Information Security Analyst
Cybersoft Information Technology
Feb 2009 – Current
Assisted customers in performing Federal Information Security Management Act (FISMA) audit reviews using NIST 800-37 rev 1.
- Updated IT security policies, procedures, standards, and guidance in consistent with departmental and federal requirements.
- Performed risk assessments, developed and reviewed System Security Plans (SSP), Plan of Actions and Milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other task specific security documentation.
- Performed vulnerability, discovery and baseline scans on the client network using Retina Network Security Scanner (RNSS) and Tenable Nessus. Results of these efforts was that all documentation was delivered on schedule, security controls were properly implemented and documented and customers were able to pass security auditing without additional costs.
- Developed Rules of Behavior (RoB), Interconnection Security Agreement (ISA) and Memorandum of Understanding (MoU) for the client.
- Track and report Plan of Action and Milestones.
- Worked with product developers and system implementers, to insure that security countermeasures were properly applied.
- Familiar with NIST Publications SP 800-18, SP 800-30, SP 800-37 rev 1, SP 800-53 rev 3, SP 800-53A, SP 800-60 and Federal Information Standards (FIPS) Publications, FIPS 199 and FIPS 200.
- Solid skills in documentation.
- Excellent interpersonal skills in communications, client relations and customer service.
- Worked with IT Operations and Network Engineers to mitigate system vulnerabilities discovered in network devices (routers, switches, VPN Concentrator), servers, and workstations.
Technical Support Specialist
Exxon-Mobil Nigeria Limited
Jun 1999 – Dec 2001
Responsibilities performed during the job are:
- Provided desktop support for over 120 clients in the Exxon Mobil region by phone or in person as needed to minimize downtime
- Supported as necessary on a 24-7 basis to limit system down time during internal or external outages and peak enrollment periods
- Identified, isolated and repaired computer equipment showing wear and tear as well as during preventative maintenance routines
- Provided computer help desk support via telephone communications with end-users.
- Performed diagnostics and troubleshooting of system issues, documented help desk tickets/resolutions, and maintained equipment inventory lists.
- Provided client support and technical issue resolution via E-Mail, phone and other electronic medium.
- Configured client's equipment to connect to the Internet via modem/DSL Router (Dialup/DSL customers only).
- Configured software to connect to Internet application servers.
- Provided training to clients in the use of system and applications as related to Internet.
- Obtained general understanding of OS and application operations related to company offered services.
- Identified and corrected or advised, on operational issues in client computer systems.
- Performed light lifting 25lbs.
- Responsible for performing account management such as creating and disabling accounts.