Security Analyst Information

DAMON PAGE, TS SCI CI/POLY

Upper Marlboro, MD 301-***-**** *****.******@*****.***

IT SECURITY INFORMATION TECHNOLOGY CYBERSECURITY

As a Senior Information Security Analyst with experience in Governance, Risk, and Compliance (GRC), Security Incident and Event Management (SIEM), and Cyber Threat Analysis, I have a proven track record of safeguarding sensitive information and minimizing organizational risks.

CERTIFICATIONS

CompTIA CYSA+ CE Certification

CompTIA Security + CE Certification

PROFESSIONAL EXPERIENCE

Cyber Incident Manager

Kavaliro 10/2024-Present

•Collaborate with technical teams to investigate, understand, and resolve incidents effectively.

•Coordinate with IT, security, and cross-functional teams to ensure a cohesive and effective incident response.

•Respond promptly and efficiently to incidents, ensuring a swift resolution to minimize the impact on operations.

•Maintain detailed incident records for auditing purposes and to support ongoing analysis and improvement efforts.

•Design and implement comprehensive incident management procedures and workflows to enhance response efficiency.

•Conduct daily briefings with stakeholders to address computer security incidents and ensure adherence to vulnerability compliance standards.

Password Safe Administrator

XMS Solutions Inc 12/2023-7/2024

•Monitor and record live sessions in real time and pause or terminate suspicious sessions.

•Control privileged user accounts, applications, SSH keys, cloud admin accounts, and RPA accounts.

•Use adaptive access control for automated evaluation of just-in-time context for authorization access requests.

•Restrict access to critical systems, including assets and applications, to protect them from potential insider threats.

•Scan, identify, and profile all assets for automated Password Safe management, ensuring no credentials are left unmanaged.

•Enable a searchable audit trail for compliance and forensics and achieve complete control and accountability over privileged accounts.

Senior Info Security Analyst

Apex Systems 12/2022-7/2023

• Performed control writeups and briefed organization stakeholders on assessment results.

•Implemented the RMF process to identify, assess, and mitigate risks to information and systems.

•Developed and maintained security documentation (e.g., security plans, contingency plans, incident response plans).

•Participated in security reviews and audits to ensure compliance with regulatory requirements (e.g., NIST, FISMA).

•Conducted security control assessments to ensure compliance with regulatory requirements and industry best practices.

•Collected Operation and Maintenance artifacts continuously so that Security Control Assessment (SCA) is seamless.

•Analyzed security-related events and incidents to determine the root cause and make recommendations for corrective actions.

•Assisted CES personnel by implementing and assessing FRCS security controls and registering systems in eMass with necessary artifacts to attain ATO.

Senior Governance, Risk, and Compliance Analyst (GRC)

TEKsystems Inc 03/2022-12/2022

•Maintained accurate and complete governance, risk, and compliance documentation.

•Coordinated with team and client to review and sign off the InfoSec process policy guidelines.

•Assisted application/business unit teams with privileged accounts on-boarding into Thycotic Secret Server.

•Conducted risk assessments to identify potential risks impacting the organization's operations and objectives.

•Interpreted pen test reports to evaluate the effectiveness of the organization's policies and procedures related to governance, risk, and compliance.

•Demonstrated understanding of risk and change management, security policies and controls, user account life-cycle management, and role-based access.

Cyber Threat Analyst II

Athena Technology Group 08/ 2019-01/2022

•Collected, processed, and analyzed threat data from multiple sources.

•Provided recommendations to mitigate risks and improve the organization’s security posture.

•Identify undiscovered attacks using information and threat intelligence focused on the proximate incident.

•Utilized the MITRE ATT&CK framework to understand and analyze intrusion set tactics, techniques, and procedures.

•Assisted with developing an information security continuous monitoring strategy to help maintain ongoing awareness of information security.

•Performed risk assessment across the entire network, including hardware and software systems using Security Incident and Event Management (SIEM).

•Support gathering and utilizing Publicly Available Information (PAI) and Open-Source Intelligence (OSINT) regarding adversary and audience segment activity.

•Leverage Gabriel Nimbus, the Army's Big Data Platform, to conduct an in-depth analysis of aggregated data spanning the entire enterprise network, enabling informed decision-making, and driving strategic initiatives.

Cyber Transport Tech

Air Force National Guard ` 07/2010-2023

•Safeguards the network systems by creating and applying policies and monitoring access.

•Troubleshoot problems with a variety of computer operating systems and hardware configurations.

•Applied communications security programs to include physical, cryptographic, transmission, and EMI.

•Performs diagnostics: Troubleshoot system issues, documented help desk tickets, and resolutions, and maintains equipment.

•Ensures the quality of systems operations by communicating with all levels of systems users and offering assistance and direction as needed.

Network Analyst/System Admin II

Information Management Group ` 05/2019-08/2019

•Provided reach-back support on the Trojan network for national and joint intelligence Signals Intelligence (SIGINT).

•Worked directly with network engineers to solve network connectivity issues to the Trojan network. Actively monitored network and terminal operations to ensure connectivity and availability.

•Connected Trojan network users with satellite engineers for circuit management support.

•Created trouble tickets using Remedy. Supported networking technologies, software, systems, and services to develop technical solutions and kept abreast of vendor products and services commercially available in the marketplace. Developed and generated conceptual, logical, and physical network architectures, resulting in documents and drawings, testing analyses, test plans, and risk assessments to ensure sound architecture.

Information Systems Security Officer

Soft-Tech Consulting 10/2017-09/2019

•Supported and maintained computer resources, backups, and systems at 99.9 percent operational readiness.

•Ensured effectiveness of all security controls, vulnerabilities, and threats to support organizational risk management decisions.

•Created Standard Operations Procedures (SOPs) outlining the organization’s policies, procedures, and guidelines to train junior-level analysts.

•Developed documentation and authored recommendations associated with findings on how to improve the customer's security posture per NIST controls.

•Conducted weekly system security audits, hardware and software configuration management, account management, removable media auditing, and associated reporting.

•Implemented system performance tuning measures, performed system backups, initiated/investigated Software Problem Reports, and oversaw/conducted software and hardware installations.

Electronics Technician II

MC Dean 02/2017-10/2017

•Provided technical support to end-users for VTC systems.

•Troubleshoot technical issues with VTC equipment and systems.

•Tested and validated VTC systems to ensure optimal performance.

•Installed, configured, and maintained VTC equipment and software.

•Maintained and operated a wide variety of VTC equipment including cameras, microphones, audio and video playback, recording, and duplication devices.

EDUCATION

DeVry University-Oct. 2016

BS in Network & Communications Mgmt.

TRAINING

Qualys Vulnerability Management

Thycotic Secret Server

McAfee ePO 201/301

Information Security

Blue Team Security

Threat Intelligence

Phishing Analysis

Incident Response

MITRE ATT&CK

Password Safe

McAfee AESS

Qualys EDR

Scap Scans

Arc Sight

PCI DSS

eMASS

Tanium

OSINT

POAM

SIEM

STIG

RMF

ATP

Contact this candidate