SUMMARY OF QUALIFICATION

A detail-oriented information technology professional with 10 years of experience in managing and protecting enterprise information systems through Assessment and Authorization (A&A) in accordance with the Federal Information Security Management Act (FISMA), with an in-depth knowledge of Risk Management Framework (RMF) using NIST and FIPS standards throughout the System Development Life Cycle (SDLC).and FIPS standards throughout the System Development Life Cycle (SDLC).

TECHNICAL SKILLS

Risk Management Framework (RMF) and all NIST 800 SERIES, SP 800-53, FIPS 199, FIPS 200.

Assessment and Authorization (A&A) security documentations.

Tenable NESSUS, HP WebInspect, XACTA, Wireshark, OSI MODEL, Remedy Force Ticketing System.

EXPERIENCE

Reach For Your Potential, Iowa City October 2017 -Current

Information Assurance Analyst

Perform tasks in compliance with Risk Management Framework process with NIST SP 800-37 Rev1.

Draft and Review System Security documents such as System Security Plan (SSP), Plan of Actions and Milestones (POA&M's), Security Assessment Plans (SAP), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), System of Record Notice (SORN), Electronic Authentication (E-Auth), FIPS 199 using the organization provided template or GRC tools such as XACTA.

Leverage organization template, XACTA GRS tool, NIST Special publications (NIST SP 800-18, and NIST SP 800-53A Rev4.) to perform the Risk Management Framework (RMF) tasks

Conduct Risk Assessment and review vulnerability scanning.

Analyze and identify weaknesses within Tenable Nessus and provide mitigation recommendations.

Support security controls assessments and audits by providing required artifacts and screenshots.

Perform an annual assessment of FISMA reportable systems.

Track and perform the task required for on-time remediation of POA&M’s findings.

Review audit finding and collaborate with System Administrators to obtain artifacts for remediation.

Perform Security Impact Analysis (SIA) for system changes and coordinate with System stakeholders through the change approval.

Resolve remedy force SIA’s Ticket for change management.

Perform security control assessment on Microsoft Azure, Amazon AWS, and cloud-hosted systems leveraging FedRAMP information security guidelines.

Compile Authority to Operate (ATO) package for ATO decision.

Attempt security meetings and provide project updates to system Stakeholders.

Assist with developing and conducting tabletop exercises and testing IT Contingency Plans.

Develop an Authorization Package with all required artifacts in accordance with NIST SP 800-37 that includes risk analysis/assessment and determination along with the recommendation for the authorizing officials.

Reach For Your Potential, Iowa City Dec 2012 – Oct 2017

Security Control Assessor

Performed security assessment on Low, Medium, and High systems.

Produced a security assessment plan (SAP) and security assessment report (SAR)

Managed assessment documentation SAP, SAR, and SRTM in XACTA.

Drafted the Plan of Action and Milestones (POA&M) based on the assessment findings and provide remediation recommendations to the project team.

Performed testing of security controls to ensure they are properly implemented, working as intended, and producing the desired outcomes.

Requested and review Tenable Nessus, HP web inspect vulnerability scanning during the security control assessment testing phase.

Drafted artifact request list for the security controls in the scope of the assessment.

Conducted Cloud Security Assessments on IaaS, SaaS, and PaaS cloud-hosted systems.

Performed Continuous Monitoring assessment on in-premises and cloud-hosted systems.

Supported the continuous monitoring by reviewing artifacts submitted to close out outstanding POA&M’s

Provided assessment briefing to Authorizing Official (AO) and project stakeholders.

Hold security meetings and system demos to obtain security artifacts.

EDUCATION

University Of Maryland Global Campus (UGMC)Adelphi Maryland Bachelor’s in Computer Network and Cybersecurity Fall 2023.

Eastern Iowa Community College Davenport, Iowa Associate Degree Computer Network and Cybersecurity Fall 2021

Kirkwood Community college Cedar Rapids Iowa Associate Applied to Science Network and System administration Summer 2020

CERTIFICATIONS

CompTIA Security+ Scrum Master Accredited Certification Certified information Security Manager (CISM) - In progress.

Contact this candidate