An energetic Information System Security Officer (ISSO) with 5 years of experience in information assurance. Implementing and conducting all the six phases of Assessment and Authorization (A&A) process. Responsible for maintaining the security posture for an accredited system. Developed and update all technical security documents in the System Security Plan (SSP), required for the systems before they are fully installed at the gaining enclave. Ensure Cybersecurity readiness is achieved through the integration of a detailed analysis by maintaining the security baseline of the information system and continuous monitoring of the lifecycle of the ATO.
Authoring detailed RMF artifacts and technical security documentation such as Security Plans, Configuration Management Plans, COOP Plans, Data Flow Diagrams, System Key and System Maintenance SOPs, Continuous Monitoring Plans, POA&Ms, and Vulnerability Management Plans
Completing and maintaining STIG and SRG checklists
Designing and documenting system architecture for an information system
Leading technical risk and vulnerability assessments to maintain accreditation
Assisting with risk assessment reports for submission to designated accrediting officials
Documenting and tracking a Plan of Action and Milestones (POA&M) for all accepted risks identified during C&A processes
Reviewing vulnerability scan reports and coordinating remediation with the technical team
Developing and delivering technical information required for verification of security compliance
Testing and implementing security controls on systems in accordance with directives
Serving as a client liaison and participate in meetings to ensure customer requirements are met.
Develop, implement, test and review an organization's information security,
Protect medical device information and prevent unauthorized access.
• Provided input to and draft cyber security documentation and carry out activities leading to security certification and accreditation of medical equipment information systems and devices.
• Obtained information regarding medical device security from medical device manufacturers to support the RMF process.
• Selected the appropriate security control baseline for medical technologies using NIST 800-53 r4.
• Categorized the information system using FIPS and NIST 800-60
• Performed the A&A process following NIST 800-37 as a guide.
• Assembled cyber security documentation and/or packages for medical devices and submit them for consideration and approval.
• Keep abreast of DoD and Navy IT and cyber security policy changes and how they affect medical technology procurement and deployment.
• Performed the implementation phase of RMF and System Level Continues Monitoring Strategy (SLCMS)
• Developed a Detailed Architecture Diagram (DAD) depicting the information system to be Assess and Authorized (A&A)
• Analyzed Security Technical Implementation Guide (STIGs), security content Automated Protocol (SCAP) and Assured Compliance Assessment Solution of Nessus scanning results.
• Produced Nessus and SCAP scans for the information system been assess and Authorize, analyst all noted vulnerabilities from the scan results.
• Performed self-assessment on the information system by evaluating the scans results and fix any early vulnerabilities noticed before the actual IV&V testing takes place
• Developed Security Assessment Report (SAR) detailing the results of the assessment along with a plan of action and milestones (POA&M) to the Designated Authorizing official to obtain the Authorization to Operate (ATO).
• Conducted a review of the plan of action and milestone (POA&M) process to ensure correctiveactions and timely mitigation of the vulnerabilities.
• Supported the Information System Security Officer (ISSO) and collaborated with the system's Information System Owner (ISO)
• Reviewed the system security plan for the security controls put in place or planned
• Collected and validate artifacts from the system owner to support quality information system audit and review.
• Performed Security control assessment (SCA) using NIST 800-53Arev1 per NIST, FISMA standard and guidelines.
• Prepared Security Assessment and Authorization (SA&A) packages to ensure that management, operational and technical security controls adhere to NIST SP 800-53 standards.
• Reviewed organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance following NIST standard guidelines.
• Monitored security controls post authorization to ensure continuous compliance with the security requirements.
• Ensured all POA&M actions are completed and tested in a timely fashion to meet client deadlines.
• Monitored controls post authorization to ensure continuous compliance in accordance with FISMA guidelines
• Developed and conducted SCA (Security Control Assessment) according to NIST SP 800-53A to assess the adequacy of management, operational privacy, and technical security controls implemented
· COTS Products: Windows
· Operating Systems: Windows, Cisco IOS,
· Languages: English
· Databases: MS SQL
· Tools: CSAM, Tenable NESSUS, STIGS, STIG Viewer, Wireshark, SCAP Scan, Remedy BNC (ticketing system)
Office Tools: VISIO, EXCEL, PowerPoint, Word, Photoshop
Companies Worked For:
Job Titles Held: