Security Information

OBJECTIVE

Highly motivated Cyber Security Professional with over 5 years of experience and exposure with focus on the Federal Information Security Management Act (FISMA) Compliance, NIST Cyber Security Risk Management Framework (RMF), System Security Monitoring and Auditing, Risk Assessments, Security Control Assessment (SCA) and Developing Security Policies and Procedures with reference to NIST Standards and guidelines.

6+ YEARS INFOSEC SKILLS SUMMARY:

Daily working knowledge of the entire Risk Management Framework (RMF) processes using NIST 800-series SPs: 18, 37r1&2, 137, 128, 30r1, 34, 63, 64r2, 53r4&5, 53Ar4&5, 60 Vol 1&2, FIPS 199, publications and standards with Federal and private agencies for FISMA compliance.

Possess in-depth ability of creating, reviewing and updating security artifacts and documentation such as SSP, POA&M, PIA and PTA.

Very acquainted with vulnerability scanning and penetration testing tools (Nessus eCAS) as well as POA&M automated tracking tools eMASS, CSAM, and GRC Archer.

Team Player, quick learner, very dependable, proactive, pays attention to detail and can work under difficult conditions to meet deadlines and make the client happy.

Excellent communication, customer service, analytic, problem solving, writing/documentation, time management and interpersonal skills.

PROFESSIONAL EXPERIENCE

Cyber Security Engineer (ISSO)

Digital Management INC (DMI), Arlington VA August 2018 – Present

Cross-functional Cyber Security Engineer (ISSO) supporting the Joint Service Provider (JSP) under the Defense Information Systems Agency (DISA) at the Pentagon.

Drives the end-to-end ATO (Authority to Operate) process for new and existing systems from start to finish working with System Owner, Technical Teams, Infrastructure Teams, SOC Teams, ISSMs, PM and other stakeholders.

Develops and updates security authorization packages in accordance with the client’s requirements using NIST 800 series publications for FISMA compliance i.e. System Security Plan (SSP), Contingency Plan (CP), Incidence Response Plan (IRP) and Configuration Management Plan.

Develops and maintain the Plan of Action and Milestones (POAMs) and support remediation as well as continuous monitoring activities using existing ISCMP and NIST 800-137 Rev 1.

Maintains an inventory of hardware and software for the information system.

Advise management of new security, regulations or policies within the JSP and monitor NIST guidance for upgrades that may affect ongoing system management

Participate in the Change Request (CR) process (i.e., reviewing/approving change requests and conducting impact analyses). Support Change Control Boards as required.

Advised JSP and tenant organizations on ACAS and vulnerability management best practices. Stayed up to date on latest ACAS best practices

Conducted STIG checks on Windows systems and instructed other how to do so

Security Control Assessor (SCA)

Securicon LLC, Alexandria, VA January 2016 – July 2018

Security Control Assessor supported the USPTO, Department of Commerce performed security controls assessments using NIST SP 800-53A as a guide by means of the assessment methods such as Interview, Examination and Testing.

Developed and conducted ST&E (Security Test and Evaluation) and perform on-site security testing using vulnerability scanning tools such as Nessus.

Conduct kickoff meetings with stakeholders to go over systems undergoing assessment as well as establish a point of contact (POC) of the user’s assignment responsibilities and interview on control implementations.

Determined effectiveness of Technical, Operational and Management security controls by assessing whether controls are implemented correctly, operating as intended, and meeting security requirements.

Provide recommendation on mitigating assessment findings.

Scheduled assessment kick-off meetings with assessors and Security Control Interview meetings with the ISSO, System Owners and Common Control Providers.

Created Requirement Traceability Matrix (RTM) and documented whether controls being assessed passed or fail using NIST SP 800-53A as a guide.

Created and finalized Security Assessment Report (SAR) and give recommendations to ISSO on how to mitigate or remediate reported weaknesses and vulnerabilities.

Reviewed A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT).

EDUCATION

1.Bachelor of Science (BSc), Cyber Security Management and Policy (In Progress)

University of Maryland Global Campus (UMGC), 2019 – 2021.

CERTIFICATIONS

Active

1.Project Management Professional (PMP) (#:6129969)

2.ISACA Certified Information Security Manager (CISM) (#:2052692)

3.(ISC)2 Certified Authorization Professional (CAP) (#:587091)

4.ISACA Certified Data Privacy Solutions Engineer (CDPSE) (#:2006883)

5.EC-Council Certified Ethical Hacker (C EH) (#:ECC9578021364)

In Progress

6. (ISC)2 – Certified Information System Security Professional (CISSP)

7.(ISC)2 – Certified Cloud Security Professional (CCSP)

CLEARANCES

1)DoD Secret Clearance (Active)

2)Public Trust Clearance (Active)

ADDENDUM

Soft Skills:

Strong leadership and communication skills focused on achieving organizational goals, building relationships with internal/external customers and delivering results. Strategic thinker, tactical implementer and innovative problem solver who consistently delivers customized solutions to meet customer and organizational needs. Demonstrated ability to work with employees at all levels of the organization.

Contact this candidate