Benita Sey
Alexandria,VA
Summary
Motivated and results-driven Information Systems Security Officer (ISSO) with 4 years of experience in developing and implementing security solutions in a progressive and diverse environment. Proactively completes projects and special assignments on time while working autonomously in a fast-paced setting. Strong background in Risk Management Framework (RMF) and preparing Assessment and Authorization packages to gain Authorization to Operate (ATO) for assigned information systems. Skilled in documenting and developing A&A deliverables such as System Security Plan (SSP), POA&Ms, Continuous Monitoring, Vulnerability Analysis, Contingency Plan, Configuration Management Plan, and Incident Response in accordance with the Federal Information Security Modernization Act of 2014 (FISMA) and Office of Management and Budget (OMB).
Overview
3
3
years of professional experience
1
1
Certification
Work History
Protiviti Global Consulting
2nd Generation IT Group LLC
Senior Consultant
Protiviti Global Consulting
2022.01 - 2023.06
- Conducted Assessment and Authorization activities using NIST SP 800-37
- Reviewed and updated system security plan, policies, and procedures
- Reviewed and analyzed Vulnerability Scans, created Plan of Action and Milestones (POA&Ms) and monitored remediation processes to ensure the closure of POA&Ms
- Conducted Contingency Plan Test Training to determine the effectiveness of the plan
- Guided System Owners and system teams through the ATO process using NIST 800-37
- Participated in Change Control Board, Business Impact Analysis, and Risk Management Activities.
Cyber Security Analyst
Royal Tech LLC
2021.01 - 2022.01
- Conducted systems risk assessment through risk analysis, assessed assets within system boundaries, and identified all possible vulnerabilities within systems using NIST SP 800-53A Rev 4
- Assessed security controls following the assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing
- As appropriate, conducted initial remediation actions on security controls based on the findings and recommendations of the security assessment report and re-assessed remediated control(s)
- Uploaded Plan of Action and Milestones (POA&Ms) items into CSAM and validated artifacts provided to remediate POA&Ms
- Conducted meetings with various system teams to gather evidence, developed test plans and testing procedures, and documented test results and exceptions
- Reviewed Tenable Nessus vulnerability and compliance scans and WebInspect application scans as part of security control assessments
- Performed FISMA continuous monitoring-related activities.
- Collaborated with IT teams to integrate security measures into the development and deployment of new applications.
- Conducted security audits to identify vulnerabilities.
- Analyzed security incidents post-resolution, identifying areas for improvement in both technical controls and incident response processes.
- Reduced risk of cyber attacks by conducting regular vulnerability assessments and penetration testing.
Information Systems Security Officer | Internship
2nd Generation IT Group LLC
2020.01 - 2021.01
- Review and update Plan of Action and Milestones (POA&Ms) in the agency's Cyber Security Assessment and Management (CSAM) tools, gathered artifacts, and created mitigation memos and corrective action plans to assist in the closure of POA&Ms
- Develop various Assessment & Authorization deliverables, including System Security Plan (SSP), FIPS 199 Categorization, PTA, PIA, ST&E, SAP, DRP, IRP, ISCP, and CMP
- Set up POA&M ATO follow-up pre-brief meetings with the System Owner, ISSO, and other key stakeholders for each system with open POA&Ms before the official follow-up briefs and as directed by the client
- Analyze and update the System Security Plan (SSP), Risk Assessment Reports (RAR), Privacy Impact Assessment (PIA), System Security Test and Evaluation (ST&E), and the Plan of Actions and Milestones (POA&M)
- Conducted Contingency Plan tests using the tabletop and/or functional method at least annually and updated the plan
- Ensured Configuration Management processes were followed to confirm that any changes did not introduce new security risks
- Created Waivers or Risk Acceptance Memos to assist in effectively managing system risks.
- Supported the protection of sensitive data through encryption at rest and in transit using industry-standard algorithms.
- Evaluated emerging technologies and made recommendations for strategic investments in information security tools and resources.
- Performed forensic investigations following incidents to identify root causes, assess damage, and recommend appropriate mitigations or improvements in processes or tools.
- Coordinated with external partners such as vendors or law enforcement agencies during joint cybersecurity initiatives or investigations.
Education
Bachelor of International Studies -
Old Dominion University
Norfolk, VA01.2022
Skills
- Compliance and Risk Management
- NIST SP 800 series 800-37, 800-18, 800-34, 800-60, 800-128, 800-137
- Security Policies and Procedures
- Cyber Security Assessment and Management (CSAM).
- Vulnerability Management (WebInspect, Tenable SC, SPLUNK).
- Information Security Governance.
- Excellent writing, analytical, and communication skills.
Personal Information
INFORMATION SYSTEMS SECURITY OFFICER
Accomplishments
Senator| Old Dominion University Student Government Ass. Dec 2019 - May 2022
- Organized political engagement events that increased overall participation in student government.
- Negotiated meeting venues, prepared meeting materials, and proofread all materials prior to distribution.
- Conducted constituent research to inform the implementation of data driven initiatives and policies.
- Secured financial funding for about 50 on campus organizations.
Certification
CompTIA Security
Timeline
Senior Consultant
Protiviti Global Consulting
2022.01 - 2023.06
Cyber Security Analyst
Royal Tech LLC
2021.01 - 2022.01
Information Systems Security Officer | Internship
2nd Generation IT Group LLC
2020.01 - 2021.01
Protiviti Global Consulting
2nd Generation IT Group LLC
Bachelor of International Studies -
Old Dominion University
CompTIA Security
Similar Profiles
Bindu B MishraBindu B Mishra
Senior Consultant at Protiviti Global Consulting, India MemberSenior Consultant at Protiviti Global Consulting, India Member
Vijay SinghVijay Singh
Contractor- Thought Leadership at Protiviti Global Business Consulting ServicesContractor- Thought Leadership at Protiviti Global Business Consulting Services
Achyuth ChenchalaAchyuth Chenchala
Consultant at protiviti global business consultingConsultant at protiviti global business consulting