Information System Security Officer

Durell Hickman Frederick, MD 240-***-**** ***********@*****.***

A highly motivated Cyber Security Specialist with over 5 years of Information Security experience responsible for maintaining FISMA and FedRAMP compliance for multiple information systems and executing the Risk Management Framework. Leading complex technical projects for security identification, measurement assessment, mitigation, reporting, monitoring, compliance and governance reporting to high-level Senior Directors and Chief Information Security Officers.

TECHNICAL EXPERTISE

Cybersecurity Analysis Information Security Systems Security Security Compliance Security Testing Security Planning Security Authorization Packages IT Security Network Security Data Security Risk Analysis Risk Assessments Risk Management Systems Development Life Cycle Threat Vulnerability Assessments FedRAMP NIST FISMA Linux RMF AWS Azure CSAM EMASS Threat Reports Contingency Planning Technical Project Management Program Management Access Management Federal & State Legal Security Policies Network Administration

CERTIFICATIONS

●IAT II CompTIA Security +

EXPERIENCE

Information System Security Officer

Washington,DC

May 2022 - Present

●Ability to facilitate meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders

●Experience working within the Risk Management Framework (RMF), NIST SP 800-53, Security Technical Implementation Guides (STIGs), and other relevant Federal/Defense frameworks

●Experience managing security personnel and team members including engineers, architects, developers, testers, ISSOs, and TPM to execute key security initiatives

●Experience persisting through both internal and external blockers in order to ensure successful achievement of strategic security initiatives

●Experience developing and maintain Plan of Action and Milestones (POA&MS) of all accepted risks upon completion of system (A&A)

●Experience proactively collaborating with technical and business stakeholders to execute compliance requirements in accordance with security best practices

●Experience developing System Security Plans (SSPs), supporting security artifacts and evidence, risk reports, and continuous monitoring processes to maintain compliance accreditations

●Experience within the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.

●Experience working with stakeholders to resolve computer security incidents and vulnerability compliance

●Experience with assisting System Owners and ISSO’s in preparing certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53A and NIST SP 800-53B

●Experience performing security reviews, identifying gaps in security architecture, and issuing guidance on risk management strategy

●Experience with FISMA metrics such as Annual Testing, POA&M Management, and Program Management

●Experience successfully implementing the functionality of security requirements and appropriate IT policies and procedures to be consistent with enterprise objectives

●Plan, assign and perform security validation review for A&A documentation, and supervise team members

●Experience operating within AWS/Azure services, enterprise networking paradigms, and modern identity management frameworks (Okta, MFA, SSO, etc.)

●Experience implementing cyber defense and information security policies, procedures, and regulations

●Experience with cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity

●Experience with managing complex system records in the Enterprise Mission Assurance Support Service (eMASS) tool

●Experience with Information Security Continuous Monitoring (ISCM), RMF automation, and Comply to Connect

●Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), and security compliance processes

Information System Security Officer

Washington,DC

January 2018 - May 2022

●Ability to facilitate meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders

●Experience working within the Risk Management Framework (RMF), NIST SP 800-53, Security Technical Implementation Guides (STIGs), and other relevant Federal/Defense frameworks

●Experience managing security personnel and team members including engineers, architects, developers, testers, ISSOs, and TPM to execute key security initiatives

●Experience persisting through both internal and external blockers in order to ensure successful achievement of strategic security initiatives

●Experience developing and maintain Plan of Action and Milestones (POA&MS) of all accepted risks upon completion of system (A&A)

●Experience proactively collaborating with technical and business stakeholders to execute compliance requirements in accordance with security best practices

●Experience developing System Security Plans (SSPs), supporting security artifacts and evidence, risk reports, and continuous monitoring processes to maintain compliance accreditations

●Experience within the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.

●Experience working with stakeholders to resolve computer security incidents and vulnerability compliance

●Experience with assisting System Owners and ISSO’s in preparing certification and Accreditation package for companies IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53A and NIST SP 800-53B

●Experience performing security reviews, identifying gaps in security architecture, and issuing guidance on risk management strategy

●Experience with FISMA metrics such as Annual Testing, POA&M Management, and Program Management

●Experience successfully implementing the functionality of security requirements and appropriate IT policies and procedures to be consistent with enterprise objectives

●Plan, assign and perform security validation review for A&A documentation, and supervise team members

●Experience operating within AWS/Azure services, enterprise networking paradigms, and modern identity management frameworks (Okta, MFA, SSO, etc.)

●Experience implementing cyber defense and information security policies, procedures, and regulations

●Experience with cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity

●Experience with managing complex system records in the Enterprise Mission Assurance Support Service (eMASS) tool

●Experience with Information Security Continuous Monitoring (ISCM), RMF automation, and Comply to Connect

●Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), and security compliance processes

References

References are provided upon request

Contact this candidate