Hi, I’m
Ruth Fianoo-Vidza
Cybersecurity Analyst
Cockeysville,Maryland
Summary
An innovative Cyber Security Assurance Analyst with a master’s degree in cyber security technology and proven expertise in FISMA Compliance and vulnerability management. I have over seven years of experience in Information System Security with focus on Risk Management Framework (RMF) NIST 800-37, Assessment and Authorization, vulnerability management and operational policy and procedures. Experience in all phases of preparing and reviewing complete assessment and authorization (A&A) packages for information systems and applications as defined by the Federal Information Security Modernization Act (FISMA 2002). Demonstrated ability to work in fast-paced environments, manage competing priorities, and collaborate effectively with cross-functional teams. Adept at communicating technical concepts to non-technical stakeholders and providing guidance on security best practices. Committed to ensuring the confidentiality, integrity, and availability of organizational assets through continuous monitoring and proactive security measures.
Overview
7
years of professional experience
3
Certifications
Work History
Maryland Department of Health
Information System Security Officer
09.2021 - Current
Job overview
- Support the team task with the review of security artifacts, assessment reports, and memos for proper implementation and compliance with applicable regulatory requirements, policies and standards
- Support leadership to identify capability gaps in vulnerability management services by analyzing Plans of Action and Milestones (POA&Ms) associated with the facility or system
- Conduct analysis and aggregation of Security Control and POA&M evidence from various sources
- Maintain knowledge of current RMF security trends and be able to clearly communicate them to the client
- Analyze vulnerability assessment data to identify technical risks to the organization
- Assist client in identification and reduction of findings at a site and enterprise level
- Assess the Cyber security risk of IT systems documenting them in formal risk assessments and supporting artifacts associated with the Assessment & Authorization (A&A) process
- Work with team members to interview, examine, and test client systems to determine compliance with security control descriptions, applicable policies and standards as well as develop security assessment reports and other related deliverables according to established schedules.
Richcroft Inc
Information System Security Officer
07.2019 - 09.2021
Job overview
- Ensured security policies, procedures; recommendations comply with FISMA, NIST, Organizational guidelines and technical best practices
- Analyzed and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
- Assisted System Owners and ISSO in preparing assessment and authorization (A&A) package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53, NIST SP 800-171
- Collaborated with ISSOs of other FISMA systems to ensure continued compliance with security control inheritance conditions
- Utilized Tenable Nessus Network Security and WebInspect vulnerability scanners to identify system vulnerabilities and assist SO and team to mitigate findings for threat reduction
- Developed and maintained Continuous-monitoring programs for the CSP solutions in line with organization ISCM policies, FISMA and FedRAMP requirements
- Represented the organization at the FedRAMP PMO meetings on Risk Assessment Report (RAR)and agency authorization process including Kick-off meetings
- Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
- Familiar to vulnerability scanning and GRC/IA tools (Nessus and CSAM)
- Documented test results, develops and recommends corrective actions, and develops and documents residual risk and risk assessment statements
- Provided support to the Security Director for maintaining appropriate operation information assurance (IA) posture for the program.
RisGroup LLC
IT Risk & Compliance Consultant
06.2018 - 07.2019
Job overview
- Facilitated interaction and communication between Information Systems, Internal Audit, and external auditors
- Provided employee training on risk and compliance related topics, policies, or procedures
- Provided assistance to internal or external auditors in risk and compliance reviews
- Keep informed regarding pending industry changes, trends, and best practices and assess the potential impact of these changes on organizational processes
- Verified that all firm and regulatory policies and procedures have been documented, implemented, and communicated
- Prepared and reviewed documentation, including risk assessment reports, certification and accreditation (C&A) packages, and plan of actions and milestones (POA&M)
- Reviewed systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades
- Supported RisGroup system accreditation and Ongoing Assessment and Ongoing Authorization processes and activities to ensure the implementation of NIST SP 800-53 security controls
- Participated in ongoing meetings for systems undergoing the ATO (Authorization to Operate) process and the continuous monitoring of systems with full ATO
- Provided management and Ongoing Authorization (OA) Compliance Support to include Risk Management Framework (RMF) and FISMA compliance, Security Release management, Security Authorization and OA, and DHS policy Directives and Cyber Orders
- Supported the Risk Management and Compliance Lead by providing support to maintain ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions
- Recommend improvements on the security risk posture through new SOPs, tools, or methods
- Maintained, track and report risk, including creation and management of relevant metrics, across the enterprise.
Arc of Baltimore
Information Assurance Analyst
01.2017 - 06.2018
Job overview
- Conducted kick off meetings to collect systems information (information type, boundary, inventory, etc.) and categorized systems based on NIST SP 800-60
- Conducted security control assessments to assess the adequacy of management, operational privacy, and technical security controls implemented
- Security Assessment Reports (SAR) were developed detailing the results of the assessment along with Plan of Action and Milestones (POA&M)
- Developed system security plans to provide an overview of federal information system security requirements and described the controls in place or to meet those requirements
- Created and updated the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Security Test and Evaluations (ST&Es), Risk assessments (RAs), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action, and Milestones (POAMs)
- Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 800-53 standards
- Performed vulnerability assessment, making sure risks are assessed and proper actions taken to mitigate them.
Education
University of Maryland Global Campus UMGC
Master Of Science - Cybersecurity Technology
Morgan State University
Bachelor of Science
Community College of Baltimore County
Associate in arts/General studies
Skills
Cyber SecurityInformation SecuritySecurity OperationsNetwork SecurityVulnerability AssessmentIncident ResponseThird Party AnalystSecurity Policies and ProceduresSecurity Awareness TrainingEmerging Cyber ThreatsAccess ControlsIdentity ManagementCompliance and RegulationsAnalytical ThinkingProblem SolvingCommunication SkillsTeamworkAudit and AccountabilitySecurity Assessment and AuthorizationCompliance TestingVulnerability ScansRisk AssessmentChange ManagementConfiguration ManagementContingency PlanningPolicies and ProceduresImplementation SSPE-AuthorizationPIAPTASORNPOA&MSARSAPCMPMOUISAOMB Circular A-123 Appendix ANIST 800-53NIST 800 53ANIST 171FIPS 199FedRAMPISO/IEC 27002:2015 (Information Security Management)SAS-70/SSAE 16COSO/COBITSarbanes-Oxley ActeMASSTenable NessusMS OfficeMicrosoft WindowsMS VisioRemedy TTSE-AuthSharePoint
Disaster Recovery Planning
Identity Management
Access Control Management
Vulnerability Scanning
Compliance Management
Information Governance
Organizational Skills
Problem-Solving
Risk Assessment
Attention to Detail
Interpersonal Communication
Disaster Recovery
Excellent Communication
Analytical Thinking
Problem-solving abilities
Team building
Time Management
Procedure Documentation
Security assurance
Written Communication
Security metrics
Reliability
Data Security
Self Motivation
Developing security plans
Multitasking
Team Collaboration
Interpersonal Skills
Continuous Improvement
Active Listening
Relationship Building
Decision-Making
Analytical Skills
Adaptability
Professionalism
Teamwork and Collaboration
Time management abilities
Effective Communication
Goal Setting
Security Planning
Adaptability and Flexibility
Security Needs Assessment
Problem-solving aptitude
Log Analysis
Two-Factor Authentication
Security policy development
Patch management
Intrusion Detection
Data Encryption
Network Security
Incident Response
Disaster Recovery Planning
Certification
CompTIA Security+
Citizenship
US Citizen
Timeline
Information System Security Officer
Maryland Department of Health
09.2021 - Current
Information System Security Officer
Richcroft Inc
07.2019 - 09.2021
IT Risk & Compliance Consultant
RisGroup LLC
06.2018 - 07.2019
Information Assurance Analyst
Arc of Baltimore
01.2017 - 06.2018
University of Maryland Global Campus UMGC
Master Of Science - Cybersecurity Technology
5 2023
Morgan State University
Bachelor of Science
5 2014
Community College of Baltimore County
Associate in arts/General studies
5 2010