Summary
Overview
Work History
Education
Skills
Clearance
Certification
Timeline
Generic

Shanice Benton

Summary

Top Secret SCI eligible US Navy Veteran Spouse with over 9 years of experience in cybersecurity compliance and risk management, expert in FISMA/NIST frameworks and vulnerability assessment. My key achievements include enhancing cybersecurity compliance efficiency by 30% through process automation and leading strategic initiatives that saved $300K in annual labor costs. Seeking a Information System Security Officer or Security Control Assessor position where I can leverage my compliance management skills to support your mission of safeguarding critical information systems and ensuring regulatory adherence.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Senior Information Assurance Security Specialist

OBXTEK Inc.
04.2022 - Current
  • Worked closely with system stakeholders to ensure systems supporting the Department of State met FISMA, NIST 800-53 Rev 4/Rev 5, and internal DOS security requirements throughout the RMF lifecycle.
  • Reviewed system System Security Plans (SSP), design updates, and engineering changes to confirm security controls were implemented correctly and remained aligned with DOS policies and configuration standards (STIGS).
  • Supported ATO and continuous monitoring activities by preparing and collecting evidence, updating the Security Assessment Package, and responding to questions from ISSMs, SCA reviewers, and the AO team.
  • Performed analysis for over 170+ proposed Significant and Non-Significant changes to the system and documented the impact and risk to the system. These changes included software updates, cloud migrations, firewall modifications, and new integrations.
  • Monitored assigned systems for compliance with DOS baseline configurations, STIG requirements, and approved hardening guidelines.
  • Worked directly with system stakeholders to address configuration drift or non-compliant settings.
  • Met with vulnerability management teams to review Nessus results, verify findings, and track remediation efforts utilizing Jira as our working tool.
  • Maintained accurate and current SSPs, network diagrams, inventories, and artifacts to ensure they reflect the operational environment with DOS approved GRC tool (Xacta/Archangel).
  • Provided follow-up guidance to ensure vulnerabilities were resolved with the Department timeframe.
  • Managed POA&Ms by documenting weaknesses, validating mitigation plans and tracking progress with technical teams and leadership until closure.
  • Provided day-to-day guidance stakeholders regarding Department policies to include FAH/FAM, account management practices, configuration requirements, and general security expectations.
  • Mentored and trained new employees on DOS specific policy and procedures, improving Team success rate of 33%.

Mid – Level Cyber Security Analyst

Sev1Tech
07.2021 - 04.2022
  • Determined system vulnerabilities and residual risk based on analysis of technical artifacts, interviews, and evaluation of current system state
  • Evaluated effectiveness of proposed mitigations
  • Recommended technical/policy changes to mitigate cyber risk
  • Supported programs and projects with security and information assurance requirements elicitation based on customer and subject matter expert communication and independent research
  • Conducted Security Categorization Reviews
  • Validated NA control for Information Systems
  • Performed security control assessments for complex Information systems

Cyber Security Analyst

Broadleaf
10.2019 - 07.2021
  • Developed, reviewed, and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
  • Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
  • Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
  • Performed risk assessments, helped review and update, Plans of Action and Milestones (POA&M), Security Control Assessments.
  • (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
  • Monitored controls post authorization to ensure constant compliance with the security requirements.
  • Conducted Annual Assessment based on NIST SP 800-53A
  • Documented findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).
  • Reviewed and analyzed Nessus Vulnerability and Compliance scans for possible remediation.
  • Assessed systems of varying scope and complexity and comprised of various technologies.
  • Created standard templates for required security assessments and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
  • Provided weekly status reports on ongoing tasks and deliverables.

IT Security Analyst

Randstad Technologies
05.2017 - 10.2019
  • Supported the Security Assessment and Authorization process of the clients' systems as a technical Security Analyst.
  • Developed, reviewed, and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
  • Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
  • Assisted with updating IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
  • Performed risk assessments to identify the risk level associated with the findings.
  • (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
  • Monitored controls post authorization to ensure constant compliance with the security requirements.
  • Reviewed artifacts regarding Plans of Action and Milestones (POA&M) created by ISSO before closing.
  • Documented findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).
  • Reviewed and analyzed Nessus Vulnerability and Compliance scans for possible remediation.
  • Assessed systems of varying scope and complexity and comprised of various technologies.
  • Provided weekly status reports on ongoing tasks and deliverables.

Junior IT Security Analyst

Randstad Technologies
10.2015 - 05.2017
  • Assisted in conducting cloud system assessments
  • Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements
  • Supported Cyber Security Analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation (C&A), and Computer Network Defense.
  • Performed risk assessments, updated and reviewed System Security Plans (SSP) using NIST 800-18 (Guide for Developing Security Plans for federal information systems), Plans of Action and Milestones (POA&M), Security Control Assessments, and Configuration.
  • Responsible for conducting analysis of security incidents.
  • Performed investigations of unauthorized disclosure of PII.
  • Responsible for reporting findings and provide status to senior leadership.
  • Performed escalations to Regional Computer Emergency Response Team (RCERT) when required.
  • Performed vulnerabilities scan and monitored continuously using NIST 800-137 as a guide with the aid of Nessus.

Education

A.S. - Computer Science

ECPI University
Glen Allen
01.2012

Skills

  • Risk Management Framework
  • SA&A
  • NIST 800 series
  • FIPS 199/200
  • CNSS-1253
  • FedRAMP
  • Nessus
  • Security Assessment Report (SAR)
  • Security Assessment Plan (SAP)
  • Microsoft office suites
  • Detail oriented
  • Archangel
  • eMASS
  • Xacta
  • Security Impact Analysis
  • Confluence
  • MS Teams
  • SharePoint
  • FAH/FAM
  • Assessment and Authorization (A&A)
  • Confluence
  • Jira
  • NIST 800-53 Rev 4
  • NIST 800-53 Rev 5
  • POA&M

Clearance

Active Top Secret Clearance SCI Eligible

Certification

  • CompTIA CySA+
  • CompTIA CASP (SecurityX)

Timeline

Senior Information Assurance Security Specialist

OBXTEK Inc.
04.2022 - Current

Mid – Level Cyber Security Analyst

Sev1Tech
07.2021 - 04.2022

Cyber Security Analyst

Broadleaf
10.2019 - 07.2021

IT Security Analyst

Randstad Technologies
05.2017 - 10.2019

Junior IT Security Analyst

Randstad Technologies
10.2015 - 05.2017

A.S. - Computer Science

ECPI University

Similar Profiles

  • James WilliamsJames Williams

    AC130J Special Mission Aviator Contract Instructor at 19th SOS/OBXtekAC130J Special Mission Aviator Contract Instructor at 19th SOS/OBXtek

  • DAVID SHEADAVID SHEA

    CV-22B Simulator Instructor at OBXtekCV-22B Simulator Instructor at OBXtek

  • Jerry TebebeJerry Tebebe

    Poweplatform Platform/SharePoint Developer at ObxtekPoweplatform Platform/SharePoint Developer at Obxtek

  • Arthur BaylorArthur Baylor

    Supervisory IT Specialist (INFOSEC) Chief Information Security Officer, Chief of Information Assurance Branch/Bureau Chief Privacy Officer at National Telecommunications and Information AdministrationSupervisory IT Specialist (INFOSEC) Chief Information Security Officer, Chief of Information Assurance Branch/Bureau Chief Privacy Officer at National Telecommunications and Information Administration

  • ROHAN AMARAMROHAN AMARAM

    Information Security Assurance Specialist at Australian SuperInformation Security Assurance Specialist at Australian Super

CREATE PROFILE
Shanice Benton