Domingo Udofia

• Determined whether assertions made in documentation and interviews are correct by exercising and testing system's functionality.
• Focused on testing application and database components of systems, with less focus on underlying operating systems, network devices, databases, and applications.
• Followed guidance provided by each Control's “Assessment Methods and Objects” in current version of ARS (5.0), industrial best practices, and all other CMS guidance and directives for all technical testing.
• Discovered any operational flaws that could violate CMS Policies, Standards and Procedures, and write vulnerability findings for remediation.
• Assessed susceptibility of system to insider, intranet, internet, and network-based attacks
• Ensured adequate testing of every in-scope capability and sub-capability (and corresponding controls and control enhancements) in ARS.
• Verified all control inheritance assertions and documented any issues with inheritance.
• Ensured that technical testing portions of ACT requirements are performed in non-production environment that is near copy of production environment.
• Performed testing in validation/test/pre-production environment, rather than testing production application itself.
• Performed application testing from technical configuration perspective to ensure application security controls have been implemented, are working as intended and producing desired results.
• Worked with CMS and support contractors to use existing scan results uploaded to repository (CFACTS) from available tools.
• Reviewed/analyzed scan configuration, ensure scans are credentialed where applicable, and ensure scans include all assets in scope.
• Performed analysis of application behavior and examining automated tool output to identify vulnerabilities.
• Identified deviations from best application security practices.
• Recorded findings and consulting with other Assessors and Assessment Lead to verify/corroborate findings.
• Wrote findings for daily briefings to System Team and Assessment Lead
• Interviewed application system staff and presented application findings during daily stakeholder briefings.
• Performed other duties assigned by management team.
• Analyzed and evaluated vulnerability scan results.

• Analyzed IT system functionality and integration with management processes, structure, culture, and performance.
• Computer fundamentals and Software Collaborations Tools
• Tasks and Time Management and Office Fundamentals
• Network Operating System and Security and IOT
• Data Foundation, Human and Customer Service
• Operating System, Upgrading and Protocol Suites
• Updated and set up instructions and uploaded course materials in webinar and learning management software.
• Filed, organized, and archived training materials to support future training sessions.
• Developed and executed performance management programs to increase employee engagement and productivity.
• Liaised with trainers and participants to provide logistical and technical support before, during and after learning course.
• Trained and mentored [25] new personnel hired to fulfill various roles.
• Ability to prioritize tasks to support assessments on multiple boundaries at a given time.
• Ability to present IT security risks to executive management.

• Developed, reviewed, and updated InfoSec system policies, system security plans, and security baselines in accordance with NIST, FISMA, OMB App.III A-130, and NIST SP 800-18
• Applied appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB A-130 Appendix III
• Conducted systems and network vulnerability scans to identify and remediate potential risks.
• Performed Federal Information Security Management Act (FISMA) audit reviews.
• Performed risk assessments, security control assessments and vulnerability scanning with use of NESSUS.
• Developed configuration management plans, contingency plans, and incident response plans.
• Monitored controls post-authorization to ensure compliance with security requirements.
• Coordinated and managed team activities and deadlines during assessment engagements
• Communicated effectively through written and verbal means to co-workers, clients, vendors, and senior leadership.

• Performed FISMA audit reviews and updated IT security policies, procedures, standards, and guidelines according to departmental and federal requirements.
• Documented and reviewed system Security Plan (SSP), Security Assessment Report (SAR), and Security Plan of Action and Milestone (POA&M)
• Conducted IT risk assessment and documented security controls.
• Analyzed security reports for security vulnerabilities.
• Performed selection and implementation of controls that apply system security protections.
• Monitored controls post authorization to ensure continuous compliance with security requirements.
• Ensured all POA&M actions are completed and tested in a timely manner.
• Updated IT security policies, procedures, standards, and guidelines according departmental and federal requirements
• Communicated effectively through written and verbal means to co-workers, clients, vendors, and senior leadership.
• Oversaw software configurations and updates for [ 20] systems across various departments.
• Reduced security risks by 20% through enhancing protocols and ensuring adherence to regulations.
• Created and implemented security network framework across multiple devices.

• Ensured network connectivity across company's LAN/WAN infrastructure is on par technical consideration.
• Provided technical support and troubleshooting to Users.
• Designed and administered network security.
• Reviewed violations of computer security procedures and developed mitigation plans.
• Conducted security audits to identify vulnerabilities and monitored security patch levels on servers, workstations, network environments, and anti-virus systems.
• Configured HIDS for mission critical network systems and applications with sensitive data.
• Designed proactive scanning based on known trends and suspected malicious traffic.
• Troubleshooted and resolved network connectivity issues to include TCP/IP, DHCP, and DNS
• Administered and maintained WAN.
• Monitored computer virus reports to determine when to update virus protection system.
• Designed and implemented networks in collaboration with project engineers.
• Communicated effectively through written and verbal means to co-workers, clients, vendors, and senior leadership