Deborah Martins

Silver Spring, MD ***** Cell: 240-***-**** Email: adzay8@r.postjobfree.com

I am a dependable, accomplished, ambitious, and highly motivated Information Technology (IT) professional with over 10 years’ experience leading the support and success of various organizationally-defined IT initiatives. I have a unique and comprehensive understanding of multiple IT principles and disciplines which include IT management, information systems cybersecurity, and information assurance Hands-on experience in implementation of the Plans of Actions and Milestones / Corrective Action Plans, as well as remediation of the documented threats and vulnerabilities. An expert in the field of risk-based certification and accreditation using various flavors of the State, Federal, as well as International Cybersecurity frameworks (e.g. NIST RMF, FedRAMP, HIPAA, PCI DSS, ISO 27001, SOX, COSO/COBIT etc.). I have a history of being accountable for several highly-visible, multi-million-dollar projects in support of various agency missions; and, I thoroughly enjoy supporting organizations I work for, and customers alike.

PROFESSIONAL EXPERIENCE

Deloitte May 2021 to Present

Senior IT Security Consultant, ~ Rosslyn, Virginia

Advise and provide guidance to the Enterprise Services ISSO on security, risk assessments, and network assessment best practices.

As security SME on the team, to support annual security control assessment finding remediation, OIG, GAO and support during PI planning with prioritization of security task and features through SDLC.

Provide strategic direction for how system and infrastructure security is handled at Enterprise Services supporting the Department of Commerce.

Maintain and update infrastructure and system documentation such as System Security Plans, Standard Operating Procedures and Continuous Monitoring Plans.

Attend and organize daily and weekly security related meetings with Information System Owners and vendors to discuss system security status.

Utilize CSAM Governance Risk and Compliance (GRC) tool, to access artifacts and security documentation for FISMA systems.

Provide guidance to implement security measures related to Data, hardware, and Software.

Apex Incorporation Oct 2020 to Apr 2021

IT Security Compliance Analyst, ~ District of Columbia

Participate in all steps of the Security Authorization and Assessment process for FISMA systems.

Deliver all required documentation using the current DHS approved templates, forms, regulations, and methods.

Continuously update all documentation as required.

Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.

Review and validate all relevant NIST 800-53 and DHS 4300B Security Controls and/or applicable departmental policies for each IT system assigned.

Ensure software installed in the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.

Perform oversight of compliance with Vulnerability Alerts.

Review and validate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System prior to authorizing closure. Proper documentation to support the POA&M lifecycle shall be filed and updated as required, including well documented waivers and exceptions detailing the potential risk to the Authorizing Official.

Perform in depth reviews of logs and other artifacts for each IT system.

Provide, track and report security requirements throughout the project life cycle of all projects that are within the accreditation boundary of assigned systems.

Work closely with Office of the Chief Information Security Officer (CISO) to provide guidance and oversight for all requested initiatives.

Provide timely and detailed responses to all data calls.

Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each IT system.

Coordinate with and brief Federal staff on all activities pertaining to each IT system as requested.

Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System.

Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system to reflect the approved state of each IT system.

VMD CORP Oct 2018 to Oct 2021

IT Security Compliance Analyst, ~ District of Columbia

Prepare security documentation for systems in preparation of ATO such as PTA (Privacy Threshold Analysis) and PIA (Privacy Impact Analysis) in the event PII is located in system.

Communicated with System owners to get proper understanding of their systems, Identify the system POCs and also discuss scope of the assessment.

Interviewed process owners for each control for consistency.

Collaborated with stakeholders to ensure the identified weaknesses from vulnerability scans are remediated in accordance with agency defined remediation time frames.

Review the Plan of Action and Milestone (POA&M) with identified weaknesses, timelines, milestones and point of contacts for each IS based on findings and recommendations from the SAR

Review security policy documents and make recommendations on documentation compliant.

Utilize CSAM data repository tool to access artifacts and security documentation for system

Voting member of the Change Control Board (CCB) with the goal of ensuring all changes made IT enterprise are well-defined, and within the standards required to help warrant change success.

Inscope International Mar 2014 to Sep 2018

IT Security Specialist, ~ Silver Spring, MD

Provided security analysis, technical support and assist with the development of new The National Environmental Satellite, Data, and Information Service (NESDIS) security policy directives.

Conducted IT Controls risk assessments to identify system threats, vulnerabilities and risk and generated reports.

Developed Security Assessment Plans and Conducted Security Test and Evaluation (ST&E) per NIST SP 800-53A.

Facilitated kickoff meetings as well as briefings with system stakeholders throughout the IT Security Control Assessment process.

Developed Security Assessment Reports detailing assessment findings along with recommended mitigations.

Worked with stakeholders to ensure the identified weaknesses from vulnerability scans are remediated in accordance with NESDIS defined remediation time frames.

Provided support to NESDIS management to implement the Continuous Diagnostics and Mitigation (CDM) program across NESDIS.

Created standard templates and policy guidance documents to key stakeholders (ISSO, ISO).

Collaborated with NESDIS Federal security managers to develop enterprise-wide solutions for security issues

affecting NESDIS.

GAMA-1 Technologies Jan 2013 to Mar 2014

IT Security Specialist, ~ District of Columbia

Managed the information security function in accordance with the established policies and guidelines.

Established and maintained information security policies, procedures, and guidelines pursuant to NOAA, as well as, State and Federal laws and regulations such as the Federal Information Security Act (FISMA), Office of Management and Budget (OMB) memorandums, and Department of Homeland Security (DHS) Binding Operational Directives.

Assessed security and privacy controls using the NIST SP 800-53A publication guideline.

Reviewed security policy documents and make recommendations on documentation compliant.

Conducted and performed continuous monitoring pursuant to NIST Guidelines requirements.

Provided impact analysis for updates and version changes required by the NIST Security Publications and FISMA Notices.

Responsible for tasks related to the system Assessment and Authorization (A&A) and followed the Government IT security policies and standards.

Hubbard Radio Nov 2010 to Jan 2013

Help Desk Support, ~ Bowie, Maryland

Provided first level contact and conveyed resolutions to customer issues.

Provided excellent customer service, perception, and satisfaction.

Responsible for entering time in ticketing system as events occurred.

Documented internal processes and procedures related to duties and responsibilities.

Followed up with customers, provided feedback and saw problems through to resolution.

ADDITIONAL INFORMATION

EDUCATION

Missouri State University, Missouri // United States

Information Assurance (IA): Cyber Security

Bowie State University (BSU), Maryland // United States

Bachelor of Science (BS): Computer Networks and Cyber Security, Magna cum Laude

(GPA: 3.89), Graduated 2013

CERTIFICATIONS, PROFESSIONAL TRAINING, & CERTIFICATES

Project Management Professional (PMP)

Certified Information Security Manager (CISM)

CompTIA Security+ Certification

Scrum Alliance Certified Scrum Master

Centers for Creative Leadership’s Leadership Development Program (CCL - LDP)

CAP: Certified Authorization Professional Training. Nov 2018

Information Assurance (IA) Fundamentals Mar 2012

SKILLS and AREAS OF EXPERTISE

Leadership, Strategic Planning, Project Management, and Information Technology Solutions:

Strive to be an effective leader by promoting honesty and integrity into team philosophy for all work efforts; delegating, coaching, and empowering team to be the best they can be whilst always seeking the highest moral action (HMA).

Manage, plan and coordinate efforts in a strategic fashion by understanding the mission, having a vision,

Efficient at using Microsoft Windows/Office Suites ~ Word, Excel, PowerPoint, Outlook, Project, and Visio as well as Google’s Suite of Office and professional products.

Experienced in establishing Portfolio – Program - Project Management Plans, Work Breakdown Structures (WBS), Agile, Scrum, and Kanban methodologies.

REFERENCES

Furnished upon request.

Contact this candidate