Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Dase Collins

Annapolis,MD

Summary

Experienced and well-seasoned professional, with multiple years of experience in Information Technology, and 4+ years in Cyber Security, working as a Security Analyst, Assurance Analyst, Privacy and Data, Security Management, and Operation, I have acquired excellent practical skills in performance, implementation, and development of Privacy and Data Protection, Security Management & Operations, Vulnerability Scanning, Security testing, Penetration testing, Certification and Accreditation (A&A), Project Management, Change Management, and also experienced in analyzing information requirements and delivering effective solutions in a diverse background which includes solid knowledge, security planning management, C&A package, A&A process, and POA&M. FIPS, FISMA Security Content, NIST Family of Security Control, System Security Plan, Incident Response and Contingency Planning.

Overview

4
4
years of professional experience
1
1
Certification

Work History

Information Assurance Analyst

LPL Financial Services
11.2022 - Current
  • Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to developing SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs)
  • Performed evaluation of policies, procedures, security scan results, and system settings to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits
  • Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP)
  • Communicate between multiple clients to perform POA&M remediation for CAP remediation
  • Handled internal communications within the Office of Information Security and external communications with several different divisions daily
  • Maintain excellent working relationships with both internal and external customers using communication skills
  • Provided services as security controls assessors (SCAs) and perform as an integral part of the Assessments and Authorizations process to include A&A scanning, documentation, reporting, and analysis requirements
  • Analyzed current threats to information security and systems
  • Analyze security findings and data
  • Published reports and keeps metrics for client systems
  • Work with Security Operation Center Analyst in making sure Intrusion detection and prevention systems, to analyze and detect Worms, Vulnerabilities exploits attempts, and IDS monitoring and management using Security Information and event management (SIEM-SECURITY CENTER BY TENABLE), to collect and analyze large volumes of logs and network traffic and alerts to assess, prioritize and differentiate between potential intrusion attempts and false alarms
  • Performed risk analyses to identify appropriate security countermeasures.
  • Recommend improvements in security systems and procedures.
  • Collaborated with third-party payment card industry (PCI) compliance partners.
  • Identified trends and root causes of system failures or vulnerabilities using NESSUS Vulnerability Scanner, Nmap to scan ports, weak configuration, and missing patches
  • Assured that the Information Systems Security department's policies, procedures, and practices as well as other systems user groups are following FISMA, NIST, and general agency standards
  • Assessment finding results are stored on the (RTM) or Test case and all weaknesses noted be reported in our SAR report
  • Knowledge of SAN-20 and ISO 27001 Security controls and Mapping with NIST

Information Security Analyst

SentinelOne
02.2021 - 10.2022
  • Provided services as security control assessors (SCAs) and I am an integral member of the team that performed the Assessments and Authorizations process to include A&A, documentation, reporting, and analysis requirements
  • I developed a plan of action and milestones (POA&Ms), security vulnerabilities, and mitigation strategies; and also developed security A&A artifacts, including but not limited to, sensitivity assessments, SSP, POA&Ms, and ATO and SAR
  • Assist in development of rules of engagement document to facilitate the scanning of Agency networks and vulnerabilities
  • Experience developing, Reviewing, and updating System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans, and Configuration Management.
  • Conducted security audits to identify vulnerabilities and monitored computer virus reports to determine when to update virus protection systems.
  • Educated and trained users on information security policies and procedures.

Information Assurance Analyst

Metropoint Tech Solutions
12.2019 - 02.2021
  • Managed large scale information technology systems, business processes, security regulatory risk management, and security vulnerabilities
  • Perform IT Security Control Assessments
  • Performs IT system control test procedures to assess designs and operating effectiveness of security controls -
  • Assist with development of Authority to Operate (ATO) package that contains objective information for clients to make informed Authorization decisions.
  • Developed, reviewed and updated Information Security System Policies, System Security Plans (SSP) and Security baselines in accordance with NIST, FISMA, OMB, NIST SP 800-18
  • Reviewed and updated security documents such as SAR, ATO, CP, Privacy Impact Analysis (PIA), System -Security Test and Evaluation (ST&E) and Plan of Actions and Milestones (POA&M)
  • Conducted Security Control Assessments on General Support Systems (GSS), Major Applications and Systems to ensure that such Information Systems are operating within a strong security posture
  • Reviewed and updated System categorization information using FIPS 199
  • Conducted FISMA compliant security control assessments to ascertain adequacy of management, operational, and technical controls
  • Provided security engineering in all phases of Risk management life cycle.
  • Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
  • Developed plans to safeguard computer files against modification, destruction, or disclosure.
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Monitored computer virus reports to determine when to update virus protection systems.
  • Conducted security audits to identify vulnerabilities.

Education

Bachelor of Science - Accounting And Business Management

Salsibury University
Salisbury
12.2016

Skills

Vulnerability Assessment

  • Tenable Nessus
  • CSAM, XACTA, NIST
  • Agile Program & Project Management
  • AWS Services(EC2, S3, IAM, VPC)
  • Compliance Monitoring and Data Security
  • Security assurance and metrics
  • Risk Assessment and Authorization
  • DISA STIGs Remediation Expert
  • Risk Management Framework (RMF)
  • POA&M Management
  • Network/Database Vulnerabilities Expert
  • Security Testing & Evaluation
  • System Security Categorization
  • Security Information and Event Management (SIEM)
  • MS Sharepoint
  • Network and Database Scanning Tools w/ Nessus and AppDetect

Certification

  • CISSP - Certified Information System Security Professional
  • CompTIA Security+Certification
  • Certified Information Security Manager
  • Certified Authorization Professional
  • SAFe 5 Certification
  • PSM

Timeline

Information Assurance Analyst

LPL Financial Services
11.2022 - Current

Information Security Analyst

SentinelOne
02.2021 - 10.2022

Information Assurance Analyst

Metropoint Tech Solutions
12.2019 - 02.2021

Bachelor of Science - Accounting And Business Management

Salsibury University

Similar Profiles

CREATE PROFILE
Dase Collins