Risk Management Analyst Information Systems Security Officer

Springfield, VA Tyquan A. Carter Last Updated: ** Mar 2025

TS/SCI - US Citizen ******.********@*****.*** Veterans Preference 10 Point Objective: Dynamic and seasoned Information Technology (IT) Professional with over 16 years of comprehensive experience spanning military and contracting roles. Adept in operations management, information assurance, and customer service within intricate enterprise landscapes. Accomplished in ensuring confidentiality, integrity, and availability of systems, networks, and data. Dedicated to delivering a high level of services to a wide variety of personalities and stakeholders. Proficiencies:

Risk Management Framework (RMF) and NIST Standards: Proficient in implementing and adhering to RMF and NIST standards, ensuring robust security measures and compliance within diverse IT environments. eMASS/Xacta : Advanced in utilizing eMASS and Xacta platforms for managing risk and delivering ATOs at all 7 steps of RMF. Latest eMASS training completed in July 2024. Vulnerability Management and STIGs Application: Skilled in conducting vulnerability assessments, prioritizing remediation efforts, and applying Security Technical Implementation Guides (STIGs) to enhance system security posture. Splunk/ACAS and Remedy: Proficient in leveraging Splunk and ACAS for security monitoring and analysis, as well as Remedy for ticketing and incident management, enhancing proactive threat detection and response capabilities. Plan of Actions and Milestones (POA&Ms): Exhibits strong proficiency in POA&M management and creation. Stood up new POA&M Management Programs at multiple agencies within a DevSecOps framework. Certifications and Education:

CompTIA CASP - obtained 13 August 2024

University of Maryland University- Bachelors Computer Networks & Cybersecurity- 92 Credits-In progress Work Experience:

Redhorse, INSCOM G6 (U.S. Army Intelligence and Security Command) Fort Belvoir, VA June 2024- November 2025

Senior Cybersecurity SME

●Collaborates with the O-ISSM on all assessment and authorization activities to ensure the information systems maintain an authority to operate (ATO) on all applicable DoD/IC networks

●Corresponds with the Government customer and system administrators to communicate any unacceptable risks identified and correct deficient POA&M items to meet DoD and IC standards

●Conducts Monthly meetings with the DAO and ISOs to report status and provide guidance for Accreditation

●Supports the Development of a New Cybersecurity Training Program for INSCOM

●Regularly perform security audits, vulnerability analysis, and provide reports of security posture for multiple sites under INSCOM

●Provides a monthly report summarizing audit findings which includes issue, prioritization, and remediation

●Generates recommendations in the form of technical briefings, reports, and other major documents provided to senior level client personnel

●Leads the continuous monitoring activities of the Army INSCOM G6 organization Springfield, VA Tyquan A. Carter Last Updated: 28 March 2025 AKIMA, OIG DOD (Department of Defense)

Alexandria, VA November 2023- February 2024

Vulnerability Management Analyst

●Performed vulnerability analysis from scan results and prioritized vulnerabilities and findings

●Completed security compliance and vulnerability assessments

●Monitored various sources for identifying vulnerabilities- including, commercial and Opensource tools

●Continuously researched emerging threats to disseminate information to all stakeholders RedArch Solutions, DHS (Department of Homeland Security) Lorton, VA April 2023- November 2023

Information Systems Security Officer

●Created and maintained SSPs and supporting documentation in accordance with Agency guidelines

●Conducted security audits of systems, ensuring audit trails are reviewed periodically and records were archived for future reference

●Ensured that that systems were accredited, and maintained their accreditation through continuous monitoring

●Enforced security policies and safeguards by taking corrective actions to resolve identified vulnerabilities RMantra Solutions, JSP (Joint Service Provider)

Arlington, VA August 2022- January 2023

Information Systems Security Officer

●Developed and updated (A&A) documentation (Body of Evidence) for management

●Reviewed manual STIGs utilizing STIG Viewer and ACAS Scans

●Conducted ongoing security reviews and tests of systems to verify security features and controls are functional and effective.

●Created and maintained processes and procedures for use by members of the ISSO team

●Provided security engineering review of proposed changes or additions to the IS (hardware, software, or connectivity), and advising the Information System Security Manager (ISSM) of the security relevance

●Coordinated weekly status meetings for systems, addressing status for all steps of the RMF process

●Tracked Milestones for All POAMs and giving weekly updates for mitigation and continuous monitoring

●Updated DITPR with information matching eMASS and any changes to the system or personnel Leidos, DHS

Lorton, VA January 2020- July 2021

Information Assurance Analyst

●Assisted ISSOs and ISSMs with RFCs (Request for change) on the DHS Networks

●Responsible for over five agencies and dozens of sites across the US, that utilizes DHS Networks

●Lead New Sites through the A&A process to get ATC and approval from the ISSMs

●Reviewed and managed artifacts for Annual Assessments and Accreditation

●Created POAMs for Sites after IATT IAW STIG and vulnerability findings

●Coordinated with the Program Managers to ensure Assessment and Authorization (A&A) process adheres to approved timelines

●Conducted and lead meetings for all Stakeholders to getting equipment at multiple Sites an ATO Springfield, VA Tyquan A. Carter Last Updated: 28 March 2025 Novetta, DIA

Reston, VA August 2019- January 2020

ISSE

●Assessed and mitigated system security threats/risks throughout the program life cycle

●Validated and verified system security requirements definitions and analysis and established system security designs

●Assisted architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions.

●Participated as a security engineering representative on engineering teams for the design, development, implementation and/or integration of secure networking, computing, and enclave environments

●Built IA into systems deployed to operational environments Tangible Security, DISA

Fort Meade, MD January 2019- August 2019

ISSO

●Coordinated and lead weekly RMF meetings, maintained close communication within customer and cybersecurity teams, tracked the status of action items and ensured they were closed out appropriately

●Registered and maintained systems in Enterprise Mission Assurance Support Service (eMASS)

●Worked with the ISSE, assessors, ISSM, Developers and PMOs to ensure representation at various working group meetings and ensured cybersecurity issues were identified and resolved on a timely basis

●Executed cybersecurity activities as defined by DoDI 8500.01/02 Diverse Systems Group (DSG), Fort Belvoir Community Hospital Fort Belvoir, VA February 2018- August 2018

ISSO

●Performed Internal Auditing on existing documentation IAW DOD, NIST, and best business practices

●Updated security controls in eMASS after reviewing gathered evidence

●Briefed team lead and ISSM the status on applications and systems on a weekly basis

●Submitted new documentation and artifacts in eMASS and associating it with related controls

●Coordinated meetings with vendors, government officials, and contractors, regarding the RMF process DKW Communications, Office of the Administrative Assistant to the Secretary of the Army Fort Belvoir, VA July 2017- January 2018

Cyber Security IA Lead

●Lead security control assessments based on NIST SP 800-53 Rev. 4, NIST SP 800-53A Rev. 4, and NIST 800-37 Rev.1.

●Assessed Security Controls, reviewed documentation, prepared A&A packages, and made recommendations, for approval of major/minor/support systems installations

●Evaluated certification documentation and provided written recommendations for accreditation to government PM’s

●Wrote and tracked POA&Ms for mitigation and work towards compliance for all milestones Springfield, VA Tyquan A. Carter Last Updated: 28 March 2025 Technique Solutions, US SOUTHCOM

Key West, FL December 2016- July 2017

Information Assurance Engineer/ SCA

●Transitioned Site from DIACAP to RMF through policies, procedures, A&A, and C&A

●Performed security control assessments on DOD applications to ensure compliance with the NIST 800-53 guidelines and agency specific requirements

●Reviewed and uploaded Artifacts and Reports in eMASS to include SIP, DIP, DIACAP Scorecard, and POA&Ms

●Assisted with implementation of countermeasures or mitigating security controls

●Developed SOPs for our day-to-day operations

●Reviewed and verified Network Topologies, Hardware/Software Lists, and Scan data

●Completed Cross Domain Solution Audit transfers and assessments KForce Government Solutions, DIA Intelligence Community Security Coordination Center Reston, VA June 2015- December 2016

Vulnerability Management Analyst

●Managed vulnerability compliance metrics and trend analysis for over 55 networks in the IC, by creating a monthly compliance report

●Coordinated directly with CYBERCOM for developing IAVMs by being a part of their pre coordination team, receiving their drafted IAVMs early

●Supervised IC agency posture on vulnerability patch compliance for 17 (IC) members in accordance with Intelligence Community Directive (ICD) 502 standards

●Administered a Windows Server Update Services (WSUS) server for over 100 client servers and workstations

●Revitalized the Vulnerability Management Compliance System (VMCS), Archer, for use by 17 IC Agencies as well as the IC SCC Vulnerability Management Team

●Briefed the IC at quarterly Technical Exchange Meetings (TEMs), regarding current vulnerabilities and countermeasures

●Utilized ACAS (Assured Compliance Assessment Solution) to identify/track vulnerabilities for several IC agencies determining their risk level and support vulnerability remediation with data ingested into SPLUNK Insight Global, ARCYBER (Army Cyber Command)

Fort Belvoir, VA December 2014- June 2015

Cyber Response Analyst

●Responding to Tippers identifying malicious activity and intrusions on a network

●Analyzed vulnerability threats using Robtex, FixedOrbit, and Sophos to protect Army networks

●Performed analysis on hostile IPs/URLs, confirming that IP/URL is compromised and spreading malicious logic

●Updated IPs or domains being poisoned through the Enterprise Email filtering status to prevent networks from being compromised

●Review +80 reports weekly to identify network computer intrusion evidence and identify perpetrators

●Maintained poisoning/IP Block lists and brief Deputy Director on status of lists and updates daily

●Identify hashes from reports and send to determine values

●Develop detailed remediation reports and recommendations for compliance and security improvements Springfield, VA Tyquan A. Carter Last Updated: 28 March 2025 Mantech, NRO

Fort Belvoir, VA July 2013- December 2014

ISSO

●Managed Access Control with PKI for the NRO facility (JWICS, NMIS, UMIS)

●Assisted System Owners in all six steps of the RMF ICD-503 process for certification & accreditation

●Performed virus scans and classification management on all media entering/exiting site

●Handled McAfee Virus definitions daily, and pushed updates to the entire site

●Scheduled audits of over 42 managed systems and assisted in penetration testing and risk assessment

●Performed SEC scans and WASP scans for vulnerabilities of assets and risk categories

●Ran ACAS/ALERT tools for continuous diagnostic capabilities and network vulnerability scanning in support of ISOs

●Maintained incident case management and analyze events for trends, patterns, or actionable information

●Assisted creating Categorization Worksheets, Plan of Action and Milestones (POA&M), SSPs, and monitoring systems

●Sanitized all equipment and media, by verifying encryption (BIT Locker) and patch management

●Active PKI Vetter for the site and new employees

●Approved User accounts and validated active clearances U.S. Army, 39th Signal Battalion

Fort Stewart, GA April 2011 – April 2013

IT Specialist/ Information Management Officer 25B

●Supervised, planned, and performed the installation, operation, and maintenance of Signal Support Systems

●Assisted with Asset Management, ensuring each user had correct and properly functioning tools to complete them tasks

●Successfully troubleshoot a wide range of PC, server, and network issues quickly with on-the-spot solutions

●Maintained user accounts for a company of over 50 personnel, while tracking required training for everyone

U.S. Army, 128th Signal Company

S.H.A.P.E. NATO Base, Belgium April 2009 – April 2011 Communication Security/COMSEC Specialist

●Practiced safe inventory procedures for over 600 COMSEC items on SHAPE

●Attention to detail processing transfers, incoming and outgoing Top-Secret material and hand receipt holder documentation

●Performed destruction, receiving, issuing, and inspection of COMSEC material within the most stringent timelines

●Provided documentation for Auditing to Stakeholders

●Coordinated COMSEC and key management support for operational and planned cryptographic devices

Contact this candidate