| 20,000+ Fresh Resumes Monthly | |
|
|
| | Click here or scroll down to respond to this candidateCandidate's Name
Germantown, MD Street Address PHONE NUMBER AVAILABLE EMAIL AVAILABLE LinkedInCyber Information Security ExpertA dedicated cybersecurity compliance specialist with 10+ years of experience leading major technology assignments and delivering innovative solutions to high-level data security issues. Extensive knowledge in cyber operations is key to directing teams on initiatives in the areas of threat prevention, vulnerability testing, and risk reduction. Possess a record of success evaluating performance results and recommending changes that improve project growth and success. Able to design feasible solutions that successfully revamp cyber platform protocols to be safer and better protected.Areas of ExpertiseSecurity Control AssessmentsSecurity Evaluation & AuditsTechnical Solution DevelopmentSecurity Assessment Plans (SAP)Cyber Defense TechniquesTeam Oversight & GuidanceCurriculum Development & SupportSecurity Assessment Reports (SAR)Protocol ImplementationVulnerability ManagementRisk Assessments & MitigationGovernance Risk Compliance ToolsProfessional ExperienceSPRY METHODS Springfield, VA September 2022PresentSecurity Control AssessorUse Assured Compliance Assessment Solution (Nessus) and DISA Security Technical Implementation Guides (STIGs) to govern the rollout of security control assessments designed to detect, analyze, and exploit vulnerabilities of information systems.Leverage technical knowledge to update security assessment test plans and specify control testing parameters.Answer client inquiries and offer insights during meetings that aid in the understanding of all assessment goals.Analyze results using web assessment software, vulnerability scanning tools, and penetration testing tools.Verify the completion of IAVM scans for CAT 1, CAT 2, and/or CAT 3 findings that comply with best practices.Translate assessment results into summaries outlining complex vulnerabilities and risks to information systems.Engage with clients to offer advice on technical designs, strategies, and solutions to strengthen cyber security.Work alone and with teams to identify system risks and initiate actions that improve security control efforts.Identify needed improvements and apply proven principles and methodologies that remediate vulnerabilities.Support the National Geospatial-Intelligence Agency cybersecurity compliance with the Department of Defense.Perform security control duties as required using NIST SP 800-53A.Key Achievements:Able to complete multiple ATO in a Day (AiaD) assessments in a single day.Successfully completed assessments with over 11k controls alongside a team of 4 people.Entrusted as an A&A (RMF) subject matter expert with experience testing and assessing cybersecurity solutions.ALLIED UNIVERSAL Washington D.C. March 2018September 2022Security Control AssessorSet project scopes, delegated assignments to team members, and oversaw the successful execution of security control assessments, making adjustments as needed so deliverables are met on time and adhere to regulatory compliance measures.Planned and executed step 4 of RMF using NIST SP 800-53A Rev 4/5 and NIST SP 800-30.Reviewed vulnerability scan reports and liaised with stakeholders to discuss identified threats and best assessment practices to deploy.Developed SAPs, SARs, and entered test cases into a requirements traceability matrix.Uploaded artifacts into a Government Risk Compliance Tool.Reviewed assessment and authorization packages (CP, IRP, SSP, SAR).JENKINS LLC Washington, D.C. February 2015March 2018IT Security AnalystAssessed information systems using GRC Tool and utilized NIST SP800-37 and provided authorizations.Developed and reviewed SAPs and SARs for both cloud and non-cloud systems.Monitored selected controls, SSP updates, and scan reviews to gauge the overall health of security controls.Tested controls using NIST SP 800-53A rev 4/5. Supported the rollout of vulnerability scans and remediations alongside the system administrator.Developed POA&M for vulnerability scans and security controls that did not pass an assessment.Organized and facilitated table to exercises.Reviewed and updated policies and procedures to reflect regulatory requirements.Used NIST SP 800-18 to updated system security plans.Performed privacy impact analysis on systems Personally Identifiable Information.Key Achievements:Helped draft implementation statements for Technical, Operational, and Managerial Security Controls.QUALITY INVESTIGATION SERVICES Washington, D.C. April 2013January 2015Computer Help Desk TechnicianEngaged with clients and end users to understand their specific operational issues and tailored simulations designed to replicate operational problems.Evaluated problems with applications, workstations, servers and network components, and identified the root cause of malfunctions.Collaborated with network services, software systems engineering, and applications development experts to correct core problems.Key Achievements:Consistently developed sustainable solutions which lowered or eliminated user problems.EducationMaster of Science in Information Systems Management, Strayer University (Expected: 2025)Bachelor of Science in Criminal Justice, Strayer University (2019; Magna Cum Laude)ClearancesTop Secret SCI clearance w/CI-poly CASP+ CYSA+ CISA (In Progress)Technical SkillsNIST SP 800-Series (800-53, 800-53A, 800-30, 800-18) XACTA Service Now STIGs SWAP CPT SATE GALAXY ECAM CAM TRACKER THREADFIX GitLab |