Possess Active Secret Government Security Clearance, Working knowledge of NIST 800-53, NIST RMF, FIPS and FISMA guidelines to comply with federal and private agencies. Managing network security, vulnerability management, intrusion detection, help desk, client or customer services. Experienced in the development of security plans (SP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, Configuration Management Plans, System Security Checklists, Privacy Impact Assessments, POA&M, Authority to Operate (ATO) letters, FISMA Reports, Standard Operating Procedures (SOP) in accordance with Federal, Agency and Organizational policy, to include FISMA, NIST, OMB, FIPS instructions.
Supporting the stand-up and operations of a federal privacy program, Applying a variety of program management and business process management concepts, methods, tools, and techniques, including gap analysis, risk analysis, process flow diagram identifying processes, performance-based metrics, and lessons learned.
Responding to FOIA requests and designing and managing approaches to the FOIA response process. Experience with policy analysis and development and with information sharing programs and associate privacy implications. Knowledge of federal privacy and Cybersecurity related laws and policies, including FISMA, Privacy Act of 1974, and E-Government Act.
Possess in-depth ability performing information security risk assessments and analysis, risk mitigation in large-scale networked application environments. Performed risk analysis, assessment testing and analysis utilizing tools such as XACTA, Nessus vulnerability scanner and KALI LINUX penetration testing tool. Working knowledge of Network Infrastructures, Data Warehouses, Web Applications, Oracle Databases, Application Servers, Windows and Unix/Linux systems.
08/2014 - Current
Booz Allen Hamilton － Washington DCPrivacy Security Analyst
Provide strategic, technical, and functional consulting to federal clients.
Collaborate with Clients to integrate privacy and security compliance processes into system development life cycles.
Evaluate complex systems and architectural documentation for privacy impacts and develop required system privacy compliance documentation, including PIAs and SORNs Provide guidance to clients on the processing and management of FOIA requests.
Develop client inventories and evaluate system data flows for risks to the client and evaluate system security controls and privacy controls in accordance with NIST 800-53 Appendix J.
Conduct research and draft position papers on emerging privacy issues and trends as applied to various Cyber security disciplines and technologies and develop privacy compliance assessments for systems and programs that collect, maintain, or disseminate PII.
Conduct Review comprehensive privacy compliance assessments for systems and programs that collect, maintain, or disseminate PII.
02/2011 - 08/2015
Cintex Technology System － Rockville, MDIT Security Analyst
Conduct meetings with the IT team to gather documentation and evidence about their control environment Perform comprehensive Security Control Assessment and write reviews for management, operational and technical security controls for audited applications and information systems.
Prepare the Security Assessment Plans Develop, maintain, and communicate a consolidated risk management activities and deliverables calendar.
Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A.
Apply current computer science technologies and Information Assurance (IA) requirements to the analysis, design, development, evaluation, and integration of computer/communication systems and networks to maintain an acceptable system security posture throughout the lifecycle of multiple national level mission system.
Work with business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans.
Manually review logs and provide documentation guidelines to business process owners and management.
03/2008 - 02/2011
Knight System Inc － Beltsville, MDInformation Security Analyst
Conducted FISMA-based security risk assessments for government contracting organizations and application systems, including interviews, tests and inspections; produced assessment reports and recommendations; conducted out-briefings.
Assessments conducted following NIST 800 processes and controls.
Documented and Reviewed security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies.
Assisted with review of policy, security alerts, guidance, regulations and technical advances in IT Security Management Utilized processes within the Security Assessment and Authorization environment such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring.
Contributed to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management.
Communicated effectively through written and verbal means to co-workers, subordinates and senior leadership.
Education and Training
BS: Computer ScienceComputer Science
CISSP Certification in Progress
Agency, business process, Configuration Management, consulting, CPT, client, Clients, customer services, Data Warehouses, Databases, designing, Disaster Recovery, documentation, functional, Government, help desk, information security, information systems, leadership, letters, LINUX, Managing, meetings, Windows, network security, Network, networks, Oracle, Organizational, policies, policy analysis and development, processes, Program Management, Progress, research, risk analysis, risk assessment, risk management, scanner, Security Clearance, Servers, SOP, strategic, Unix, Web Applications, written