Girma Woldeamanuel, SEC+
I have over eight (8) years of experience IT industry and (6) years of experience in the information assurance and information security discipline. I am knowledgeable of the Risk Management Framework (RMF) and how it relates to the System Development Lifecycle (SDLC), and Cyber Security Framework (CSF). I am skilled in the execution of Security Assessment & Authorization (SA&A).
·FIPS 199, FIPS 200,
·NIST 800-53 Rev4, NIST 800-30, NIST 800-37, NIST 800-39,
·Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Risk Assessment (RA),
·System security plan (SSP), security assessment report (SAR),
·Plans of Action and Milestones (POA&M),
·Authorization to Operate (ATO) Letter,
·MS Office, SharePoint, Access, PeopleSoft,
·Nessus Vulnerability Scanning Tool.
DHS Public Trust.
Kenneally Technology services June 2016-present
Information Security Analyst
·Develop/review/update/approve system security documentation.
·Develop and submit the ATO Package
·Experience in cloud system assessments, primarily with AWS by utilizing FedRamp and NIST guidelines.
·Experience in executing step 4 (security assessment) of the NIST risk management frame work.
·Experience in developing and disseminating security assessment plans.
·Experience in interpreting and evaluating implementation of NIST 800-53 rev 4 security controls.
·Documenting findings within requirements traceability matrixes and security assessment reports.
·Experience reviewing and interpreting Nessus vulnerability and compliance.
·Ability to execute security assessment and develop and deliver supporting documentation within aggressive timelines.
·Analyze and update security plan (SSP), risk assessment (RA), privacy impact assessment (PIA), system security test and Evaluation (STE) and the plan of actions and milestones (POAM).
Alliance Infosystems LLC;
Information Security Analyst September 2012-June 2016
·Designate system and categorize its C.I.A using FIPS 199 NIST SP 800-60.
·Conduct interviews with selected personnel, documents and evaluate business processes, and execute audit test programs to determine the adequacy and effectiveness of internal controls and compliance with regulations.
·Evaluate the effectiveness of internal control system and identify areas of improvements, best practices, and lesson learned.
·Review and analyze Nessus vulnerability and compliance scans for possible remediation.
·Helped in updating IT security policies, procedures, standards, and guidelines according to department and federal requirements.
·Present test plan and test summary report to the stakeholders every test in the script.
Network Administrator/Junior Security Analyst April 2009-September 2012
·Hands on experience with network hardware: Cisco ISR 2800,3800, 2900, 3900.
·Experience with configuring layer two switch technologies and features.
·VLAN, VTP, 802.1q Trunking: STP, RSTP, PVST, CDP, HSRP, GLBP.
·IP services configuration and troubleshooting; DNS, DHSP, NAT, ACCESS LIST, TCP/IP.
·Experience with layer three technologies and infrastructure.
·Dynamic routing protocols: RIP, EIGRP, OSPF, BGP.
·IP sub netting VLSM, ipv4 and ipv6.
·Understanding of wan technologies and services, HDLC, PPP, T1, T3, Frame Relay, VPN, IPSSEC, GRE, 3DES.
·Experience and understanding of network managing and troubleshooting, ICMP, traceroute, ping.
·Telnet, SSH, PUTTY, RDP, TACSACS, SPOLARWIND, WIRESHARK.
·Proficient in Visio, documentation, create sop for standard operations.
·Certified Cisco Network Administrator (2018).
·Certified Amazon Web Developer (2019).
·Data Base Training.
·Security plus CompTIA (2019)
·Associate degree of Information Systems from Montgomery College.