Mortimer Berchie

Leesburg, VA *****

Cell: 703-***-****

Email: adre1a@r.postjobfree.com

SUMMARY

Results-driven Information Security Analyst with specified experience of 5 years in both Information Technology and providing Information Security and Assurance for government and commercial clients. Provide effective skills to proactively complete projects and special assignments on time while working autonomously in a fast-paced environment, all while fostering team solidarity and promoting a strong and positive environment.

PROFESSIONAL CERTIFICATION

CompTIA Security+ CE

QUALIFICATIONS SUMMARY

TECHNICAL SKILLS

Platform/Artifacts: FIPS 199, SORN, E-Authentication, PTA, PIA, RA, SSP, CP, ST&E, SAR, POA&M, ATO, DHCP, DNS

Operating Systems: Windows Server 2003/2008/2012, Red Hat Linux, Sun Solaris (UNIX)

Applications/Tools: VirtualBox, VMware, SSH, Toad, Nessus, CSAM, Splunk, STIGs, Active Directory

PROFESSIONAL EXPERIENCE

Carol Technology LLC, Washington DC

Information Security Analyst (ISSO) Dec 2018 – Present

•Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and

maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M.

•Review and update remediation on plan of action and milestones (POA&Ms), in organization's CSAM.

•Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos,

residual risk memos and corrective action plans to assist in the closure of the POA&M.

•Manage vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.

•Prepared data reports every quarter, representing 4 cycles in a year.

•Held kick-off meetings with CISO and system stakeholders prior to assessment engagements.

•Conduct Walkthroughs, Test plans, Test results and develop remediation plans for each area of testing

•Assisted the system owner to create the business Impact Analysis (BIA) document that formed part of the

contingency plan and I also assisted in reviewing and updating it.

•Provided support for implementing and following the Federal Information policies and guidelines

throughout the whole Certification and Accreditation process for securing clients' information systems (NIST SP 800 series)

•Perform security assessments, develop, review, and update Certification and Accreditation (C&A) packages and Authority to Operate (ATO) documentation for systems hosted.

•Maintain and manage the required systems security documentation on the SBA adopted DOJ - Cyber Security Assessment and Management (CSAM) system. Minimum documentation includes System Categorization Worksheets (SCW), Privacy Impact Assessments (PIA), Security Control Assessments (SCA), System Security Plans (SSP), Risk Assessments (RA), Contingency Plans (CP) and testing, FIPS 199 Security Categorization, Security Control Test & Evaluation (SCT&E), ATO certifications and re-certifications, Security Self Assessments (SSA), Memoranda of Understanding (MOU), and Interconnection Security Agreement(s).

•Assist leads and representatives with the migration of controls from NIST SP 800-53 Rev 3 to Rev4 in the CSAM.

•Create and develop security policy documents and relevant artifacts to support Fed RAMP compliant.

•On a quarterly basis, conduct reviews on Information Systems security documents for all hosted systems to minimally include Plan of Action & Milestones (POA&Ms), Security Control Test & Evaluation (SCT&E)

Metro Apps Consulting, Manassas VA Dec 2016 - Nov 2018

Information Security Analyst

•Prepared Certification and Accreditation (C&A) packages for various systems as well as develop, review, and update packages and Authority to Operate documentation for systems hosted in accordance with NIST (NIST SP-800 Series 800-60, 800-53, 800-53A, 800-137).

•Participated in the authoring or coordinating the development of other required system security plans: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP).

•Assisted in the developing risk assessments, security plans and risk mitigation plan to identify security risks for systems and architectures.

•Worked with various security methodologies and processes, knowledge of Transmission Control Protocol / Internet Protocol (TCP/IP) protocols, knowledge and experience configuring and implementing a diverse array of technical security solutions, and experience providing analysis and trending of security log data from many heterogeneous security devices.

•Assisted in the development of agency's IT Security policies, standards, guidelines, and procedures.

•Performed pre-audit activities (e.g., review prior year audit issues and ensures corrective actions, system documentation is current, procedures are being followed, Plan of Action and Milestones are up to date, etc.).

•Worked with teams to identify and resolve issues discovered during audit and review process.

•Reviewed POA&M and enforced timely remediation of audit issues, and update system security plans (SSP) using NIST SP 800-18 guidelines.

Royal Tech, Harrisburg PA

Cyber Security Analyst Feb 2015 – Dec 2016

•Worked with the Architectural Software Design Team in researching Unmanaged Software installed in the VA system.

•Thoroughly review and analyze Veterans Affairs Better Data Better Analyses (BDNA) software on software and titles on the VA System.

•Review and verify various component and dependents on software uploaded on the Technical Reference Module (TRM)

•Utilize Content Request Form (CRF) in requesting info from vendors that cannot be reached on chat

•Identify the Transmission Control Protocol / Internet Protocol (TCP/IP) protocols dependencies for software or title.

•Submit reviewed titles into the Technical Reference Module (TRM) for review by the Technical Reference Module Authoring Team.

•Participated in the coordinating and the development certification documents such as the: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP).

•Participated in pre-audit activities such as the reviewing of the issues from the previous year audit and ensured corrective actions, system documentation is current, Used, and applied knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents.

•Support the remediation actions to correct assessment findings and develop supporting Plan of Action and milestone (POA&M) reports and update System Security Plan.

•Develop, maintain, and report on key cloud security metrics – both as a program and on an individual basis, creating metric templates and scoring models

EDUCATION

Northern Virginia Community College March 2013

Associates Communication Degree

West Virginia Wesleyan College May 2015

Bachelor of Communication Degree

REFERENCE:

Professional references available upon request

Contact this candidate