Post Job Free
Sign in

Cyber Security Information

Location:
Greenbelt, MD
Salary:
$120k
Posted:
June 22, 2024

Contact this candidate

Resume:

Nicholas Forka

Greenbelt Maryland, *****

Email **************@*****.***

Contact: 240-***-****

SKILLS

I am a cybersecurity professional with 5-year experience in cyber security field, information Security with focus on Federal Information Security Management Act (FISMA), NIST Cyber Security Risk Management Framework (RMF), System Security Monitoring and Auditing, Risk Assessments, Security Control Assessment (SCA) and Developing Security Policies, Procedures per NIST Standards and guidelines, deeper knowledge of the NIST Special Publications.

Outstanding proven experience in security control assessment

Schedule assessment kick-off meetings with assessors and Security Control Interview meetings with System Owners and Common Control Providers.

Creates Requirement Traceability Matrix (RTM) and documents whether controls being assessed passed or fail using NIST SP 800-53A as a guide.

Ability to create and analyze threats and vulnerability reports.

Strong communication and analytical skills as well as excellent multi-tasking skills and experience managing multiple projects simultaneously.

Familiar with Nessus, xacta, and CSAM tools.

Team player: dynamic and professional with the ability to adapt well to changes, environments and interact well at all levels.

Preventive Measures Inc., Washington DC.

Information Systems Security Officer (ISSO)/Privacy Analyst

End Client; DC Dept. of Health

May 2022 to Present

Member of Risk Management Team: all 7 steps of the Risk Management Framework (RMF).

Scheduling assessment kick-off meetings with assessors and Security Control Interview meetings with System Owners and Common Control Providers.

Reviews A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT).

Conducting assessments of client’s policies, procedures and operations to ensure compliance with regulations including the Privacy Act of 1974, and other federal government legislations.

Conducting PTAs to determine amount, nature and sensitivity of Personally Identifiable Information- PII -processed, stored and shared by client’s information systems.

Creating Privacy Impact Analysis- PIAS, System of Records Notices – SORNs, PAS for compliance with policy, regulations and agency requirements.

Providing training to personnel and employees on privacy protection procedures, practices and standards of operations.

Optech Inc, Washington DC.

Cybersecurity Analyst (ISSO)

End client Department of Labor. DEC 2021 TO May 2022.

Worked on Audit & Compliance, Using NIST 800-53 R4.

Created and monitored Plan of Action and Milestones (POA&M) on weaknesses or vulnerabilities; produced assessment findings in a Security Assessment Report (SAR).

Performed comprehensive assessments and review of management, operational and technical security controls for audited applications and information system.

Provided Assessment, Authorization, and Information Assurance support to include security test and evaluation (ST&E), security control assessment, vulnerability assessment, POA&M management, IT security policies and procedure developments.

Reviewed A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT).

Provide Assessment, Authorization, and Information Assurance support to include security test and evaluation (ST&E), security control assessment, vulnerability assessment, POA&M management, IT security policies and procedure developments.

Facilitated the development and maintenance of the Plan of Action and Milestones via CSAM (Cyber Security Assessment & Management), and supported remediation activities.

Created POA&MS for findings and Audit. Apply NIST 800-53A for assessment of controls like AC, CP, CM, PL.

Performed Security Categorization using (FIPS 199), into Low, Moderate and High of the system (CIA). conduct assessment and review Privacy Threshold Analysis (PTA), E-Authentication, Contingency Plan and Incident Respond Plan.

Prepared Plan of Action and Milestone (POA&M) for authorized systems with appropriate remediation suspense dates and track findings until closure.

Miracle Systems, Arlington VA.

Cyber security Analyst (ISSO)

Client: Transportation Security Administration (TSA) Nov. 2019 to Dec. 2021`.

Performed comprehensive assessments and review of management, operational and technical security controls for audited applications and information system.

Provide Assessment, Authorization, and Information Assurance support to include security test and evaluation (ST&E), security control assessment, vulnerability scanning, vulnerability assessment, POA&M management, IT security policies and procedure developments.

Reviews A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT)

Documented assessment findings in a Security Assessment Report (SAR) and produced a plan of action and milestones (POA&M) for all controls having weaknesses or deficiencies.

Schedule assessment kick-off meetings with assessors and Security Control Interview meetings with System Owners and Common Control Providers.

Creates Requirement Traceability Matrix (RTM) and documents whether controls being assessed passed or fail using NIST SP 800-53A as a guide.

EDUCATION

Bachelor’s Degree

Obtain form University of Yaoundé Cameroon.

CERTIFICATIONS

*CompTIA Security + expire renewal in process.

*C E H

*DHS PUBLIC TRUST

* U.S Citizen.

REFERENCE AVAILABLE UPON REQUEST



Contact this candidate