Mitch Lon Luz - U.S. Citizen
Email: ****************@*****.***
Woodbridge, VA 22193
Phone: 571-***-****
SUMMARY:
An Information Security Professional with 8 years of experience in managing and protecting enterprise information systems, network systems and operational procedures through the SA&A process, Information Assurance Controls, Compliance Verifications, Risk Assessment, Vulnerability Assessment with experience in testing on cloud-based and legacy systems in accordance with NIST, FISMA, OMB App. III A-130, and industry best security practices. Familiar with other NIST SP: 800-18 R1, 800-30 R1, 800-34 R1, 800-37 R1, 800-53 & 800-53A R4, 800-60 Vol. I & II, 800-115, 800-122, 800-137 and FedRAMP. A passion for problem solving and helping organizations secure systems by applying cybersecurity skills and tools to find security flaws. Excellent time management and organization skills and capable of handling multiple projects simultaneously while meeting all deadlines.
CERTIFICATIONS: (In view)
(ISC)2 CISSP
(ISTQB) Foundation Level Agile Tester
TOOLS / TRAINING:
Vulnerability Tools: Burp Suite, Nessus, Owasp Zap, Nmap, Wireshark
CompTIA Security+ Training, SANS Sec542 Training, DB2, Microsoft SQL server, Mainframe
Microsoft Office: Word, Excel, PowerPoint, Access, Outlook, Publisher
VMware Fusion & Workstation
PROFESSIONAL EXPERIENCE:
Blue Cross Blue Shield, Washington, DC Mar 2017 - Present
Information Security Analyst
Completing SA&A packages and conducting Security Assessments for internal systems ahead of schedule, which decreased the time for the systems to receive an ATO.
Assists with the management of remediation actions and Plan of Action and Milestone (POA&M) updates to ensure timely remediation of security deficiencies.
Review and update System Security Plans (SSP), Security baselines and Information Security System Policies in accordance with NIST, FISMA, OMB App. III A-130, NIST SP 800-18.
Ensures Implementation of appropriate Security Controls for Information Systems based on NIST Special Publication 800-53 R4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.
Performs internal auditing of information security processes. Assesses threats, risks, and vulnerabilities from emerging security issues.
Monitoring and maintenance of security controls, draft processes & procedures, create Security Authorization packages (formerly Certification & Accreditation), and reviews the monthly Continuous Monitoring reports which includes vulnerability scanning, interviews and system testing.
Documents and communicates policies, queries, vulnerabilities, and current state of the system.
Supports the organization in the development, oversight, and maintenance of FISMA compliant security programs.
Experience in navigating through the Risk Management Framework (RMF) process to an information system’s Authority to Operate (ATO).
Conducts vulnerability assessments with tools such as Burp Suite and Tenable Nessus to identify system vulnerabilities, evaluate attack vectors and develop remediation plans and security procedures.
Reviews and update the system categorization using FIPS 199, Initial Risk Assessment, SSP, SAR, POA&M, PIA (Privacy Impact Assessments) per NIST 800 guidelines.
Conducts a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an Information System (IS) to determine the overall effectiveness of the controls.
Participates in the development and maintenance of Security Authorization and Information System Continuous Monitoring (ISCM) documentation for all systems under our responsibility to include: System Security Plans and Information System Contingency Plans.
Monitors controls post authorization to ensure continuous compliance with the security requirements.
Alta IT, Washington, DC Jan 2015 – Mar 2017
Security Analyst
Provided an assessment of the severity of weaknesses or deficiencies discovered in the Information System and recommend corrective actions to address identified vulnerabilities using NIST 800-53A.
Performed vulnerability scanning and assessment with tools such as Owasp Zap, Burp Suite, Nmap ensure government agency compliance.
Evaluated IT threats and vulnerabilities and recommend corrective measures to ensure the adequacy of existing information security controls.
Advised the government clients concerning the impact levels for confidentiality, integrity, and availability for the information on a system.
Updated and maintained the Plan of Action and Milestone (POA&M).
Monitored Security Controls post authorization to ensure continuous compliance with the security requirements.
Analyzed information security systems, applications, recommends, and develops security measures to protect information against unauthorized modification or loss.
Conducted security assessment interviews to determine the Security posture of the System.
Escalated any high severity findings quickly and worked closely with developers and other stakeholders to verify that any identified vulnerabilities are addressed.
Created Rules of Engagement (ROE) documents before conducting any Active scans.
Consulted with product owners and developers to discuss scope, security testing techniques, tools and architectural layouts.
Performed weekly, monthly & quarterly scans in an Waterfall/Agile environment at build level and at the end of each release.
Coordinated meetings with development teams for appropriate handling of bugs and their timely resolution.
SunTrust Bank, Washington, DC Jun 2010 – Jan 2015
Senior Quality Assurance Tester
Performed Functional testing, System testing, Regression testing and Smoke testing of the applications at various phases of the development and test cycles in Waterfall environment.
Proficient in SQL queries to check validity of data, ensure database integrity and joining multiple tables.
Experience in attending and participating in Technical Requirements review, Walkthroughs and Peer Reviews.
Diversified knowledge and experience in Software Quality Assurance Testing on Client/Server and Web applications.
Possess skills in testing using HP Quality Center tool along for Manual testing.
Skilled in defect tracking and reporting to improve communications and reduce delay using HP Quality Center.
SunTrust Bank, Alexandria, VA Jul 2007 – Jun 2010
Help Desk Technician
Diagnosed and resolved end-user network or local printer problems, PC hardware problems and e-mail, Internet, dial-in, and local-area network access problems.
Delivered, set up, and assisted in the configuration of end-user PC desktop hardware, software and peripherals.
Performed minor desktop hardware repair for PC computer equipment and peripherals that are not covered by third-party vendor maintenance agreements.
Helped in system software and application installation and upgrades.
EDUCATION:
Master of Business Administration (MBA), University of Phoenix, Arizona 2010
Bachelor of Science in Commerce, Ateneo De Manila University, Manila, Philippines 1998