Security Officer System

Keyland Davis

Orlando

203-***-****

************@*****.***

DoD Secret Clearance

Information System Security Officer / Analyst.

Information Security Professional with over 5 years of experience in developing and implementing security policies, conducting risk assessments, and managing compliance with federal cybersecurity frameworks. Skilled in preparing and maintaining Authorization Packages including SSPs, SARs, SAPs, and POAMs in alignment with NIST SP 800-30, 800-37, and 800-53 Rev. 4. Nationally certified in IT through ISACA and CompTIA. Adept at conducting security audits, supporting incident response, and recommending risk mitigation strategies. Strong ability to clearly communicate complex security issues to both technical and non-technical stakeholders.

CORE SKILLS & EXPERTISE

oVulnerability Assessments and

Vulnerability Scanning

oSecurity Frameworks and Standards

oControl selection

oACAS Certified

oIncident Response Planning

oSecurity Policies and Procedures

oSecurity Auditing and Compliance

oCategorization

oAssess risk mitigation

oAudit security logs, reports

oeMASS Certified

oPOAMs

oSecurity Impact Analysis (SIA)

oISO 27001, and SOC 2 controls

oNetwork Security

oImplementation

oSystem security plan (SSP)

ocontinuous Monitor

oSecurity Technical Implementation Guidance (STIG)

oSAR assessment report

CERTIFICATIONS

CompTIA Security + eMASS

Currently pursuing CISSP

PROFESSIONAL EXPERIENCES

Macdill AFB July 2023- Present

Information System Security Officer (ISSO)

Conducted security assessment interviews to evaluate system security posture and developed Security Assessment Reports (SARs) as part of Security Test & Evaluation (ST&E) in accordance with NIST SP 800-53A.

Supported the Authorization to Operate (ATO) process by preparing and maintaining System Security Plans (SSPs), Risk Assessments, System Categorization, and Plans of Action & Milestones (POA&Ms).

Performed information security risk assessments and internal audits to identify threats, vulnerabilities, and risks, while recommending and implementing effective mitigation strategies.

Executed Security Assessment and Authorization (A&A) activities for moderate-level systems in compliance with NIST, FedRAMP, and DoD RMF requirements.

Conducted security control reviews, compliance checks, and continuous monitoring to ensure the effectiveness of implemented safeguards and adherence to federal standards.

Developed and executed comprehensive test plans for security controls, documenting results in accordance with NIST SP 800-53, FedRAMP guidance, and agency-specific frameworks.

Compiled and reviewed security control implementations, test results, SARs, POA&Ms, and risk acceptance recommendations to support client authorization decisions.

Utilized vulnerability scanning tools (Nessus, Retina, CSAM, ACAS, HBSS, Splunk) to detect and remediate security gaps across Army networks.

Monitored and defended DoD enterprise networks by analyzing security event logs, IDS/IPS alerts, and SIEM outputs, responding to and containing cyber incidents.

Supported incident response operations by conducting root cause analysis, digital forensics, and applying corrective actions to prevent recurrence.

Provided technical and compliance-based guidance to leadership, stakeholders, and system owners on cybersecurity best practices, security controls, and policy requirements.

Conducted cybersecurity awareness training for end users to strengthen compliance and reduce human-factor vulnerabilities.

Collaborated across IT, mission, and intelligence teams to implement cyber defense strategies and improve overall security posture of mission-critical systems.

USAID Jan 2021 –July 2023

Information Security Compliance Analyst

Reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are Included in system security package.

Ensure Implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.

Performed information security risk assessments for AI-powered systems, emphasizing GDPR compliance and ISO 27001 standards. Assessed emerging security threats, risks, and vulnerabilities specific to AI implementations, identifying mitigation requirements in line with international data protection regulations

Perform vulnerability and baseline scans, using tools such as Tenable Nessus, CIS-CAT, Retina Vulnerability scanner, analysis scan results and document findings in POA&M.

Collaborate with system administrators to remediate (POA&Ms) findings. Ensure vulnerabilities and risks are efficiently mitigated in accordance with the organization continuous monitoring Plan.

Monitor controls post authorization to ensure continuous compliance with the security requirements.

Identify new, maintain and disposal of information system inventory in accordance with established policies and procedures, ensure accurate configuration management and property accountability.

Modify and maintain procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures,

TekSystems March 2017 -Dec 2020

Information Security Analyst

Conducted security assessment interviews to evaluate system security posture and developed Security Assessment Reports (SAR) as part of Security Test & Evaluation (ST&E) activities in alignment with NIST SP 800-53A.

Assisted in maintaining Authorization to Operate (ATO) packages by supporting Risk Assessments, System Security Plans (SSP), and System Categorization documentation.

Performed information security risk assessments and supported internal audits of security processes to identify risks, threats, and vulnerabilities, and recommended appropriate mitigation strategies.

Utilized vulnerability scanning and assessment tools, including Retina, Nessus, and CSAM, to identify and analyze system weaknesses.

Supported Security Assessment and Authorization (A&A) activities for moderate-level information systems in compliance with NIST and federal requirements.

Conducted compliance reviews of security controls, tracked deficiencies, and contributed to the continuous monitoring of assessment packages.

Provided guidance on the A&A lifecycle, including development of SARs, risk mitigation strategies, and recommendations for risk acceptance decisions.

Developed and executed comprehensive test plans for security controls in accordance with NIST SP 800-53, FedRAMP guidance, and agency-specific requirements.

Reviewed and compiled security control implementations, test results, SARs, POA&Ms, and risk acceptance recommendations to support client authorization decisions.

IT Help Desk Technician – Heart trust NTA Jan 2015- Jan 2016

Delivered front-line technical support for students, faculty, and staff, resolving common hardware and software issues.

Assisted with password resets, account unlocks, and basic user account management.

Supported classroom and lab technology, including printers, projectors, and Wi-Fi connectivity.

Logged and tracked help desk tickets to ensure timely follow-up and resolution.

Escalated complex issues to senior technicians while maintaining clear communication with end-users.

Guided users through basic troubleshooting steps, improving overall technology adoption and confidence.

Assisted with onboarding new users by setting up accounts, email, and initial device configurations.

EDUCATION

Risk Management Framework (RMF) & FISMA Compliance – 6-Month Practical Training, 2016

Gained experience in POA&M management, security control assessment, and preparing compliance documentation in alignment with NIST guidelines.

BS Management Information Systems September 2009 - August 2013

Methodist University Accra Ghana

Contact this candidate