macintosh OS-8
•Microsoft Server 7.0/2007
•Microsoft WSUS (Windows Server Update Services)
•Microsoft Office
•Intrusion Detection Systems
•Intrusion Protection Systems
•Programming Languages (HTML, C++, Visual Basic, and Cobol)
•HBSS
•eMASS
•Retired Instructor (Junior College and Public Educatiion)
Contact this candidate