Yolanda P Carlton
Silver Spring,United States
Summary
Mission-focused IT Cyber Security Specialist with years of experience working to alleviate data compromise and cyber threats. Highly trained and knowledgeable in implementing effective security strategies that are compliant with government regulations. A resourceful Information Systems Security Manager with definitive leadership qualities and strong critical thinking and decision making skills.
Overview
13
13
years of professional experience
Work History
Information Systems Security Manager (ISSM) GG13
Defense Information System Agency
06.2016 - 10.2025
- Provide (IA) Information Assurance, (ISSM) Information System Security Management support to SE51, Mobility PMO and EVOIP/ECVOIP
- Collaborated with cross-functional teams to integrate security measures into project lifecycles.
- Provide ISSM-level support across directorate systems and are commonly responsible for conducting Assessment and Accreditation tasks supporting the Authorizing Official; issuing system-level ISSO appointment letters; ensuring IA personnel are compliant per the requirements of DoD 8570.01-M; approving DD 2875 System Authorization Access Request (SAAR) for users requiring access to various repositories (Accounts & Support) to conduct necessary duties.
- Utilized the following necessary tools to carryout key ISSM roles; eMass, RTS, CMRS, SIPRNet, DITPR, ESPS, NIPRNet, and SNAP.
- Initiated Assessment and Authorization (A&A), a DISA Risk Management Executive (RME) process completed by ISSMs to initiate and process authorization requests for an Authority to Operate (ATO) a program/enclave. Initiated an Interim Authority to Test (IATT) , granted prior to system production and establishment of test objectives.
- Request an Authority to Operate (ATO) package after the eMASS package has been established. Performed additional tasks associated with the A&A process such as reviewing Change Request (CR), Plan of action & Milestone (POA&M), and Renewals.
- Decommission systems at end of systems life cycle.
- Ensure that any action taken in response to an applicable vulnerability issuance or STIG is properly reflected while managing vulnerability and risk assessments, including preparation and review of critical documentation such as System Security Plans (SSPs), Risk Assessment Reports, and Certification and Accreditation (C&A) packages. (This is a federal job)
- Managed incident response processes, ensuring timely resolution of security breaches.
Information System Security Officer (ISSO)
Keyw Corporation
09.2015 - 05.2016
- Ensured Industrial Information Systems were in compliance with current Security regulations and governing policies. Ensure that the systems have proper safeguards to protect classified data.
- Perform Inspections of information systems at contractor sites nationwide and assist with certification and accreditation.
- Use C&A process for the review and development of security procedures, and policies.
- Utilized experience with windows, Red-hat Linux, Solaris, and common security tools (Nessus, NBSA, & SECSCN).
- Review and approve SSPs and addendums applying DCID 6/3, ICD 503, and NISPOM chapter 8.
- Utilize strong communication and written skills to provide feedback, and guidance in briefings to management.
Cyber Security Analyst
Mantech International
08.2012 - 09.2015
- Performed cyber incident handling in a classified 24x7x365 network operations center at Langley, VA & FBI Headquarters DC.
- Mitigated and reported phishing, malware, firewall, hacking, and spoofing attacks against US government systems.
- Monitor perimeter, system, endpoint, and data controls to provide defense-in-depth protection across multiple tiers of the intelligence system architecture.
- Provided input in development of Agency security architecture and tool requirements for network intrusion defense.
- Implemented methodology using Arc sight Use Case UML and identified procedures for correlating security events.
- Facilitated compliance with FEDRAMP, FISMA, NIST, and related Agency security regulations.
- Developed Cyber Incident Management Framework and Standard Operating Procedures for cyber incidents.
- Performed evaluations of Continuity of Operations (COOP) procedures and architecture.
- Determined if security events monitored should be escalated to incidents and followed incident response procedures.
- Correlated IDS and IPS alerts with data from other sources such as firewall, web server, and DNS logs.
- Provide support for the A/V hotline and appropriately document each call in an existing tracking database.
- Analyzed data and analytics to determine evolving trends, patterns, and strategies of cyber attackers.
- Coordinate with appropriate organizations regarding possible security incidents.
- Produce reports identifying significant or suspicious security events to appropriate parties. Include latest security threat information that tie back to specific intrusion sets of nation state actors when possible.
- Reviewed data with firewall administrators, engineering, system administrators to determine the risk of an event.
- Review and evaluate network modifications and recommend security monitoring policy updates.
Education
M.S., Master of Cyber Security - Cyber Security
University of Maryland University College
Adelphi, MD, United States04.2012
Skills
- Incident response
- Network security
- Intrusion detection
- Threat analysis
- Vulnerability assessments
- Risk management
- Compliance management
- Identity management
- Patch management
- Policy and control implementation
Timeline
Information Systems Security Manager (ISSM) GG13
Defense Information System Agency
06.2016 - 10.2025
Information System Security Officer (ISSO)
Keyw Corporation
09.2015 - 05.2016
Cyber Security Analyst
Mantech International
08.2012 - 09.2015
M.S., Master of Cyber Security - Cyber Security
University of Maryland University College