Lawrence Aikins

Competent Information System Security Engineer with over 5 years of experience in Information Assurance/System Security, with focus on Risk Management Framework (RMF) NIST 800-37, Vendor/Third Party Risk Management, Assessment and Authorization, vulnerability management and operational policy and procedures. Experience in all phases of preparing and reviewing assessment and authorization (A&A) packages for information systems and applications as defined by the Federal Information Security Management Act (FISMA 2002), including firsthand experience distinguishing and managing risks to keep systems secure. Excellent technical competence exhibited throughout career. Eager and easily learns new emerging skills in related fields.

• Certified Information Security Manager (CISM), ISACA, 2022-02-15
• PMP| PMI, PMI, 2022-06-15
• Certified in Risk and Information System Control (CRISC), ISACA, 2023-12-31
• CompTIA Advance Security Practitioner (CASP+), CompTIA, 2023-12-31
• CGRC, (ISC)2, 2020-11-08
• CEH, EC-Council, 2020-05-16
• CompTIA Security+, CompTIA, 2021-06-04

• (ISC)2, 2020-11-08
• ISACA, 2022-01-24
• Project Management Institute, 2022-06-15

• Parsons Corporations, Manassas, Virginia, Principal Information Security Specialist, 2022-12-01, Present, Served as a Subject Matter Expert (SME) on Information Assurance (IA) and provided support in operational, technical and process of system Assessment & Authorization (A&A) packages, which included development and analysis of required policies and other deliverables as required throughout the RMF lifecycle, to obtain and maintain Authorizations to Operate (ATOs) for assigned DoD programs., Provided full RMF lifecycle support, including, but not limited to, assistance with system security categorization, system security control selection, tailoring, enhancement, system security control assessments and implementation, artifacts, and continuous monitoring support. Conducted risk and vulnerability assessments of systems and implemented security configurations utilizing DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) and automated scanning software., Serve as Subject Matter Expert (SME) on database management systems and/or more technologies/skills related to A&A activities utilizing such systems of record as Xacta/eMASS, Analyzed system design, identified risks, documented findings, and provided mitigation plan of action. Participated in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies and disaster recovery plans and procedures., Maintained awareness and knowledge of evolving security and risk management standards and applied relevant changes to existing processes., Be the forefront lead on A&A issues that may be preventing the system/enclave from receiving an ATO, Assess system compliance against NIST, DoD, JSIG, and other security requirements to include the NIST 800-53 controls and DISA STIGs/SRGs. Collaborated closely with business stakeholders, supplier contacts, and other IT service teams on documentation, POAMs, network security design, implementation, threat mitigation., Worked with system administrators, engineers, ISSM, ISSO, and security POCs to create or update system/site policies, procedures, and process guides. Analyzed vulnerability scans of information systems and assisted in remediation tasks. Developed, updated, and/or review RMF documentation to include Plans of Action and Milestones (POA&Ms) and Risk Assessment Reports.
• DelTaah Tech Consulting, College Park, Maryland, Lead Information Security Analyst, 2020-01-01, 2022-12-31, Assured IT security policies, standards and procedures by reviewing updating and maintaining the documentation of System Security Plan (SSP), Security Test and Evaluation (ST&E), Security Assessment Report (SAR), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Incident Reports, Configuration Management Plan Test Report and ensured compliance. Discover risks in compliance with Federal Information Security Management Act (FISMA) guidelines, while performing Assessment and Authorization (A&A), leveraging risk Management Framework (RMF). Assist in establishing a continuous monitoring strategy to monitor and track security related defects and the status of their resolution using SPLUNK reports and make recommendation to the client. Creating SARs, SSPs, and POA&Ms artifacts to remediate deficiencies found. Assess security of major applications, update POA&Ms and monitor to meet remediation deadlines. Effectively support ISSO by reviewing POA&Ms artifacts prior to closing. Recognize risk level by conducting accurate risk assessments. Perform Vulnerability Management, Assessment and Authorization, Security Engineering, and Computer Network Defense to support cyber security examination. Track POA&M to guarantee closure and supply updates where required in Risk Vision or XACTA. Display Leadership skills, by supporting teams with the design, development, and documentation of various systems. Actively avoiding system outages, adhering and educating users to adhere to safety requirements and control procedures. Analyzing Nessus Vulnerability and Compliance results for remediation to avoid possible damage to the network and Information Systems. Familiar with DISA Security Technical Implementation Guides (STIG); conducting manual reviews, interpreting STIG guidance, and implementation recommendations. Familiar with drafting documentation, relating to vulnerabilities. (POA&Ms, Waivers, Risk Acceptance, etc.) Develop and evaluate remediation action plans for information systems to ensure security concerns are given due consideration during development.
• Douala IT Services, Baltimore, Maryland, Cyber Security Analyst, 2017-04-01, 2019-12-31, Maintained and ensured implementation of applicable RMF based documentation, including the System Security Plan (SSP), Security Test and Evaluation (ST&E), Security Assessment Report (SAR), Interview questionnaire, Plan of Actions and Milestones (POA&M), Privacy Impact Assessment and Incident Reports. Addressed oversight of system security documentations consisting of the Privacy Impact Assessment (PIA), Memorandum of Understanding (MOU), Information System Contingency Plan (ISCP), Disaster Recovery Plan (DRP), Risk Assessment etc. in accordance with FISMA. Executed surveillance and adjustments to Plan of Action & Milestones (POA&M) which directed required corrective actions, after routine assessments were completed. Identified vulnerabilities to maintain system ATO status. Drove meetings with key audience, categorized IT systems, defined system boundaries, established and facilitated information security standards and procedures that adhered to information security and risk management policies, standards, and guidelines. Provided guidance to clients by utilization of the Nessus reports, established a strategy for constant oversight of defects that threatened security, and the resolution status. Assessed the Information Systems to ensure compliance with the Federal cyber security outlines by conducting NIST SP 800-53A assessments on internal systems through personnel interviews, examining of Policies and Procedures, testing of Security controls based on the evidence provided by the client (PBC artifacts), documentation review, recommended corrective actions, and prepared findings reports. Analyzed and defined security guidelines for assigned information system using appropriate tools. Prepared for, participated in, and supported security certification and NIST-800-53 based compliance audits (FISMA, FedRAMP, 800-171). Experienced with advising Cloud Service Providers. Reviewed and processed monthly vulnerability scan results for assigned systems and work with the technical teams to ensure vulnerabilities are remediated on time. Supported the development and maintenance of vulnerability management services, including vulnerability scanning, vulnerability assessment, and provided advisory and tracking support for vulnerability remediation.
• Micron Technologies, Manassas, Virginia, Process Technician, 2010-08-01, 2017-04-30, Leveraged role as a first responder, maximized and facilitated efficiency. This encompassed products not tracking/staging, data not downloading, tool lockups, and lot processed verification. Improved function of workstation by management of task status, updates added, such as pertinent product information, detailed comments, effectively passed on. Spearheaded resolutions of noted concerns that impacted overall fab performance, alerted management and other key stakeholders. Guided and resolved bottlenecks and automation matters. Partnered to resolve scheduling and all automation problems. Supported application of best practices for improvement and solving problems. Acted as project lead and team lead, improving performance of fab and process areas. Boosted reduction of cycle time, improving product momentum, also supporting advanced engineering. Headed research of workstation historical data performance, this produced area of required improvement.
• LKA Computer Consultant Inc., College Park, Maryland, Help Desk/Cabling Technician (Tier 1), 2009-09-01, 2010-08-31, Provided expert technical support, resolved and troubleshooted all computer systems related events. Fixed hardware, software and printer complaints via phone or at the workstation. Responded readily to customer queries for assistance. Constructed all types of computer network infrastructure, Local Area Networks (LANs), and Wide Area Networks (WANs). Installed Security Cameras and Access control systems. Great customer service skills exhibited in an ongoing manner. Collaborated to provide key problem-solving solutions, assisted in resolving computer systems failures by assigning ticket severity, prioritized work accordingly and collaborated with other staff and vendor support resources to resolve issues. Coordinated with contractors and vendors to repair office equipment’s such as printers, copiers and workstations. Maintained an inventory and database of IT related assets, including hardware, software and peripherals. Provided office equipment to office staff as requested through remedy ticketing systems.