Uploaded File
add photo
Desmond
deswilson2009@ymail.com
202-834-6619
Riverdale, MD 20737
IT Security Analyst
7 years experience W2
0
Recommendations
Average rating
8
Profile views
Summary

  • A well detailed individual as an Information Security Analyst/Security Assessor/ Information Assurance, Privacy and Data Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), NIST 800 - 53 Rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev3 and 800-34,FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, FedRAMP Security Assessment Framework, POA&M, Incident and Contingency Planning. Used Splunk for monitoring logs, alerts and aggregations.

Experience
IT Security Analyst
Information Technology
May 2016 - present
  • Risk Management Framework (RMF) Using NIST 800-37 as a guide, assessments and Continuous Monitoring: Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment. Responsible for the Assessment and Authorization (A&A) documentation (FIPS 199, E-Authentication Worksheet, Security Assessment Plan (SAP), System Security Plan (SSP), POA&M, Risk Assessment and Assessment of Key Security Controls for assigned systems.
  • Worked with Certification and Accreditation team; performed risk assessment; updated System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA), and Plan of Actions and Milestones (POA&M)
  • Develop and maintain documentation for C&A in accordance with Federal policies.
  • implement Risk Management Framework (RMF) in accordance with NIST SP 800-37
  • Implemented the Risk Management Framework (RMF) across multiple programs in accordance with National Institute of Standards and Technology (NIST) and Federal policy and directives.
  • Responsible for the Assessment and Authorization (A&A) documentation (FIPS 199, E-Authentication Worksheet, Security Assessment Plan (SAP), System Security Plan (SSP), POA&M, Risk Assessment and Assessment of Key Controls for assigned systems.
  • Performed data gathering techniques (e.g. questionnaires, interviews and document reviews) in preparation for assembling C&A/A&A packages and also ATO
  • Prepare and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification, and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
NIST Risk Assessment Risk Management RMF Security Analyst System Requirements POA&M Documentation
Remove Skill
Information Assurance Analyst
Information Technology
Apr 2015 - May 2016
  • Develop and update the system security plan and other IA documentation.
  • Maintain operational security posture for an information system or program.
  • Work as a key team member of the RMF process for assigned systems to ensure that the controls are adequately categorized, selected, implemented, assessed, authorized and monitored.
  • Worked with Certification and Accreditation team; performed risk assessment; updated System Security Plan (SSP), contingency plan (CP), Privacy Impact Assessment (PIA), and Plan of Actions and Milestones (POA&M)
  • Prepare and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification, and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
  • Develop and update the system security plan and other IA documentation.
  • Selected baseline security controls; applied tailoring guidance and supplemental controls as needed based on risk assessments.
  • Provide support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave
  • Provide support to ISSMs for implementing, and enforcing information systems security policies, standards, and methodologies.
  • Dell, ( Inovalon Client) Contractor January 2013-March 2015
  • Advanced PC Technician
  • Windows Deployment and Migration Team
  • Work independently following deployment instructions and accurately filling out computer refresh paperwork.
  • Worked with IVANTI, Dell CDM imaging Software to image new PCs.
  • Remotely ran imaging, Back and restore request through IVANTI on several PC's.
  • Maintain accurate record of installation including, but not limited to, quantities, serial numbers and asset numbers of installed hardware.
  • Receive equipment and racks on the dock, while completing all inbound quality checks. Escalate to lead with any issues.
  • Demonstrates use of Quality Improvement in daily operations
  • Create and manage Group Policies across the environment.
  • Work with Group Policies
  • Worked with Medassurant and inovalon global servers.
  • Assure compliance with security and controls for Active Directory and Windows operating system.
  • TECHNICAL SKILLS:
  • FISMA and FIPS Standard Guidelines to comply with federal and private agencies.
  • NIST 800 series, 80037, 800: 60 vol. 2, 800-53, 800-53A, 800-18, 800-30, 800-137
  • Networking: LANs, WANs, VPNs, Routers, Firewalls, TCP/IP
  • Software: MS Office (Word, Excel, Outlook, Access, PowerPoint)
  • Excellent knowledge of the use of CSAM and Xacta in POA&M management.
  • IDS/IPS: ISS, Snort- Source fire
  • Vulnerability Scanning Tool: Nessus
  • Tools of POA&M: CSAM AND XACTA
  • Security Monitoring: Splunk
  • Penetration Testing Tool: Kali Linux
Compliance Linux Microsoft Excel Windows WAN Testing Tools TCP/IP System Requirements Splunk Security Monitoring Scala Routers RMF Risk Assessment POA&M Penetration Testing NIST Nessus MS Active Directory Ivanti IMAGE IDS FISMA Firewall Documentation Dell Cisco FirePOWER Actor
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Skills
Documentation
2021
6
NIST
2021
6
POA&M
2021
6
Risk Assessment
2021
6
RMF
2021
6
System Requirements
2021
6
Risk Management
2021
5
Security Analyst
2021
5
Actor
2016
1
Cisco FirePOWER
2016
1
Compliance
2016
1
Dell
2016
1
Firewall
2016
1
FISMA
2016
1
IDS
2016
1
IMAGE
2016
1
Ivanti
2016
1
Linux
2016
1
Microsoft Excel
2016
1
MS Active Directory
2016
1
Nessus
2016
1
Penetration Testing
2016
1
Routers
2016
1
Scala
2016
1
Security Monitoring
2016
1
Splunk
2016
1
TCP/IP
2016
1
Testing Tools
2016
1
WAN
2016
1
Windows
2016
1
Data Security
0
1
Information Security
0
1