Steve Momenya
Beltsville, MD *****
********@*****.***
US Citizen: Clearable
Summary:
●5+ years in Information Security specialist, Privacy and Data Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), Project Management, NIST 800-53 Rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev3 and 800-34, FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, FedRAMP Security Assessment Framework, POA&M, Incident and Contingency Planning.
●Provided advisory services related to internal controls, Risk Assessments, Risk Management, IT controls and related standards (FISCAM, FISMA, NIST)
●Managed vulnerabilities with the aid of NESSUS, Web Inspect as vulnerability scanning tools to detect potential risk on single or multiple asset across the enterprise.
●Lead audits of Information systems, networks (physical, VM and cloud) to ensure compliance with FISMA, FedRAMP, NIST, and other IT compliance frameworks.
●Securing AWS technologies
●Security Technology: NESSUS, Tenable, TAF, Xacta, CFACTS, CSAM, Webinspect, APPSCAN, SPLUNk, AWS
●AWS
●Azure
●Nessus
●Web inspect(HP Fortify)
●APPscan
●Appdynamic
●SPLUNK
●APP Detective
Incident and Contingency Planning
●POA&M
●NIST Publication
●FedRAMP Security Assessment Framework
●800-34
●Virtualization: VMware and Oracle Virtual Box
●800-18, 800-53 rev3
●Database Admin: Oracle 12c/11g/10g/9i/: SQL Server 2008/2005
●NIST SP 800-37 rev 1
●Project Management
●Languages: Oracle SQL, PL/SQL
●NIST 800-53 Rev1 and rev4.
●FISMA Security Content Automation Protocol
Technical Skills/Tools:
●OS: Linux - Windows 2000 Server, Windows XP, Windows 2003 Server, Red Hat Linux 5.4
Professional Experience:
Pariveda Solutions
Information Security Specialist
August 2019 – Present
●Assessed information systems to make sure the controls are implemented correctly and performing their assigned functions following NIST 800 special publications especially NIST 800-53 and Federal Information Processing Standards (FIPS).
●Reviewing and assessing technical, operational and management controls following the RMF NIST 800-37 methodology and other NIST 800
●Reviewing security artifacts including, but not limited to, System Security Plans, inventories, screenshots of technical files, Scan data, requirement traceability matrices, control allocation tables, and security assessment reports.
●Utilize professional knowledge, skills, and experience to recommend, guide, monitor, and credibly challenge business areas as they manage risk and make business decisions.
●Implement CMMC in an Azure environment. (level 1 to level 3) utilizing NIST 800-171.
●Provide continues monitoring of the environment using automated tools or manual processes to identify and address security incidents.
●Experience in time planning, prioritizing tasks, and managing resources to ensure effective delivery of resources.
●Comply with the ISSO Roles and Responsibilities as laid out in DHS 4300 A/B.
●Maintain the Security Authorization or Certification and Accreditation of their assigned system.
●Track the Security Authorization of their assigned system.
●Deliver all required documentation using the current DHS approved templates, forms, regulations, and methods.
●Collaborate with ISSO's to create and manage POA&Ms for identified system vulnerabilities and track findings to ensure that they are remediated and closured.
●Document and finalize security Assessment Report (SAR) in preparation for ATO.
●Experience managing temporary ATO’s due to unforeseen contingencies realized during assessments leading to the creation of open POA&M’s to track and remediate critical and high vulnerabilities before a 3 years ATO can be granted.
●Knowledge in assessing cloud systems using FEDRAMP…AWS and AZURE).
Procore Technologies
IS Risk Security Specialist
March 2018 – July 2019
●Provided advisory services related to internal controls, risk assessments, risk management, IT controls and related standards (FISCAM, FISMA, NIST)
●Knowledge of NIST and FIPS
●Lead audits of Information systems, networks (physical, VM and cloud) to ensure compliance with FISMA, FedRAMP, NIST, and other IT compliance frameworks.
●Analyzes and updates System Security Plans (SSP), Risk Assessment (RA), Privacy Impact Assessments (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
●Tracked and updated Plans of Action and Milestones (POAM) regarding the mitigation and remediation status.
●Supported the Security Assessment and Authorization (SA&A), FISMA compliance, NIST requirements and continuous monitoring for Security Controls.
●Updated existing Authorization packages throughout the life cycle of the Major applications and General Support Systems
●Conducted security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented. Security Assessment Reports (SAR) were developed detailing the results of the assessment along with Plan of Action and Milestones (POA&M).
●Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 800-53 standards.
Eventbrite
Information System Security Officer (ISSO)
June 2015 to March 2018
●Cyber security consultant in the Intelligence Community (IC) specializing in safeguarding Information systems and networks.
●Performed periodic network and workstation risk assessments for current and potential vulnerabilities and attack vectors, to build baselines, clarify the risks and engineer necessary changes to proactively eliminate incidents from becoming recurring events, then when needed provide risk mitigations.
●Maintained a continuous monitoring approach on affiliated networks and system security controls including system audit logs, ACL's, vulnerability scanning and A/V scans, updated software/hardware inventory, OS and software patching, Encryption standards.
●Utilize Nessus Tenable Security Center to consolidate and analyze all vulnerabilities and data gathered from multiple Nessus scanners, measure and evaluate security program effectiveness.
●Managed vulnerabilities with the aid of NESSUS, Web Inspect as vulnerability scanning tools to detect potential risk on single or multiple asset across the enterprise.
Education:.
AWS
Certified
Solutions Architect
●Certified Authorization Professional (CAP)
●Bachelor’s degree in Cyber security
●CEH
●CompTIA Security+
CISM In progress