Washington DC Metropolitan Area (DC, Maryland and Virginia)
Email Address: firstname.lastname@example.org
Information Assurance Guidelines
Key Skills and Knowledge
Software Development Lifecycle (SDLC)
Security Assessment and Authorization (SA&A)
Certification and Accreditation (C&A)
Exposure to Federal Skills and Authorization Management Program (FedRAMP)
Business Continuity Planning
Security Test & Evaluation
Security Training & Awareness
Proposals (some experience)
Policy and Process Development
Bachelor of Science, Geology: Obafemi Awolowo University
Bachelor of science, Cybersecurity & information assurance(in view)WGU
Certified Authorized Professional (CAP)
Over six (10) years of work experience in a wide array of positions within the cybersecurity industry to include compliance, vulnerability management, help desk, program management, client/customer services, research, technical writing, operations and administrative management tasks. I have experience with applying FIPS Publications, NIST Publications, OMB and FISMA guidelines to comply with a variety of industry standards for various organizations.
Experience in all phases and roles of the Security Assessment and Authorization (SA&A) process from initiation to continuous monitoring including the assessment of Security, Testing & Evaluation (ST&E), development of system security plans (SSP), Contingency Plans, Disaster Recovery Plans, Continuous Monitoring, Compliance Management, Incident Response Plans/Training, Configuration Management Plans, Privacy Threshold Assessments, Privacy Impact Assessments (PIA), POA&M management, and Standard Operating Procedures (SOP), in accordance with Federal, Agency and Organizational policy, to include FISMA, NIST, OMB, FIPS, and HIPPA instruction.
I also possess in-depth experience in performing information security risk analysis on standard operating procedures, creating and updating user manuals and conducting extensive analysis to ensure the accurate technical content of such documentation.
DETAILED PROJECT EXPERIENCE:
Parsons Cooperation, 04/2016 – Present
Security Control Assessor: Perform new and on-going assessment of security controls to ensure they are functioning as expected. Gather all security documentation to get the ATO package ready for the Authorizing Officer review and approval.
Worked as security control assessor, utilize Risk Management Framework (800-37) and other several NIST publications (NIST 800-30, 800-53A, FIPS 199, FIPS 200) to assess the security controls applicable to information and information systems, identify and assess associated risk, and recommend possible measures to address the risk
Assess information and information systems using mechanisms such as review of system security documents such as System Security Plan, Risk Assessment Report, Contingency Plan, etc. interview of information system administrators, and technical testing using Nessus and WebInspect to perform vulnerability and compliance scan
Develop Security Assessment Plan to assess the information system, also develop Security Assessment Report to document findings and recommend remediation measures
Participate in the management of Plan of Action and Milestone (POA&M) using Cyber Security Assessment and Management (CSAM), and review POA&M for closure
Maintain Authorization to Operate package in accordance with the client’s requirement and compliant to FISMA
Manage project artifacts such as the System security plan, risk assessment, security control write-up, contingency plan, contingency plan test(conduct), configuration management plan, privacy impact assessment, POAM, FIPS 199, system design document, operating maintenance and manual, version description document, user manual Interface with federal employees and contractors to perform the security assessment activities.
Report all applicable activities to the Project Management Office (PMO) team
Determine if IT security functions, systems or programs are in compliance with federal, and government standards, appropriately implemented agency-wide, and are being operated efficiently.
Reviews and creates audit reports on user and system activities
Works closely with stakeholders to ensure policies and procedures are implemented and followed
Ensure ongoing integration of information security with business strategies and day-to-day operations
Possess solid understanding of security architecture, policies and application security capabilities of major operating systems
Quarterly reporting of Plan of Actions and Milestone (POA&M) items
THE HCI Group, April 2014 – April 2016
Information Security Specialist
Utilize NIST Publications to assess, implement, and document security requirements for Federal information systems, develop policies and procedures, and ensure information system security documentations are in compliance
Develop Security Control Assessment Test Plan used in assessing the information system security controls
Perform annual security control assessment of information system to ensure FISMA compliance
Perform vulnerability and compliance scan, using Nessus and WebInspect, to detect vulnerabilities and validate compliance with policies and standards
Examine Nessus and WebInspect scan report to validate findings and eradicate false positive. Research remediation measures for the vulnerabilities
Perform risk assessment and develop Security Assessment Report with findings and suggest remediation
Interface with system owners and administrators to present the vulnerabilities and recommend remediation strategy
Monitor remediation of vulnerabilities and findings from review, interview and technical assessment of the security controls through Plan of Actions and Milestones (POA&M) using CSAM
Review POA&M for closure in CSAM. Maintain system document inventory in CSAM
Validate security control tailoring in FIPS 200 and FIPS 200 Matrix
Develop Standard Operating Procedures in support of system categorization using FIPS 199
Assist in the development and review of information system documentations such as System Security Plan, E-Authentication, Contingency Plan, Risk Assessment Report
Ensure information system maintains Authorization to Operate package in other to continue operation
Conducted effective Security, Testing and Evaluation (ST&E) and vulnerability assessments of networked and stand-alone information systems to the extent of conclusively validating all management, operational and technical controls found within NIST SP 800-53 and other policies and procedures such as agency policies and procedures, audit reports, standard operating procedures etc.
Provided advice and makes recommendations as an authoritative leader in the software development lifecycle, cyber security, networks, and networks operations arena.
Created security documentation to include Security Plans (SP), format for the ST&E test plan, Plan of Actions and Milestones (POA&M), Configuration Management Plans, Privacy Impact Assessments (PIA), Privacy Threshold Assessments (PTA), SORNs, etc. Utilized technical writing to ensure all documents were accurate.
Recommended solutions to the most difficult security problems in existing systems and systems development.
Assisted with application of formal methods in security architecture, security system design and engineering, and security technology integration and deployment.
Supported customers at the highest levels in the development and implementation of doctrine and policies.
Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
OTHER POSITIONS HELD:
Cerner Analyst/Support: May 2011 – April 2014
IT Helpdesk: June 2008 – May 2011