SKILLS
Analytical ability.
Enterprise Systems Security Implementation
System Security Plans
Risk Assessments
Xacta for security assessment
Plan of Action & Milestones Report
Monitor system using SolarWinds
System Tester
Nessus vulnerability Assessment
Anti-Virus
Web Internet Content Filtering
Systems Auditing
Intrusion Detection Systems (Host/Network-Based)
Network Penetrations and Vulnerability Assessments
POA&M
VPN Solutions
Continuity of Operations Plans
Network Management/Operation
Network Design
System/Network Implementation
Customer Technical Support
Analyzing Security System Logs, Security Tools, and Data.
Communicating across all levels of the organization.
Performs basic system administration tasks
PROFESSIONAL EXPERIENCE:
GDIT 2013 -Present
Information security Analyst. 2019-Present
Tracks the corrective actions in POA&Ms and coordinates the remediation with various groups. Tracks and reports FISMA metrics and Key Performance Indicators (KPIs)
Review PO&AMs for completeness to ensure all system deficiencies are properly identified Validate POA&Ms are associated to a SAR generated finding if applicable Close out POA&Ms as needed based on POA&M Closure process.
Develops and updates information systems security documentation. Ensures that Authority to Operate (ATO) are obtained in a timely manner.
Works closely with the Audit and Quality Assurance (QA) functions to provide validation of security control tests for third-party vendors, e.g. software, hardware and cloud service providers.
Conducts ad hoc assessments on an as-needed basis to assist with development activities or vulnerability remediation.
Routinely conducts risk assessments/reports to quantify impacts of vulnerabilities or decisions to the federal government. Participates in the production of cohesive compliance reports.
Prepares documentation from information obtained from customers using accepted guidelines such as RMF.
Assessed the management, operational and technical security controls in the system using
NIST 800-53/53a Rev. 4
Assists with development and implementation of system security plans and contingency plans.
experience performing a wide variety of information assurance and information systems security engineering duties, to include the certification and accreditation of information systems using DIACAP (formerly DITSCAP), NIST SP 800-37,
Experience with ServiceNow.
Knowledge of standard system development life cycle
GDIT
Network Engineer Associate Government Accountability Office, Washington 2014 - 2019
Monitor all operational activities during a shift, when issues arise the perform troubleshooting, provide proper notification then escalate to the appropriate group if it is necessary.
support technicians administer, monitor, fix, and maintain client networks.
monitor data center infrastructure, servers, and computer networks for issues from a centralized location.
Establishes crisis calls and calls in the appropriate staff and management when necessary
Communicate production issues to designated internal groups in a timely and accurate manner.
Evaluates system performance statistics including job execution and system response times.
Documents all production and operating system problems using a trouble ticketing system and contacts appropriate IT organization with appropriate urgency. Contact with Century link, Verizon, For Network issue.
Provides a shift handover for the oncoming shift and managers
Performs all appropriate operator activities including job scheduling, job submission, system or file backups.
Performs Quality Control checks on results of production processes to ensure accurate report generation.
Prepares reports on system performance both on a schedule and as requested by management.
Performs basic system administration tasks, such as adding users, stopping and starting services, etc
SAIC 2009 - 2013
Security Analyst, National Archives and Records Administration, College Park, MD
Conducted Certification & Accreditation and Annual Assessments for specified systems.
Use of Xacta for security assessment
Assessed the management, operational and technical security controls in the system using
NIST 800-53/53a Rev. 4
Prepared final security assessment report(s).
Prepared a plan of action and milestones (POA&M) based on the results of the security assessment.
Review the Plan of Action and Milestone (POA&M) with identified weaknesses and point of contact for each system based on
findings and recommendations from the Security Assessment Report (SAR
Determined the risk to operations, assets, or individuals based on the vulnerabilities in the system.
Assembled security accreditation package and submit to NARA.
Coordinated with NARA System owners to review, modify, and test Contingency Plans for specified systems.
Assisted the Information Assurance team in reviewing Contingency Plans for various NARA systems.
Conducted the hardening of NARA systems using CIS Security Benchmarks.
Worked with Intrusion Detection / Incident Response Analyst.
Maintained and operated network monitoring and intrusion detection and prevention systems to include the sensors and infrastructure equipment.
Performed remote maintenance of all sensors.
Performed systems administration and maintenance for IDS servers.
Implemented changes to IDS sensor policies and correlation rules and policies.
Performed Tier-1 analysis of IDS alerts and alarms.
Mitigated alerts and events.
Escalated unexplained, anomalous activity to next level for further investigation.
Issued warnings and alerts for new possible unauthorized access to networks, databases, and systems.
Track A&A packages’ Authorization to Operate/Connect expirations and Plans of Action and Milestones (POA&Ms
Dynamics Research Corporation 2000-2009
Network Systems Engineer, National Archives and Records Administration, College Park, MD
100% on-site at the National Archives and Records Administration (NARA) providing Microsoft and Novel Systems Administration support for the ITSS Infrastructure Management Contract.
Managed the Windows Server environment and user account administration for the Archival Research Catalog (ARC) program for NARA.
Led the Windows Team in project planning and systems architecture
Provided technical recommendations to NARA Leadership for current & upcoming projects.
Identified tools & gathered data to support capacity management initiatives.
Participated in developing a test lab & strategy for ZENworks Patch Management by Novell.
Acted as liaison to government counterpart for testing new applications and policies within the environment.
Marimba Administrator for all NARA workstation & server systems.
Windows Server Update Services Administrator for the NARA network (NARANet).
Evaluated & resolved problem areas in various Windows environments.
Maintained back-up device hardware & media sent off-site to Iron Mountain.
Involved in domain migrations from Windows NT to Active Directory.
Signal Corporation 1998-2000
LAN Administrator, National Archives and Records Administration, College Park, MD
Opened tickets in Remedy for various requests and follow up with users on tickets.
Completed updates on users PC’s for Windows and Office and several other Applications.
Changed passwords for Novell and GroupWise.
Unlocked users’ accounts for Novell.
Created tickets for printers (install toner change. Move of printer and cleaning of printer with maintenance kits).
Opened tickets to have users mapped to various printers.
Created tickets for Security (emails needing to be blocked, Users cannot get into the Quarantine message screen, releasing email from Quarantine, server productivity, and how to use the message screen).
Created tickets for account creation for ARC (training and web based accounts).
Generated tickets for Proxy Rights for users GroupWise accounts.
Created tickets to have user accounts deleted from the NARA database.
Prepared reports on IT Operational Activity, including daily server availability status and weekly backup status.
Provided Level II support for Helpdesk on Windows desktop issues.
Maintained Operations Security including backup management and Access Control/Rights Administration.
Provided daily/routine operations and maintenance of Server systems, including Microsoft Windows Server.
Provided support for account administration.
EDUCATION:
Bowie State University,
Bachelors of Science,
CERTIFICATIONS:
Information Systems Certification and Accreditation Professional (ISCAP)
Security +
Microsoft Certified Professional (MCP)
Customer Support Certification
Dell certified
TRAINING:
Risk Management Framework
ITIL Foundation
CISA
CompTIA Cybersecurity Analyst (CySA+)
Certified Information Systems Security Professional (Global Knowledge)
MCSE (2003) Academy for Computer Education, Greenbelt, MD
Active Directory (Learning Tree International)
REFERENCES: Available upon request