Information Security Technology
Resume:
Faimafili Monaghan
** *** ***** **., **** E, Nashua, NH 03062 207-***-**** *********.********@**.***, & ********@*****.**.***
Outstanding, motivated, committed, and team-oriented information security, technology, and assurance, and proven professional leader with over 14 years of experience in cybersecurity and 30 years in the information technology field. Technical expert and knowledgeable in information security, information technology and management, project management, security controls, and talent to quickly learn and adapt to new technologies. Seeking a challenging and functional role in technical management and implementation in cybersecurity or information security management to assist organizations with operational and technical procedures and policies. Willing to relocate to the position's location.
Professional Background
Innovative information system security and cybersecurity experience going on 15 years. Customer support, continuous monitoring, and security of over 2800 users, 3700 devices, and over 100 websites. Applies functional knowledge of approach to protect and identifying risks, security, security control of threats and weaknesses in organizational infrastructure and remediation actions of defense. Information systems and technology and project management with law enforcement stakeholders for 23 years with experience in project development lifecycles, supervision of 6 employees, and systems administration of multiple systems and business processes, with 30 years of technical expertise and management of implementation, maintenance, enhancements, bench-top diagnosis and repair expertise, procedures, and experience in information technology strategies, developments, implementation, enhancements and coordination. History of developing collaboration on existing organizational information security systems and technology infrastructure to improve practices within information system security, new technology-based initiatives, expanding services, support new policy and procedures for maintaining organization security posture, and information available to cybersecurity. Agility ability to adapt to alignment with organization procedural and security requirements. Effective communications skills, attention to detail, and customer service support to all customers, business owners, contractors, and stakeholders.
Professional Experience:
VETERANS AFFAIRS MEDICAL CENTER, TOGUS, ME 08/04/2019- PRESENT IT SPECIALIST (INFOSEC) ISSO GS-12 40 HOURS PER WEEK
• Establish the information security program, ensuring confidentiality, integrity, and availability of data, information systems, and networks for the medical center and regional office's physical infrastructure for the business requirements and the benefits administration office.
• Advise local stakeholders, customers, and contractors of potential risks and vulnerabilities and suggest possible remediation.
• Confirm that the security weaknesses identified in external and internal audits are documented, mitigated, or residual risk acceptance.
• Provide administrative support to the facility Area Manager in completing system artifacts, risk-based decisions, after-action reports, memorandums of understanding, interconnection security agreements, ESECC requests, local policies, and audit preparations. 2
• Participate in the accreditation process, entailing preparation and review of all system artifacts.
• Conduct and implement, coordination and continuous monitoring activities daily, weekly, bi- weekly, monthly, quarterly, semi-annual, and annually.
• Assist with formulating contingency, disaster recovery, and incident response plan to include testing as part of the local business continuity team.
• Investigate all information security incidents and ensure mitigation or corrective actions are in place and are completed.
• Assess and responded to security incidents to determine the impact and initiate remediation/corrective actions as per VA Handbooks 6500 and 6500.2.
• Serve as an advisor to verify compliance with federal information security regulations and VA security policies and guidance NIST Security Frameworks and VA Handbook 6500 throughout the security control implementation process. Review new
• Assist in determining security control appropriate for the security categorization level of the system compliance to NIST SP 800-53 Rev 4 & 5.
• Take appropriate measures to protect and resolve significant breaches/issues and elevate them to higher Information Security Service levels.
• Perform follow-up action(s) to ensure suitable corrective actions are accomplished and closure recommendations for maintaining security posture.
• Validate that security is implemented and operating effectively throughout a system's life cycles.
• Monitor and track controlled access programs to ensure the implementation and viability of appropriate system security policies and the acquisition of IT security tools.
• Conduct vulnerability analysis and risk assessment studies of planned and installed information systems to assure that local Automated Information Systems (AIS) security plans and policies established are adequate for protection needs and comply with required statutes.
• Facilitate and coordinate the gathering, analysis, and preservation of evidence used in addressing security violations.
• Review research devices, mobile devices, and databases of cybersecurity standards and security features according to FISMA and VA HB 6500 requirements, security, and compliance.
• Collaborate with facility Area Manager (AM) or Information System Owner (ISO) to develop facility-level policies and enterprise SOPs procedures addressing securing and risk assessments to ensure information security controls are in place for protection.
• System Steward role in eMASS of updating system security controls and Control Correlation Identifier (CCI) with artifacts and test results. Update and monitor the implementation of Risk Management steps throughout the area and systems life cycles. Update inheritance and run analysis reports for continuous monitoring. Conduct eMASS monthly and quarterly processing of POA&Ms with new milestones by obtaining evidence, updating artifacts, test results, and reviewing risk assessments to ensure security control compliance as per VA Directive and HB 6500. Collaborate with AM and ISSO regarding POA&M, CCI, and risk management for maintaining security posture.
• Preparation, gathering evidence and collaborations with AM & teams for Area Maine in preparation for the upcoming 5-19-2025 ATO process. 3
• Serves as the System Steward role in eMASS for Area Manchester, NH with collecting evidence, creating POAMs and collaborating with AM & teams of system vulnerabilities and remediations for the upcoming 05-21-2025 ATO process.
• Obtain Nessus scans in recognizing and identifying vulnerabilities for actionable on a monthly and quarterly basis.
• Utilizing custom tools such as SharePoint, Power BI, and SQL reporting as indicators of area system performances for reporting and monitoring.
• eMASS ISSO role for the TriZetto CMX-E, a critical enterprise system to provides oversight with verifying and reviewing of the project's critical security controls reviews quarterly, and risks management for continuous monitoring. Collaboration with the customer, business owners, and contractors to maintain risk management and ensure organizational security posture.
• Obtained a 100% report card for a three ATO for Area Maine in May 2022.
• Perform continuous monitoring activities daily, weekly, bi-weekly, monthly, quarterly, semi- annual, and annually.
• Foster a culture of end-user security awareness training and education through initiatives such as new employee orientation, newsletters, bulletins, and interactive information security events.
• Implement programs to ensure that data users know, understand, and adhere to OIS policies and procedures. Advise users to exercise caution when receiving emails from untrusted or unsolicited sources.
• Serve as Network 1 primary subject matter expert on contractor PKI, Intranet, media sanitization, privacy/HIPAA, VBA issues, and standard operating procedures.
• Provide support and knowledge of phishing assessments and tactics to protect VA users against targeted intrusions and prevent a single point of failure between sensitive medical records, applications, devices, and end-user.
• Participates and advises the local medical research in discussions to ensure security is being implemented during all phases of new research protocol requirements per VHA Directive 1200.5.
SOUTHERN MAINE COMMUNICTY COLLEGE, SOUTH PORTLAND, ME 6/01/23 - PRESENT ADJUNCT PROFFESSOR, INFO TECHNOLOGY CYBERSECURITY DEPT
• Developing course syllabus for computer forensics course.
• Responsible for teaching computer forensic course contents, discussions, quizzes, and labs
• Lectures and labs are delivered online.
• Weekly reading, discussions, quizzes, and InfoSec labs to assist the students in developing a feel of realistic understanding of basic forensic evidence acquisitions, situations and issues that arise from applications or tools used to obtain evidence.
• Answering questions and providing additional support for students
• Calculating and submitting grades for students
• Collaborating with department chair to create coursework or support the department.
• Following expectations and protocols for the department
• Conduct research and stay current in cybersecurity, NICE Frameworks, and forensic field. 4
CITY OF PORTLAND, PORTLAND, ME 06/2011- 8/2/2019
OPERATIONS MANAGER/MIS ADMINISTRATOR 40 HOURS PER WEEK
• Continued as system administrator, collaborator and assisted on the multi-agency RFP for new CAD and RMS systems with Portland, South Portland, and Cape Elizabeth Public Safety and Fire Departments.
• Technical expert in identifying, implementing, and monitoring citywide data backup retention, recovery with an onsite premise, and Azure cloud backup using the Unitrends application package as risk management to minimize data loss.
• System Administrator duties to protect risks assessments with Google Suite to be HIPAA, Fed Ramp, and CJIS compliant.
• Professional technical advisor and supervision of six employees with the approach in protecting access risk management and implementing controls within planning and budget to ensure it meets the technology projects and identified organizational goals.
• Coordinate verified and ensured all system applications were being backed up on-premises and cloud.
• Assessed security controls and risks within IT infrastructures with current software and hardware system security and established policies, procedures, and documentation for cybersecurity portfolio.
• Participate in procurement and acquisition support for the Portland Police Dept contracts.
• Assessed, identified, applied patches and tested the effectiveness of tools and configurations and created test environments to oversee software and hardware applications and tools enhancements for technology innovation and growth.
• Reviewed SOPs, policies and researched and executed a Cybersecurity program in 2011 for PD and the City.
• Implemented and monitored KnowBe4 social engineering application with monthly phishing campaigns and utilized Dark Trace to monitor 2500 devices of the network asset traffic with network connectivity.
• Managed and oversaw IT Operation, created, implemented, and revised SOPs of computer equipment and security processes and procedures for multiple applications.
• Collaborated and assisted with the implementation of the Fire-EMS Image-Trend application for the Portland and Cape Elizabeth Fire Dept project.
• Created a partnership with the State of Maine and the FBI to oversee CJIS audits of all security systems and applications in compliance with CJIS guidance and all submittals of UCR, NIBRS, and NIFR.
• Fostered communication and collaboration for system updates and maintenance of Maine Statutes and MEJIS offenses within the local RMS from the State of Maine. PORTLAND POLICE DEPARTMENT, PORTLAND, ME 08/1997 – 06/2011 MIS ADMINISTRATOR/SYSTEMS ANALYST 40 HOURS PER WEEK
• Accountability managed and maintained a 24/7 system administrator of PD applications and all LAN/WAN network connectivity that serviced 250 local users and 360 devices.
• Managed, maintained, and monitored all PD systems and server configurations.
• System owner, administered, supervised three employees with tested, and monitored daily activities of the network servers while providing user training and support.
• Technical expert that budgeted, administrated, applied patches, PTFs, managed, and maintained existing network infrastructure and parameterized all software and hardware applications from SCO-Unix, Linux/Informix, IBM AS400/HTE, CAD, RMS, FMS, Mobile, and Body camera.
5
• Configured, managed, applied patches and maintained Oracle server and databases for Mobile Field Reporting application.
• Developed policy support to ensure all security systems are operational with updated standards, and guideline documentation.
• Interfaced with City, State, and local departments on an advisory committee to assess critical computer issues (hardware, software, training, service, people, and budgets), project management, improvement in operations, systems, database integrity, and MIS reporting in compliance with all FBI audits conducted by the State of Maine. Accomplishments:
• Administered, built, managed, migrated, and upgraded the Portland PD from a non-existence network by installing fiber between PD, City Hall, and Cumberland Courts & County Jail for connectivity and CAT 5/6 cable environment and utilizing TC/IP protocol to connect LAN/WAN networks and communication infrastructures projects.
• Established connectivity from external Community Police locations using secure VPN connections to our local LAN environment.
• Configured and implemented a VPN secure connection of the PD WAN and wireless mobile solutions for public safety applications.
• Implemented and maintained the dispatch center's consolidation project and hardware for Portland, South Portland, and Cape Elizabeth Police and Fire Depts into the Portland Dispatch Center.
• Set up and executed a frame relay line connection for secure mobile environment connectivity and accessibility.
• Implemented and maintained PD mobile infrastructure with secure wireless connectivity.
• Directed, managed, and implemented hardware and software installation, configuration, maintenance, and monitoring of information and data systems: o Window and SCO-Unix servers, switches, routers, firewalls, racks and cabling to establish internal, external and VPN connectivity to the Cumberland Jail, Cumberland Courts, and Maine State network.
o Migration of IBM AS400 platform in 1998 for existing public safety applications and maintained archive data from SCO-Unix Informix database and systems. o Ten local users on a GUI/Naviline for IBM AS400/HTE Financial module. o Implementation of Netware/Novell email and Internet access for all PD users. o WAN/LAN NT Server environment of 10 workstations connectivity to the ME State, National DMV using Omnixx/Datamaxx software.
o Established WAN connectivity for MDEA, court officers, and Spillman, imaging system for the County Mug Shot database and fingerprinting interface (AFIS). o Intelligent software for CID and crime analysis called SWIN for State and FBI accessibility.
o Implemented and managed Active Directory and Citrix environment and end-user training for Public Safety users.
Education:
Master of Science in Cybersecurity
High Honors: Summa Cum Laude
University of Maine, Augusta, Maine
6
Relevant coursework: Cybersecurity real world engagement, Cyber Laws, Polices and Ethics, Ubuntu, Kali Linux, Nmap, Network Security Management, Cybersecurity Investigations and Forensics, Database and Application Security, and Cybersecurity Operations. BS in Technology Management and Minor in Cybersecurity Honors: Magna Cum Laude
University of Southern Maine, Portland, Maine
Additional Skills
• MS Office 365 Package, SQL, Java, C++, Linux, KnowBe4, Darktrace, McAfee EPO, Ubuntu, Kali Linux, Metasploit, Project Management in Cybersecurity, Axiom, and Forensic Investigation.
• IBM/AS400, Unix, Oracle, SQL Server, MS Server (NT/2000/2003/2008/2012), Citrix, Active Directory, Unitrends Systems and Backups
References:
Michael Raffanello, ISSM – Supervisor – 860-***-****, 213-***-****; *******.***********@**.*** Mary Ballard, ISSO – 603-***-****, 603-***-****; ****.*******@**.*** Andrew Cook, Area Manager – 207-***-****, 207-***-****; ******.*****@**.*** Tim Burton – Former Supervisor – 432-***-****; **************@*****.*** Tom Joyce – Former Co-worker - 207-***-****; ******@******.***
Contact this candidate