Profiles search
Colette Chofong
Information System Security Officer/ Cyber security analyst
Upper Marlboro, MD, United States
Details
Education:
Bachelor's degree
Cyber Security Management and Policy
University of Maryland Global Campus
2019 : 2021
Cyber Security Management and Policy
University of Maryland Global Campus
2019 : 2021
Experience:
• Improved client FISMA scorecard from failing to passing scores within 6 months by developing a complete A&A package within 2 months, ensuring their C&A packages, security policies, and procedures, and POA&Ms were maintained and assisting in remediation.
• Minimized client’s systems vulnerabilities ahead of schedule by efficiently implementing security solutions and safeguards tailored to the client's unique environment.
• Reviewed violations of computer security procedures and developed mitigation plans.
• Monitored computer virus reports to determine when to update virus protection systems.
• Encrypted data and erected firewalls to protect confidential information.
• Developed plans to safeguard computer files against modification, destruction, or disclosure.
• Performed risk analyses to identify appropriate security countermeasures.
• Monitored use of data files and regulated access to protect secure information.
• Conducted security audits to identify vulnerabilities.
• Recommend improvements in security systems and procedures.
• Engineered, maintained, and repaired security systems and programmable logic controls.
• Worked within applicable standards, policies, and regulatory guidelines to promote safe working environment.
• Developed Security Assessment Plans (SAPs); conducted assessments per NIST SP 800-53A; documented findings; remediation actions and prepared reports on management, operational, technical, and privacy security controls for audited applications and information systems.
2018 : Present
T&N Reliable Nursing care
Information Security Analyst
• Discussed project progress with customers, collected feedback on different stages and directly addressed concerns.
• Created service level agreement for IT operational functions and help desk operations.
• Instructed proposal team in use of computer software graphical elements, page design and aesthetic standards.
• Conducted research on network products, services, protocols and standards for network procurement and development efforts.
• Implemented and managed operating systems and software, security systems and intrusion detection systems.
• Established data migrations to cloud services, including Office 365 and Microsoft Azure virtual machines
• Coordinated with stakeholders and contractors to maintain a clear line of communication for scope, costs, and schedules
• Monitored and worked to drive down incident levels by identifying issues before they occurred and resolved them as planned work
2016 :
Cisco Systems Inc
IT Consultant
• Developing and maintaining a cybersecurity strategy for IT in accordance with DHA and DoD guidance, NIST RMF 800-53 R4, and industry best practice.
• Supporting the development, revision, and finalization of IA documentation, including eMASS documentation and authority to operation (ATO) package preparation
• Increased by 10% the number of daily reports reviewed by improving the report template and streamlining the information layout.
• Providing RMF knowledge and analysis of specialized applications and operational environments, high-level functional systems analysis, design, integration, documentation, and implementation advice on exceptionally complex problems that need extensive knowledge of RMF implementation.
• Delivered reports and data documentation for clients and internal management, which simplified future deployments and integrations of internal software with enterprise-level SIEMS such as ArcSight, Splunk, and QRadar.
• Actively monitored over 350 re-occurring internal /external vulnerability assessments for 50 clients.
• Reviewed A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT)
2017 : 2019
Arrowpoint Corporation
Senior Risk Management Framework Subject Matter Expert (RMF SME)
• Minimized client’s systems vulnerabilities ahead of schedule by efficiently implementing security solutions and safeguards tailored to the client's unique environment.
• Reviewed violations of computer security procedures and developed mitigation plans.
• Monitored computer virus reports to determine when to update virus protection systems.
• Encrypted data and erected firewalls to protect confidential information.
• Developed plans to safeguard computer files against modification, destruction, or disclosure.
• Performed risk analyses to identify appropriate security countermeasures.
• Monitored use of data files and regulated access to protect secure information.
• Conducted security audits to identify vulnerabilities.
• Recommend improvements in security systems and procedures.
• Engineered, maintained, and repaired security systems and programmable logic controls.
• Worked within applicable standards, policies, and regulatory guidelines to promote safe working environment.
• Developed Security Assessment Plans (SAPs); conducted assessments per NIST SP 800-53A; documented findings; remediation actions and prepared reports on management, operational, technical, and privacy security controls for audited applications and information systems.
2018 : Present
T&N Reliable Nursing care
Information Security Analyst
• Discussed project progress with customers, collected feedback on different stages and directly addressed concerns.
• Created service level agreement for IT operational functions and help desk operations.
• Instructed proposal team in use of computer software graphical elements, page design and aesthetic standards.
• Conducted research on network products, services, protocols and standards for network procurement and development efforts.
• Implemented and managed operating systems and software, security systems and intrusion detection systems.
• Established data migrations to cloud services, including Office 365 and Microsoft Azure virtual machines
• Coordinated with stakeholders and contractors to maintain a clear line of communication for scope, costs, and schedules
• Monitored and worked to drive down incident levels by identifying issues before they occurred and resolved them as planned work
2016 :
Cisco Systems Inc
IT Consultant
• Developing and maintaining a cybersecurity strategy for IT in accordance with DHA and DoD guidance, NIST RMF 800-53 R4, and industry best practice.
• Supporting the development, revision, and finalization of IA documentation, including eMASS documentation and authority to operation (ATO) package preparation
• Increased by 10% the number of daily reports reviewed by improving the report template and streamlining the information layout.
• Providing RMF knowledge and analysis of specialized applications and operational environments, high-level functional systems analysis, design, integration, documentation, and implementation advice on exceptionally complex problems that need extensive knowledge of RMF implementation.
• Delivered reports and data documentation for clients and internal management, which simplified future deployments and integrations of internal software with enterprise-level SIEMS such as ArcSight, Splunk, and QRadar.
• Actively monitored over 350 re-occurring internal /external vulnerability assessments for 50 clients.
• Reviewed A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, e-Authentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT)
2017 : 2019
Arrowpoint Corporation
Senior Risk Management Framework Subject Matter Expert (RMF SME)
Company:
T&N Reliable Nursing care
Years of Experience:
8
Skills
Communication, Project Management, Security Control Implementation, Strategy, Training
About
Highly qualified, creative, and hardworking Security Analyst/ Information System Security Officer with 5 years of experience in protecting the data, networks, and websites from various types of cyber threats like malware, attacks, hacks, viruses, and denial-of-service. Good knowledge to interpret and create a dynamic security framework for the organization. High expertise in managing the multi-instance environment, backup/restore, troubleshooting, and proactive maintenance. Passionate about working and learning in a highly challenging position under pressure with teams and in a fast-paced environment where competition and meeting deadlines is a norm, to contribute positively to the organization’s growth.
Profile Photo
