SlideShare a Scribd company logo

Jenkins_ Carlasha 2016 v1

Download as DOCX, PDF
C
Carlasha Jenkins
1 of 5
Carlasha M. Jenkins, Carlasha23@gmail.com Bowie, MD 570-242-3692 CRISC, CEH QUALIFICATION SUMMARY Ms. Jenkins is a professional consultant with more than 15 years’ experience in information technology and information security processes within the Civil and Federal government, including experience as Information Systems Security Officer and Task Lead, implementing policies associated with standards and procedures. In addition to the implementation of guidance meeting the legislative and practical requirements associated with the use of IT solutions in a Federal and Civil environment. Developing and creating security postures by supporting and providing team management risk identifying complex business and technology verification addressing cybersecurity encounters. SKILLSSUPPORT  Security Tools: AppDective, Appscan, AMP, Websense, Fortify, Nessus and SCCM  Desktop Applications: Microsoft Office Suite – Word, Excel, PowerPoint, and Outlook  Software Development: Java, JBoss, Oracle, Apache, and etc.  Operating Systems: Microsoft Windows, Unix/Linux PROFESSIONAL EXPERIENCE AND ACCOMPLISHMENTS SeNet International Corporation, Fairfax, VA April 2014 to Present Senior InfoSec Engineer  As a Senior InfoSec Engineer responsible for the gathering and leading clients through Risk Management Framework - Security Assessment and Authorization (A&A) information system evolutions and compiles reporting following NIST 800 guidelines, including; Security Test and Evaluations (ST&Es), Contingency Plans (CPs), System Security Plans (SSPs), and Risk Assessments (RA).  Independently and assessing security control and technical vulnerability testing achieving compliance by valuation of client information systems, in accordance with, NIST 800-series guidelines.  Educating and exhibiting with the clients in conducting NIST 800-53 rev 4 interviews and examinations.  Presenting A&A efforts for several agencies in the areas of Risk Management Framework steps along with risk management, contingency planning, incident response, disaster recovery, and vulnerability assessment.  Draft policies for department-wide security programs covering the wide range of National Institute of Standards and Technology (NIST) Special Publications. Bureau of Indian Affairs (BIA) Department of Interior As the Senior InfoSec Engineer responsible for the gathering and organizing of technical information on the agencies current information assurance products and security programs.
2 Analyze current security architecture through technical reviews and customer interviews. Collaborate with other engineers to design and develop new security architecture for the customer to meet security requirements. Assisting and demonstrating business process with the identifying of information protection needs for systems and networks. Provide recommendations on the development, implementation, assessment, and monitoring of security guidelines. Support the scheduled Office of Inspector General (OIG) audits and compliance by providing coordination and guidance with the agency and System Owners. Provide necessary leadership, execution and support of compliance activities related to Federal Information Technology security mandates including but not limited to: FISMA, FISCAM, Presidential Directives and Public Law, Office of Management Budget (OMB).  Maintain and manage the required systems security documentation in the Cyber Security Assessment and Management of (CSAM) system  Manage and track Plan of Miles Stones (POA&M) compliance, responses and status  Coordinate data collection, analysis and reporting for IT Security Data Calls and FOIA Requests  Develop and create the Continuous Monitoring Plan following the NIST 800-137 guidelines  Assess the CSP Supplied security assessment package reflecting a cloud system using the FedRamp Security Assessment Framework  Provide technical and security insights overseeing and coordinating all information management and IT support requirements.  Support the information management objectives consisting of all matters concerned with the planning, design, development, installation, and implementation of information management architectures, policies, procedures, systems and applications  Coordinate with senior representatives within the agency organization addressing program goals, milestones, resources, and risks  Verify security requirements in accordance with applicable cyber security policies and defined system requirements.  Analyze and identify the Access control and Configuration requirements for identity management and authentication systems SIEM (Security Incident and Event Monitoring) products and solutions requirements and testing of security mitigating risk Network Specialty Group September 2012 to April 2014 Senior Consultant, Information Security Engineer As an Information Security Engineer implementing guidance on creating the A&A package for the Office of Inspector General at the Department of Commerce. Developed and applied level skill base knowledge for remediation to the Computer Incident Responses by assessing the vulnerability reports and scanning for remediation using Appscan, Nessus and Fortify. Assist with IT security related laws, policies, procedures, methods and practices and creating the development of documentation for all NIST 800-53 r4 first control, standard policy and procedure. Recommend mitigation for vulnerabilities by understanding of risk and using CVSS scoring to appropriately classify vulnerabilities. Coordinate with federal recipients with respects to Security Awareness Training, Security Risk Assessments (SRA), Security Impact Assessments (SIA), Control Impact Assessments (CIA), and Control Risk Assessments (CRA). Develop contingency plans (Disaster Recovery or Business Continuation Plans for information technology systems.  Web application testing using penetration testing methodology and prior experience with programming in one or more server-side technologies such as Java, JBoss, Oracle, Unix/Linux, windows based, apache and etc.
3  Implementation of NIST 800-53 rev 4 Controls, creating System Security Plan for Office of Inspector General Defining milestones and deliverable, monitoring activities, and evaluating and reporting on accomplishments and oral and written communication techniques.  Ensure Vulnerabilities were mitigated and remediation by performing monthly, quarterly and weekly vulnerability scan results of assigned systems, assets. Create quarterly Plan of Milestones for the department.  Provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical IT issues.  Support the tools for incident response, Symantec Endpoint Protection, Nessus and Fortify scanning tool.  Deliver analysis and reporting to the development teams prior to a release in order to identify and correct the security flaws before the release.  Coordinate and Mitigate Incident Responses with DOC-CIRT, apply incident response practices and procedures (identification, containment, remediation/eradication and recovery) to coordinate and manage Cyber security incidents by providing direction, recommendations and guidance to system, application, and network administrators on proper procedures to contain incidents, allowing for the collection of information necessary to properly investigate the cause of the incident.  Produce Standard Operating Procedures for Incident Response by preparing lessons learned. Perform vulnerability testing on, applications, and networks to identify security vulnerability and weaknesses Review, analyze and develop vulnerability tests plans, and prepare reports documenting test results and recommended remediation and mitigation actions.  Construct a new Incident Response form. Provide professional consultation to the senior management within the Chief Information Officer concerning the A&A packages and Authorize to Operate and the accessibility of Cyber security tools. Coordinate experience with IP networks, security architecture design, and related security technologies including platform hardening, encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, e-mail, and access-lists.  Coordinate and elaborate experience implementing and administering security solutions in support of enterprise information security objectives including Security Information and Event Management (SIEM). Booz Allen Hamilton, McLean, Virginia August 2010 to August 2012 Senior Consultant, Information Security Engineer As the Information Systems Security Officer (ISSO) implementing regulations and policies interconnected with the requirements of the IT security environment. My task amalgamated security incident reports, operating instructions, technical vulnerability reports, and contingency plans. I deliver information assurance requirements for National Aeronautics and Space Administration (NASA), Internal Revenue Service (IRS), Census Bureau, and Amtrak Corporate Security Police Department (APD). Working directly with the Directors, Project Managers and the technical area leads to consolidate A&A processes. I facilitate direct collaboration on A&A regulations using NIST guidelines and controls. I demonstrate knowledge of FISMA requirements, NIST 800-53A, agency requirements, and technical specifications in creating A&A documentation, thereby applying the guidance to meet the legislative and practical requirements associated within the Federal and Civil background. I was responsible for the execution and development of revising system-specific/hybrid security controls and standard procedures based on NIST guidance and FedRAMP controls. Develop and maintain system security documents. Provide internal controls, risk management, and technical leadership and support to ensure effective IT security practices are incorporated into networks, applications, and data of financial systems.
4  Ensure appropriate steps were taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.  Perform monthly vulnerability scan results of assign systems and assess the OWASP reports. Utilized scanning tools such as AppDective, Appscan, AMP, Fortify and Nessus  Web application testing using penetration testing methodology and prior experience with programming in one or more server-side technologies such as Java, JBoss, Oracle, Unix/Linux, windows based, apache and etc.  Deliver analysis and reporting to the development teams prior to a release in order to identify and correct the security flaws before the release.  Responsible for working with the development teams for every release during the build process  Recommend mitigation for vulnerabilities by understanding of risk and using CVSS scoring to appropriately classify vulnerabilities  Create Security Assessment Reports (SAR) and implement Privacy Impact Assessments (PIA).  Employ the guidelines of NIST SP 800-60 Volume I & II and FIPS 199 & 200.  Provide professional consultation to the senior management within the Chief Information Officer (CIO) concerning the A&A packages and Authorize to Operate (ATO) and the accessibility of Cyber security tools.  Produce deliverables ranging from Security System Plans (SSP), Business Continuity Plans (CP), Security Test and Evaluation (ST&E) Plans, and ensure they are consistent with NIST standards and guidance.  Recommend and perform Continuous Monitoring using NIST SP 800-37 guidelines.  Ensure compliance with other directives such as Office Management Budget (OMB) Circular A-130 - Management of Federal Information Resources and Executive Orders. Northrop Grumman, Atlanta, GA October 2004 to May 2010 Information Security Engineer As Government Task Lead, providing A&A process support for information security clients. Accomplish and manage accounts using network rights. In doings so, arranged and prepared instructions on the guidance for Standard Operating Procedures (SOPs) for commercial over the shelf enterprise applications. System accesses were safeguarded in accordance with the security requirements of the network. Deliver analysis and reporting to the development teams prior to a release in order to identify and correct the security flaws before the release.  Conduct system A&A by managing the processes including risk assessments recommendations for application design, security tests and evaluation of guidelines, processes from the NIST SP 800 series, including SP 800-30, Risk Management Guide for Information Technology Systems; SP 800-34, Contingency Planning Guide for Information Technology Systems, SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems; SP 800- 53A, Recommended Security Controls for Federal Information Systems; and SP 800-60 Volume II, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories.  Assist developers and programmers in mitigating vulnerabilities discovered during development of potential violations of security vulnerability scans or penetration testing.  Conducted vulnerability scanning and assessment for the enterprise applications using IBM Watchfire.  Recommend mitigation for vulnerabilities by understanding of risk and using CVSS scoring to appropriately classify vulnerabilities  Monitor, test, and support any patterns that were in noncompliance by taking technical action to help minimize security risk and insider threats. Assist CDC senior management
5 concerning their FISMA responsibilities, including implementation of controls described in NIST 800-53A  Manage requests for Change Management for Business and Technical Stewards determining their systems attainability by evaluating changes to their system.  Assist the Business Steward with developing and maintaining SSP. Evaluate COTS software for installation on the CDC network. Familiar with Independent Validation & Verification (IV&V).  Arrange CDC forensic techniques for incident response by utilizing the SSP.  Proactively assist in the security architecture, design and risk remediation activities such as PO&AM, Risk Assessments including ST&E processes. EDUCATION Associates, Applied Science in Business Management, City University of New York Borough of Manhattan Community College, New York, NY B.S., Management Information Systems, State University of New York College at Old Westbury, New York, NY M.S., Management Information Security Systems, Colorado Technical University, Colorado Springs, CO AWARDS Outstanding Excellence for team - March 2008 Received this award from CCID, Center for Disease Control and Preventions this is an individual security team Award. Certificate of Commendation - September 2015 In recognition of Ms. Jenkins, support to the information System program at the Department of Interior Affairs, Bureau of Indian Affairs, with their Authority to Operate package and process. Carlasha traveled to Denver on short notice and demonstrated outstanding leadership in her ability to keep the staff motivated and focused while providing outstanding recommendations. Her intimate knowledge, insight and upbeat attitude was instrumental in completing the documentation. Carlasha's hard work, patience and willingness to go above and beyond significantly improved the relationship with the customer. Thank you for your exceptional work. CERTIFICATIONS AND TRAINING Certified in Risk and Information Systems Control (CRISC) Certified Ethical Hacker (CEH) Certification in Security Certificate and Accreditation – Graduate level Certification in Information System Security Management – Graduate Level Certification in Information Systems Security – Graduate Level

Recommended

A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1Mohammad Ashfaqur Rahman
 

Recommended

A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Chris Hammond-Thrasher
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkEMMAIntl
 
Mini IT Security Assessment
Mini IT Security AssessmentMini IT Security Assessment
Mini IT Security AssessmentGuardEra Access Solutions, Inc.
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
Incident Response
Incident ResponseIncident Response
Incident ResponseMichaelRodriguesdosS1
 
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecuritySarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecuritySarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
The Business Edge Radio
The Business Edge RadioThe Business Edge Radio
The Business Edge RadioMarcia Zidle
 
Navidad
NavidadNavidad
Navidadmishithaaaa
 

More Related Content

What's hot

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkEMMAIntl
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmtmadunix
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 

What's hot (20)

Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
SNIA2015 - Solo, Indonesia - Sarwono sutikno + yoko acc Cybersecurity Risk a...
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Information security principles
Information security principlesInformation security principles
Information security principles
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007
 
The NIST Cybersecurity Framework
The NIST Cybersecurity FrameworkThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework
 
Mini IT Security Assessment
Mini IT Security AssessmentMini IT Security Assessment
Mini IT Security Assessment
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
1 info sec+risk-mgmt
1 info sec+risk-mgmt1 info sec+risk-mgmt
1 info sec+risk-mgmt
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
Sarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecuritySarwono sutikno nisd2013 - transforming cybersecurity
Sarwono sutikno nisd2013 - transforming cybersecurity
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 

Viewers also liked

The Business Edge Radio
The Business Edge RadioThe Business Edge Radio
The Business Edge RadioMarcia Zidle
 
Reflexiones Nathalia Ramirez Z.
Reflexiones Nathalia Ramirez Z. Reflexiones Nathalia Ramirez Z.
Reflexiones Nathalia Ramirez Z. nramirezz6374
 
Trabajo final diseno_de_proyectos_grupo_23_pps
Trabajo final diseno_de_proyectos_grupo_23_ppsTrabajo final diseno_de_proyectos_grupo_23_pps
Trabajo final diseno_de_proyectos_grupo_23_ppsUnad2013
 
簡報1
簡報1簡報1
簡報1TC Lin
 
Taller de capacitación en documentos de planificación pedagógica sesion 2
Taller de capacitación en documentos de planificación pedagógica sesion 2Taller de capacitación en documentos de planificación pedagógica sesion 2
Taller de capacitación en documentos de planificación pedagógica sesion 2Elizabeth Calderón
 
introduction to Psycopharmacology
introduction to Psycopharmacology introduction to Psycopharmacology
introduction to Psycopharmacology ismail sadek
 
Forcematic-Clamp Pressure Control
Forcematic-Clamp Pressure ControlForcematic-Clamp Pressure Control
Forcematic-Clamp Pressure ControlBrian_Garner
 
Alternate thoughts on rainwater harvesting
Alternate thoughts on rainwater harvestingAlternate thoughts on rainwater harvesting
Alternate thoughts on rainwater harvestingDevesh Singhal
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareAdaCore
 
Calculo y dibujo_de_una_triangulacion-logo-upn-felix_garcia
Calculo y dibujo_de_una_triangulacion-logo-upn-felix_garciaCalculo y dibujo_de_una_triangulacion-logo-upn-felix_garcia
Calculo y dibujo_de_una_triangulacion-logo-upn-felix_garciaChristian Ludeña Berrocal
 
Inmunodeficiencias primarias: Inmunodeficiencias combinadas
Inmunodeficiencias primarias: Inmunodeficiencias combinadasInmunodeficiencias primarias: Inmunodeficiencias combinadas
Inmunodeficiencias primarias: Inmunodeficiencias combinadasMelissa Pino
 
Proyecto granja de cerdo cc finca la ponderosa oct 2014 completo
Proyecto granja de cerdo cc finca la ponderosa oct 2014 completoProyecto granja de cerdo cc finca la ponderosa oct 2014 completo
Proyecto granja de cerdo cc finca la ponderosa oct 2014 completoCarlos González
 
Gallatin Thesis '15
Gallatin Thesis '15Gallatin Thesis '15
Gallatin Thesis '15Emma Behnke
 

Viewers also liked (19)

The Business Edge Radio
The Business Edge RadioThe Business Edge Radio
The Business Edge Radio
 
Navidad
NavidadNavidad
Navidad
 
Reflexiones Nathalia Ramirez Z.
Reflexiones Nathalia Ramirez Z. Reflexiones Nathalia Ramirez Z.
Reflexiones Nathalia Ramirez Z.
 
Trabajo final diseno_de_proyectos_grupo_23_pps
Trabajo final diseno_de_proyectos_grupo_23_ppsTrabajo final diseno_de_proyectos_grupo_23_pps
Trabajo final diseno_de_proyectos_grupo_23_pps
 
簡報1
簡報1簡報1
簡報1
 
Sarcoidosis
SarcoidosisSarcoidosis
Sarcoidosis
 
Taller de capacitación en documentos de planificación pedagógica sesion 2
Taller de capacitación en documentos de planificación pedagógica sesion 2Taller de capacitación en documentos de planificación pedagógica sesion 2
Taller de capacitación en documentos de planificación pedagógica sesion 2
 
introduction to Psycopharmacology
introduction to Psycopharmacology introduction to Psycopharmacology
introduction to Psycopharmacology
 
Forcematic-Clamp Pressure Control
Forcematic-Clamp Pressure ControlForcematic-Clamp Pressure Control
Forcematic-Clamp Pressure Control
 
Alternate thoughts on rainwater harvesting
Alternate thoughts on rainwater harvestingAlternate thoughts on rainwater harvesting
Alternate thoughts on rainwater harvesting
 
The Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling SoftwareThe Application of Formal Methods to Railway Signalling Software
The Application of Formal Methods to Railway Signalling Software
 
Calculo y dibujo_de_una_triangulacion-logo-upn-felix_garcia
Calculo y dibujo_de_una_triangulacion-logo-upn-felix_garciaCalculo y dibujo_de_una_triangulacion-logo-upn-felix_garcia
Calculo y dibujo_de_una_triangulacion-logo-upn-felix_garcia
 
Inmunodeficiencias primarias: Inmunodeficiencias combinadas
Inmunodeficiencias primarias: Inmunodeficiencias combinadasInmunodeficiencias primarias: Inmunodeficiencias combinadas
Inmunodeficiencias primarias: Inmunodeficiencias combinadas
 
Inmunodeficiencias secundarias
Inmunodeficiencias secundariasInmunodeficiencias secundarias
Inmunodeficiencias secundarias
 
Proyecto granja de cerdo cc finca la ponderosa oct 2014 completo
Proyecto granja de cerdo cc finca la ponderosa oct 2014 completoProyecto granja de cerdo cc finca la ponderosa oct 2014 completo
Proyecto granja de cerdo cc finca la ponderosa oct 2014 completo
 
Anti Diuretic Hormone
Anti Diuretic HormoneAnti Diuretic Hormone
Anti Diuretic Hormone
 
PERICARDIOCENTESIS
PERICARDIOCENTESISPERICARDIOCENTESIS
PERICARDIOCENTESIS
 
Gallatin Thesis '15
Gallatin Thesis '15Gallatin Thesis '15
Gallatin Thesis '15
 
Preparación de la mesa de mayo y riñón
Preparación de la mesa de mayo y riñónPreparación de la mesa de mayo y riñón
Preparación de la mesa de mayo y riñón
 

Similar to Jenkins_ Carlasha 2016 v1

Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin Carrow
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran Krishnan
 
Resume -Resume -continous monitoring
Resume -Resume -continous monitoringResume -Resume -continous monitoring
Resume -Resume -continous monitoringTony Kenny
 
Resume -Resume -continous monitoring
Resume -Resume -continous monitoringResume -Resume -continous monitoring
Resume -Resume -continous monitoringTony Kenny
 
Albert G Info systems resume
Albert G Info systems resumeAlbert G Info systems resume
Albert G Info systems resumeAlbert Gonzales
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson
 
Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyLblum1234
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1jjdoylecomcast
 
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Tom Reinheimer
 
Resume justin kelso 2017
Resume justin kelso 2017Resume justin kelso 2017
Resume justin kelso 2017Justin Kelso
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy Menezes
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016Adel Zayed
 
Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015Debra McElvy
 
Steve alameda burlingame ca
Steve alameda burlingame caSteve alameda burlingame ca
Steve alameda burlingame caSteve Alameda
 
Nachaat Mohamed resume
Nachaat Mohamed resumeNachaat Mohamed resume
Nachaat Mohamed resumeNachaat
 

Similar to Jenkins_ Carlasha 2016 v1 (20)

Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1
 
Resume -Resume -continous monitoring
Resume -Resume -continous monitoringResume -Resume -continous monitoring
Resume -Resume -continous monitoring
 
Resume -Resume -continous monitoring
Resume -Resume -continous monitoringResume -Resume -continous monitoring
Resume -Resume -continous monitoring
 
Albert G Info systems resume
Albert G Info systems resumeAlbert G Info systems resume
Albert G Info systems resume
 
David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016David Patterson IT Security Resumes 2016
David Patterson IT Security Resumes 2016
 
Information Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum CopyInformation Security Officer Internet Resume Leon Blum Copy
Information Security Officer Internet Resume Leon Blum Copy
 
Jason Allred Resume
Jason Allred ResumeJason Allred Resume
Jason Allred Resume
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1
 
Martin_Leroux_2014
Martin_Leroux_2014Martin_Leroux_2014
Martin_Leroux_2014
 
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016
 
Resume justin kelso 2017
Resume justin kelso 2017Resume justin kelso 2017
Resume justin kelso 2017
 
Lancy-Curriculum Vitae
Lancy-Curriculum VitaeLancy-Curriculum Vitae
Lancy-Curriculum Vitae
 
My CV-Jan-2016
My CV-Jan-2016My CV-Jan-2016
My CV-Jan-2016
 
tarunidhar
tarunidhartarunidhar
tarunidhar
 
Byron Jackson Resume - 2016
Byron Jackson Resume - 2016Byron Jackson Resume - 2016
Byron Jackson Resume - 2016
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
 
Dr. Charles Pak
Dr. Charles PakDr. Charles Pak
Dr. Charles Pak
 
Steve alameda burlingame ca
Steve alameda burlingame caSteve alameda burlingame ca
Steve alameda burlingame ca
 
Nachaat Mohamed resume
Nachaat Mohamed resumeNachaat Mohamed resume
Nachaat Mohamed resume
 

Jenkins_ Carlasha 2016 v1

  • 1. Carlasha M. Jenkins, Carlasha23@gmail.com Bowie, MD 570-242-3692 CRISC, CEH QUALIFICATION SUMMARY Ms. Jenkins is a professional consultant with more than 15 years’ experience in information technology and information security processes within the Civil and Federal government, including experience as Information Systems Security Officer and Task Lead, implementing policies associated with standards and procedures. In addition to the implementation of guidance meeting the legislative and practical requirements associated with the use of IT solutions in a Federal and Civil environment. Developing and creating security postures by supporting and providing team management risk identifying complex business and technology verification addressing cybersecurity encounters. SKILLSSUPPORT  Security Tools: AppDective, Appscan, AMP, Websense, Fortify, Nessus and SCCM  Desktop Applications: Microsoft Office Suite – Word, Excel, PowerPoint, and Outlook  Software Development: Java, JBoss, Oracle, Apache, and etc.  Operating Systems: Microsoft Windows, Unix/Linux PROFESSIONAL EXPERIENCE AND ACCOMPLISHMENTS SeNet International Corporation, Fairfax, VA April 2014 to Present Senior InfoSec Engineer  As a Senior InfoSec Engineer responsible for the gathering and leading clients through Risk Management Framework - Security Assessment and Authorization (A&A) information system evolutions and compiles reporting following NIST 800 guidelines, including; Security Test and Evaluations (ST&Es), Contingency Plans (CPs), System Security Plans (SSPs), and Risk Assessments (RA).  Independently and assessing security control and technical vulnerability testing achieving compliance by valuation of client information systems, in accordance with, NIST 800-series guidelines.  Educating and exhibiting with the clients in conducting NIST 800-53 rev 4 interviews and examinations.  Presenting A&A efforts for several agencies in the areas of Risk Management Framework steps along with risk management, contingency planning, incident response, disaster recovery, and vulnerability assessment.  Draft policies for department-wide security programs covering the wide range of National Institute of Standards and Technology (NIST) Special Publications. Bureau of Indian Affairs (BIA) Department of Interior As the Senior InfoSec Engineer responsible for the gathering and organizing of technical information on the agencies current information assurance products and security programs.
  • 2. 2 Analyze current security architecture through technical reviews and customer interviews. Collaborate with other engineers to design and develop new security architecture for the customer to meet security requirements. Assisting and demonstrating business process with the identifying of information protection needs for systems and networks. Provide recommendations on the development, implementation, assessment, and monitoring of security guidelines. Support the scheduled Office of Inspector General (OIG) audits and compliance by providing coordination and guidance with the agency and System Owners. Provide necessary leadership, execution and support of compliance activities related to Federal Information Technology security mandates including but not limited to: FISMA, FISCAM, Presidential Directives and Public Law, Office of Management Budget (OMB).  Maintain and manage the required systems security documentation in the Cyber Security Assessment and Management of (CSAM) system  Manage and track Plan of Miles Stones (POA&M) compliance, responses and status  Coordinate data collection, analysis and reporting for IT Security Data Calls and FOIA Requests  Develop and create the Continuous Monitoring Plan following the NIST 800-137 guidelines  Assess the CSP Supplied security assessment package reflecting a cloud system using the FedRamp Security Assessment Framework  Provide technical and security insights overseeing and coordinating all information management and IT support requirements.  Support the information management objectives consisting of all matters concerned with the planning, design, development, installation, and implementation of information management architectures, policies, procedures, systems and applications  Coordinate with senior representatives within the agency organization addressing program goals, milestones, resources, and risks  Verify security requirements in accordance with applicable cyber security policies and defined system requirements.  Analyze and identify the Access control and Configuration requirements for identity management and authentication systems SIEM (Security Incident and Event Monitoring) products and solutions requirements and testing of security mitigating risk Network Specialty Group September 2012 to April 2014 Senior Consultant, Information Security Engineer As an Information Security Engineer implementing guidance on creating the A&A package for the Office of Inspector General at the Department of Commerce. Developed and applied level skill base knowledge for remediation to the Computer Incident Responses by assessing the vulnerability reports and scanning for remediation using Appscan, Nessus and Fortify. Assist with IT security related laws, policies, procedures, methods and practices and creating the development of documentation for all NIST 800-53 r4 first control, standard policy and procedure. Recommend mitigation for vulnerabilities by understanding of risk and using CVSS scoring to appropriately classify vulnerabilities. Coordinate with federal recipients with respects to Security Awareness Training, Security Risk Assessments (SRA), Security Impact Assessments (SIA), Control Impact Assessments (CIA), and Control Risk Assessments (CRA). Develop contingency plans (Disaster Recovery or Business Continuation Plans for information technology systems.  Web application testing using penetration testing methodology and prior experience with programming in one or more server-side technologies such as Java, JBoss, Oracle, Unix/Linux, windows based, apache and etc.
  • 3. 3  Implementation of NIST 800-53 rev 4 Controls, creating System Security Plan for Office of Inspector General Defining milestones and deliverable, monitoring activities, and evaluating and reporting on accomplishments and oral and written communication techniques.  Ensure Vulnerabilities were mitigated and remediation by performing monthly, quarterly and weekly vulnerability scan results of assigned systems, assets. Create quarterly Plan of Milestones for the department.  Provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical IT issues.  Support the tools for incident response, Symantec Endpoint Protection, Nessus and Fortify scanning tool.  Deliver analysis and reporting to the development teams prior to a release in order to identify and correct the security flaws before the release.  Coordinate and Mitigate Incident Responses with DOC-CIRT, apply incident response practices and procedures (identification, containment, remediation/eradication and recovery) to coordinate and manage Cyber security incidents by providing direction, recommendations and guidance to system, application, and network administrators on proper procedures to contain incidents, allowing for the collection of information necessary to properly investigate the cause of the incident.  Produce Standard Operating Procedures for Incident Response by preparing lessons learned. Perform vulnerability testing on, applications, and networks to identify security vulnerability and weaknesses Review, analyze and develop vulnerability tests plans, and prepare reports documenting test results and recommended remediation and mitigation actions.  Construct a new Incident Response form. Provide professional consultation to the senior management within the Chief Information Officer concerning the A&A packages and Authorize to Operate and the accessibility of Cyber security tools. Coordinate experience with IP networks, security architecture design, and related security technologies including platform hardening, encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, e-mail, and access-lists.  Coordinate and elaborate experience implementing and administering security solutions in support of enterprise information security objectives including Security Information and Event Management (SIEM). Booz Allen Hamilton, McLean, Virginia August 2010 to August 2012 Senior Consultant, Information Security Engineer As the Information Systems Security Officer (ISSO) implementing regulations and policies interconnected with the requirements of the IT security environment. My task amalgamated security incident reports, operating instructions, technical vulnerability reports, and contingency plans. I deliver information assurance requirements for National Aeronautics and Space Administration (NASA), Internal Revenue Service (IRS), Census Bureau, and Amtrak Corporate Security Police Department (APD). Working directly with the Directors, Project Managers and the technical area leads to consolidate A&A processes. I facilitate direct collaboration on A&A regulations using NIST guidelines and controls. I demonstrate knowledge of FISMA requirements, NIST 800-53A, agency requirements, and technical specifications in creating A&A documentation, thereby applying the guidance to meet the legislative and practical requirements associated within the Federal and Civil background. I was responsible for the execution and development of revising system-specific/hybrid security controls and standard procedures based on NIST guidance and FedRAMP controls. Develop and maintain system security documents. Provide internal controls, risk management, and technical leadership and support to ensure effective IT security practices are incorporated into networks, applications, and data of financial systems.
  • 4. 4  Ensure appropriate steps were taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal.  Perform monthly vulnerability scan results of assign systems and assess the OWASP reports. Utilized scanning tools such as AppDective, Appscan, AMP, Fortify and Nessus  Web application testing using penetration testing methodology and prior experience with programming in one or more server-side technologies such as Java, JBoss, Oracle, Unix/Linux, windows based, apache and etc.  Deliver analysis and reporting to the development teams prior to a release in order to identify and correct the security flaws before the release.  Responsible for working with the development teams for every release during the build process  Recommend mitigation for vulnerabilities by understanding of risk and using CVSS scoring to appropriately classify vulnerabilities  Create Security Assessment Reports (SAR) and implement Privacy Impact Assessments (PIA).  Employ the guidelines of NIST SP 800-60 Volume I & II and FIPS 199 & 200.  Provide professional consultation to the senior management within the Chief Information Officer (CIO) concerning the A&A packages and Authorize to Operate (ATO) and the accessibility of Cyber security tools.  Produce deliverables ranging from Security System Plans (SSP), Business Continuity Plans (CP), Security Test and Evaluation (ST&E) Plans, and ensure they are consistent with NIST standards and guidance.  Recommend and perform Continuous Monitoring using NIST SP 800-37 guidelines.  Ensure compliance with other directives such as Office Management Budget (OMB) Circular A-130 - Management of Federal Information Resources and Executive Orders. Northrop Grumman, Atlanta, GA October 2004 to May 2010 Information Security Engineer As Government Task Lead, providing A&A process support for information security clients. Accomplish and manage accounts using network rights. In doings so, arranged and prepared instructions on the guidance for Standard Operating Procedures (SOPs) for commercial over the shelf enterprise applications. System accesses were safeguarded in accordance with the security requirements of the network. Deliver analysis and reporting to the development teams prior to a release in order to identify and correct the security flaws before the release.  Conduct system A&A by managing the processes including risk assessments recommendations for application design, security tests and evaluation of guidelines, processes from the NIST SP 800 series, including SP 800-30, Risk Management Guide for Information Technology Systems; SP 800-34, Contingency Planning Guide for Information Technology Systems, SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems; SP 800- 53A, Recommended Security Controls for Federal Information Systems; and SP 800-60 Volume II, Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories.  Assist developers and programmers in mitigating vulnerabilities discovered during development of potential violations of security vulnerability scans or penetration testing.  Conducted vulnerability scanning and assessment for the enterprise applications using IBM Watchfire.  Recommend mitigation for vulnerabilities by understanding of risk and using CVSS scoring to appropriately classify vulnerabilities  Monitor, test, and support any patterns that were in noncompliance by taking technical action to help minimize security risk and insider threats. Assist CDC senior management
  • 5. 5 concerning their FISMA responsibilities, including implementation of controls described in NIST 800-53A  Manage requests for Change Management for Business and Technical Stewards determining their systems attainability by evaluating changes to their system.  Assist the Business Steward with developing and maintaining SSP. Evaluate COTS software for installation on the CDC network. Familiar with Independent Validation & Verification (IV&V).  Arrange CDC forensic techniques for incident response by utilizing the SSP.  Proactively assist in the security architecture, design and risk remediation activities such as PO&AM, Risk Assessments including ST&E processes. EDUCATION Associates, Applied Science in Business Management, City University of New York Borough of Manhattan Community College, New York, NY B.S., Management Information Systems, State University of New York College at Old Westbury, New York, NY M.S., Management Information Security Systems, Colorado Technical University, Colorado Springs, CO AWARDS Outstanding Excellence for team - March 2008 Received this award from CCID, Center for Disease Control and Preventions this is an individual security team Award. Certificate of Commendation - September 2015 In recognition of Ms. Jenkins, support to the information System program at the Department of Interior Affairs, Bureau of Indian Affairs, with their Authority to Operate package and process. Carlasha traveled to Denver on short notice and demonstrated outstanding leadership in her ability to keep the staff motivated and focused while providing outstanding recommendations. Her intimate knowledge, insight and upbeat attitude was instrumental in completing the documentation. Carlasha's hard work, patience and willingness to go above and beyond significantly improved the relationship with the customer. Thank you for your exceptional work. CERTIFICATIONS AND TRAINING Certified in Risk and Information Systems Control (CRISC) Certified Ethical Hacker (CEH) Certification in Security Certificate and Accreditation – Graduate level Certification in Information System Security Management – Graduate Level Certification in Information Systems Security – Graduate Level