Experience

• 

  Apexs systems consulting llc

  Mar 2016 - Feb 2018

  Isso

  • Conduct and support security control assessments based on NIST SP 800-53 Rev. 4, NIST SP800-53A Rev. 4, and NIST 800-37 Rev.1.• Analyze results from vulnerability scanning tools such as Nessus• Develop Security Assessment Plans (Saps), Security Assessment Reports (SARs), and Plan ofAction and Milestone (POA&M) reports.• Provide security advisory services to clients in preparing for an ATO.• Develop and review System documentations such as Security Plan, Configuration ManagementPlan, Security Impact Analysis (SIA), System Characterization Document (SCD), Contingency Plan,Incident Response Plan, Business Impact Analysis etc.• Design and Conduct walkthroughs, formulate test plans, test results and develop remediationplans for each area of the testing.• Create update Standard Operating Procedure (SOP) for process flows and quality enhancements• Ensure compliance to guidance, standards and regulations such as NIST Special Publications,FIPS, FedRAMP, and other federal regulations and policies• Worked with ISSO in preparing certification and Accreditation (C&A) package for IT Systems.• Developed and updated the following Security Assessment and Authorization (SA&A) artifacts;FIPS 199, Risk Assessments Report (RAR), Privacy Threshold Analysis (PTA), Privacy ImpactAnalysis (PIA), Contingency Plan, Security Test and Evaluations (ST&Es)• Conducted FISMA compliance security control assessments to ascertain the adequacy ofmanagement, operational, technical and privacy controls.• Developed, reviewed and updated System Security Plan (SSP) in accordance with NIST SP 800-18.• Provided support to external audit teams as required• Analyzed and updated system documentation and Plan of Action and Milestones (POA&M)• Requested and analyzed required and appropriate artifacts to close Plan of Action and Milestone(POA&Ms) from SCAS Show less

• 

  Cyber force consulting llc

  Apr 2018 - now

  Isso

  Implemented and maintained a formal information systems security program with RMF• Assisted with developing, reviewing, maintaining and overseeing information systems securityplans (SSPs) and Assessment/Authorizations in accordance with company policy• Performed manual and system level audit reviews of systems to track multiple events includingany signs of inappropriate or unusual activity, data transfers, etc. Reports any findings to the ISSM• Performed recurring self-assessments on all systems under their purview to ensure compliancewith documented security requirements• Detect any system level vulnerabilities and Prepare detailed report of findings and ensures properprotection or corrective measures are taken by developing a Plan of Action and Milestones (POAM• Continuously updated all required system documentation, including the SSP, POAM, RiskAssessment Report• Performed the steps involved in the execution of the Risk Management Framework (RMF),including generation of documentation, controls compliance testing, and continuous monitoringactivities for stand-alone systems Show less