Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Andrea Vernon

Salisbury,MD

Summary

5 Years of experience in cyber security. A highly driven, detail-oriented, and experienced IT Cybersecurity professional with thorough knowledge and understanding of FISMA and Risk Management Framework. Well experienced in monitoring, documenting ATO Package, remediating POAMs, Risk assessment. Proven record of evaluating system vulnerability to recommend security improvements and Audit Findings.

Overview

11
11
years of professional experience
1
1
Certification

Work History

SECURITY CONTROL ASSESSOR

Deltaah Tech Consulting
08.2018 - Current
  • Develop a security assessment plan (SAP) to document the assessment scope, schedule, tools, and personnel for a security assessment and authorization (A&A) process.
  • Schedule and Conduct kickoff meeting as part of security assessment and authorization (A&A) process.
  • Conduct annual security control assessment in accordance with the assessment procedures defined in the security assessment plan (SAP).
  • Test cases with the security control assessment results as populated in RTM Using NIST 800-53A Rv4
  • Develop, review and updated security documentation including the System Security Plan, PTA, PIA Privacy Impact Assessment, PII, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, and E-Authentication
  • Prepare the security assessment report (SAR) for documenting the issues, findings, and recommendations from the security control assessment
  • Support the Information System Security Officer (ISSO)/System POCs during the Assessment and Authorization (A&A) process to ensure assigned systems have the proper Authorization to Operate (ATO) using the NIST SP 800-37 Risk Management Framework (RMF) guidance
  • Support the ISSO/System POCs to conduct risk and vulnerability assessments of information systems to identify vulnerabilities and to reduce risks to the systems
  • Compiling security authorization packages documentation such as system security plan (SSP), security assessment report (SAR), plan of action and milestones (POA&M) and ATO letter that are required by the Federal Information Security Management Act (FISMA) and OMB compliance process
  • Conduct effective mapping of the identified vulnerabilities to the security controls and document findings and recommend CAP
  • Review and analyze the automated scan results from 3 months back from NESSUS vulnerability scan results.
  • Participate in POA&M remediation activities to correct noted findings
  • Review artifacts and perform POA&M closure validation to ensure no system weakness remediation is in delay status
  • Vulnerability scanning using NESSUS(Tenable), NMAP, to update the security enterprise architecture of the information and information system and Patch management as required for periodic update and security posture.
  • Work with tools in FedRAMP, Xacta and CSAM.
  • Use CISA STIG benchmark to harden system vulnerability posture.

SECURITY CONTROL ASSESSOR

Optimal Healthcare
09.2017 - 08.2018
  • Developed, reviewed, and updated Information System Security Policies, System Security Plans and Security baseline in accordance with NIST, FISMA, OMB compliance.
  • Applied appropriate baseline security controls for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199/200 and OMB 130 Appendix III guidelines.
  • Conducted systems and network vulnerability scans to identify and to recommend ways to remediate potential risks using Nessus vulnerabilities scan.
  • Participated in team activities during assessment and engagement processes
  • Prepared and submitted Security Assessment Plan (SAP)
  • Conducted Security Assessment using NIST 800-53A Rev4
  • Created reports detailing identified vulnerabilities and the steps taken to remediate them.
  • Test cases using NIST 800-53A rev4, documenting findings Pass/Fail in RTM, SAR and POA&M developed thereafter in order to remediate findings and reduce Risk.

IT HELPDESK SUPPORT

Department of Human Services
01.2014 - 07.2016
  • PC hardware installation, configuration, maintenance and upgrades
  • Operating System installation, maintenance and upgrades
  • Engaged and tracked priority issues with responsibility for the timely documentation, and Escalation to next tier of tech support
  • Provided information on technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems
  • Earned recommendation for teamwork, flexibility and work excellence in providing IT support during emergencies.

Education

Bachelor of Science - Psychology

Salisbury University
Salisbury, MD
05-2012

Skills

  • Team leadership
  • Great troubleshooting skills
  • Strong verbal communication
  • Interpersonal and written communication
  • Extremely organized
  • Self-motivated
  • Vulnerability tools both for web and Network using Nessus, Webinspect and NMAP
  • Active Directory (AD) and SharePoint
  • SIEM(Splunk) Analyser
  • Skilled in A, basic networking, basic Linux fundamentals, windows server 2016, windows OS
  • Strong understanding of RMF and NIST publications 800-60, 18, 53, 53A4, 37,137 FIPS 199/200 publications
  • Firewall/IDS/IPS
  • Microsoft Hyper-V Server

Certification

CompTIA Security+ CE

Certified Authorization Professional (CAP) – certification in progress.

Timeline

SECURITY CONTROL ASSESSOR

Deltaah Tech Consulting
08.2018 - Current

SECURITY CONTROL ASSESSOR

Optimal Healthcare
09.2017 - 08.2018

IT HELPDESK SUPPORT

Department of Human Services
01.2014 - 07.2016

CompTIA Security+ CE

Certified Authorization Professional (CAP) – certification in progress.

Bachelor of Science - Psychology

Salisbury University
Andrea Vernon