Tony Washington

• Working knowledge of NIST SP 800-37, SP 800-39, SP 800-53, SP 800-53A, SP 800-34, SP 800-18, SP 800-128 during documentation, review and update.
• Reviewed and updated System Security Plan (SSP) using SP 800-18 guidelines.
• Reviewed and updated Risk Assessment (RA) using NIST SP 800-30 guidelines.
• Reviewed and updated Contingency Plan (CP) using NIST SP 800-34 guidelines.
• Reviewed and updated documentation for SOPs & Audit artifacts
• Performed Information Systems Security Audits and Certification and Accreditation (C&A) Test Team efforts.
• Tracked vulnerabilities from identification to remediation and verification.
• Performed Security Impact Analysis (SIAs) for all proposed changes to production environments and provided guidance/approvals for requested changes to application/system.
• Provide support for project/workstream management activities.
• Implemented NIST 800-53 r5 security and privacy controls in compliance with FISMA, HIPAA, and FedRAMP.
• Execution of Contingency Plan testing (CPT), Incident Response (IR) testing, and post-testing documentation.
• Serve as a trusted information security analyst to government clients
• Monitor security controls on ongoing basis to ensure continued effectiveness of controls.
• Planned and implement updates to System Security Plans (SSPs), Information Security Risk Assessments (IS RAs), Privacy Threshold Analysis (PTA), Privacy Impact Assessments (PIAs) and other security artifacts for program.
• Work with technical team to document requirements and test plans and coordinate deployment activities.
• IT security policy and procedure development, update and review, and response to audit request or audit support/coordination
• Coordinated system security audits with audit team and penetration testing with internal and external assessors for each COTS product and System maintained as part of Enterprise.
• Collected and managed all appropriate artifacts required to demonstrate security control compliance.
• Documented risks and monitor remediation.
• Performed risk assessments to help create optimal prevention and management plans.
• Managed POA&M process for designated IT systems and provided timely detection, identification, and alerting of non-compliance issues.
• Planned, developed, implemented, and maintained programs, polices, and procedures to protect integrity and confidentiality of systems.
• In-depth knowledge of penetration testing and intrusion detection on systems.
• Audited networks and security systems to identify vulnerabilities.
• Prepared and implemented Assessment and Authorization (A&A) documents and procedures.
• Reviewed and creation of mitigation reports from compliance and vulnerability scanning tools (Nessus, Synack and other tools).
• Successfully utilized multiple software systems such as Splunk, Unix, Linux, Windows, VMware, COBIT, ISO, SCO,
  SOAR, SIEM, SOC 1, SO2.
• Minimized risk of damage from security breaches by putting business continuity or disaster recovery plans in place.
• Applied cybersecurity policy and procedures to systems and networking in Enterprise environment in order to review controls and package artifacts for validity.

Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).

• Performed assessments of systems and networks within the networking environment and identify where those systems and networks deviate from acceptable configurations, enclave policy, or local policy includes support of process, analysis, coordination, security certification test, security documentation, as well as investigations and periodic audits.
• Document the results of Certification and Accreditation(C&A) activities and technical or coordination activity and prepare the system Security Plans and update the Plan of Actions and Milestones POA&M
• Investigate suspicious activity and collaborate with other technology associates to fully secure confidential information and systems as assigned.
• Performed onsite analysis, diagnosis and resolution of hardware for end users and provide recommendations and implement solutions.
• Assisted System Owners and ISSO in preparing certification and Accreditation package for company's IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.
• Performed Vulnerability Assessment. Made sure that risks are assessed, evaluated and proper actions had been taken to limit their impact on the information and information Systems.
• Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
• Conducted I.T controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard.
• IT security policy and procedure development, update and review, and response to an audit request or audit support/coordination.
• Support the development, documentation and management of security control plans that include IT security measures to attain and maintain compliance with various regulatory requirements, including but not limited to CMMC, NIST, FIPS, HIPAA, etc.
• Manage the day-to-day operations of the data privacy program, including incident response(IR), drafting privacy impact assessments(PIA), and managing data subject access requests.
• .Arranged SPLUNK information contributions by parsing parameters.
• Review system security plan (SSP) for accuracy and completeness.
• Coordinate and work with program management office to support project planning activities, including drafting, and maintaining robust project plans, documenting decisions and dependencies, and spotting and remediating potential gaps and weaknesses in program controls.
• Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied
• Provided technical support & Cyber security training to staff in a hospital
  environment.
• Served as technical and equipment liaison in the field to collaborate with Help Desk, Applications, Materials
  Management, and other support services.
• Worked with third party contacts and network supply teams as necessary to resolve transaction discrepancies in a timely manner.
• Evaluate the effectiveness of compliance policies, procedures, and processes, systems, and controls.
• Review completed documentation for completeness, accuracy, and quality.

• Assisted in development and implementation of security policies, procedures, and controls.
• · Initiated kick-off meetings to collect system information to assist in categorization phase using FIPS 199 and NIST SP 800-60.
• Tracked vulnerabilities from identification to remediation and verification.
• Assisted the POA&M process for designated IT systems and provided timely detection, identification, and alerting of non-compliance issues.
• Responsible for Information System Security policies, reviews, and updates.
• Performed risk assessment analysis to support certification and accreditation.
• Assisted in implementation of disaster recovery and business continuity plans to mitigate impact of potential
  security incidents or disruptions.
• Tracked, monitored, and documented compliance of security policies and procedures.
• Monitored security logs, investigating suspicious activities to detect and respond to security incidents. SIEM

• Administered information security testing and protection plans on PC rentals.
• Managed store budget of over 200 thousand year.
• Supervised 10-15 employees
• Supporting the A&A of the government environment, by providing guidance to, and coordinating the efforts of, relevant system operators across the environment.
• Administered information security testing and protection plans on PC rentals.
• Diagnosing, troubleshooting and resolving hardware, peripheral and software application issues.
• Handled troubleshooting and provided technical support on computer rentals and applications
• Supervised inventory control, ordering, record keeping and storage management

• Improved customer satisfaction ratings by implementing effective call center strategies and employee training programs.
• Oversaw successful implementation of new technology platforms that enhanced agent efficiency and provided valuable insights into customer behavior.
• Boosted first-call resolution rates by equipping agents with comprehensive product knowledge and troubleshooting skills through ongoing training workshops.
• Streamlined call center operations for increased efficiency through optimizing scheduling, staffing, and performance tracking processes.