Felicia E. Nokes

INFORMATION TECHNOLOGY SECURITY PROFESSIONAL

571-***-**** adx6ri@r.postjobfree.com www.linkedin.com/in/FeliciaNokes PROFESSIONAL SUMMARY

Highly motivated, organized IT Security Professional with decisive project planning skills and an enthusiastic attitude toward building successful working relationships among a diverse workforce. Proven record of high adaptability in complex situations. Hands on experience in Lead roles on many projects with positive results. Extensive experience in supporting the implementation and assessment of the NIST Risk Management Framework (RMF), compiling complete authorization to operate (ATO) packages, including data gathering, analysis, security testing, and POA&M generation, management, and closure. Project management experience in security engineering, information assurance, information risk management, cybersecurity, IT governance, risk management and compliance (GRC), and SDLC/FedRAMP/Cloud projects. Extensive knowledge of Federal information security guidance, including NIST (SP 800-30, SP 800-37, and SP 800-53), FIPS security publications, FISMA/FISCAM, OMB A-123, DIACAP, FedRAMP, and the CPIC process. CERTIFICATIONS

• Certified Information Privacy Professional (CIPP), June 2023

• Microsoft Azure Fundamentals AZ-900, May 2022

• CISSP, April 2022

• (ISC) CBK Training Course for CISSP Certification, March 2018

• Information Assurance Security Officer Certification, January 2016

• Certified Associate in Project Management (CAPM) Certification, November 2014

• CompTIA Security+ Certification, December 2013

• Microsoft Certified Professional, March 2013

• Certified Microsoft SharePoint Designer 2010 – Level 1 & 2, February 2012 TECHNICAL SKILLS

Security Tools: Tenable Nessus Security Center, Tripwire Enterprise, IBM QRadar SIEM, Qualys Vulnerability Management, NMAP Network Vulnerability Scan, OpManager, Rapid7, Splunk ES, Core Impact Pro, HP WebInspect, HP Fortify, STIGViewer, Manual Security Configuration Checklists (CIS, DISA STIGs, Vendor Security Recommendations)

Cloud Service Tools: Amazon Web Services (AWS), AWS Security Hub, Microsoft Azure, Log Analytics, Sentinel GRC Tools: CSAM, Agiliance, RSA Archer

Network Tools: IPS/IDS Configuration, Microsoft Active Directory, IBM Tivoli “BigFix” Data Modeling Tools: Power BI, Microsoft Visio, Adobe DC Pro CS5 Suite (InDesign, Photoshop, Lightroom) Project Management Tools: Microsoft Project, Access, and SharePoint; Adobe Presenter, Adobe Captivate PROFESSIONAL EXPERIENCE

Senior IT Security Assessor – Zeneth Technology Partners Small Business Administration, Office of Disaster Assistance, Disaster Credit Management System JUNE 2019 – JULY 2023

• Responsibilities include assessing design of internal controls, preparing control risk matrices, developing testing plans, selecting samples, reviewing documents to test operating effectiveness of internal controls.

• Crafted full security assessment documentation packages for ODA information systems to obtain multiple Authorization to Operation (ATO) letters from the SBA Chief Information Security Officer (CISO) office in Washington, D.C.

• Proficient with CSAM to implement RMF, NIST and FedRAMP requirements for continuous monitoring activities.

• Creates security artifacts, provide guidance and technical support to internal and external security control assessments, development of plans and policies, and assists ISSO in the preparation, management, and closure of POA&Ms tracked within CSAM.

• Develop, implement, and review security control implementation statements for the Disaster Credit Management System (DCMS) information systems under the ODA purview. Senior IT Security Analyst – Veterans Enterprise Technology Solutions (VETS) Inc. Small Business Administration, Office of Disaster Assistance, Disaster Credit Management System SEPTEMBER 2017 – JUNE 2019

• Supported Hosting Operations and Security Compliance Services for the Small Business Administration (SBA) contract to provide systems security and information assurance engineering services to enhance the security posture of the Disaster Credit Management System (DCMS) for the SBA Office of Disaster Assistance (ODA).

• Evaluated ODA wide FISCAM controls and their effect on audit risk. Performed entity wide and application controls reviews using FISCAM and FISMA, focusing on configuration management, access controls and security management controls for DCMS COTS application, Oracle and Windows environments.

• Played an instrumental role in baselining DCMS information system security ensuring compliance with NIST 800-53 Rev. 4, guided DCMS and CSCTCS A&A activities to include System Security Planning, Risk Assessment, Contingency Planning, Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), E- Authentication and FIPS 199 Categorizations.

• Coordinated with Hosting Operations and Security staff to resolve security issues throughout the system development lifecycle.

• Delivered security requirements, recommendations and best practices to System Owners, Security Program Management, Hosting Operations and Application Development teams.

• Performed Salesforce security log analysis, including building detailed reports and dashboards for auditing control requirements, as well as extracting data to prepare daily and weekly reporting for DCMS Management.

• Worked closely with development team to provide support in implementing security best practices in Salesforce in order to build customized role-based user access to satisfy NIST access control requirements. Hosting Operations Security Liaison – Veterans Enterprise Technology Solutions (VETS) Inc. Small Business Administration, Office of Disaster Assistance, Disaster Credit Management System AUGUST 2016 – SEPTEMBER 2017

• Liaison between Hosting Operations and Security, as well as other DCMS departmental groups on information security related topics.

• Developed, implemented, tracked and maintained a vulnerability management program for the DCMS information system and hosted applications.

• Performed and Analyzed system vulnerability scans with Nessus Scanner in support of FISMA Compliance

• Monitored multiple platforms and virtual environments using IBM QRadar SIEM tool to satisfy FISMA, FISCAM and NIST auditing requirements.

• Initiated Exception Forms (AORs) for policy or control deviations and identified mitigating controls.

• Responsible for collaborating with Systems Admins to resolve long-standing security issue with Linux/Solaris based authentication issues (LDAP, manual passwords).

• Prepared and delivered compliance reports for DCMS ISSO using Tripwire Security Intelligence Hub (SIH).

• Responsible for managing ODA hardware and software inventories.

• Recommended operational improvements and remedial actions necessary to ensure task is accomplished effectively and in accordance with customer policies and current contract requirements.

• Collaborated in teams of technical and non-technical experts to rewrite outdated technical documentation.

• Cross-trained new security staff members on day-to-day operations of the DCMS Security Team.

• Interviewed and evaluated potential employees and mentored new hires. Task Order Lead / Senior Security Analyst – Technical and Management Resources, Inc. Small Business Administration, Office of Disaster Assistance, Disaster Credit Management System SEPTEMBER 2013 – JULY 2016

• Managed 10-person Security Team for the IT Security Program contract at the SBA DCMS Operations Center in Herndon, Virginia for two years.

• Task Order Lead (de facto Project Manager) for all security team projects, contract deliverables, internal and external audits, and policy creation and enforcement to implement FISMA, FISCAM, FedRAMP and NIST security requirements.

• Delivered security requirements, recommendations and best practices to System Owners, Program Management, Information Assurance, Hosting Operations and Application Development teams.

• Prepared and presented weekly project performance metrics for weekly, quarterly and annual reporting, monthly contract status reports and Quality Assurance Surveillance Program to DCMS Director and COTR.

• Conducted vulnerability scan analyses of entire DCMS information system devices using Nessus, Qualys and DB Protect scanning tools.

• Analyze and evaluate audit logs and data correlations for incident response using SIEM tools such as QRadar and Splunk.

• Monitored multiple platforms and virtual environments using security baseline configuration tools such as Tripwire and MaaS360.

• Proficient with CSAM to implement RMF, NIST and FedRAMP requirements for continuous monitoring activities and Assessment & Authorization activities. Information Assurance Analyst – Intercom Consulting & Federal Systems Small Business Administration, Office of Disaster Assistance, Disaster Credit Management System MARCH 2012 – SEPTEMBER 2013

• Responsible for creating and updating 40+ security policies and procedures for security contract with federal client, the Disaster Credit Management System.

• Generated and maintained artifacts for internal POA&Ms and external audits for KPMG and OCIO IT Security.

• Implemented security measures in accordance with SBA security requirements, NIST SP 800-53 and the Federal Information Security Management Act (FISMA).

• Evaluated, tested, monitored and maintained all DCMS information assurance controls using NIST 800-53A.

• Produced analyses of identified risks in security systems and worked with technical SMEs to resolve security issues.

• Ensured that the DCMS security architecture, designs, plans, controls, processes, policies, and procedures are aligned were aligned with SBA and federally mandated policies. Communications Analyst – Vox Optima, LLC.

United States Department of the Naval Sea Systems Command, Navy Yard, Washington, DC JULY 2010 – FEBRUARY 2012

• Constructed and managed SharePoint website for multi-million dollar federal government enterprise client, NAVSEA.

• Conceptualized and formulated system technical specifications for SharePoint Document Center management.

• Provided technical expertise for media products including interactive press packets, videos and graphics.

• Prepared and developed online training guides, lesson plans, and related documentation for 175 employees.

• Managed Corporate Communications social media team to develop strategic communication plans.

• Systemized media content uploads using CSS and Javascript language processes.

• Created user interface which allowed users to create updates for applications. Worked closely with the executive team and end users to capture requirements. TRAINING

• Certified Information Systems Auditor (CISA) Review Course, ISACA

• CSAMv3 (Cyber Security Assessment Management) Training, Department of Justice, Washington, DC

• CSAM (Cyber Security Assessment Management) Training, Department of Justice, Washington, DC

• IT Security Standards Workshop, Department of Defense, Washington, DC

• Professional Affiliations: ISC2, ISACA, IEEE, PMI EDUCATION

JAMES MADISON UNIVERSITY, Harrisonburg, VA

B.A., Communication Studies, Cum Laude, 2010

• Concentrations in Organizational and Health Communications Studies

• Minors: Writing, Rhetoric and Technical Communications; Educational Technology and Media Design UNIVERSITÀ DEGLI STUDI DI FIRENZE, Florence, Italy

• Minor: Italian Studies, Semester Abroad Program, Fall 2008

Contact this candidate