Information Security Professional with broad experience in identifying, assessing and providing recommendations for mitigating organizational risk using NIST Special Publication 800-30, 800-53r4, 800-37. Skillful in preparing Authorization Package ā SSP, SAR and POAM. Results-driven in planning, analysis, and implementation of security initiatives. Strengths in providing comprehensive network design and security frameworks. Certified in [Security+, CompTIA Advance Security Practitioner (CASP+) & (CEH) Certified Ethical Hacker].
Education
University of The PeoplePasadena, CAExpected in 12/2023 ā āBachelor of Science:Science, Technology, And Society - GPA:
Dallas Baptist UniversityDallas, TXExpected in 12/2011 ā āBachelor of Arts:Music Theory And Composition/Criminal Justice - GPA:
Majored in [Music Theory and Composition]
Minored in [Criminal Justice]
Awarded [Bachelors of Arts]
Graduated with [3.0] GPA
Certifications
CompTIA Security+
CompTIA Advance Security Practitioner CASP+
Certified Ethical Hacker (CEH)
Skills
POA&M, SSP, SAP
Designing security controls
Developing security plans
Implementing security programs
Nagios monitoring software
Symantec Endpoint Protection
Microsoft Hyper-V Server
Microsoft ASP.NET
Qualys Cloud Platform
Wireshark Software
Data Security
Erecting Firewalls
Work History
Nes Associates - Security Control Assessor Fort Campbell, KY, 05/2014 - Current
Reviewing, maintaining, and ensuring all Assessments and Authorizations (A&A) documentation are included in system security package.
Ensure Implementation of appropriate security control for Information System based on NIST Special Publication 800-53 rev 4, FIPS 200, and System Categorization using NIST 800-60, and FIPS 199.
Review and update remediation on (POAMs), in organization's Cyber Security Assessment and Management (CSAM) system.
Work with system administrators to resolve POAMs, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in closure of POA&M.
Perform vulnerability and baseline scans, using tools such as Tenable Nessus, CIS-CAT, Retina Vulnerability scanner, analysis scan results and document findings in POA&M.
Collaborate with system administrators to remediate (POA&Ms) findings.
Ensure vulnerabilities and risks are efficiently mitigated in accordance with organization continuous monitoring Plan.
Monitor controls post authorization to ensure continuous compliance with security requirements.
Identify new, maintain and disposal of information system inventory in accordance with established policies and procedures, ensure accurate configuration management and property accountability.
Modify and maintain procedures, operational process document, change control document, operational checklist, detailed system specifications and procedures.
Develop training materials for employees on data protection.
Conducted security assessment interviews to determine Security posture of System and to develop Security Assessment Report (SAR) in completion of Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A required to maintain Company Authorization To Operate (ATO), Risk Assessment, System Security Plans, and System Categorization.
Performed information security risk assessments and assist with internal auditing of information security processes.
Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.
Exposed to Vulnerability scanning and assessment tools such as Retina, Nessus and CSAM.
Participate in client interviews to determine security posture of System.
Supported Information Assurance (IA) team to conduct risk assessments, documentation for Security Control Assessment, vulnerability testing and scanning.
Prepare and submit Security Assessment Plan (SAP) for approval.
Conducted initial assessment, and performed continuous monitoring of security control post assessment.
Worked with System Owner to develop and perform periodic testing of contingency and disaster recovery plan.
Develop and update Security Plan, Plan of Action and Milestones (POA&M).
Monitor controls post authorization to ensure continuous compliance with security requirements.
Prepare and update Security Assessment Report (SAR).
Analyze and perform technical and non-technical security risk assessments of computer and network systems via network scans, interviews, documentation review and walk-through of both new and existing federal information systems for FISMA compliance using NIST guidelines and controls.
Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems (IDS), Virtual Private Networking (VPN), Security Monitoring Tools and Intrusion Prevention Systems (IPS).
Conduct Risk Assessment on all system changes.
Re-assess remediated controls for effectiveness.
Novel Technologies Ltd. - Help Desk City, STATE, 07/2011 - 01/2012
Negotiate commitment time, technician access arrangement and handle any customer that may be satisfied or dissatisfied with service.
Broke down and evaluated user problems, using test scripts, personal expertise and probing questions.
Patched software and installed new versions to eliminate security problems and protect data.
Patched software and installed new versions to eliminate security problems and protect data.
Provided base level IT supports to both internal and external customers.
Logged all complaints and inform customers about issue resolution progress.
Assigned issues to appropriate support group for thorough support and prompt resolution.
Researched and analyzed Business, Technical, Functional and User Interface requirement of project.
Created test scenarios, test conditions and expected results and test cases.
Executed test scripts and document results.
Logged defects and verify defect fixes.
Supported users having data and network connectivity issue.
Monitored network performance and troubleshoot problem areas as needed.
Provided first level support to customers before escalation.
Active Directory and Exchange user support.
Installed, configured and troubleshoot software.
Cross-trained and provided back-up for other IT support representatives when needed.
Displayed exceptional telephone etiquette and professionalism in answering and resolving technical calls.
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
