Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

ACHE FORSAB

TOP SECRET / LinkedIn Pofile Ache Forsab

Summary

Accomplished Information System Security Officer with extensive experience at Peraton, specializing in risk management frameworks. Demonstrated success in implementing security controls and engaging stakeholders, resulting in improved compliance and security postures. Skilled in vulnerability scanning and incident response, fostering a resilient network security environment. Seeking to leverage expertise to further enhance organizational security strategies.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Information System Security Officer (ISSO)

Peraton
Virginia Beach, VA
08.2019 - Current
  • Conduct FISMA-based security risk assessments for various government contracting organizations and application systems, including interviews, tests, and inspections, produced assessment reports and recommendations, conducted outbriefings
  • Utilize processes within the Security Assessment and Authorization environments such as system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation and continuous monitoring
  • Provide Support on Risk Management Framework and Continuous Monitoring processes
  • Support in the team of information security professionals to conduct Security Authorization packages (C&A) based on NIST standards for general support systems and major applications
  • Provide input to management on appropriate FIPS 199 impact level designations and identify appropriate security controls based on the characterization of the general support system or major applications
  • Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
  • Provide guidance and quality assurance to the system owner and ISSO on the development of C&A documentation
  • Support the risk management process by determining and assigning risk impact ratings for systems by Federal Information Processing Standards (FIPS) 199, which determines the level of effort required for the certification
  • Accreditation process of a system and determines the security controls for the protection of an information system
  • Review Technical Security Controls and provided implementation responses as to if/how Systems are currently meeting the requirements
  • Assist in the review of policy, security alerts, guidance, regulations, and technical advances in IT Security Management
  • Contribute to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management
  • Perform comprehensive Security Assessments as part of Assessment and Authorization process to determine if controls are being implemented correctly, operating as intended and meeting the desired objectives
  • Prepare Assessment and Authorization (A&A) packages, which include but are not limited to SSP, SAP, RTM, RA, SAR and POAM for ATO
  • Review the A&A Packages to ensure they remain current, and security operations are in compliance with NIST 800-53 standards, FISMA and organization's policies and procedures
  • Assist in developing and maintaining information security policies, standards and procedures relating to Management, Operational and Technical controls
  • Provided assessment reports on the severity of findings/weaknesses and recommended corrective actions for mitigating vulnerabilities and exploits to the information and information system
  • Reviewed the PAOM to validate the items uploaded in the POAM tracking tools to support the closed findings and coordinate promptly with stakeholders to ensure timely remediation of security weaknesses
  • Provide expert analysis and advice on systems and programs related to IT security problems and provide recommendations
  • Performed vulnerability scans for Database, Network and Web Application for clients using Nessus and gather information necessary to maintain system security
  • Conduct Privacy Threshold Analysis (PTA) and recommend Privacy Impact Analysis where necessary
  • Provide routine support of IT security programs to ensure that security objectives of Confidentiality, Integrity and Availability are met
  • Perform Assessment and Authorization on General Support Systems (GSS) and Major Applications to ensure environments are operating within strong security posture

Information Security Control Assessor and Security Analyst

Covestic Inc
Houston, TX
07.2016 - 08.2019
  • Monitor computer networks and analyze packets captured using Wireshark to identify potential security issues
  • Work with other teams to identify potential threats to various aspects of the network
  • Perform vulnerability scans using Nessus to detect potential risks assets across the enterprise network
  • Leverage Nessus to identify systems compliance risk levels, identify non-compliance issues, security vulnerabilities and manage remediation activities
  • Follow up to ensure security vulnerabilities identified are regularized promptly by respective teams
  • Communicate security gaps with remediation recommendations to respective system owners
  • Investigate security breaches and other forms of cybersecurity incidents and report accordingly
  • Document security incidents and assess the extent of the damage caused
  • Develop, coordinate, implement, and maintain standards and procedures to protect the security and integrity of information systems and data
  • Determine countermeasures against threats identified from analyzing network traffic
  • Review of logs and alerts from IDS/IPS devices, DLP system, and Splunk daily
  • Provide support and security overview on cloud-based solutions implementation, including private, community, hybrid, and public cloud deployment models
  • Develop, reviews, and evaluated System Security plan based NIST special publications SP 800-53r4
  • Provide detailed status updates on existing cybersecurity incidents daily to include follow up with client/customer to ensure satisfactory resolution
  • Configure Database Maintenance Plans for Backups, Re-indexing, and Reorganization of Indexes, Cleanup History, and Update Statistics
  • Relocation/migration of Databases from one server to another
  • Using Visual Studio to create connection strings
  • Ability to Modify existing databases to meet unique needs and goals determined during the initial evaluation and planning process according to the SLAs
  • Open to learning new skills and applying them to daily tasks thereby improving efficiency and productivity
  • Provide, supported, and monitored databases by proactively resolving database incidents and maintaining Database servers
  • Ability to Test programs and databases to identify issues and make necessary modifications if necessary
  • Ability to Set up user profiles and access levels for each database segment to protect important data
  • Provide well-designed Databases and data models
  • Drive monthly patching activities to maintain compliance with SQL Services
  • Monitor incident ICM queues and investigate issues based on priority
  • Communicate with the hardware team to provide information on hardware issues
  • Provide work windows for maintenance Drive server for Software Development lifecycle of servers (rebuild, upgrade, decommission)
  • Implementing and troubleshooting database disaster recovery models like database partitioning mirroring, log-shipping, replication, clustering, and always-on availability group

Education

Master of Science - Cybersecurity Technology

America Intercontinental University
Houston
09.2020

Bachelor of Science - Cybersecurity Technology

American Intercontinental University
Houston
09.2019

Skills

  • Security control implementation
  • Risk management framework
  • Incident response
  • Security policy development
  • Security risk assessment
  • Compliance auditing
  • Investigative skills
  • Continuous monitoring
  • Vulnerability scanning
  • Network security analysis
  • Third-Party Vendor Risk Management
  • Workplace violence prevention
  • Data, infrastructure, and network protection
  • Leadership and cross-functional team management
  • Documentation skills
  • Stakeholder Engagement, Communication, and Collaboration

Certification

  • CompTIA Security+
  • CISSP
  • CISM
  • PMP

Languages

English
Professional

Timeline

Information System Security Officer (ISSO)

Peraton
08.2019 - Current

Information Security Control Assessor and Security Analyst

Covestic Inc
07.2016 - 08.2019

Master of Science - Cybersecurity Technology

America Intercontinental University

Bachelor of Science - Cybersecurity Technology

American Intercontinental University

Similar Profiles

  • Deepthi Chava

    Deepthi ChavaDeepthi Chava

    Sr Business Analyst at PeratonSr Business Analyst at Peraton

    View Profile
  • Kevin Hewitt

    Kevin HewittKevin Hewitt

    Background Investigator at PeratonBackground Investigator at Peraton

    View Profile
  • Miguel Greganda

    Miguel GregandaMiguel Greganda

    Project Control Coordinator/Special Investigator VI (Certified Field Trainer) at PeratonProject Control Coordinator/Special Investigator VI (Certified Field Trainer) at Peraton

    View Profile
ACHE FORSAB