Orane Dixon

• Company Overview: National Institutes of Health
• Conduct security control assessments (SCA) for 5 System Security Plans (SSPs) in compliance with NIST 800-18 & FISMA, reducing ATO approval time by 15%
• Lead 15+ risk assessments, identifying security gaps and aligning remediation strategies per NIST 800-53 Rev 5 guidelines
• Perform security audits and control testing on 10+ external services, ensuring compliance with FedRAMP, SOC2, and NIST frameworks, leading to successful Authorization to Use (ATU) approvals
• Validate federal information system readiness via FIPS 199 and NIST 800-60 control categorizations
• Develop Security Assessment Plans (SAPs), execute security interviews, documentation reviews, and control testing, ensuring compliance with NIST SP 800-53A Rev 5
• Collaborate with system owners to complete and manage 30+ Plan of Action and Milestones (POA&M) items, ensuring compliance with continuous monitoring policies
• Liaise with Security Operations Center (SOC) teams to validate vulnerability scans and ensure tracking consistency for security weaknesses
• National Institutes of Health

• Company Overview: National Institutes of Health
• Spearheaded 100+ vulnerability remediations, reducing high-risk security gaps by 30% across NIH systems
• Implemented data sanitization (NIST 800-88, DoD 5200.28) for 200+ devices, ensuring full compliance with government data destruction policies
• Provided security awareness training to 400+ employees, reducing security incidents by 10% and improving enterprise-wide cyber hygiene
• Deployed device images integrated with EDR/XDR solutions, strengthening NIH’s threat detection capabilities
• Managed Active Directory user access, ensuring efficient provisioning, de-provisioning, and access controls aligned with security policies
• National Institutes of Health

• Conducted phishing analysis on suspicious emails, enhancing email security for users
• Conducted network traffic analysis using Wireshark, investigating malicious activity and anomaly detection
• Assessed and prioritized vulnerability risks based on CVSS scores and CISA guidance, aiding proactive patch management

• Change and reset passwords using Active directory.

• Create, manage and delete users and groups in Active directory.

• Provide Office 365 and other software application support.

• Troubleshoot and resolve basic networking issues.

• Diagnose and repair computer hardware and software issues.

• Image computers using a variety of methods.

• Install computer peripherals for users (monitors, keyboards, mouse, docking stations).