Tai T.
Details
• Assist with the preparation of ATO packages consisting of the SSP, POA&M and SAR documents to establish that management, operational and technical security controls are consistent with NIST SP 800-53 standards
• Develop the System Security Plan (SSP) using agency template and send to Program Management Office (PMO) for Signature and Approval
• Perform self-assessment using the Examine, Interview and Test method with NIST SP 800-53Ar4 as a guide, using SCANS, CHECKLISTS and ARTIFACTS that have been provided, to check for effectiveness of the controls, and whether they are operating correctly and producing the desired outcome
• Document any findings (vulnerabilities) in the SAR with all the required recommendations on how to remediate them
• Categorize the findings that were identified from the SCAN report (NESSUS) into their RISK RANKING and then create POA&M to mitigate them
• Perform continuous monitoring of all controls and update any addressed or remediated findings in the POA&M
• Investigate potential or actual security violations or incidents in an effort to identify issues and areas that require new security measures or policy changes.
2019 : Present
Top Group Technologies
Information Security Analyst
• Documented and managed Risks in accordance with SP 800-30 and SP 800-37 using nine steps to evaluate the threats, vulnerabilities and security controls surrounding the Information System as well as the likelihood of an exploit and the impact it will have to systems operations
• Responsible for monitoring compliance with information security policies by coaching others within the organization on acceptable uses of information technology and how to protect organization systems
• Prepared and reviewed Authorization to Operate (ATO) packages (i.e., SSP, RA, CMP, ISCP, DRP, IRP and PIA) for over 1200 systems and facilities
• Collected and evaluated assessment artifacts to determine compliance with the NIST SP 800-53 rev 4 control requirements
• Created standard templates for required security assessment and authorization documents, including security plans, contingency plans, and security authorization packages
2017 : 2019
PeakMax Tech
Security Analyst
-Customized SAP functionality to meet the client’s business requirements and business process design needs
-Collected system information and prepared reports on business specifications for senior decision-makers
-Communicated the SAP capabilities and possible business solutions for clients with the sales distribution team
-Provided business analysis and process redesign expertise in various functional areas, finance, accounting, and sales within the enterprise; heavily focused on analysis and design of SAP functions and processes
2015 : 2017
Transend Proserv
Sap Sales Distribution Consultant
About
💻🔐🌩️Enthusiastic professional Information Security Analyst with extensive experience developing and testing security frameworks. Versed in robust network defense strategies, Security Control Assessment, Federal Information Security Management Act (FISMA), and Risk Management Framework (RMF), ISO, HIPAA, PCI-DSS, SOC, FIPS with the applicable standards. Motivated to learn, grow and excel Information Security Specialist with passion for aligning security architecture plans and processes with security standards and business goals.
💻 🔐 Technical Skills & Tools
Security Compliance Data Security | Developing security plans | Implementing security programs | Wireshark | Nmap | Implementing security controls | Nessus Software | ISO | PCI DSS | Risk Management Framework (RMF) | SIEM Monitoring | NIST 800 Series | Plan of Actions and Milestone (POAM) | System Security Plan (SSP) | System Assessment Report (SAR) | Assessment and Authorization (A&A) | Risk Analysis | Risk Assessment | Risk Control & Mitigation Security Life Cycle | Threat Vulnerability Assessments | Threat Reports |Contingency Planning | Microsoft Windows | Microsoft Office Suite (Word, Excel, PowerPoint, Visio, Outlook) | Microsoft Server Administration (Windows 2000, 2003, and 2008).
Profile Photo
