Information Systems System Security

CLARICE ASHONG-FAJANA **** Hogarth Court, Beltsville, MD 20705

*******@*****.*** TEL: 301-***-****

OBJECTIVE: To secure a position as a Cybersecurity Engineer / Cybersecurity Subject Matter Expert (SME)

Experience Summary

Results-oriented Cybersecurity Professional with over 15 years’ experience in IT analysis, planning, designing, implementing, and maintaining network security systems. Knowledge of Federal Government laws, regulations and standards regarding information assurance and cyber security, e.g., FedRAMP, FISMA, DoD, NIST, and OMB policies and guidelines. Knowledge of public/private cloud infrastructures, using Amazon Web Services which include EC2, S3, Cloud Front, Elastic File System, RDS, Lamdba, VPCs, Route53, Cloud Watch, CloudTrail, AWS Inspector, and IAM roles. Develop system security plans. Have extensive working experience with FISMA, FIPS 199, FIPS 200, NIST SP800-53, RMF, CMMC, NIST 171, and FedRAMP procedures and controls. Experience using NIST 800-53 Rev. 4/5 security controls and technologies to document SSPs, including Federal Risk and Authorization Management Program (FedRAMP) for Cloud Security guidelines and policy. Working knowledge of conducting and interpreting System Vulnerability Assessments using AWS Inspector, Nessus, Prisma Cloud Compute tools. Strong technical knowledge and experience in Networking engineering and TCP/IP, technologies, platform security technologies and practices. Working knowledge and experience with Microsoft Windows Server and Linux.

Security Clearance

Top Secret

EDUCATION/ CERTIFICATIONS

Bachelor of Science – Computer Studies, University of Maryland, College Park, Maryland

AWS Certified Cloud Practitioner (CCP)

Certified Authorization Professional (CAP)

Microsoft Certified Systems Engineer (MCSE)

Novell Certified Network Engineer (CNE)

Employment History

ECS Federal

Position Held: Information Systems Security Officer November 2021 – Present

Instrumental is assisting in preparing FedRAMP certification for cloud environment at CIA M/M/M Impact Level (IL) 4 for AWS environment.

Track and manage DISA Security Technical Implementation Guide (STIG) providing weekly status reports to ISSM and management.

Work closely with Cloud architects, engineering, and security specialists to ensure adequate security solutions and controls are in place throughout the enterprise, cloud systems and platforms to mitigate identified risks, and to meet business objectives and FedRAMP requirements.

Responsible for identifying, tracking, and reporting security vulnerabilities utilizing tools such as Prisma Cloud Compute and AWS Inspector and report to ISSM and management.

Conduct table-top exercises to training, assess, and expose weaknesses in organization’s incident response and contingency plan processes.

Lead and facilitate meetings with system owners, executive management, staff, and technical personnel to provide IT security guidance and establish/maintain information security standards and procedures.

CLARICE ASHONG-FAJANA Page 2

Evaluate and respond to alerts and events from tools such as Prisma Cloud SaaS, Splunk, Elastic Cloud, and Cylance, including tuning of tool configuration to minimize false positives, development of event response documentation and processes for System Engineers to follow for event actions, and escalating to appropriate teams.

Work with Configuration Management team to review update baseline configuration of information systems when significant occurs to the accreditation boundary.

Work closely with the System Engineering team to implement Trusted Internet Connection (TIC) 3.0 to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.

Plan, develop, and conduct vulnerability and compliance scans, contingency plan testing, and risk assessment within the enterprise. Analyze results to identify and mitigate risk to the enterprise.

Review and analyze information system audit records utilizing Splun for unusual or potentially unauthorized activity. Conduct investigations into activities which are in violation of system and organization security policies.

Worked on Supply chain risk management (SCRM) plan to address the implementation and monitoring of SCRM controls to support the organization's functions.

BAE Systems

Position Held: Information Systems Security Engineer February 2020 – October 2021

Provided oversight for Plans of Action and Milestones (POA&Ms) identified as part of system assessment and authorization process and scan results and facilitate their closure/remediation using Xacta.

Work closely with the System Administrators to ensure the system stays in compliance with regulatory compliance requirements.

Develop, maintain, and facilitate the appropriate closure of POA&Ms with the Point of Contacts (PoCs)/ISSO for any related remediation activities.

Ensure system security measures comply with applicable government policies.

Coordinate and interact with government and other contractor staff with technical understanding of systems and applications to ensure the A&A package is complete.

Ensure systems and applications A&A packages are complete and thoroughly documented in accordance with requisite federal requirements.

Ensure that all system security requirements are addressed during all phases of the information system lifecycle.

Manage all aspects of an organization's information security system to include researching, testing, training and implementing programs designed to safeguard sensitive information from any possible breaches.

OBXtek, Inc. - Department of State

Position Held: Cyber Information Assurance Engineer January 2013 – January 2020

Ensured all Security Authorization documentation is maintained and completed timely in accordance with the Department of State directives, policy and procedures and FedRAMP Authorization to Operate (ATO)’s for systems that provide IaaS, SaaS, etc.

Performs Security Authorization activities for Major Applications and General Support Systems, e.g., Risk Assessment, IA Control assessments, Security Plans (SP), creation of Plan of Actions and Milestones (POA&M), and Security Control Assessment (SCA).

Categorizes information systems using FIPS-199 to determine the types of information included within the security authorization boundary and used the results as basis to develop the SSPs using FedRAMP, select security control and determine the risk inherent in operating the system.

CLARICE ASHONG-FAJANA Page 3

Document and analyze significant and non-significant changes that occur on information systems and perform continuously monitoring on an ongoing basis in accordance with the organization’s monitoring strategy.

Assists System Owners and security support staff to develop and implement risk and threat mitigation strategies; providing assistance in identifying, reporting and resolving computer security incidents.

Knowledge Consulting Group – Department of Homeland Security

Position Held: Information Systems Security Officer December 2011 – January 2013

Implemented the Security Authorization process for major applications or general support systems, incorporating the application of a Risk Management Framework (RMF), to ensure that controls in place, being enforced and are compliant with ICE and DHS mandated security requirements.

Provided oversight for Plans of Action and Milestone (POA&M) identified as part of system certifications/authorizations, audits, and facilitate their closure/remediation with system/program area personnel.

Processed waivers/exceptions to address system POA&Ms that were unable to fully comply with ICE and DHS policy requirements within the specified timeframe.

Ensured security plans and other C&A documents (e.g., e-Authentication, System Categorization Forms, Contingency Plans and Security Plans, Privacy Impact Assessments) are maintained for all assigned Information Systems following DHS and ICE mandated procedures and tasks, such as using Xacta IA Manager, SecureInfo's Risk Management System (RMS) and Trusted Agent FISMA (TAF) tools.

Ensured the continuous monitoring of systems by providing oversight and monitoring of the security of the system on an on-going basis and inform the system owner and authorizing official when changes occur that may negatively impact the security of the system.

Provided support to DHS and ICE in the collection of FISMA metrics, security controls testing, preparing annual report, reviewing and analyzing security documentation, and updating security documentation.

Recommended and applied technology solutions which met the security control requirements specified by OMB Circular A-123, FISMA and NIST guidance.

Developed system security documents, including the Information Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance.

VPC Solutions - Department of the Navy, Pentagon

Position Held: Systems Engineer December 2003 – November 2011

Prepared associated documentation to include System Security Plans (SSP), Requirements Traceability Matrices, Security Test & Evaluation Plans (ST&E), Risk Assessments (RA), Contingency Plans (CP), Security Awareness Plans, Incident Response Plans, Memorandum of Understanding (MOU), and other Security Plans.

Performed Certification & Accreditation (C&A) assessments and/or pre-assessments for the Department of Navy Congressional Information Management Systems, ensuring that plans are executed, tracked and satisfactorily completed. Evaluate, monitor and audit multi-level systems. Support IA testing of new or modified systems to ensure compliance with applicable security requirements (primarily DIACAP).

Developed System Security Authorization Agreement (SSAA) and reviewed DITSCAP/DIACAP packages prior to submission to Certifying Authority.

Performed security services in the specialized security area of certification/accreditation to include performing a risk assessment, reviewing security documentation for completeness, and documenting findings of these activities.

CLARICE ASHONG-FAJANA Page 4

IBM GLOBAL SERVICES

Position Held: Network Management Professional February 1997 – November 2003

Provided technical support in a multi-networked environment with virtually no downtime resulting in an increase in overall employee productivity and improved communication.

Facilitated the implementation of server clustering to provide high availability and to perform load balancing for Domino-friendly applications.

Lead a special Notes Team that addressed many issues within the Lotus Notes/Domino Infrastructure.

Analyzed and re-engineered the existing Notes Network, to incorporate SNMP Management, clustering, Lotus Sametime, Domino Fax, Pager gateways

Deployed Notes R5 client and server to better develop web-hosting applications, generating over $2 million in income.

Established contingency guidelines for data recovery for both local and remote Notes servers in the event of a disaster. Tracked end-user problems using Remedy trouble ticket tracking system.

Performed compliance audits, participated in incident handling and assisted with investigations into security anomalies.

Contact this candidate