CALVIN A TENENG,

CompTIA security+ CE, US Citizen

Silver Spring, Maryland 240-***-****) adfpjq@r.postjobfree.com

Security Control Assessor/Information System Security Officer

PROFESSIONAL SUMMARY

A Cyber Security professional with over 5 years of experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, and Risk Management Framework, Authentication & Access Control, System Monitoring and Regulatory Compliance in accordance with NIST, OMB, FISMA and industry best security standards. Dynamic IT professional with the ability to adapt well to changing environments and interact well at all levels. Proven ability to lead and direct, solve problems creatively, and make strategic decisions in fast paced environments.

CORE STRENGTHS

NIST 800 Series FIPS Microsoft Office Suite (Word, Visio, Excel, Power Point, Access, Outlook) TCP/IP IPS/IDS Wireshark Policy Planning Microsoft Azure Nessus Vulnerability Scanning FedRAMP, AWS.

PROFESSIONAL OVERVIEW

Information System Security Officer (ISSO) (Full time)

Tista Science and Technology Corporation 2015 – Present

Performs the ongoing RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.

Performs ongoing continuous monitoring using NIST 800-137 Rev 1 as a guide.

Review test results and provide independent Q&A and validation of results. Manage risks by providing formal and information risk assessments and facilitate plans of action and milestones (POA&M) management.

Conduct ad hoc validation on an as-needed basis to assist with closing open POA&Ms’ or vulnerability remediation.

Extensive knowledge in Categorizing Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)

Understand FedRAMP requirements/regulations, cloud technology stacks, and translate 3PAO results into agency RMF methodology.

Review system security controls (managerial, operational, and technical) to determine applicability against federal requirements (e.g., NIST SP 800-53).

Document POA&Ms’ s for corrective action following assessment activities and in response to identified vulnerabilities Apply knowledge of Information Assurance Vulnerability Alerts (IAVAs).

Create, update and revise System Security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestones (POA&Ms).

Prepares information systems’ artifacts (SSP, SAR and POA&Ms) for ATO.

Coordinate planning, scheduling, and testing of projects in the Assessment and Authorization (A&A) process.

Conduct hand on security testing, analyzes results, documents risks, and recommends countermeasures.

Advise and assist with the Lifecycle Assessment and Authorization (A&A) process and development of Systems Security Plan (SSP).

Develop risk assessments, recommend mitigating countermeasures, and write short, succinct risk assessment and certification reports for submission to the Chief Information Officer.

Apply working knowledge of Intelligence Community Information Assurance policies and regulations and how they relate to the A&A process.

Selects and implements applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide.

Generate, review and update System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.

Provide security certification test and evaluation of assets, vulnerability management and response, security assessments, and customer support.

Cybersecurity Analyst (Internship 5 days a week. 5 Hour shifts)

Perspecta Virginia 2014 - 2015

Performed security categorization using (FIPS 199) and NIST SP 800-60 as implementation guide, Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), and ensure FISMA Compliance.

Documented and reviewed System Security Plan (SSP). System Assessment Plan (SAP), and Security Assessment Report (SAR).

Evaluation of IT Systems involving software, hardware, configuration and proposed changes to ensure IT security posture is in compliance with existing information security policies and regulations.

Perform investigation as appropriate, recommend corrective actions for security incidents and create and track to resolution.

Developed, published and maintain Information Securities Policies, Procedures, Standards and guidelines based on knowledge of best practices and compliance requirements.

Reviewing IDS/IPS events and identified anomalous activities or potential network security risks.

Analyzing network traffic and various log data to determine the threat/impact on the network.

Monitoring and investigate suspicious network activities utilizing tool such as (Splunk).

Utilizing threat intelligence tools to support the daily cyber security operations, and procedure Intel analysis of threat actors, and vulnerabilities.

Assess risk, threat, and vulnerability analyses form internal and external sources to identify and develop mitigation strategies.

Maintain an up-to-date knowledge of cyber threats.

Drive continuous learning and knowledge of cyber threats.

Marriott International (Full time overnight shift)

Safety And Security Officer 2014 - 2015

Secured all doors in the office and main building after hours.

Monitored security camera system day and night to protect lives and property.

Performing surveillance of guests and employees as it relates to theft.

Analyzed and investigated all incidents alongside functional management and security supervisors.

Performing other duties as assigned. Prepare paperwork for the day and update the activity log.

Educational and Professional Development

Bachelor of Science in Information Technology: Cybersecurity Stratford University

Contact this candidate