Cyber Security Risk Management

Jeremiah Williams

Jacksonville, FL ***** 904-***-**** adyea2@r.postjobfree.com Linkedin

Cyber Security Professional

Certifications:

CompTIA Security+ (SEC+) CompTIA Cybersecurity Analyst (CySA+)

CompTIA Advanced Security Practitioner (CASP+)

Experience:

Strong analytical cyber security analyst with strong leadership capabilities with experience solving complex security problems across the full gamut of the system development life cycle. Adept at performing risk analysis, conducting vulnerability scans, and creating effective risk mitigation solutions relating to vulnerability findings and cyber security best practices in all types of Cyber Security environments.

Work History

RMF Systems Steward, 11/2022 to 09/29/2023

9th Way insignia

Progress Veteran Affairs systems through all steps of RMF to receive an ATO.

Developed processes, procedures, templates, and training materials aligned with NIST Risk Management Framework (RMF) to support Veteran Affairs efforts.

Managed complex system records using the Enterprise Mission Assurance Support Service (eMASS) application.

Perform detail-oriented system documentation and collaborate with system owners and ISSOs to execute ATO support duties.

Upload security control artifacts/evidence to the GRC application to support security implementation.

Perform security control assessment using NIST 800-53A

Ensured that all areas of non-compliance and risks are documented in well formed POA&Ms in a timely manner.

Information Systems Security Analyst, 03/2021 to 11/2022

TEKsystems – Jacksonville, FL

Knowledge and implementation of security risk management frameworks and compliance practices for healthcare systems.

Managed Airforce Civil Engineers Center (AFCEC) vulnerability management program.

Conducted periodic reviews and working with other teams to improve periodic review processes.

Diligently push workflows through Governance & Risk Management Framework process, to include access control, physical security, security architecture design, network security, application, operational security, and incident response.

Maintain Governance, risk, and compliance to ensure that policies, standards, procedures, and activities are in alignment with larger business, IT, and regulatory requirements with eMASS.

Monitors and reviews strategies, doctrine, polices, and directives to validate user compliance.

Implement risk management programs for our federal clients by utilizing NIST 800-53 and RMF frameworks.

Maintain Plan of Action & Milestones (POA&Ms) through the remediation and Mitigation efforts.

Information Security Analyst/Incident Responder, 09/2020 to 03/2021

Defense Commissary Agency – Fort Lee, VA

As part of Cyber Security Incident Response Team, I was tasked to give our clients expert support, analysis, and explanation of information security events. This includes performing investigating events, analysis of firewall logs and logs from other security appliances for the Defense Commissary Agency.

Performing real-time analysis and correlation of logs/alerts from multiple device types and vendors devices like Firewall & IDS/IPS to make determination as to the threat level and client impact of the alerted activity.

Performed detail analysis and investigation of security events requested by clients using both open-source and proprietary threat intelligence/ vulnerability information.

Responsible for collecting, researching, and analyzing possible attacks and attack vectors from various intel related tools, hence creating a threat profile making attack surface area reduced while handling day to day threat analysis and SOC operations Defense Commissary Agency.

Enterprise Computing Specialist, 10/2017 to 09/2020

22nd Century Technologies – Jacksonville, FL

Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.

Developed plans to safeguard computer files against modification, destruction, or disclosure.

Work on multiple projects concurrently, monitor the status of tasks and escalate issues when appropriate for integration.

Conduct periodic IT risk assessments with SOC and reviews IA controls for any vulnerabilities.

Information Technology Specialist, 10/2013 to 10/2017

United States Army – Various

Maintained information systems, networks, and applications.

Carried out all tasks related to network administration and security elements, confidentiality, integrity, and availability.

Performs periodic vulnerability assessment scans.

Core Competencies

•Familiarity with Policy standards such as RMF, PCI-DSS, HIPAA, FIPS 199-200

•Security tools: SIEM, Vulnerability scanning and Management.

•Incident handling, Packet analysis Threat Detection and Response, Incident Response

•Information Security

•Cybersecurity

•Security Analysis

•NIST Standards 800-53, 800-60

• Governance, risk, and compliance (GRC)

•Network Monitoring

•Active Directory

Education

ACI Learning - Network Specialist:

Part 1, teaches learners how to install, run, configure, and verify a basic IPv4 and IPv6 network. The training includes configuring a LAN switch, configuring an IP router, connecting to a WAN, and identifying basic security threats.

Part 2 provides entry-level network administrators, network support, and help desk technicians with the knowledge and skills needed to install, configure, run, and troubleshoot a small enterprise network.

Contact this candidate