Computer security professional with significant skill in building and leading high-performance teams to drive positive results. A motivating leader dedicated to creating organizations with a focus on risk mitigation and management.
Technical Skills and Experience.
1. Knowledge of NIST Special Publications like NIST SP 800-53 Rev4, 800-53A, 800-37, 800-18, 800-34, 800-137, 800-60 Vol.II, FIPS 199, FIPS 200.
2. Knowledge of Vulnerability Scanning Tools such as Nessus Tenable Security Center, DB Protect, NCC Auditor.
3. Governance Risk Compliance Tools like CSAM and eMASS.
Information System Security Analyst:
Categorized information systems using FIPS 199 and NIST SP 800-60 Vol.II to determine the impact level as either Low, Moderate or High.
Developed documentation outlining the system operating environment to include hardware configuration, software, and type of information processed.
Completed Security Plan (SSP), Information System Contingency Plan (ISCP / CP), Disaster Recovery Plan (DRP), Risk Assessment (RA), Rules of Behavior, Privacy Impact Assessment (PIA), Privacy Threshold Assessment (PTA), and Plan of Action and Milestones (POA&M) Report.
Assisted in providing guidance and support to the development of POA&M as well as validation testing of POA&Ms.
Developed Security Assessment Plan (SAP) to initiate Security Assessment for low, moderate and high impact information systems.
Responsible for completing a reauthorization on information systems and successfully received the Authorization to Operate (ATO).
In conjunction with the System Owner, I prepared and assembled Authorization package including authorization letter and submitted to the Authorizing Official (AO) for Approval and granting of ATO
Identified security findings from the vulnerability reports, mapped each finding to a NIST control and tracked findings as needed.
Cyber Security Analyst:
Responsible for completing and organizing Security Authorization documents such as Systems Security Plan (SSP), Security Assessment Report (SAR), Risk Assessment Report (RAR) and Plan of Action and Milestones (POA&M).
Responsible for creating and updating System Security Plan, Contingency Plan, Contingency Plan Test, Risk Assessment Report, System Categorization, Privacy Threshold Assessment, Privacy Impact Analysis, Security Assessment Report, Security Impact Analysis, and the Security Risk Traceability Matrix.
Create detail remediation reports and recommendations for compliance and security improvements across systems based on constant changing threats.
Perform Vulnerability and Compliance scans analysis by mapping each finding / vulnerability to security controls identified in the NIST 800-53 Rev4.
Monitor information systems for vulnerabilities and threats including weak password settings, weak configuration settings and outdated security patches.
Perform and complete the Contingency Plan Testing (CPT), and ensured all points-of-contact were aware of their duties and responsibilities.
Reviews and update remediation strategies on POA&Ms in the organization's cyber security and asset management (CSAM) system.
Work with system administrators to resolve POA&Ms, gather artifacts and create mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Job Titles Held: