System Security Information

EVELYN AKITI

Lorton VA *****. Cell 703-***-****

***********@*****.***

PROFILE

An Information Security Analyst with a strong passion for the field and a keen eye for detail. With extensive experience in both Information Security, Assurance, and Networking, I possess a deep understanding of security control implementation and enforcement. I am able to proactively complete projects and assignments on time while working autonomously or in teams in a fast-paced environment. My excellent communication skills, combined with my professional and interpersonal skills, enable me to accomplish the mission, vision, and goals of any organization I work for. I have a solid knowledge of the NIST 800 framework, including NIST SPs 800-18, 800-30, 800-37, 800-53 & 53A, 800-60, FIPS (199 & 200), OMB, and FISMA regulations. Additionally, I have experience in Planning System Security Checklists and Privacy Impact Assessments. I am highly skilled in preparing reports on management, operational, and technical security controls for audited applications and information systems. With a commitment to staying up to date on the latest industry trends and best practices, I am able to provide effective solutions to complex cybersecurity challenges.

Summary of qualifications

●Over 5 years’ experience assisting in the performance of comprehensive assessments and reviews of management, operational and technical security controls for audited applications and information systems.

●Working knowledge in Risk Assessment, Risk Management Framework (RMF) which outlines the 6 Steps to Risk Management Process for Federal Information Systems in order to assist the business areas in completion of the Business Impact Analysis, and subsequent creation of Security Documentations like System Security Plan (SSP), Security Assessment Report (SAR) and Plans of Action and Milestones (POA&M).

● Experienced with Planning System Security Checklists and Privacy Impact Assessments

● Knowledgeable in HIPPA and FOIA

●Highly knowledgeable in performing Security Control Assessments (SCAs), preparing report on management and operational and technical security controls for audited applications and information systems

●Experience with NIST 800 SPs to include but not limited to NIST SPs 800-18, 800-30, 800-37, 800-53 & 53A, 800-60, FIPS (199 & 200), OMB, FISMA regulations

●Experienced with Performing Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders

●Experienced in Documenting and reviewing System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO)

●Experienced with Performing Security Categorization (FIPS 199), reviewing and ensuring Privacy Impact Assessment (PIA) document after a positive PTA is created

●Experienced with identifying and communicating security exposures and information security incidents

●Experienced with working face-to-face with multiple stakeholders, interviewing, planning, and participating in a team effort to bring multiple complex projects to execution in a highly motivated environment

●Have working knowledge of Windows OS, MS Office, Vulnerability Assessment tools (Tenable) McAfee VirusScan Enterprise, SharePoint, Excel, Tenable Nessus

EDUCATION

GEORGE MASON UNIVERSITY, Fairfax, VA

BSc. Business Administration – Minor: Information Systems,

NORTHERN VIRGINIA COMMUNITY COLLEGE, Alexandria, va

Associate of Science in Business Administration (2004)

certifications

●CompTIA Advance security practitioner (CASP+)

●CompTIA – Security + CE

Professional Experience

Manav Consulting Group (Feb 2020-Present)

Information Security Analyst,

●Conduct access control verification and secure highly classified information

●Worked with Certification and Accreditation team to conduct risk assessment; updated System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA), and Plan of Actions and Milestones (POA&M)

●Assist in developing NIST Compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses

●Updated Plan of Action & Milestones (POA&M) and Risk Assessment based on findings assessed through monthly updates

●Develop, document and review Security Assessment Plans (SAPs), Plan of Action and Milestones (POA&M) and Security Assessment Reports (SARs).

●Conduct kick-off meetings with SMEs, System owners and other assessors to identify the assessment scope, system boundaries information and confirm system’s security categorization

●Prepare and reviewed Authorization packages (i.e. SSP, SAP, SAR, POA&M etc.) for Moderate and High impact systems.

●Support the preparation of security test plans, execute and assess the security control effectiveness using security control test procedures, and create Security Assessment Reports (SAR) based on assessment findings.

●Conduct security controls assessment of applicable security controls to ensure compliance per NIST 800-53rev.4 requirements

●Conduct security control assessment integrating controls for FedRAMP cloud environments as well as on-premises data center security

●Assess internal threats, risks, and vulnerabilities from emerging security issues

Zenius Corporation (Nov 2018- Jan 2020)

Information System Security Officer,

● Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment.

●Devised solutions to operational problems within the capacity and operational limitations of installed equipment to ensure projects are in compliance with customer regulations.

●Followed operational process and procedures to appropriately analyze, escalate, and assist in remediation of critical information security incidents or issues.

●Protected the firm's business information and any client information within its custody by safeguarding its confidentiality, integrity and availability.

●Monitored the organization's IT system to look for threats to the security.

●Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)

●Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy

●Monitored and submitted internal progress reports to leadership & community partners

●Developed regular communication with contract managers for program

Synergy Solution (Nov 2017- Oct 2018)

Jr. Information Security Analyst,

●Supported all Assessment & Authorization (A&A) phases and processes using NIST SP 800-37 guidelines

●Developed, review, and update A&A packages which include core documents such as Information Security System Policies & Procedures, System Security Plan (SSP), Plan of Action & Milestones (POA&M), Security Assessment Report (SAR), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), E-Authentication and Security Baselines in accordance with NIST, FISMA and company guideline policies

●Executed security control assessments by examinations, interviews and/or test procedures in accordance using NIST SP 800-53A

●Prepared and submit Security Assessment Plan (SAP) to CISO for approval

●Participated in Assessment Kick-off meeting with ISSO, SO and System Stakeholders

●Create and update Requirement Traceability Matrix (RTM) to document the assessment of the Information System Security Controls and artifact collection using NIST 800-53A as guidance

●Utilized SIEM tools such as Splunk to detect and manage security events

●Reviewed security controls and provide implementation responses as to if/how the systems currently meet the requirements

●Conducted network infrastructure scans for vulnerabilities and compliance using automated scanning tools like Nessus Tenable vulnerability scanner

●Developed Security Assessment Report (SAR) post assessment; develop and document system findings and vulnerabilities in the Plan of Action & Milestones (POA&M)

●Conducted risk assessment ensuring measures raised in assessments were implemented in accordance with the system’s risk profile, and root-causes of risk were fully addressed following NIST 800-30 and NIST 800-37

●Developed and review Risk Assessment Report (RAR)

●Provided a plan of Corrective Actions to mitigate system vulnerabilities discovered post Information System assessment

Technology summary

●Software: Microsoft Office Suite 2010 such as Excel, Outlook, Power Point, Project, Visio, Word

●Storage Tools: Splunk, CSAM, SharePoint, ServiceNow

●Knowledgeable and Experience with: FIPS, NIST Standard, FISMA,

●System Security Monitoring, Risk Assessments, Audit Engagements, Testing Information

●Technology Controls, Developing Security Policy Procedures & Guidelines, SSP, ST&E

Contact this candidate