EXPERIENCE SUMMARY:
Highly motivated Information Security Analyst with 6+ years of experience in analyzing a variety of security related events, performing assessments and protecting enterprise information systems. Possess expertise in customer service management security & data protection, team leadership, project management, strategic planning, policy and procedure reinforcement.
MS Office Suites
Linux
Contingency Plan
ISCP
POA&M
RMF
Incident Response
TEXT
SOP
Nessus
Windows
PTA
NIST 800 Series
Vulnerability Management
ISO 27001
DRP
AREAS OF EXPERTISE:
PROFESSIONAL EXPERIENCE:
DT Tech Consulting 05/19 - Present
Cyber Security Analyst
Implements the Risk Management Framework (RMF) in accordance with NIST SP 800-37 Rev 1
Reviews security categorization of systems using FIPS 199 & NIST SP 800-60 Vol 2 Rev 1
Updates technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.
Work with a team of Developers, Information Security Owners, and System Engineers to select, implement, and tailor security controls to safeguard system information.
Reviews and updates SSP implementation statements of respective applicable control to assigned systems as need arises using NIST 800-18
Independently as put together a variety of Security Authorization deliverables including; System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M.
Drafts, finalizes, and submit Privacy Threshold Assessments (PTA) s, Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.
Continuously monitored security controls effectiveness using NIST SP 800-137 Rev 1 as a guide.
Defense Point Security 09/2018 – 05/19
Cyber Assurance Analyst (ISSO) @ DOL
Conduct self-assessments of security controls on various impact systems in accordance with agency guidelines to ensure compliance with NIST 800-53a.
Collaborate with System Owners, and security team members, to make sure security controls are updated properly, and have evidential material to support security control.
Ensure Security documentations (System Security Plan, Contingency Plan, Risk Assessments and Incident Response Plan, etc.) are reviewed, maintained and up to date for FISMA Compliance.
Work with a team of Developers, Information Security Owners, and System Engineers to select, implement, and tailor security controls to safeguard system information.
Create Standard Operating Procedures templates (SOPs) for assigned systems.
Provide support during ATO Assessments, providing evidence as needed.
Create and reviewed POA&Ms to ensure all POA&Ms have a documented path forward.
Collaborated with ISSO and security team to implement security controls selected in SSP Using NIST 800-18 as a guide to develop SSP.
Work with ISSO and Security team to access security controls selected, in updating SAP, ROE where Vulnerability scanning’s and penetration testing procedures are included in the assessment,
Conduct assessment meeting kickoff and security Control meeting with ISSO and System Owner Assessment finding result be reflected on the (RTM) or Test case and all weakness noted be reported in our SAR report.
Monitored security controls using NIST 800-137 as a guide by testing a portion one-third of the Applicable Security controls annually and performs periodic Vulnerability Scanning.
Washington Tech Solution 03/2013 - 09/2018
Information Security Analyst
Ascertained system vulnerabilities, recommend corrective measures and monitor effectiveness of security controls.
Analyzed and updated system categorization using FIPS 199 /NIST 800-60 vol1/vol2 based on CIA, initial risk assessment, E-authentication, SA&A packages, contingency plans (CP), privacy impact assessment (PIA) and risk assessment (RA) documents, SSP, SAP/SAR based on NIST SP 800-53, SP 800-53A.
Implemented real-time assessment support for development teams to integrate information assurance and security in the System Development Life Cycle ensuring proper configuration of major and minor application releases.
Created and tracked POA&M and monitor control post authorization to ensure compliance with FISMA-based security requirements.
Analyzed and classified risks associated with E-Authentication process to determine need for conduct of Private Impact Assessment.
Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.
Requested scans and later reviewed scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations.
Collaborated with ISSO and security team to implement security controls selected in SSP Using NIST 800-18 as a guide to develop SSP.
Work with ISSO and Security team to access security controls selected, in updating SAP, ROE where Vulnerability scanning’s and penetration testing procedures are included in the assessment.
Trinitech Consulting 09/2010 - 03/2013
Unix/Linux System Administrator
Recorded and maintained inventory of software licensing using current management software as needed.
Remoted into computers and perform patches manually.
Performed other duties as assigned for including participating in after hours on call rotation.
Provided inside support to clients as needed.
Installed OS; configured SVM, LVM, ZFS and VERITAS volumes, Solaris zones; programmed recurrent jobs with crontab, patched servers and backed up data.
Established multiple sparse and whole root zones within one physical instance of Solaris 10. Analyzed and troubleshot performance issues led capacity planning for UNIX and Linux Servers.
Participated in the installation of Windows server 2008, and Active Directory
Troubleshot connectivity issues, administered user accounts; installed Windows 2008 servers. Provided backup/recovery of data; Installed pre-build repositories (EPEL) and attached NAS LUNs
EDUCATION AND CERTIFICATIONS:
University of Buea, B.S., Computer Science and Information Technology
Oracle Certified Associate Oracle Solaris 10 - Oracle University
Cloud Security Alliance V3 CCSK
CEH
CASP
CAP/CISSP in progress