Rachael Akintomide
Bowie, MD *****
Cell: 301-***-****
***********@*****.***
US Citizen
Professional Summary
IT professional with 4 years of experience, possessing working knowledge of Information Assurance, Risk Management Framework, Certification & Accreditation, FedRAMP, FISMA/NIST, Incident Response and Computer Security Disciplines. Excellent at planning, implementing and monitoring security measures for protecting computer networks and information.
Qualifications
Develop System Assessment & Accreditation (A&A/C&A) documentation in compliance with organizational standards.
Experience with FISMA Audit & Metrics and NIST SP 800 series
Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems.
Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A and NIST SP 800-53Rev.4.
Working knowledge of FISMA, RMF, CMMC, and FedRAMP Frameworks.
Excellent knowledge of vulnerability and monitoring tools – WebInspect, BurpSuite, Nessus, DBProtect, Acunetix, Splunk
Working knowledge of Python programming, R programming, and SQL programming
Education & Certification
UNIVERSITY OF MARYLAND, College Park, MD Spring 2020
Bachelor of Science, Information Science specializing in Cybersecurity
CompTIA Security + CE Active
CompTIA CySA + CE Active
Amazon Web Services Solutions Architect In Progress
Experience
GDIT 4/2021 - Current
Cyber Security Consultant
Key responsibilities
Providing enterprise-level advisory for clients on how to achieve cloud security requirements as part of migrations, greenfield builds, and/or existing environments.
Performing maturity gap assessments against client cloud and container environments,
Developing documentation including policies, procedures and plans including orchestrating discovery, interviews and structured data collection meetings.
Developing policies, procedures, and plans to help clients meet their FedRAMP, FISMA/RMF and CMMC compliance goals.
Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported.
Supporting management of client satisfaction at all phases of the client relationship.
Managed Security Control Assessment schedules for the client's systems to ensure system remain compliant with Confidential and Continuous Monitoring requirements.
Delivery team support, including identifying process improvements and training.
Developing methodologies, templates, whitepapers, work instructions, guidelines, forms, tools, blogs
Creating industry consistency and intellectual property for stackArmor products and services
Client work, including:
oDirectly working on client engagements, supporting delivery QA and subject matter expertise.
oDeveloping and delivering whitepapers and custom webinars/presentations.
oSupporting the management of client satisfaction at all phases of the client relationship.
oContinuous professional development in maintaining industry-specific certifications, building and maintaining a strong depth of knowledge in the practice area.
Planned Systems International
Information System Security Officer 1/2018 – 12/2020
Key responsibilities
Ensured proper system categorization using NIST 800-60 and FIPS 199; implement appropriate security controls for information systems based on NIST 800-53 rev 4 and FIPS 200.
Assisted in conducting security assessment interviews to determine the Security posture of the System.
Developed a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization to Operate (ATO), the Risk Assessment, System Security Plans, and System Categorization.
Conducted assessment on Management, operational and technical Security Controls.
Created, updated, and closed POA&M s in CSAM.
Assisted in review, maintaining, and ensuring all assessment and authorization (A&A) documentation included in the system security package.
Performed information security risk assessments and assist with the internal auditing of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and identified mitigation requirements.
Work with system owners to develop, test, and train on contingency plans and incident response plans.
Tests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.
Review and update remediation on plan of action and milestones (POA&Ms). Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M. Understand the software development life-cycle (design, develop, implementation, testing).
Analyze problems to determine technical solutions.