Subbu Sonti, **********@*****.*** CISSP, Security analyst
ACCOMPLISHED PROFESSIONAL
Knowledgeable and efficient IT professional, up-to-date on Cyber Security management methodologies, Data Modeling, Data Migration, and Data Cleaning. Hold multiple AWS certifications and comfortable with AWS environment. Communicate and Coordinate with partner organizations for computer equipment Logistic Delivery and maintenance. Proficiency in computer storage management, computer Patch management, Network operations and Network architecture.
Education
Bachelor of Science, BSc. B.I.T.S. Pilani, Rajasthan, India 1985
Certifications
Certified Information system Security Professional (CISSP)
AWS Certified Cloud Practitioner (CLF-C01)
AWS Certified Solutions Architect Associate (SAA-C02)
ITIL Foundation
Summary of Qualifications
Currently hold a Certified Information System Security Professional certification (CISSP), an AWS certified cloud Practitioner Certification, and an AWS Solutions Architect Associate Certification. Solid experience in investigating, trouble shooting, and remediating TCP/IP Network and Cyber Security issues. Comfortable using FDIC, FISMA NIST Checklists to create security Synopsis Statement and Security Profile documents. Excellent understanding of Disaster Recovery (Table Top Exercises) and SIEM - incident Management procedures.
Professional Experience
HHS/NDMS/LRAT, Falls Church, VA January 2022 - present
IT Specialist (Intermittent)
Support the planning, designing, and architecting of a multi-technology cyber solution for various systems.
Develop and maintain security policies, procedures for the various equipment (Phones, Radios, Wireless Lan AT&T Nighthawk LTE mobile Hotspot Router, HP Laser Jet Pro MFP color printer).
Investigate to determine root causes of security issues and perform troubleshooting/problem resolution to restore services for the various equipment.
Develop, present, and implement sound recommendations for remediation.
Provide guidance and support security activities while building relationships with key personnel.
Document and inform management with information about security information and event management.
Remote management and troubleshooting of workstations and servers.
Provide research and analysis in support of expanding programs and area of responsibility.
Assess information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
IT equipment delivery and paper Trail of receiving parties.
Radio Batteries and Laptop storage management.
Unemployed April 2019 - January 2022
Took time off to prepare for a certification test.
Covid-19 created a delay in going back to work.
iCES Corporation, Mclean, VA August 2018 - April 2019
Information Assurance Engineer
Collaborated on NIST RMS compliance initiative for National Environmental Satellite, Data, and Information Service ( NESDIS).
Assessed risk, analyzed security posture and provided IA subject-matter expertise for NOAA Partner Antenna Access Network (PAAN) and SCATSAT systems.
Interpreted and applied FIPS 140-2,199/200 as well as NIST 800-37, 800-53, 800-53a, and 800-60.
Telesis Inc., Mclean, VA June 2017 – May 2018
Senior Information Assurance Analyst
Fulfill critical role coordinating and leading client engagements on behalf of this corporation, with a present focus on a 3-Year project to implement Cyber Security Policy for the Department of Housing and Urban Development, a key customer.
Received Dept. DOJ’s CSAM (Cyber Security Assessment and Management) system Training and conducted the following for the Dept. HUD Security processes - Support for FISMA reporting for CM Policy, DLP Policy and provide Plan of Action and Milestones process oversight and compliance.
Unemployed February 2015 - June 2017
Certified in CISSP, searched for work.
Highlight Technologies LLC, VA September 2014 – February 2015
Senior Security Analyst
As a Senior Security analyst, for FDIC vendor security compliance program, worked independently and interviewed vendor system owners for FISMA NIST compliance and performed the following -
Reviewed vendor supplied system documents and analyzed them with regards to NIST RMF. Educated vendor system owners regarding NIST Special Publication 800-53r4 control requirements and the needed system documents. Mapped the acquired documents to the FDIC, FISMA NIST checklists.
Reviewed vendor submitted SAS70 and SOC2 Audit reports. Used FDIC, FISMA NIST checklists to create the following documents: Security Synopsis Statement and Security Profile Documents for vendor security approval process.
Unemployed February 2014 – September 2014
Searched for work
Phacil Inc., Ballston, VA January 2014 – February 2014
Security Trainer
As a Security Trainer, for FCC PII security compliance program, reviewed NIST Special Publication 800-53r4, Appendix J, Privacy Control Catalog and created the report for the applicability of the NIST Risk Management Framework in the selection, implementation, assessment, and ongoing monitoring of privacy controls deployed at FCC information systems.
Researched industry best practices for Cyber Security Training. Developed, Written and Tested the Cyber Security Training Framework to train personnel in house as well as getting experts from outside to train FCC personnel.
Unemployed October 2013 – December 2013
Searched for work
DHA Inc., Washington DC February 2013 – August 2013
Senior Security Analyst
As a key member of USPTO Continuous Monitoring Assessment team, served as an independent third-party evaluator for the systems. Interviewed the system owners and clearly communicated to them FISMA NIST Special Publication 800-53r4 and NIST RMF requirements via emails as well as in person interviews.
Worked independently and provided the following services which included performing Security Control Assessment, System Characterization/Boundary Definition, Security Categorization, System Security Plan Support, Security & Privacy Control Assessment and finalization of A&A packages.
Under the USPTO ongoing Security continuous monitoring program, reviewed and created the following documents for 6 A&A packages – System Requirements Traceability Matrix - SRTM’s, Security Test and assessment Plan - ST&A (Scoping the controls according to NIST SP 800-53v4), System Interview Questions and Artifacts Request Questionnaire, Security Assessment Report, System Security Plan. These documents are based on FISMA NIST SP 800-53v4, 800-137, 800-12, 800-18, 800-34 and 800-37.
Unemployed April 2012 – January 2013
Searched for work.
Glacier Inc., Washington DC May 2011 – March 2012
Senior Quality Assurance Analyst
Led the SBA security project to manage the day-to day operations with ISSO representatives to organize, implement and maintain Information Systems Security Professional (ISSP) Assessment and Authorization (A&A) capability to ensure the security of all information technology assets, and to achieve compliance with industry, NIST/SBA and privacy specifications of FISMA for eight moderately impacted systems with one high impact system.
Reviewed and analyzed the received documents from the system owners, developed and created the set of documents for the creation of ATO package. These documents are based on FISMA NIST Special Publication 800-53r4, 800-18, 800-34, 800-37 and vulnerability tools Tripwire and Nessus. Documents encompassed FISMA NIST RMF, Configuration Management, Incidence Response, disaster Recovery as well as Communications controls.
Conducted Table Top Exercises for 3 systems to evaluate Disaster recovery capabilities and preparedness of the underlying computer systems.
Unemployed March 2010 – May 2011
Awaited SBA Public Trust Clearance.
Trusted Technologies, Baltimore, MD September 2009 – March 2010
Test Lab Manager
Produced documentation regarding best practices and implementation Test procedures for several key systems within National Guard including Microsoft Windows 2008 R2, windows Active Directory, and Texas Instruments IEF Case tools.
Participated in team meetings with SAIC personnel to review Test methodology used and demonstration of Configuration items used for base lining SAIC owned National Guard 17 systems.
Unemployed January 2009 – September 2009
Took time off for family reasons.
ILumina Solutions Inc., Alexandria, VA April 2008 – January 2009
Quality assurance Analyst
Worked with Accenture, in an Army GFEBS project, Reviewed and provided comments for SAP RICEF IDOC Transactions (Reports, Interfaces, conversions, enhancements and Forms).
Reviewed and Tested the SAP GEFEBS Business Warehouse Reports and provided comments.
Improved the client’s operational efficiency, decision making, and improved Testing processes.
From 1990 to 2007, worked as a developer for the DB2, Oracle and IEF Case Tools for the Various organizations like IADB, NYMEX, SAIC, CITI and AboutWeb.