A well detailed individual with over 10 years of experience as an Information Assurance Analyst, Cyber Security analyst/IA, ISO, Security Auditor, ACAS,SCA, Privacy and Data Analyst/Protection. Offers a diverse background of systems security support and network security support, with extensive knowledge in Vulnerability Scanning, RMF, ISO Computer security professional with [Number] years of progressive experience in [Industry] industry. Demonstrated skill identifying business risks and compliance issues and designing proactive solutions. Background designing and implementing layered network security approaches.
Overview
11
11
years of professional experience
7
7
Certifications
Work History
Information System Security Officer
William Beaumont Army Medical Center, WBAMC
El Paso, TX
09.2022
Utilizing one or more Risk Management Framework implementation methods to include but not limited to; NIST SP 800-53, NIST SP 800-171, DoDM-5220-22 (NISPOM)
Provide cybersecurity/information assurance support for DHA Managed Service Provider, particularly conducting NIST 800-37 Risk Management Framework (RMF)/NIST 800-53 security control implementation activities/tasks to obtain and maintain an Authorization to Operate (ATO)
Prepare and review system documentation to include Policies, Standard Operating Procedures (SOPs), Assessment & Authorization (A&A) packages, architecture diagrams, contingency plan, incident response plan, and other documentation
Ensure security processes and procedures are developed and followed to maintain operational security posture with minimal risk for SaaS system(s)
Coordinate with engineers/sysadmin to perform vulnerability scanning, risk assessment analysis using vulnerability management tools (Tenable Security Center/Nessus/ACAS) and prepare responses to Plan of Action and Milestones (POA&Ms) for IA compliance
Maintain eMASS records and RMF artifacts to support systems’ ATO
Develop and manage the POA&M tracker and Risk-Based Decisions (RBDs)/ Waivers documents for deficiencies
Evaluate system’s risk in respect to operation at the network, system, and at application level
Develops, reviews, and maintains policy/guidance documents, Scan Results, and test result artifacts,
Conducts regular assessments of continuous monitoring activities and the security controls that have been implemented to support those activities
Demonstrates an understanding of vulnerability management; specifically, how to respond to vulnerability reports and which remediation actions are appropriate to take
Understands the process of information system categorization and how to use that process to select security controls to create system and accreditation documentation
Maintains knowledge of relevant network and security technologies and trends
Assist in preparation and review documentation to include System Security Plans (SSPs), Risk Assessment Reports (RAR), Security Controls Traceability Matrix (SCTM), and other Assessment & Authorization (A&A) or (RMF) artifacts
Support efforts for vulnerability/risk assessment analysis to support Assessment & Authorization (A&A), including system self-assessments
Learn and conduct independent scans of the operating systems, applications, networks, and databases with tools such as DISA STIGS and SCAP (SCC) tool, Tenable Security Center/Nessus, and other vulnerability/compliance verification tools that are required
Assist in the research and address information security issues as required, and develop and maintain the Plan of Action and Milestones (POA&M) and support remediation activities
Provide continuous monitoring, security reviews, and technical inspections to enforce security policies, controls and procedures and mitigate identified vulnerabilities and weaknesses
Responsible for conducting system account management, training tracking and audit log reviews and recording and reporting results
Provide direction and guidance to other employees about computer security issues via security education and awareness, conduct Information Systems Security briefings, participate in self-inspections and audits, and investigate security incidents
Ad hoc duties as assigned.Implement and develop Infosec tools to improve the cybersecurity posture of the unclassified and classified computing systems within the IMD.
Information Assurance Analyst
White Sand Complex
Las Cruces, NM
02.2022 - 09.2022
Proficiency in a privacy information management system (e.g., OneTrust) required, tool certifications preferred
Lead and manage ISO 27001, 27017, 27018, 27701 audit and certification
Review ISO 27001, 27017 controls testing and handle communications with control owners and business partners
Coordinates and collaborates with business units on the identification of risks/gaps to ensure alignment with established control environments
Partner with business unit management (business owners and technical owners) to design and implement and test corrective action plans resulting from the ISO 27001 readiness assessment
Provides technical expertise to the teams and uses sound security and audit practices
Work with Security Operation, Engineers and Privacy teams to understand the information security and privacy risk profile and use this knowledge for ISO audit planning and execution
Partner with security and engineering teams to review, assess, and evaluate the effectiveness and the results of the enterprise cybersecurity threat, vulnerability monitoring campaign and management plan
Design, lead and execute audit programs, including applicable controls from the SOA, operational process reviews, system implementation reviews, application and other IT-related risk areas
Ability to identify gaps (through Gap Analysis) in policies and policy documentation, then create the appropriate policy and/or bridge identified gaps
Work with management and users to interpret the significance of audit findings, conclude on findings, make practical recommendations, and verify that remediation plans are implemented
Strong written and verbal skills with experience preparing work papers, audit reports, and presentations
Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to see that vulnerabilities are remediated as appropriate
Assess and document encryption standards for encryption at rest and in transit
Promote Information Security Awareness and provide training
Identifying and solving any problems that arise with computer networks and systems
Field System Support Administrator
Offutt Air Force Base
Omaha, NE
04.2018 - 02.2022
Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards
Ensured the implemented security safeguards were adequate to assure the integrity, availability, and confidentiality of the information being processed, transmitted, or stored consistent with the level of sensitivity of that information
Ensured system POA&M mitigations and timelines were adhered to and documented all changes that occurred
Communicating with end-users to explain technical information in a non-technical manner, resolved complaints, and assisted clients via email, phone, website, live chat, and over forums
Knowledge in configuring and troubleshooting desktop, workstations, and Network issues including, mobile systems and role-based access controls
Evaluating compliance against security and assessing the effectiveness of security plans and controls
Resolving complex network and application issues for customers
Document actions in tickets to effectively communicate and track information with team members in internal customers
Monitoring system activity which identifies unauthorized activity and malware on classified networks, utilized intrusion detection software to detect and report attempted system access, and reported suspicious activity
Identified opportunities for IT solutions to reduce the cost for Integrated Defense System (IDS) programs
Demonstrate knowledge of Network security concepts and information security best practices, TCP/IP networking, Unix/Linux operating systems and Windows logging and Active Directory
Providing help desk support for end end-user service requests which ensured server & application compliance with Department of Defense security requirements
Assisting units with planning, Setups, deployment, upgrade maintenance, and migration of network monitoring capabilities on large network enterprises
Ability to utilize report out functions in business software to yield informative reports, manipulate simple spreadsheets, develop tables/graphs, and combine into presentation style format
Knowledge of configuring, managing, and monitoring a TCP/IP network utilizing standard Linux tools
Scopes, plans, manages and executes SOC, ISO, and Healthcare advisory service engagements
Facilitates client workshops and ongoing strategy sessions for comprehensive security, privacy, and quality program implementation
Security Analyst (Lead)
Department of Veterans Affairs
Atlanta, GA
03.2015 - 04.2018
Ensured POA&M mitigations and timelines were adhered to and documented any changes that occurred
Reviewed status of Information Systems for modifications and assessed the impact to current system accreditation
Develop kickoff meeting slides and email
Validated system requirements, security policies and procedures, contingency plans, incident response plans
Performed technical assessments to ensure the system or application proposed for accreditation or connection met the classification and sensitivity levels of the systems and applicable policies, regulations, and standards
Assisted in the review of SP 800-171 SSP, SAP and other deliverables from vendors
Assisted in drafting “Authorization to Operate” (ATO) packages for new and existing systems
Complied with cyber security program implementation plan and ensured compliance with organization management policies
Ensured compliance with data security policies and relevant legal and regulatory requirements in accordance with organization directives and applicable Risk Management Framework (RMF) requirements
Review and updated annual deliverables such as SSP, CM Plan, CP Plan etc
With the program office
Uploaded artifacts such as PTA, PIA, CM Plan, CP Plan, SAR, POA&M, SSP in Archer
Completed SIA prior to changes to information systems
Completed monthly ISSO Checklist in Archer
Conducted Contingency Plan Test for assigned information systems
Information Security Analyst (Lead)
Department Of Army
Bowling Green, VA
04.2013 - 06.2014
Reviewed computer security procedures, updated policies, and monitored access to classified material
Conducted a risk assessment analysis and developed plans that safeguarded data from modification, destruction, or unauthorized release; conducted audits that identified and corrected vulnerabilities
Maintains an Enterprise level Information Technology system of access control, intrusion detection, and the associated physical, electronic, and technical security elements
Performs, or reviews, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies
Validates and verifies system security requirements definitions and analysis, establishes system security designs
Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification environments
Builds IA into systems deployed to operational environments
Perform system scans and convey mitigation strategies to engineering staff.
Security Specialist
ITT EXELIS, Inc
Kosovo
10.2011 - 02.2012
Gathering new user role onboarding requirements and approvals
Auditing and reviewing account lifecycle management; identifying and resolving inconsistencies
Researching new and innovative solutions and promoting process improvement
Working closely with our IT Support, IT Security, HR, and Vendor Management teams to ensure a fluid user onboarding experience.
Education
Bachelor of Science - Information Security
Western Governors University
ISO 27002, ISO 27017, NIST SP 800-53 rev4 and NIST SP 800-37 rev 2, NIST SP 800-18, NIST SP 800-34, NIST SP 800-60 Vol1&2, NIST SP 800-30, NIST SP 800-137, NIST SP 800-61, NIST SP 800-83, FIPS 199/200, FISMA, NIST Family of Security Control, POA&M, Incident, PCI - undefined
DSS - undefined
Skills
Implementing security programs
undefined
Certification
Certified Information Security Auditor (CISA)
Affiliations
Project Management Institute
ISACA
ISACA stands for Information Systems Audit and Control Association. It is a global professional association that focuses on IT governance, security, risk management, and audit. ISACA provides education, certification, and networking opportunities to its members.
ISACA was founded in 1969 and has grown into a worldwide organization with over 150,000 members in more than 180 countries. The organization is known for its globally recognized certifications, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), and Certified in the Governance of Enterprise IT (CGEIT).
ISACA also publishes research and best practices in the field of information technology, and hosts events and conferences for IT professionals to share knowledge and network with peers.
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
Information System Security Officer
William Beaumont Army Medical Center, WBAMC
09.2022
Information Assurance Analyst
White Sand Complex
02.2022 - 09.2022
Field System Support Administrator
Offutt Air Force Base
04.2018 - 02.2022
Security Analyst (Lead)
Department of Veterans Affairs
03.2015 - 04.2018
Information Security Analyst (Lead)
Department Of Army
04.2013 - 06.2014
Security Specialist
ITT EXELIS, Inc
10.2011 - 02.2012
Bachelor of Science - Information Security
Western Governors University
ISO 27002, ISO 27017, NIST SP 800-53 rev4 and NIST SP 800-37 rev 2, NIST SP 800-18, NIST SP 800-34, NIST SP 800-60 Vol1&2, NIST SP 800-30, NIST SP 800-137, NIST SP 800-61, NIST SP 800-83, FIPS 199/200, FISMA, NIST Family of Security Control, POA&M, Incident, PCI - undefined