New Market, MD · 240-***-****
Competent IT Security Specialist with over 6 years of experience in Information Security with focus on FISMA, Risk Management Framework (RMF), System categorization, security control selection, implementation, authorization and Monitoring security controls respectively; to mitigate risk and vulnerability of the system. Well-versed in direct and remote analysis with strong critical thinking communication and people skills. Able to thrive in fast-paced and challenging environments where accuracy and efficiency matter. Skilled in managing internal vulnerability management program and identifying and executing action plans for vulnerability remediation as well as taking lead roles in threat monitoring, incident investigation and response.
Authorized to work in the U.S. for any employer
JUNE 2018 – PRESENT
INFORMATION SYSTEMS SECURITY OFFICER (ISSO)
STEAMPUNK (SE SOLUTIONS), TYSONS CORNER, VA
Support the creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates
Support the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks
Support annual assessments in accordance with guidance in the Information Security Performance Plan
Support the review and update security authorization documents as needed, but at least annually
Help coordinate with the customer’s Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements
Support Contingency Plan tests at least annually and updating the plan
Support system self-assessments as part of an Ongoing Authorization program
Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management
Maintain knowledge of inventory in accreditation boundary
Support the planning of certifying and accrediting their assigned information system or information systems
Ensure CM processes are followed to ensure that any changes do not introduce new security risks
Support the management system Information Security Vulnerability Management (ISVM) Compliance
Respond to emerging requirements or policies as set by legislation, regulation or policy
SEPTEMBER 2016 – JUNE 2018
INFORMATION SYSTEMS SECURITY OFFICER (ISSO)
KELLY SERVICES, VA
●Performs six steps of risk management framework (RMF) – NIST 800-37 to make sure that systems are FISMA Compliant
●Selects security controls for system with the guidance of NIST SP 800-53, FIPS 200
●Categorizes information Systems using FIPS 199 as a guide and NIST SP 800-60
●Works in collaboration with system owners to develop System Security Plan (SSP) and write implementation statements for system operation.
●Remediates/updates Plans of Action and Milestones (POA&Ms)
●Develops solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR
●Works with SOC team to monitor network (NIST SP 800-137) and provides incident response/management to intrusion detection and prevention systems (IDS/IPS)
●Handles internal communications within Office of Information Security and external communications with several different divisions on a day to day basis.
●Maintains excellent working relationships with both internal and external customers using communication skills.
JANUARY 2015 – SEPTEMBER 2016
ASSESSOR / INFORMATION SYSTEM SECURITY OFFICER
FTI CONSULTING, WASHINGTON, DC
●Performed updates to System Security Plans (SSP) using NIST 800-18
●Created and made changes to Risk Assessments, and Incident Response Plans (created/change control procedures, draft & review) using NIST SP 800-53A
●Identified trends and root causes of system failures or vulnerabilities using NESSUS Vulnerability Scanner, Nmap to scan ports, weak configuration and missing patches.
●Conducted assessment meeting kickoff and security Control meeting with ISSO and System Owner
●Reviewed documentation to include System Security Plan NIST 800-18 as a guide, Authorization to Operate (ATO),Security Assessment report(SAR) using NIST800-30 as a guide, FIPPS 199 System Categorization using NIST 800-60 Vol1/Vol2 based on confidentiality, integrity and availability (CIA), policy and procedures, e-authentication, privacy threshold analysis (PTA), privacy impact analysis (PIA), contingency plan (CP) and interconnection security agreement as per NIST 800-47, certification and accreditation (C&A) packages and system standard operating procedures.
NOVEMBER 2013 – JANUARY 2015
INFOLINK SOLUTIONS, ROCKVILLE, MD
●Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO)
●Analyzed current threats to information security and systems. Analyze security findings and data. Published reports and keeps metrics for client systems.
●Providing guidance of evidence needed for security controls, and documenting findings of assessment.
●Worked with ISSO and Security team to Access Security Controls selected, updated SAP, ROE where Vulnerability scanning and penetration testing procedures were included in the assessment, conducted assessment meeting kickoff and security Control meeting with ISSO and System Owner.
●Ensured assessment finding results were reflected on the (RTM) or Test case and all weakness were noted and reported in the SAR report.
●Gained knowledge of SAN-20 and ISO 27001 Security controls and Mapping with NIST.
BACHELOR’S DEGREE: MAJOR: MATHEMATICS
MINOR: COMPUTER SCIENCE
UNIVERSITY OF BUEA – BUEA, CAMEROON
●CCSP in Progress
●Operating Systems: Linux, Windows XP, Windows servers 2003, 2008, 2012, Red Hat 6/7 and Centos 6/7
●Other Technology: XACTA, CSAM and CFACTS, NESSUS, Splunk
●Security Expertise: Privacy and Data Security Management & operations, Vulnerability scanning, Certification and Accreditation (A&A), POA&M, Incident and Contingency Planning, FISMA Security Content Automation Protocol, knowledgeable in NIST SP, and FIPS
●Assessment Expertise: NIST 800 – 37 Risk Management Framework, Vulnerability scanning and penetration testing