Security Analyst

CYBERSECURITY ANALYST

STEPHANIE SHUNKA

Email: ************@*****.*** Number: 240-***-****

A highly motivated and team-oriented IT security professional with over 6 years’ experience working with rules, regulations, policies, procedures, frameworks, and standards like the NIST 800 series, GDPR, HIPPA and ISO27001. Outstanding experience in compliance, project management and development of the RMF process, A&A, Security Risk Management, Authentication and Access Control, and system monitoring. Exceptional team leader with strong ability to work and collaborate effectively in a team environment. Also, has a great sense of urgency and able to apply risk-based approach to prioritized work. Skilled in assembling security authorization package using documents like NIST Special Publications 800-53 Rev-4, 800-53A, 800-60, 800-30, 800-37, 800-137, 800-18, FIPS 199 and FIPS 200, FedRAMP, OMB, FISMA and industry best security standard. Proficient in preparation and updating of System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Report (SAR), Plan of Action & Milestone (POA&M).

SILO TECH(WTS Solutions) May 2017 – Present Cybersecurity Assessor

Perform oversight of the development, implementation, and evaluation of IS security program policy; special emphasis placed upon integration of existing SAP network infrastructure

Perform assessment of ISs, based upon the Risk Management Framework (RMF)

Evaluate Authorization packages and make recommendation to the AO and/or DAO for authorization

Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required

Advise the Organizations concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system

Review and approve the IS Security Assessment Plan, which is comprised of the SSP, the SCTM, and the Security Control Assessment Procedures

Ensure security assessments are completed for each IS

At the conclusion of each security assessment activity, prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment

Initiate a Plan of Action and Milestones (POA&M) with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR

Ensure that IS requirements are addressed during all phases of the system life cycle

Implemented the Risk Management Framework (RMF) in accordance with NIST SP 800-37.

Reviewed security categorization of systems using FIPS 199 & NIST SP 800-60

Updated technical, operational and management control families and controls with guidance from NIST 800-53 Rev 4 and FIPS 200.

Reviewed and updated the System Security Plan implementation statements of the respective applicable control to assigned systems as need arises using NIST 800-18.

Independently put together a variety of Security Authorization deliverables including System Security Plans, Security Assessments Reports, Risk Assessment Plans and POA&M

Broad knowledge on different compliances such HIPPA and PCI DSS

Vbrick Systems(MBA TECH)

Cybersecurity Analyst Feb 2015-April 2017

Created and updated Authorization to Operate (ATO) packages

Drafted, finalized, and submitted Privacy Threshold Assessments (PTAs), Privacy Impact Analyses (PIAs), E-Authentication Assessments, System of Record Notices (SORNs) for annual review and recertification.

Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.

Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as a guide.

Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4

Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination, and testing.

Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.

Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT), Disaster Recovery(DR), Business continuity plan(BCP), Business Impact Analysis.

Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool. (CSAM)

Continuously monitored security controls effectiveness using NIST SP 800-137 as a guide.

Technical Experience:

● MS Word

● MS Excel

● Windows 7,8, 10

● PowerPoint

● Microsoft Outlook

● Identity Access Management

● Knowledge of Network Security

● SIEM management (Splunk, LogRhythm, ArcSight logs)

● Nessus Tenable

EDUCATION: Bachelor’s in business administration

Public Trust: Eligible

Certification: - CompTIA SECURITY+

-CEH

-CISSP (IN Progress)

Contact this candidate