| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Mobile Phone: PHONE NUMBER AVAILABLE e-mail: EMAIL AVAILABLELocation: Crofton MD. Street Address
Public Trust Clearance: ActiveEmployer: Gunnison (Health and Human Services (HHS))Title: Team Lead FedRAMP SME & Advisory ISSO, Snr. Engineer and Project ManagerDuration: October 2021 PresentProvided technical and strategic subject matter expertise for federal side FedRAMP activities and led and trained FedRAMP technical SMEs.Performed independent compliance reviews, tracking, and continuous monitoring of newly submitted packages.Advised and assist the Government System Lead the FedRAMP assessment and analysis of cyber security documentation for federal and client information systems.Worked with the Federal System Owner with the Authorization-to-Operate lifecycle and manage the Cloud Service Provider registration process to maintain authorization.Member of the HHS Information Security Continuous Monitoring (ISCM) Strategy and Program Tiger Team - this initiative is a direct result of OMB Memos regarding Security of Federal Information and Information Systems, specifically M-20-04, M-19-02 and M-14-03- Lead on the CPT CMMC initiative. Involved in CEO interviews, artifact collection and overall compliance with the DOD Cybersecurity Maturity Model Certification (CMMC). CMCC is designed to ensure that cybersecurity controls and processes adequately protect Controlled Unclassified Information (CUI). The DFARS directed DoD Contractors to self-attest that adequate security controls were implemented within contractor systems to ensure that CDI confidentiality was maintained based on the NIST 800-171.Led the organization's FedRAMP compliance efforts, including developing and implementing a comprehensive strategy and roadmap.Served as the primary technical point of contact for all FedRAMP-related activities, collaborating with cross-functional teams to ensure alignment and adherence to requirements.Conducted initial assessments and gap analyses to identify areas of non-compliance and develop remediation plans as needed.Worked closely with internal and external stakeholders to define and document security controls and requirements for FedRAMP compliance.Provided technical guidance and support to project teams throughout the FedRAMP authorization process, including system design, implementation, and testing.Coordinated with third-party assessors and auditors to facilitate FedRAMP assessments and audits and ensure timely resolution of findings.Stayed current with updates and changes to FedRAMP requirements and communicate implications and requirements to relevant stakeholders.Developed and maintained documentation, policies, and procedures related to FedRAMP compliance.Provided training and awareness sessions on FedRAMP requirements and best practices to internal teams.Employer: Oracle/ Cerner Corp. (AbleVets LLC)Title: Lead/ Senior Information System Security Engineer (ISSE), Information Assurance Analyst & Security Control AssessorDuration: December 2018 October 2021Develop security requirements and considerations for system connections/interfaces in the form of a formalized document.Review, develop, and customize general security configuration baselines for NIST, CIS and DISA.Support the definition and refinement of a standardized process/framework to integrate security considerations into the development of 20+ system interfaces for the program.Ability to perform security analysis to determine gap, compensating/mitigating controls, and residual risk, utilize IDS/IPS to tailor security requirements.Identify security risks through the security impact analysis, system risk assessments and technology security risk reports.Apply knowledge of security principles, policy, and regulations to daily tasking working with development teams and ensure proper security controls/requirements are incorporated into the design/development process.Implement the Cyber Security requirements of IT systems and applications documenting them in formal security engineering documents using Risk Management Framework and supporting artifacts associated with risk assessments.Organize, develop, and present security briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements on security assessments, whitepapers relating to computer and network security technologies and tools.Effectively and efficiently communicate and collaborate with external and internal stakeholders to ensure security is built in the program.Analyze security evaluation tool results from Tenable Nessus, Nmap, Wireshark and Metasploit as needed.Assist with ATC, A&A, C&A process for DOD/VA, DHA systems on-prem and Cloud.Assist in assessment and ATO process of security controls and systems ensure security controls such as Least privilege, separation of duties, encryption, defense in depth and more are properly implemented and document and working as intended.Assist with baseline updates and creation to ensure compliance with benchmarks and organizational policies (STIGS, DISA, CIS and more).Knowledge of the National Vulnerability Database (NVD) and Common Vulnerability Enumeration (CVE) for continuous Monitoring.FEDRAMP and cloud packages (Google, O365, AWS and more); SaaS, IaaS, PaaS. Assisted with assessments, reviewing /updating implementation details, POA&Ms and artifacts.Assist with Organizational migrations (On-prem to cloud) for different environments like Windows, and UNIX.Assist with policy reviews and documentation creation (Security Impact Analysis (SIA), SOP and more).Assist with compliance, vulnerability scans and remediation (Nessus, Qualys).Employer: General Data Tech (Dulles, VA)Title: Senior Federal Compliance AnalystDuration: October 2018 December 2018Conduct a FedRAMP readiness study to provide the Agency with an assessment of their capabilities to achieve FedRAMP accreditation. This includes performing a current state FedRAMP readiness review of the Agency on-premises cloud capabilities and providing the Agency with a roadmap to become FedRAMP accredited.Reviewing existing Agency security documentation, performing interviews of key personnel, and reviewing technical control implementations of the existing Cloud environments.Collaborate with 3PAOs (Coal fire) to prepare application materials demonstrating that the organization meets both technical competence in security assessment of cloud systems and management requirements for organizations performing inspections.Reviewed and assessed security assessment plan to include a comprehensive set of procedures for assessing the effectiveness of security controls employed in the cloud environment and enabling more consistent, comparable, and repeatable assessments of security controls customized for cloud applications.Develop security assessment reports to include all the assessment results and assigned mitigation strategy for each risk; perform analysis on each finding to promote a better understanding of the risks to organizational operations; organizational assets, and individuals.Develop NIST / FISMA / FedRAMP SA&A documentation for systems and networks undergoing certification and validate the quality of deliverables produced by the team.Assess risks, identify mitigation requirements and develop accreditation recommendations; be responsible for tracking SA&A requirements for assigned systems within the agency and validate that tasks are on schedule, and ensure the delivery of quality documentation.Assist in the creation of SA&A packages with the responsibility for gathering information from system owners, applying data to the appropriate templates, and attending meetings in support of the effort.Assist in responding to requests for information from OMB A-123, FISMA, GAO, and external auditors. Follow Agency procedures to gather and track information.Develops and implements information assurance/security standards and procedures.Conducted vulnerability scans with Nessus and Webinspect and worked with team to remediate vulnerabilities.Coordinates, develops, and evaluates security programs for an organization; recommends information assurance/security solutions to support customers requirements.Actively participate in client discussions and meetings.Employer: Smithsonian Institution (Herndon, VA)Title: Information System Security Officer / Security Control AssessorDuration: September 2017 October 2018Conduct and document security risk assessments.Experience developing and maintaining system security documentation, including but not limited to System Security Plans, Security Assessment Reports, Contingency Plans, and Interconnection Security Agreements.Ability to identify and assess risks and recommend appropriate remediation strategies.Experience developing and updating Plans of Actions and Milestones (POA&Ms) and overseeing efforts to rectify issues found as a result of security vulnerabilities and security controls analysis.Ability to evaluate proposed changes to IT systems for potential security risks and impacts and advise system stakeholders on those risks and proposed mitigations.Perform and document system categorization in accordance with Smithsonian procedures.Work with System Owners to develop and maintain System Security PlansoTests, assess, and document security control effectiveness. Collect evidence, interview personnel, and examine records to evaluate effectiveness of controls.oDocument assessment evidence and develop assessment reports to document findings and actionable recommendations.Perform continuous monitoring of security control effectiveness.Work with System Owners to develop and perform periodic testing of contingency/DR plans.Work with System Owners to develop, provide training, and perform periodic testing of incident response plans.oReview, analyze, and coordinate remediation of vulnerability scans and other vulnerability information. Recommend corrective action and review remediation actions for effectiveness.Review and coordinate the remediation of control deficiencies and audit findings.Maintain Plans of Actions and Milestones (POA&Ms) and provide timely updates on their status.Experience performing the full cycle of system Assessment and Accreditation (A&A) activities.Assist System Owners with developing and reviewing Interconnection Security Agreements, and Memoranda of Understanding.Perform system assessments and reaccreditations within required timeframes.Perform configuration baseline compliance reviews.oPrepare requests for waivers and exceptions.oReview proposed system changes for security impact.Provide advice and assistance to stakeholders on security-related issues.Provide timely response to audit requests.Assist System Owners with developing security requirements for system projects.Good working knowledge of the National Institute of Technology (NIST) Risk Management Framework (RMF).Perform and document system categorization in accordance with Smithsonian procedures.Review and respond to system audit logs and alerts.oSupports and comply with Technical Review Board and Change Control Board activities for assigned systems.oDevelop good working relationships with customers and other stakeholders and provide advice and assistance to stakeholders on security-related issues.oCollaborate with Smithsonian ISSO colleagues on the planning and implementation of enhancements to the Smithsonians system risk management processes.Help achieve FISMA compliance and Authority to Operate (ATO) for systems based on guidance from the NIST SP 800-37 Risk Management Framework (RMF).Develops and reviews security categorizations using FIPS 199 and NIST SP 800-60 to determine if the categorization is adequate and commensurate with the data that is processed.Perform and develop Privacy Threshold Assessments (PTA) and Privacy Impact Assessments (PIA) in coordination with the system owners and stakeholders.Document review and update System Security Plans (SSP) using NIST 800-18 as a guide.Plan meetings with Systems Owners, Privacy Office and upper management.Coordinate and track remediation of security weaknesses as they are discovered, via the Plan of Actions and Milestones (POA&M).Provides system stakeholders with recommendations on how to best remediate identified issues based upon NIST guidelines and industry best practice such as the utilization of an IAM, Scanners, SIEM and more.Support my team with the review of Contingency Plans (CP) and perform Contingency Plan Tests (CPT).Ensure that artifacts are maintained and updated in accordance with NIST guidelines and organizational policies and procedure.Determine the Information Security Objectives of the information systems by protecting the Confidentiality, Integrity and Availability of the clients systems.Develops and reviews risk acceptance memorandums to ensure that accepted risks have appropriate justifications and mitigations.Supports security controls assessment efforts by preparing and providing evidence artifacts.Supports the client in performing the NIST RMF process to ensure that they comply with security and complete their annual SA&A requirements using the Cyber Security Asset Management (Archer) tool to manage the SA&A workflow and associated document.Review IT security policies, procedures, standards and guidelines according to department and federal requirements using steps of the SA&A (Security, Assessment and Authorization).Review System Security Plan (SSP).Request and review scans from vulnerability scanning personnel.Create Security Assessment Reports (SARs), and review Plan of Action and Milestone (POA&M) Reports.Conduct Security Testing based on NIST SP 800-53 Rev. 4, NIST SP 800-53A.Ran and reviewed vulnerability scans to ensure remediation with the Engineering team as required (Tenable Nessus, Qualys).Assisted with FEDRAMP packages (AWS, Azure, O365, Gov Cloud and more): Assessed /prepared FEDRAMP packages for assessments with the IG and 3PAO, created POA&MS, updated implementation details and artifacts.EDUCATION:Honor Society: NSLS Honor Society 2022School: North Central UniversityDegree PHD Candidate in Cyber SecurityExpected Graduation: December 2026School: North Central UniversityDegree Masters in Cyber SecuritySchool: University of MarylandDegree BS in Business administration and FinanceCERTIFICATIONS:Certs/ date: CompTIA Security+ ce Certification October 21, 2023 October 21, 2026Cert/ date: Certified in Cybersecurity (CC) October 1st, 2023 October 31, 2026Cert/ date: CompTIA Linux (Powered by LPI)Cert/date: EMASS August 2019REFERENCE AVAILABLE UPON REQUEST |
