Security Analyst Information

* ****

Phillip M. Wood Jr

PROFESSIONAL SUMMARY

** ***** **********, *** *******-driven Information Security Analyst with expertise in risk management framework

(RMF), FISMA compliance, FEDRAMP for cloud systems, systems development life cycle (SDLC), vulnerability scanning, and security controls

Assessment, risk management, and vulnerabilities management of a wide range of vulnerabilities and threats. Well-versed in direct and remote analysis with strong critical thinking communication and people skills. Able to Thrive in fast-paced and challenging environments where accuracy and efficiency matters. EDUCATION AND CERTIFICATION

TALLEDEGA COLLEGE:

BS of Computer Science (2014)

Certified Authorization Professional CAP In-Progress Security +

Interim Secret Clearance

PROFESSIONAL EXPERIENCE

Fannie Mae /RAM Tech LLC November 2018– Present

Security Control Assessor

• Conduct IT risk assessment to identify system threats, vulnerabilities, and risk, and generate reports.

• Maintain, review and update information security system documentations, including System Security Plan

(SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), policies and procedures, security control baselines in accordance with NIST guideline and security practices.

• Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53, FIPS 199, FIPS 200, and NIST SP 800-53A R4.

• Assess security controls and develop security assessment report (SAR).

• Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) according to the A&A project plan.

• Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities.

• Review authorization documentation for completeness and accuracy for compliance.

• Facilitate Security Control Assessment (SCA) and monitor activities.

• Executed examine, interview, and test procedures in accordance with NIST SP 800-53A Revision 4.

• Ensure cyber security policies are adhered to and that required controls are implemented.

• Validated information system security plans to ensure NIST control requirements are met.

• Assist team members with proper artifact collection and detail to client’s examples of artifacts that will satisfy assessment requirements.

• Review security logs to ensure compliance with policies and procedures and identifies potential anomalies.

• Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M.

• Collect Operation and Maintenance artifacts on an ongoing basis so that Security Control Assessment (SCA) is seamless.

• Upload supporting documentations into the SharePoint, Google Docs, and CSAM. 4320 John Street Suitland, MD 20746

(P): 202-***-****

Email: ********@*****.***

2 Page

• Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple asset across the enterprise network.

VINDS INC, MD November 2015– November 2018

Security Analyst

• Ensure proper system categorization using NIST 800-60 and FIPS 199; implement appropriate security controls for information system based on NIST 800-53 rev 4 and FIPS 200.

• Conduct security assessment interviews to determine the Security posture of the System and to perform kick off Meetings

• Apply appropriate information security control for Federal Information system based on NIST 800-37 Rev1.

• Facilitate Security Control Assessment (SCA) and monitor activities. Develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.

• Reviewing, maintaining, and ensuring all assessment and authorization (A&A) documentation is included in the system security package.

• Perform information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and identified mitigation requirements.

• Work with system owners to develop, test, and train on contingency plans and incident response plans.

• Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.

• Review and update remediation on plan of action and milestones (POA&Ms), in organization’s CSAM. Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M. Xcel Security, AL September 2012– March 2015

Cyber Security Intern

• Review and refer to NIST SP 800-53 to assist with implementing software fixes (patches) to remove system vulnerabilities

• Respond immediately to cybersecurity-related incidents and track for resolution

• Answer help desk calls for troubleshooting software updates

• Research and identify vulnerability trends and best practices 3 Page

COMPUTER & SOFTWARE PROFICIENCIES

Microsoft Office Suite

CSAM

Adobe

Qualified Typist (70wpm)

MS Project

FEDRAMP

RMF

Contact this candidate