Post Job Free
Sign in

Security Control Assessor, ISSO

Location:
Baltimore, MD
Posted:
June 04, 2020

Contact this candidate

Resume:

OTTO BORDEN

Baltimore, MD *****

T: 410-***-**** Email: **********@*****.***

SUMMARY

Experienced information system security professional with over 8 years experience. Proficient in the application of the Risk Management Framework (RMF) and guiding cloud and non-cloud systems through the RMF process to FISMA compliance and authorization to operate (ATO). Significant experience in Assessment & Authorization (A&A) following NIST SP 800 series and FedRAMP guidelines. Developed and maintained Security Assessment Plans

(SAP), Security Assessment Reports (SAR), Plans of Action & Milestones (POAM) as well as scheduling, tracking and updating management on the status of the process. CORE COMPETENCIES

● NIST 800-53 & 800-53a rev4

● FIPS-199 & FIPS-200

● FedRAMP

● Security Assessment Plan (SAP)

● Security Assessment Report (SAR)

● Plans of Action and Milestones (POAM)

● Privacy Threshold Analysis (PTA)

● Privacy Impact Assessment (PIA)

● Risk Assessment (RA)

● Nessus

CERTIFICATIONS

● CompTIA Security Plus (2020)

PROFESSIONAL EXPERIENCE

Anchor Technologies, Inc. 01/2015 - Present

IT Security Analyst

● Assess non-cloud and cloud systems, specifically AWS, following NIST guidelines.

● Assess CSP systems for federal compliance using FedRAMP guidelines and templates.

● Conduct security control assessments as outlined in the NIST 800-37 (Step 4).

● Skilled in creating and disseminating Security Assessment Plans (SAP).

● Experience in assessing implementations of NIST 800-53 rev4 controls.

● Detail assessment findings in Security Assessment Reports (SAR) and Requirement Traceability Matrix

(RTM).

● Skilled with reviewing, interpreting and identifying fixes from Nessus vulnerability & compliance scans.

● Able to conduct assessments while developing and delivering supporting documentation on a deadline.

● Experience assessing systems composed of various scopes, complexities and technologies.

● Simultaneously work on multiple assessments.

Technuf, LLC 04/2013 - 01/2015

Junior Information Security Specialist

● Supported the Security Assessment & Authorization process of client systems.

● Developed, updated and reviewed Information Security Policies, create baseline security standards in accordance with industry best practices including NIST, FISMA, FIPS.

● Conducted Nessus vulnerability scanning to expose potential risks on enterprise network assets and assessed the risk level of the findings.

● Followed departmental and federal requirements to update IT security policies, guidelines, procedures and standards.

● Used NIST 800-53 rev4 and FIPS 200 (controls) and NIST 800-53a rev4 (assessment) to conduct Security Assessment & Authorizations.

● Ensured compliance after authorization with security requirements via continuous control monitoring.

● Reassess artifacts from Plans of Action & Milestones (POAM) from ISSO before closing issues.

● Detailed findings from Security Assessment Reports & Requirements Traceability Matrix (RTM).

● Examine Nessus Vulnerability & Compliance scans for potential remedies.

● Assess systems of varying types and intricacy and comprising various technologies.

● Provide weekly status reports on in-progress tasks and deliverables. Edwards Performance Solutions 11/2011 - 04/2013

SOC Analyst I

● Monitored and troubleshot the electronic security system (ESS)

● Managed a team of four operators on each shift, myself included

● Monitored accounts across agencies using open source tools to identify potential network threats

● Used BMC Remedy to monitor, track and update incoming and assigned tickets.

● Support agency users and use Remedy to monitor, track and update their service tickets.

● Handled the challenges of working in a 24x7 Security Operations Center (SOC) environment

● Used SNORT for traffic analysis and packet logging

● Gained experience using scanning tools such as Nessus

● Took and transferred both routine and emergency calls in the SOC

● Provided armed and uniformed security, force protection and law enforcement duties Washington College 06/2010 - 11/2011

Helpdesk/Junior Information Security Analyst

● Wrote policies and developed initial understanding of NIST publications

● Helped to update IT security standards, policies and procedures according to NIST guidelines

● Conducted scans and identified vulnerabilities in a SOC environment

● Worked with network security implementing network administration policies and procedures, firewalls, etc.

● Install and configure network and local printers

● Research the cause of and provide solutions to various issues discovered in the organization’s environment

● Worked with cyber team to conduct assessments and reports of various systems

● Helped to manage various technologies we serviced

● Troubleshoot hardware and software

EDUCATION

Bachelor of Arts, Computer Science

Washington College

09/2009 - 05/2014

● Created standalone application for senior thesis

● Primer to artificial intelligence

● Algorithm design and analysis

● Theory of computation



Contact this candidate