Competent IT Analyst with 4yrs of experience in safeguarding organizational data, mitigating risks, and ensuring compliance with industry regulations. Highly organized,proactive with team-oriented mentality
Skills
Knowledgeable in all steps of RMF
Experience in being a step 4 assessor
Familiarity with NIST 800-53A
Familiarity with Xacta,Archangel
Work History
RMF STEP 4-Security Control Assessor
Triple Canopy
Herndon, VA
2021.11 - Current
Develop and execute a security and privacy assessment plan in accordance with
NIST SP 800-53A for each security assessment project.
Review and update existing information security policy, standards, and procedures
based on federal and departmental regulations.
Perform independent security and privacy control assessments in support of
Security Assessment &Authorization
Conduct assessments of existing and new FISMA systems, including subsystems
in the respective system boundary, and communicate the results and potential
implications of identified control weaknesses.
Reviews and analyze, Assessment&Authorization (A&A) packages to include
System Security Plans (SSP), Risk Assessments, Information System Contingency
Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response
Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists,
Network Diagrams, Data Flows, System Change Requests/Proposals,
Knowledge of NIST standards and guideline: -FISMA (Federal Information Security Modernization Act) -FIPS 200 (Federal Information Processing Standards Publication 200) -FIPS 199 (Federal Information Processing Standards Publication 199) -SP 800-53 (Security and Privacy Controls for Information Systems and Organizations) -SP 800-53A (Assessing Security and Privacy Controls for Information Systems and Organizations) -SP 800-60 Vol 1 & 2 (Guide for Mapping Types of Information and Information Systems to Security Categories)
Supporting Authorization to Operate (ATO) Process: -Assisting in obtaining ATO, a formal approval to operate a system based on its security posture. -Adhering to NIST guidelines throughout the process. • Documentation and Reporting: -Developing Security Assessment Plans (SAPs) to outline assessment scope and methodology. -Creating Security Assessment Reports (SARs) to document assessment results, including any failed controls and recommended remediation actions
Analyzing system artifacts (configurations, logs, policies, etc.) to verify control implementation. -Identifying and documenting any control deficiencies
Providing unbiased and objective assessment findings
Cybersecurity Analyst
Paragon
Washington, DC
2020.11 - 2021.11
Applies Risk Management Framework (RMF) to manage systems and applications
with NIST SP 800-37 rev 2
Develop configuration management plans, advises on configurations and reviews
configurations for NIST 800-53 rev 4/5 technical controls
Uses work flows collect and organize artifacts for upload into Governance Risk
Compliance (GRC) Tool
•Conducting Security Control Assessments (A&A):
-Evaluating the effectiveness of security controls within information systems to ensure they meet NIST
standards and protect sensitive data.
-Using NIST SP 800-53A as the assessment framework.
-Conducting interviews with Information System Security Officers (ISSOs) to gather critical information.
-Analyzing system artifacts (configurations, logs, policies, etc.) to verify control implementation.
-Identifying and documenting any control deficiencies.
-Providing unbiased and objective assessment findings.
Supporting Authorization to Operate (ATO) Process:
-Assisting in obtaining ATO, a formal approval to operate a system based on its security posture.
-Adhering to NIST guidelines throughout the process.
• Documentation and Reporting:
-Developing Security Assessment Plans (SAPs) to outline assessment scope and methodology.
-Creating Security Assessment Reports (SARs) to document assessment results, including any failed
controls and recommended remediation actions
Knowledge of NIST standards and guideline:
-FISMA (Federal Information Security Modernization Act)
-FIPS 200 (Federal Information Processing Standards Publication 200)
-FIPS 199 (Federal Information Processing Standards Publication 199)
-SP 800-53 (Security and Privacy Controls for Information Systems and Organizations)
-SP 800-53A (Assessing Security and Privacy Controls for Information Systems and Organizations)
-SP 800-60 Vol 1 & 2 (Guide for Mapping Types of Information and Information Systems to Security
Categories)
Telecommunications Technician
Orius
2017.03 - 2020.11
Establishes communications systems by installing, operating, and maintaining voice and data telecommunications network circuits and equipment.
Plans network installations by studying customer orders, plans, manuals, and technical specifications; ordering and gathering equipment, supplies, materials, and tools; assessing installation site; and preparing an installation diagram.
Establishes voice and data networks by running, pulling, terminating, and splicing cables; installing telecommunications equipment, routers, switches, multiplexors, cable trays, and alarm and fire-suppression systems; building ironwork and ladder racks; establishing connections; programming features; establishing connections and integrations; following industry standards
Verifies service by testing circuits, equipment, and alarms; and identifying, correcting, or escalating problems.
Documents network by labeling and routing equipment and cables and recording configuration diagrams and specifications.
Maintains network by troubleshooting and repairing outages, testing network back-up procedures, and updating documentation.
Maintains customer rapport by listening to and resolving concerns and answering questions.
Maintains safe work environment by following codes, standards, and legal regulations.
Keeps supplies ready by inventorying stock, placing orders, and verifying receipt.
Updates job knowledge by participating in educational opportunities and reading technical publications.
Enhances department and organization reputation by accepting ownership for accomplishing new and different requests and exploring opportunities to add value to job accomplishments.