Shari Sawyer
240-***-**** *************@*****.*** Halethorpe MD
Cyber Security Specialist in directing a broad range of corporate IT security initiatives while participating in the identification, planning, implementation, and monitoring of solutions as well as managing authorization process on information systems. With years of experience in Information Security focus on Confidential, Confidential Risk Management Framework (RMF), System categorization, security control selection, implementation, assessment, authorization, and Continuous Monitoring security controls respectively; to mitigate risk and vulnerability of the system. My strength is my flexibility of handle change, my ability to work effectively with many different people.
TECHNICAL PROFICIENCIES
Network / Operating Systems
Microsoft Windows OS (Desktop & Server)
Software Applications/Tools
Microsoft Visio Microsoft Office Suite Enterprise Mission Assurance Support Service (eMASS)
Skills
Privacy Impact Assessment (PIA) Personally Identifiable Information
(PII) Risk Management Framework (RMF) Security Control Assessment (SCA) Security Assessment and Authorization (SA&A) Business Impact Assessment (BIA) Privacy Threshold Analyst (PTA) Contingency
Planning (CP) Disaster Recovery (DR) Risk Assessment, Policies and Procedures Implementation FISMA NIST SP 800 Series FIPS 199 & 200 POA&M HIPAA HITRUST PCI DSS OMB NIST Risk Management Framework Certification and Accreditation (C&A) Federal Risk and Authorization Management Program (FedRAMP) Payment Card Industry Data Security Standard (PCI DSS)
AREAS OF EXPERTISE
oEXCELLENT STRATEGIST - great listeners with high levels of empathy - able to put themselves in other's shoes. Excellent communicators, able to simplify ideas and get messages across with ease excellence strategy model overcomes issues that commonly occur with traditional organizational deployments of operational excellence and process improvement.
oEXCEPTIONAL ORGANIZATIONAL SKILLS - Offers accessibility to process documentation and standard operating procedures that impact the performance metrics, e.g., through a click of a mouse button in an organizational value chain.
oSTRONG SENSE OF RESPONSIBILITY - Maintain a balanced and consistent performance. Solid professional standards; excellent record of dependability and responsibility. Maintain focus on achieving results and have the motivation to get the job done in a reasonable period while implementing solutions to meet diversity of needs.
PROFESSIONAL EXPERIENCE
Sr. Security Analyst Rockville, MD October 2021 – Present
TISTA Science and Technology Corp
oConduct all steps of the National Institute of Standards and Technology (NIST) Risk Management Framework.
oEnsure that system's security controls, policies and procedures are examined and validated.
oConduct IT controls risk assessments that include reviewing organizational policies, standards, and procedures; interview appropriate personnel; and provide recommendations on adequacy, accuracy and compliance with regulatory standards using NIST SP 800-53A.
oProvide expert advice to developers, administrators, and others during system development life cycle.
oReviewed Interconnection Security Agreement/Memorandum of Understanding (ISA/MOU) for the team
oAssist in the Security Control Assessment (SCA) process using NIST 800 series to improve security controls and enhance system security.
oManage Plans of Action & Milestones (POA&M) and assist with remediation plans to resolve weakness in Risk vision
oConduct and review vulnerability scans (Nessus, Web Inspect, IP360), make recommendations to senior leadership on how to resolve any vulnerabilities found.
oKept track of the remediation efforts results, reviewed and uploaded documents to eMASS.
oDevelop, review, and evaluate System Security Plans (SSP) and Information System Contingency Plans (ISCP) based on NIST Special Publications.
oAct as the main POC expert for all security related matters for assigned systems.
oPrepare Security Assessment Reports (SAR) in which all the weaknesses are reported.
oCreate Plans of Actions and Milestones to tracing corrective action and resolving weaknesses and findings.
oProvide metrics and supporting data used to derive the overall perimeter security state
oExamine and recommend introduction of new perimeter-based security technologies where warranted
oConduct risk analyses and identify perimeter information security exposures; work with the business and subject matter experts to shore up and resolve these issues. Conduct research on emerging issues and identified gaps in existing perimeter security controls
oConduct continuous security analysis on network, application, and infrastructure components; conduct causal analysis and work across IT and business teams to develop solutions that address root causes
oConduct continuous analysis of security threat information (viruses, malicious code, industry events, hackers and zero day exploits.
Sr. IT Security Analyst Vienna, VA May 2020 – October 2021
Zeneth Tech
oIndependently develop Assessment & Authorization (A&A) packages (Risk Assessment, System Security Plan (SSP), Configuration Management Plan (CMP) and Contingency Plans, etc.)
oPerforming and assessment of all applicable NIST 800- 53 series security controls considering other relevant federal publications, such as FIPS and OMB guidance, including by not limited, to daily and/or weekly updates via emails, telecon and/or in-person meetings, as needed.
oKept track of the remediation efforts results, reviewed and uploaded documents to eMASS.
oDevelop, review, and evaluate System Security Plans (SSP) and Information System Contingency Plans (ISCP) based on NIST Special Publications.
oConduct all steps of the National Institute of Standards and Technology (NIST) Risk Management Framework.
oEnsure that system's security controls, policies and procedures are examined and validated.
oConduct IT controls risk assessments that include reviewing organizational policies, standards, and procedures; interview appropriate personnel; and provide recommendations on adequacy, accuracy and compliance with regulatory standards using NIST SP 800-53A.
oProvide expert advice to developers, administrators, and others during system development life cycle.
oReviewed Interconnection Security Agreement/Memorandum of Understanding (ISA/MOU) for the team
oAssist in the Security Control Assessment (SCA) process using NIST 800 series to improve security controls and enhance system security.
Sr. IT Security Analyst Lanham, MD July 2019 – April 2020
Cyloc Solutions LLC,
oSupports the Security Assessment and Authorization process of the client’s systems as a Security Analyst.
oReviewed and updated Information Security System Policies established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
oPerformed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
oHelped with updating IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
oPerformed risk assessments to identify the risk level associated with the findings
oMonitored controls post authorization to ensure constant compliance with the security requirements.
oReviewed artifacts regarding Plans of Action and Milestones (POA&M) created by ISSO before closing.
oDocument findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).
oEnsure that assigned information systems are operated, maintained, and disposed of in accordance with approved security policies and practices.
oEnsure that system security requirements are addressed during all phases of the IS lifecycle.
oDeveloping and maintaining the SSPs and all other system security documentation, reviewing and updating them at least annually for all assigned systems.
oAuthor or coordinate the development of other required system security plans: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DRP) and Incident Response Plan (IRP).
oSupport risk assessment and evaluation activities throughout the system's lifecycle.
oImplement a strategy for continuous monitoring for assigned systems including: Establishing system audit trails and ensuring their review, reporting all identified security findings, and initiating the periodic review of security controls.
oRequested or conduct required information system vulnerability scans in accordance to establish policy; Develop system POA&Ms in response to reported vulnerabilities.
oEnsure compliance with annual FISMA deliverables and reporting.
oAssessed and mitigated system security threats/risks throughout the program life cycle; determines/analyzes and decomposes security requirements at the level of detail that can be implemented and tested.
oReviewed and monitored security designs in hardware, software, data, and procedures; performs system certification and accreditation planning and testing.
oPrepare C&A documentation such as SSP, CONOPS and ST&E reports.
oResponsible for designing, implementing, securing, and deploying a secure network architecture from the ground up for a startup company, supporting it throughout it increase in size over the course of many years.
oPersonally, performed a variety of Cyber Intelligence assessments.
Accountable for NIST standard risk management framework and architecture for the company
IT Security Analyst
Strehs Solutions Quantico, VA May 2016 – June 2019
oEstablished and maintained a information assurance compliant framework (RMF) to ensure that information security policies, technologies and processes were aligned with the business regulations of the organization.
oEnsured that risk identification, mitigation controls and analysis were integrated into application life cycle and change management processes.
oMaintained computer security files to incorporate new software, correct errors, or change individual access statuses.
oCoordinated the implementation of computer system security plans with establishment personnel and outside vendors.
oConducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance with Federal requirements.
oProvided technical expertise on accessing HBSS configuration requirements based on STIG implementation guidelines.
oDesigned and implemented a security assessment strategy to reduce risks via reporting and mitigating vulnerabilities, and assessing ports, protocol, and services based on DISA configuration standards.
oCoordinated vulnerability scanning and control assessment of all assets, operating systems, and databases utilizing Retina and Nessus, as well as applicable security manual checklists to validate compliance.
oEnsured the data recovery, data integrity, and database performance, availability, and maintenance were met through applying best practices and monitoring of policies, standards, and system processes relating to database management.
oMaintained computer security files to incorporate new software, correct errors, or change individual access statuses.
oCoordinated the implementation of computer system security plans with establishment personnel and outside vendors.
IT Security Analyst
ESI International Analyst Arlington, VA July 2015 – May 2016
oEnsure that assigned information systems are operated, maintained, and disposed of in accordance with approved security policies and practices.
oEnsure that system security requirements are addressed during all phases of the IS lifecycle.
oDeveloping and maintaining the SSPs and all other system security documentation, reviewing and updating them at least annually for all assigned systems. Reported and responded to any security breaches or viruses
oResponsible for administering, monitoring, maintaining of security systems
oAssisted with coordinating the implementation of security systems and upgrades to systems as needed
oInvolved with new technology analysis and implement security review
oResearched and assessed new threats and security alerts and recommended remediation actions
oDocumented and escalated security incidents within specified/assigned systems to ensure timely follow-up and tracking
oAnalyzed and determined the root cause of security breaches and changed security controls Ensure that system security requirements are addressed during all phases of the IS lifecycle.
oConducted risk assessments and suggested security enhancement
oAnalyzed, determined the root cause of security breaches, and changed security control and conducted risk assessments and suggested security enhancement
oConducted compliance audits and identified system vulnerabilities and presented compliance findings to management
oAbility to work with various technology teams to remediate and validate corrective actions and assisted team in developing fraud detection and monitoring plan
oResearched, identified, and mitigated security threats to information systems with team
EDUCATION and CERTIFICATE TRAINING
oUniversity of Maryland Global Campus (UMGC) Upper Marlboro, MD
Master’s Degree Candidate in Cybersecurity Management & Policy
oBridgewater State University Bridgewater, MA
Bachelor of Science, Social work, and Psychology
oCertified CompTIA Security +.
oCertified Authorization Professional (CAP) In Progress