DOMINGO UDOFIA

• Determined whether assertions made in documentation and interviews are correct by exercising and testing system's functionality
• Focused on testing application and database components of systems, with less focus on underlying operating systems, network devices, databases, and applications
• Followed guidance provided by each Control's “Assessment Methods and Objects” in current version of ARS (5.1), industrial best practices, and all other CMS guidance and directives for all technical testing
• Discovered any operational flaws that could violate CMS Policies, Standards and Procedures, and write vulnerability findings for remediation
• Assessed susceptibility of system to insider, intranet, internet, and network-based attacks
• Ensured adequate testing of every in-scope capability and sub-capability (and corresponding controls and control enhancements) in ARS
• Verified all control inheritance assertions and documented any issues with inheritance
• Ensured that technical testing portions of ACT requirements are performed in non-production environment that is near copy of production environment
• Performed testing in validation/test/pre-production environment, rather than testing production application itself
• Performed application testing from technical configuration perspective to ensure application security controls have been implemented, are working as intended and producing desired results
• Worked with CMS and support contractors to use existing scan results uploaded to repository (CFACTS) from available tools
• Reviewed/analyzed scan configuration, ensure scans are credentialed where applicable, and ensure scans include all assets in scope
• Performed analysis of application behavior and examining automated tool output to identify vulnerabilities
• Identified deviations from best application security practices
• Recorded findings and consulting with other Assessors and Assessment Lead to verify/corroborate findings
• Analyzed and evaluated vulnerability scan results
• Wrote findings for daily briefings to System Team and Assessment Lead
• Interviewed application system staff and presented application findings during daily stakeholder briefings
• Performed other duties assigned by management team

• Analyzed IT system functionality and integration with management processes, structure, culture, and performance.
• Computer fundamentals and Software Collaborations Tools
• Tasks and Time Management and Office Fundamentals
• Working knowledge of duties required for a security Analyst
• Network Operating System and Security and IOT
• Data Foundation, Human and Customer Service
• Operating System, Upgrading and Protocol Suites
• Updated and set up instructions and uploaded course materials in webinar and learning management software
• Filed, organized, and archived training materials to support future training sessions
• Developed and executed performance management programs to increase employee engagement and productivity
• Liaised with trainers and participants to provide logistical and technical support before, during and after learning course
• Trained and mentored new personnel hired to fulfill various roles.
• Ability to prioritize tasks to support assessments on multiple boundaries at a given time.
• Ability to present IT security risks to executive management.
• Created new procedures to improve company's productivity in the management of information system.
• Communicated effectively through written and verbal means to trainees and senior leadership.

• Developed, reviewed, and updated InfoSec system policies, system security plans, and security baselines in accordance with NIST, FISMA, OMB App.III A-130, and NIST SP 800-18
• Documented and reviewed System Security & Privacy Plan (SSP), Security Assessment Report (SAR) and Security Plan of Action and Milestone (POA&M)
• Utilized processes within the Security Assessment and Authorization environment such as system categorization, security testing and evaluation, system accreditation and continuous monitory.
• Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB A-130 Appendix III
• Conducted systems and network vulnerability scans to identify and remediate potential risks
• Exposed to vulnerability scanning and assessment tools such as Burp Suite, Nessus and CSAM
• Conducted Security Assessment using NIST 800-53 Rev4/Rev5
• Performed Federal Information Security Management Act (FISMA) audit reviews
• Conducted FISMA based security assessment and produced assessment reports
• Performed information security risk assessments and assisted with the internal audit of information security processes. Assessed threats, risks, and vulnerabilities from emerging security issues and also identified mitigation requirements.
• Monitored controls post-authorization to ensure compliance with security requirements
• Coordinated and managed team activities and deadlines during assessment engagements
• Communicated effectively through written and verbal means to co-workers, clients, vendors, and senior leadership.

• Performed FISMA audit reviews and updated IT security policies, procedures, standards, and guidelines according to departmental and federal requirements
• Documented and reviewed system Security Plan (SSP), Security Assessment Report (SAR), and Security Plan of Action and Milestone (POA&M)
• Conducted IT risk assessment and documented security controls
• Analyzed security reports for security vulnerabilities
• Performed selection and implementation of controls that apply system security protections
• Monitored controls post authorization to ensure continuous compliance with security requirement
• Ensured all POA&M actions are completed and tested in a timely manner
• updated and closed regional offices findings/POA&M
• Updated IT security policies, procedures, standards, and guidelines according departmental and federal requirements
• Conducted and managed team activities during assessment engagements.
• Created and implemented security network framework across multiple devices
• Establish schedules and deadlines for assessment activities
• Monitored controls post authorization to ensure continuous compliance with the security requirements.
• Ensured compliance with baseline security configurations, IT controls and policy standards.
• Conducted security audits to identify vulnerabilities.
• Performed other duties assigned by management team such as researching on any IT security issues and conduct a powerPoint presentation to the team.

• Conducted cybersecurity analysis using qualitative and quantitative tools and techniques to assess the effectiveness of the network, system or application's security posture.
• Ensured network connectivity across company's LAN/WAN infrastructure is on par technical consideration
• Provided technical support and troubleshooting to Users
• Designed and administered network security
• Reviewed violations of computer security procedures and developed mitigation plans
• Conducted security audits to identify vulnerabilities and monitored security patch levels on servers, workstations, network environments, and anti-virus systems
• Configured HIDS for mission critical network systems and applications with sensitive data
• Designed proactive scanning based on known trends and suspected malicious traffic
• Troubleshot and maintained networking devices and infrastructure across enterprise.
• Monitored computer virus reports to determine when to update virus protection system
• Responded to security incidents and performed analysis to determine root cause of network issues.
• Validated remediation efforts of findings related to vulnerability and system configuration.
• Defined security solutions implementing, testing and maintaining.
• Ability to prioritize tasks to support assessments on multiple boundaries at a given time
• Communicated with vendors to resolve network outages and periods of reduced performance.
• Monitored system logs for all company computers and devices to maximize uptime.
• Communicated effectively through written and verbal means to co-workers, clients, vendors and senior leadership.