|
|
Title: |
Security Analyst
|
Location: |
US-District of Columbia-Washington/Metro
|
Work History: |
Albert E. Ngini
9562 Standon Place, Columbia, MD 21045
Tel: (410) 487-2079 Email: esugu@hotmail.co.uk US Citizen with AN ACTIVE SECURITY CLEARNACE (TOP SECRET)
Objective:
Seeking a Security Analyst position in a Federal Government Agency or a growth oriented Organization with focus on FISMA, system security monitoring, risk assessments; and testing information technology controls.
Education:
B.S in Accounting, Strayer University, Washington, DC
Professional Training
A+, Computer Institute, Rockville, MD
Client / Server Programming Certificate, Ashburn, VA
IHG Property Management System Certificate, Columbia, MD.
FISMA Compliance Certificate, FISMA Center, Columbia, MD
Enterprise Certification & Accreditation Training
Information Systems Security training
Certification & Accreditation Document Review training
Information Assurance Awareness training
Information System Security Officer/Information System Security Manager training (ISSO/ISSM)
Skills Summary:
Participate in the FIPS 199 process in which security categorization takes place
Ability to provide support and guidance through the 4 phases and 6 levels of C&A, including monitoring of the C&A artifacts compliance, annual self-assessment (NIST 800-53A) completion.
Review and update the Authorization To Operate Letter (ATO)
Ability to utilize TAF (Trusted Agent FISMA) and RMS (Risk Management Systems) to enforce FISMA data consistencies and increase efficiencies in FISMA Compliance.
Ability to use DHS 4300A (Sensitive System Handbook) guidelines.
Ability to develop POA&M (Plan of Action & Milestone) document to take corrective actions resulting from ST&E (System Test & Evaluation)
Ability to utilize Cyber Security Assessment and Management Tool (CSAM)
Support FISMA Reporting
Ability to utilize Retina for automated vulnerability scanning.
Work effectively in a team environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
Ability to multi-task, works independently and as part of a team, shares workloads, and deal with sudden shifts in project priorities.
Ability to communicate effectively to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with IT security.
Windows NT/2000/XP operating system & Windows Server 2003
Setup and Configure. Backup/Restore/Import/ Export SQL and Oracle databases.
PC Anywhere, Net Meeting and WebEx connectivity software to remotely troubleshoot hotel software and hardware.
Have working knowledge of Microsoft Office Suite
Professional Experience:
Security Analyst 01/2011Pres. LS3 Technologies/Dept of Labor, Washington, DC
I am part of a C & A team responsible to assist the ISSO and the System Owner to prepare the certification and accreditation document sets for mission-critical, general support systems and a Major Application for an agency in the Department of Labor. I evaluate existing documents & their currency; recommend improvements; develop an improved Configuration Management method; derive C&A Checklists based on NIST, OMB & industry best-practice standards. I develop a Security Control Assessment (SCA) Plan; perform security test and evaluation (ST&E), web servers, web sites, workstations, database systems, firewalls, routers and switches, etc. I review and update the Systems Security Plan (SSP), Risk Assessment (RA), Contingency Plan (CP), Contingency Plan Test (CPT) configuration management plan, and other security documentation to ensure accuracy and completeness in compliance with NIST special publications and organization policy. I Analyze vulnerability scan results on Windows, Solaris, and Linux systems. I assess and evaluate systems security controls, develop Security Assessment Reports (SAR), create, review, track, and update system Plans of Actions and Milestones (POA&M). I complete information system documentation required to support an Authority to Operate (previously called C&A). I verify management, operational, and technical controls using the National Institute of Standards (NIST) Guidelines Special Publications (SP) 800-53 rev3 and do annual assessments based on 800-53A. I participate in exit conference tasks to summarize key findings and recommendations.
Security Analyst 04/201001/2011. LCG Systems/US Coast Guard, TIS-331, VA.
I was part of a C & A team responsible for coordinating the certification and accreditation process of the General Support Systems for field sites and telecommunication centers. I evaluated the security posture of the USCG enterprise systems, and made recommendations to the System Owner (SO), Information System Security Officer (ISSO), Certifying Authority (CA) and the Authorizing Official (formerly DAA). I worked in an Integrated Project Team (IPT) environment requiring interaction with other security analysts, users, and client managers in identifying requirements, specifications and project planning activities. I performed in a fast-paced environment where project deadlines were critical and multiple projects ran in parallel while being self-managed and self-motivated. I required occasional work outside of normal business hours and does less than 25% travel. I reported to the Senior Systems Security Analyst. I created and implemented all security documentations required for the certification and accreditation, and took the system through full accreditation. I conducted security awareness training and expected rules of behavior for end-users. I identified and evaluated the technical, management, and operational security controls. I also provided and supported procedures for reporting and responding to security incidents. Had access to DHS site-minder system using specialized tools such as RMS and TAF to produce and enhance certification activities which included Annual Assessment, Risk Assessments report (RA), System Security Plans (SSP), Contingency Plans (CP), CP Test Plans and results, Security Assessment Report (SAR), Point of Action & Milestone (POA&M), Interconnection Security Agreements (ISA), and certification recommendation , Security Test & Evaluation (ST&SE) and Security Evaluation reports that will result in Accreditation of all systems.
FISMA C & A Analyst 07/06 03/2010 MJHS Corp. /Dept. Of Labor, Washington, DC
Performed Certification and Accreditation (C&A) activities for the Department of Labor. I worked as part of a team that updated and reviewed system information data, c&a documentations, assisted with FISMA reporting, ensuring that management; operational and technical controls for securing either sensitive Security Systems or IT Systems are in place and are followed according to Federal Guidelines (NIST 800s documents). This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. Additional responsibilities include reviewing and updating artifacts on supporting System Test and Evaluation (ST&E) efforts and other support to the IT Security Office. I conducted the IT Risk Assessment and document key controls, conduct meetings with the IT Division team to gather evidence; develop test plans; testing procedures and document test results and exceptions. I supervised and monitored the FISMA testing of System software support, information security, and operations for window applications. I interfaced with user community to understand their security needs and implemented procedures that ensures user community understood the necessary procedures to maintain security. I assisted the security team with accurate evaluation of the level of security required to mitigate identified risks and/or achieve compliance. I performed in a fast-paced environment where project deadlines are critical and multiple projects run in parallel while being self-managed and self-motivated. I require occasional work outside of normal business hours and does less than 25% travel.
Information Systems Analyst 04/04 07/06 Micros Systems, Inc Columbia, MD
Provided remote analysis and support for domestic and international hotels using Opera Property Management System (PMS). Documented all call logs in Clarify Case Management Application. Configured operating systems, printers and ensured network connectivity. I traveled to all the IHG hotels in the US and Canada and installed, implemented and trained hotel staffs in utilizing the Opera Software. I provided training/coaching/mentoring as necessary to all Level I Analysts. I created a user-friendly method that improved trouble ticket processing time. I resolved network issues utilizing various troubleshooting utilities such as ping, trace route, etc. I worked with the C&A team to support the implementation of NIST Standard-related Special Publications in areas of planning, training, and preparation for contingency and disaster recovery operations. I used and applied knowledge of C&A guidelines (SP 800-37), and the documentation and preparation of related documents. As an information systems analyst, I reviewed vulnerability assessment using DISAs SRR (Security Review Report on Windows) and vulnerability scanning tools such as Retina, Gold disk and Nmap on a challenging and complex system-wide information assurance/system security environment requiring analysis of user, operational, policy, and resource demands.
Application Support Analyst 11/00 - 03/04. Essential Information Systems, Rockville, MD
I was responsible for managing clients and internal personnel that needed assistance with the Essential Information Systems software (notably, the Environmental Health & Safety and the Fugitive Emission Management System). I performed detailed software/systems analysis to characterize and solved software/systems related problems. I developed and documented software/systems related problem and clearly communicated the solution to clients in a reasonable time frame. I was also responsible to restore exports of SQL/Oracle databases; established data source connections and analyzed software issues as reported by clients. I installed software, software upgrades and established data source connection to the database. I verified that all customers equipments were installed and connected in accordance with manufacturer specifications and set standards. I made sure that all environmental issues had been addressed/and or corrected. And I provided internal support to setup computers, software and provided systems/software analysis resources to sales, product management and development teams.
References available upon request.
|
Skills: |
NIST SP 800 series
|
Education: |
B. S Accounting
|
Endorsements
|
 |
Albert has received 0 endorsements.
|
Albert has endorsed 0 Members.
|
| |
Rank |
Title |
Location |
Status |
Actions |
|
Public Messages
|
|
| From |
Date |
Message |
No public messages. |
|
|
