Secret Clearance Sci
Resume:
Charles Kao
ad8o61@r.postjobfree.com 240-***-****
US Citizen DoD Secret Clearance
Fluent in Chinese (Mandarin)
www.linkedin.com/in/charles-kao-25005315a
CompTIA Security+ certification
CISSP anticipated completion 2/2025
Summary
A Cybersecurity professional with twelve years experience working with DoD and other Federal Government Agencies. I’m a team player, awesome communication skills, detail oriented, highly motivated, resourceful, problem-solving, and utilizing my time management as a leader. Objective
A seasoned highly skilled Cybersecurity professional looking for a new challenging fast paced job with career growth.
Technical Skills
Vulnerability scanning tool: NESSUS
GRC tools: SERVICENOW, Certification & Accreditation (C&A), and eMASS Ticketing Tracking Applications: Atlassian JIRA, SERVICENOW, Remedy, Track-It, and Clarify, Microsoft O365, Project,Visio,SharePoint, Google Workspace and Apple products Compliance Framework/Standard Skills
NIST SP (800-35, 800-171, 800-37 rev.4, 800-53 rev.5, 800-82, 800-18, 800-60) COBIT, HIPAA, ISO 27001, CMMC, PCI DSS, SOX, FIPS, FedRAMP, and OMB Circulars A-123 and A-130
PROFESSIONAL EXPERIENCE
Oasis Systems/Hanscom AFB, Burlington, MA November 2023 - May 2024 Cybersecurity Engineer
• Implemented managerial controls for SOPs, templates to utilized as guidelines and checklists
• Collaborated with development teams to develop, document, process, review, and analyze body of evidence (BOE) prior to uploading artifacts onto eMASS
• Executed SDLC activities toward new or maintained ATO attainment with the RMF 800-37 seven step process
• Provided support for the system ATO processes including the supporting security controls documentation artifacts, implementation of security controls, and development of POA&M’s
• Prepared reports on the status of security safeguards applied to information systems (IS)
• Worked with Discretionary Access Control (DAC) owners to remove former employees from the deprovisioning access list
• Ensured approved procedures are in place for Cyber hygiene
• Conducted sporadic reviews of information system (IS) to ensure compliance with the security authorization package
Unemployed May 2023 - October 2023
Thermo Fisher Scientific, Frederick, MD June 2022 - April 2023 IT Security Engineer III
• Created in house templates for Incident Response Plan (IRP), Contingency Plan (CP), and Disaster Recovery Plan (DRP)
• Executed daily Cybersecurity compliance reports to update progress to stakeholders
• Created POA&Ms vulnerability entries in excel
• Prepared, reviewed, and updated authorization packages
• Maintained a knowledge base SOPs in ServiceNow
• Updated ServiceNow assigned tickets as Security Analyst to meet SLA deadline
• Conducted and analyzed security evaluation tool result from Nessus Unemployed February 2022 - June 2022
Tuvli/US Department of Education, Washington DC March 2020 – January 2022 Information Security Analyst II
• Coordinated, developed, and maintained cybersecurity training programs under the Awareness and Training NIST control family
• Delegated security control assessments meetings
• Performed information assurance security control compliance inspections
• Facilitated with technical teams to mitigate security control deficiencies and scan vulnerabilities for assigned IT systems
• Edited cybersecurity requirements language to conform to Performance Work Statement
(PWS) deliverables
• Ensure audit records are collected, reviewed, and documented
• Provided in-house technical support to both client and colleagues as requested
• Familiarity with Cyber Executive Order 14028 and supporting guidance SalientCRGT/US Postal Service, Washington, DC November 2013 – February 2020 GRC Security Manager & ISSR
• Administered security control testing among business stakeholders
• Coordinated with development team to remediate risk assessments on IT infrastructure, data security, and applications
• Delegated with Privacy team on related requirements such as PCI DSS, SOX, HIPAA for privacy compliance
• Executed business continuity level assessment during BIA meetings
• Created and distributed monthly Cybersecurity “best practices security awareness” tips on global email distribution
• Gathered, prepared, documented, and updated artifacts for C&A requirements as proof for security control
• Developed ideas for improving the security workflow process with development team
• Contributed and composed in-house security SOPs
• Received over 200 formal accolades from client for outstanding customer recognition
• Accomplished over 300 ATO packages collaborating with ISSOs
• Implemented and monitored the 7 practical RMF steps to a successful information system
• Identified security control issues and conducted root cause analysis with IS technical team
• Tracked vulnerabilities on reports and ensured satisfactory resolution with stakeholders involved
• Trained development teams on “system security plan” and other security documents
• Participated with ISSOs to perform risk analysis to determine cost effective and essential safeguards
• Reviewed Nessus Scan results and provided direction where required to remediate with technical team
• Served as a SME to help PM, stakeholders, and ISSO teams on their assigned IS
• Maintained security posture by using audit security settings, track security training, and monitor threats
• Ensured IS security related documentation is current and reviewed IS audit records
• Provided RMF support and development of all RMF deliverables to ISSOs
• Updated all IS Security Authorization documentations onto the TSLC Library (SharePoint) repository within 72 hours SLA audit compliance deadline
• Ensured my project team met the monthly goal of TSLC Scorecard in-house audit passing.
• Created a playbook for TSLC Library
• Facilitated "deep dive" training on TSLC Library to assigned PMs
• Developed and managed internal GRC initiatives
Prior IT Experience September 2007 – October 2013
Multiple Federal Government Agencies(The Pentagon and FDIC) Contractor jobs working as an IT Help Desk Specialist
• Set up new user accounts (NIPRNet & SIPRNet), permissions, and passwords
• Installed, upgraded, supported, performed, and troubleshoot network printers for over 500 end users including laptops,desktops, and smartphone devices
• Configured and installed local servers, executed hardware and software upgrades, and supported disaster recovery and backup procedures
• Successfully troubleshoot and resolved assigned IT tickets to satisfy contracted SLA deadline
• Contributed technical solutions to the IT Knowledge Base in ServiceNow
• Per management request, Onboarded and trained new hires to team Prior Travel Agencies Career August 1992 – August 2007
• Per management direction, trained new hires to travel agencies team
• Worked on Airline reservation systems: Apollo and Sabre
• Processed the weekly Airlines Reporting Corporation (ARC) ticket transaction settlement between airlines and travel agencies submission reports
• Uploaded new ticketing stock into ticket printer which is required in sequential order for ARC ticket for accountability status
• Quality control travel agent colleagues airline tickets to ensure we provided the best airfares for clients and ensure they have seat assignments, cars, or hotel booking, along with their frequent flier airline numbers are in their airline reservation
•Booked for Corporate, International, Meeting Planner, and Government travel agencies EDUCATION
BS degree in Computer Studies from UMUC, December 2006 Professional Certificates of Completion
CompTIA Security +, PWS, Basics of Government Contracting, Introduction to Cert-RMM, Developing SQL Queries,Windows NT LAN, Novell LAN Administration, and Help Desk Support Technician
References available upon request
Contact this candidate