Risk Management Cyber Security

HABEEB-MOHAMMED A. ZAKARIYA

*****.*******@*****.*** 646-***-****

Columbus, Ohio

DoD-8570 Compliant: IAT Level II/IAM Level/IASAE I

US Citizen/Army

PROFILE

Technical Strengths: Up-to-date, diverse training and understanding of Cyber Security, Information Security and Risk Management. Knowledge of NIST SP 800-30, 800-37, 800-39, 800-53, 800-53A, 800-60.

Project Coordination and Teamwork: Highly productive in team environments as both member and team leader. Efficient in handling project priorities.

Communication: Able to communicate technical information in an easily understandable way. Recognized for relationship building with team members and clients.

Personal Attributes: Innovative problem solver, committed to goal achievements and dependable.

Skills

Compliance and Risk Control

Risk Management Framework

Incident Response

Experience with SDLC

Disaster Recovery Planning

Contingency Planning

Microsoft Suite Certified

NIST 800 Series

FIPS (199 & 200)

Education/Certification

●(CISM) Certified Information Systems Manager (ISACA)- Current

●(CSM) Certified Scrum Master, International scrum Institute- Current

●(S+) Security Plus, CompTIA- Current

●Microsoft Azure Fundamentals- Current

Bachelors:

Masters:

Work Experience

Aver LLC/ Department of Homeland Security April 2017-Present

Risk Management Framework

●Protects system by defining access privileges, control structures, and resources

●Have an understanding and knowledge of cloud cyber security guidelines (NIST) Responsible for paperwork compliance and review to ensure programs receive authority to proceed (ATO)

●Recognizes problems by identifying abnormalities, reporting violations

●Populated data templates mapping legacy data structures to targeted Business Structure.

●Implements security improvements by assessing current situation; evaluating trends; anticipating requirements

●Determines security violations and inefficiencies by conducting periodic audits

●Upgrades system by implementing and maintaining security controls

●Keeps users informed by preparing performance reports; communicating system status

●Maintains quality service by following organization standards

●Maintains technical knowledge by attending educational workshops; reviewing publications

United States Department of Agricultural January 2016 -April 2017

Deloitte Cybersecurity Analyst

●Perform assessments of systems and networks within the networking environment or enclave and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy.

●Provided day-to-day support for assessment and reconciliation of financial chargebacks between GSA (as a shared service client of USDA) and its customers, which also supported making recommendations to prevent future financial inefficiencies.

●Designed, prototyped, tested, and trained various stakeholders on use of basic and advanced financial system functionalities.

● Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems. Includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations, software research, hardware introduction and release, emerging technology research inspections and periodic audits.

●Assist in the implementation of the required government policy, make recommendations on process tailoring, participate in and document process activities.

● Perform analyses to validate established security requirements and to recommend additional security requirements and safeguards.

●Support the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.

● Document the results of Certification and Accreditation activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M.

●Periodically conduct a complete review of each system's audits and monitor corrective actions until all actions are closed.

Cyber Security Analyst March 2015 – January 2016

Booz Allen Hamilton

Risk Management Framework / C&A / Security Awareness

●Supported the Marines, Navy, and the Department of Defense in analyzing and assessing Network Cyber Security threats and vulnerabilities.

●Assisted System Owner and ISSO in preparing Authorization Package for Major/Minor Application systems, making sure that security controls adhere to a formal and well-established security requirement referencing SP 800-53 rev4.Collaborated with ISSO to review and analyze security vulnerability scan results and coordinating the remediation response with system security administrators/engineering teams.

●Conducted a variety of engineering tasks for the development, operation, and maintenance of complex technology systems.

●In coordination with other team members, we ensured that during the C&A process, the appropriate RMF lunch steps are taken in the implementation of the Risk Management Framework (RMF) throughout the complete process cycle, from the system categorization step through to continuous monitoring.

●Participated in Change Control Board (CCB) and Continuous Diagnostic and Mitigation (CDM) briefings/meetings with all client/system senior management.

●Conducted RMF first step kick off meeting, initial risk assessment and categorization of information security system into Low, Moderate and High system centered on Confidentiality, Integrity and Availability (CIA) of the information type referencing FIPS-199 and NIST 800-60.

●Prepared and produced e-authentication artifact identifying the appropriate authentication mechanism base on risk level (single or multifactor) referencing SP 800-63.

●Selected and draft security control baseline in accordance with SP 800-53 rev 3/ rev 4 and FIPS 200.

●Prepared security authorization (C&A) documentation including system security plan (SSP), Security Control Test and Evaluation (SCT&E), Security Assessment Report (SAR), Contingency Plan (CP) and other artifacts required for the ATO package, referencing SP 800-18, SP 800-30, SP 800-34 respectively.

●Supported the configuration management team that is responsible for the creation of system configuration baseline and implementing change process using SP 800-128.

●Initiated, updated, coordinated, and tracked the patching and remediation of security weaknesses as they are documented in the Plan of Actions and Milestones (POA&M).

●Updated, retrieved, and uploaded all necessary authorization related documentation into eMASS using approved templates and procedures.

●Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle (SDLC).

●Created and developed security documents and relevant artifacts to support FedRAMP compliant.

●Conducted Systems Risk Assessment through Risk Analysis, assessed the various assets within the systems authorizing boundaries and rigorously identified all possible vulnerabilities that exist within the system.

●Monitored and reviewed Information Assurance Vulnerability Management (IAVM) Alerts, Bulletins, and Technical Advisories to ensure patches were applied to assigned systems.

.

Help Desk Technician January 2014 -March 2015

Virginia State University

●Manage patients’ virtual charts, protect HIPPA standards, maintain daily performance for computer systems, mange Dentrix updates, and respond to emails regarding patients concerns.

●Provides phone, email, and chat-based support to over 200 users, troubleshooting, diagnosing, resolving and documenting hardware, software and network related technical issues. (i.e. Outlook 365, word), Edocs, iPhones and IOS systems)

●Work with Active Directory to build user network profiles (i.e. Ethernet or WIFI settings), reset passwords and unlock accounts.

●Install and configure software on desktop computers (e.g. anti-virus programs) including run repairs.

●Diagnose and resolve issues related to copying, printing, scanning to email on mid-volume multifunctional printers

Standards/ Controls/ Artifacts / Framework Awareness

Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, Security Assessment and Authorization, Compliance Testing, Vulnerability Scans, Risk Assessment, Change Management, Configuration Management, Contingency Planning; Policies and Procedures, Implementation; Intrusion Detection Systems, Incident Response, Media Protection, Physical Security, Computer operations, Environmental Security, Network Security, System Security, Personnel Security, SSP,E-Authorization, PIA, PTA, SORN, POA&,M,SAR, SAP, CMP,MOU,ISA. OMB Circular A-123 Appendix A, NIST 800-53, NIST 800 53A, FIPS 199, FISMA, FedRAMP, ISO/IEC 27002:2015(Information Security Management),

Technical Skills / Tools

Tools Proficiency: eMASS, Risk, MS Office, Tripwire, Microsoft Windows, Nessus, SharePoint, Google Docs, Windows server 2008/2012, Active Directory, DNS, IPS, IDS, VPN, IPsec, Wireshark, Brute Force, Software & Database, Microsoft Office Suites, XenMobile, ServiceNow, Remedy, Bomgar, Skype, Active Directory, Communication Protocols, POP3, TCP/IP, Telnet, Putty, Citrix, Google, Outlook

Contact this candidate