versed at communicating with stakeholders to provide accurate reporting
and information regarding ongoing projects and initiatives. Security Assessment and Authorization professional with strong problem solving and project management skills knowledgeable in Risk Management Framework (RMF), Systems Development Life Cycle (SDLC), Security Life Cycle and Vulnerability Management, using FISMA and applicable NIST standards. Thrive under pressure in fast-pace
environments while directing multiple projects from concept to implementation.
Project Management and Support
Business Systems Analysis
Security policies and procedures
Risk Assessment Framework
Systems Development Life Cycle
Support Help Desk Support
University of Maryland Medical SystemMarch 2015 to CurrentIT Risk Analyst Columbia, MD
Develop and analyze security policies, procedures and technical standards including corporate compliance, security training, and end-user awareness Monitor Medical applications, systems, and networks to ensure the integrity, availability, and confidentiality of information and ensured the integrity and availability of IT systems.
Ensure that personnel accessing systems complied with HIPAA (Health Insurance Portability and Accountability Act.
Ensure that systems security measures are taken to protect Personal Identifiable Information (PII).
Evaluate security solutions to ensure they met security requirements for processing classified information.
Work with various stakeholders to remediate vulnerability, resolve and close past findings (POAMs) Enhance and optimize the existing log monitoring and analysis process to identify, scope, track, and report on potential security incidents, unauthorized configuration changes, and policy violations.
The Tiger ProjectDecember 2014 to CurrentAssistant Project Manager Lanham, MD
As part of Cybersoft CAP training project, I am involve in developing, reviewing and updating Information Security System Policies, System Security Plans and Risk Assessment Report in accordance with NIST, FISMA, OMB App. III A-130 and industry best security practices.
Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev 4, SP 800-53A, FIPS 199 and FIPS 200.
Conducted systems and network vulnerability scans in order to identify and remediate potential risks.
Coordinate and manage team activities during assessment engagement.
Establish schedules and deadlines for assessment activities.
Hold kick-off meetings with CISO and system owners prior to assessment engagements.
Prepare and submit Security Assessment Plan (SAP) to CISO for approval.
Conduct Security Assessment using NIST 800-53A Develop and conducted Contingency Plan and Test Develop and updated system security plan (SSP), plan of action and milestone (POA&M).
Monitor controls post-authorization to ensure continuous compliance with security requirements.
Manage vulnerabilities using Nessus and Acunetix vulnerability scanners to detect potential risks on a single and multiple assets across the enterprise network.
Create reports detailing the identified vulnerabilities and the step taken to remediate them.
Micro ConceptOctober 2013 to March 2015Network Security Analyst Baltimore, MD
Assisted clients in developing, reviewing and updating Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB App. III A-130, and industry best security practices.
Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB A-130 Appendix III.
Authorization to Operate (ATO) Risk Assessment Reports (RAR).
Performed vulnerability/risk assessment analysis to support Security Assessment and Authorization (SA&A).
Developed and updated System Security Plan (SSP) and Plan of Action and Milestone (POAM).
Monitored security controls post authorization to ensure continuous compliance with the security.
Establish schedules and deadlines for assessment activities.
Reviewed and updated some of the artifacts especially FIPS 199, Initial Risk Assessment, e-Authentication, SAR, POAM, Contingency plan etc.
Manatt Phelps & PhillipsOctober 2010 to April 2013Security Analyst Catonsville, MD
Conducted network vulnerability assessments, using Nessus vulnerability scans to identify system vulnerabilities and develop remediation plans and security procedures.
Identified, responded to, and reported security violations and incidents as encountered.
Reviewed and provided findings of Vulnerability scan and Audit log results to management.
Investigated potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes.
Maintained security and the overall data integrity within the company's network systems.
Conducted annual employee IA awareness training.
ValueoptionsAugust 2009 to September 2010System Admin/Desktop Support Linthicum, MD
Worked with management to update security manuals and address current concerns.
Identified and classified hardware and software issues on systems running Microsoft Operating Systems.
Reviewed security logs to ensure compliance with policies and procedures and identifies potential anomalies.
Key Responsibilities: Installed and maintained of Local Area Networks Implemented a companywide PC training and development program Set standards for PC hardware, software and peripherals Recommended and implemented complete desktop solutions Install PC/LAN hardware, software and peripherals Performed network scans in search of vulnerability.
University of Maryland, University College2013Bachelor of Science: Political ScienceAdelphi, MD, USA
University of Maryland, University College2016Master of Science: CybersecurityAdelphi, MD, USA
Cybersoft Technologies2015Certification: CAP Certification (in progress)Lanham, MD, USA
UMBC2014Certification: Cyber FoundationColumbia, MD, USA
ComPTIA A+ Training
ComPTIA Network+ Training
Security+ Certified COMP001020846117 2015
Vulnerability Scanner, Nessus Vulnerability Scanner, Nmap vulnerability
scanner, Acunetic web scanner, Microsoft Baseline Security Analyzer (MBSA),
Excel, Word, PowerPoint, Access, Mac, Microsoft Windows.