Vanessa Calizaya
Woodbridge
Summary
Cleared cybersecurity professional with experience supporting secure mission and cloud environments through RMF execution, Assessment & Authorization, vulnerability management, and security control implementation. Skilled in developing Body of Evidence documentation, maintaining authorization artifacts, evaluating NIST SP 800-53 control implementations, reviewing automated scan results, and coordinating remediation of security and compliance gaps. Proven ability to work across technical teams, system owners, and security leadership to strengthen assessment readiness, maintain compliant system baselines, and support successful authorization outcomes in high-security environments.
Overview
13
13
years of professional experience
1
1
Certification
Work History
SR. CLOUD ISSO
ManTech International Corp
2024.11 - Current
- Designed and implemented standardized Job Aids for the new GRC tool, enabling IT Security Personnel to consistently manage assigned systems and improving knowledge transfer across the team.
- Served as the Information Systems Security Officer (ISSO) for 2–3 distinct information systems, guiding them through multiple phases of the Risk Management Framework (RMF) to achieve and maintain authorization.
- Supported Security Assessment & Authorization efforts through the development and maintenance of FISMA documentation, including control implementation statements, evidence packages, and authorization artifacts.
- Implemented and managed NIST SP 800-53 security controls, including the development of critical Organization-Defined Parameters (ODPs), to support system compliance and assessment readiness.
- Reviewed security control implementation statements and supporting artifacts to determine assessment readiness, identify documentation gaps, and strengthen authorization packages.
- Evaluated automated security scan results for cloud-based systems to identify risk, validate findings, and support mitigation and POA&M actions.
- Analyzed open risks, vulnerabilities, and compliance gaps, coordinating with technical teams and stakeholders to support remediation planning and defensible POA&M actions.
- Collaborated with system owners, ISSMs, engineers, and compliance stakeholders to validate control implementation, resolve assessment findings, and maintain system authorization posture.
CYBERSECURITY ANALYST LEAD
ManTech International Corp
2023.01 - 2024.11
- Supported USMC with their SAP projects.
- Integral to the security lifecycle, providing timely remediation, mitigation strategies, and detailed reporting in response to Assessment & Authorization outcomes, Information Assurance Vulnerability Management (IAVM) guidance, and Plan of Action and Milestones (POA&M) tracking.
- Provided objective Independent Validation and Verification (IV&V) assessments, identifying potential risks and ensuring adherence to standards and requirements.
- Conducted thorough vulnerability assessments and security control checks on Systems Architecture to proactively identify and mitigate potential weaknesses.
- Utilized Security Content Automation Protocol (SCAP), Assured Compliance Assessment Solution (ACAS), and knowledge of Ports, Protocols, and Services (PPS) for vulnerability assessments, ensure compliance, analyze network traffic.
- Prepared comprehensive evaluation reports to purpose, assess system security, analyze program effectiveness, and document vulnerability findings.
- Configured and utilized Tenable to perform regular security vulnerability and compliance scans of devices, applications, operating systems, cloud services, and network resources, ensuring continuous monitoring and identification of potential weaknesses.
- Significantly improved the security posture and compliance of a critical system, culminating in the attainment of a full Authorization to Operate (ATO), overturning its previous Conditional to Operate status.
INFORMATION ASSURANCE
Science Applied International Corporation
2021.11 - 2023.01
- Administer Active Directory (AD) and tune GPOs in accordance with DISA STIG's
- Manage the configuration management, technology, and implement cybersecurity best practices, policies, processes, manuals, guides, and other publications outlining and standards needed to administer a comprehensive Cybersecurity program
- Perform and review security assessments and scans utilizing Tenable Nessus/ACAS to evaluate vulnerabilities
- Support Information Assurance Vulnerability Alerts (IAVAs) and implement security measures based on results of ACAS scans
- Manage STIGs for servers and systems, remediate identified vulnerabilities, and ensure security compliance with Network Intrusion Detection System/Intrusion Prevention Systems (IDS/IPS)
- Evaluate information systems for compliance with Defense Information Security Agency (DISA) Security Technical Implementation Guideline (STIG) and review measures needed to bring systems into compliance
- Verify all Sign on Signatures are up to date, and Automated and Manual Virus Scans are documented, scheduled and are being completed
- React to and report actual or suspected events to the Cybersecurity Manager
- Made use of SIEM tools to monitor network traffic and resources and reported suspicious behavior including Computer incident responses
- Attend IA security training as required to maintain and gain knowledge and skills of current IA issues
- Performs analyses to validate established security processes and recommend additional security steps to ensure compliance with applicable DOD IA requirements and baseline IA controls
- Assist the Cybersecurity Manager with the development of the IA related Procedures, and Work Instructions
- Update/maintain a Plan of Action and Milestone (POA&M) to track the resolution of vulnerabilities identified on systems
- Maintained classified workstations within information assurance requirements.
CYBER SECURITY ANALYST
United States Marine Corps
2021.07 - 2021.11
- Proactively patched and repaired machines failing to meet stringent USMC and NISPOM security standards, ensuring continuous compliance and minimizing vulnerabilities.
- Identified and immediately isolated compromised machines posing a threat to network stability and security.
- Proactively created and implemented scripts to deploy security patches to machines and network devices, strengthening the organization's security posture and mitigating potential vulnerabilities.
- Observe and report all possible threats by actively scanning and watch for out of place software and vulnerabilities
- Provide documentation and technical specifications to IT Staff for planning and implementing new or upgrades of IT infrastructure
- Utilized Host Intrusion Detection System to monitor and detect to defend DoD network and systems, including Tenable Security for continuous Nessus Scans
- Conducted security audits with a focus on identifying actionable vulnerabilities, providing detailed reports and recommendations for remediation.
SYSTEM ENGINEER/ADMINISTRATOR
DOJ INTERPOL
2019.12 - 2021.05
- Evaluated system potentials by testing compatibility of new programs with existing programs.
- Planned, implemented, installed, operated, and maintained system hardware and software applications and information technology infrastructure in Windows Server 2008 and 2012, Windows 10.
- Provided recommendations and participated in the implementations of new information and technology programs, modules, and services.
- Provided hardware and software engineering support for Information Systems utilizing object-oriented programming and client/server applications
- Create and managed user accounts, groups, organizational units, group policy with Active Directory.
- Installed agency's hardware equipment and collaborated with the agency's Inventory Manager during the annual inventory for IT accountable government property.
- Assisted agency's personnel with Microsoft Window applications Outlook, Word, Excel, Power Point, Publisher, Visio, Access, Note, Share Point, Project, Adobe, etc., installation and usage.
- Built rapport with customers to provide proactive and personalized service and align their needs with the needs of the agency.
- Successfully achieved in prepared the agency for 100% Remote when Pandemic Emergency Stay at Home Notice was released.
- This required in assuring that all users were able to test their remote access including providing one sheet instructions.
- Point of contact in providing new users VPN access either PKI or RSA solutions.
SYSTEM ADMINISTRATOR
USMC
2019.09 - 2019.12
- Assigned IP addresses to assets based on port, classifications, and assets' permanent locations
- Imputed and updated static IP based on IP range
- Assisted System Engineers on applications of specialized knowledge to coding, testing, implementation, and documentation of special projects
- Installed, configured, and supported operation systems: Window 10 to versions 1709 & 1803
- Created, modified, and moved computer names in Active Directory
- Pushed updates and network patches as applicable; set, reset, and unlocked password accounts
- Installed and updated computers, and ghost's machines; leaded laptop refresh deployments
- Remotely accessed computers as per end users' requests to provide IT support, troubleshoot and resolve wide range of hardware, software, and network issues
- Implemented extensive system knowledge and existing tools to analyze, identify, and resolve business and/or technical problems
SYSTEM ADMINISTRATOR
Geo North
2018.09 - 2019.09
- Configure, install image desktop and laptops for new users with PXE and SCCM
- Managed IT Service Desk Tickets and remedied problems within the compliance of the SLA's requirements, cut wait time from 35 minutes to 15 minutes. From acknowledgement of the issue to resolution.
- Tested hardware in compliance with the lifecycle SCCM requirements
- Collaborated with the Asset Manager through the year and during the annual inventory
- Utilized Active Directory for applying group policy per Department and account creation and perform Trusted Agent responsibilities
NETWORK SUPPORT T4
Northrop Grumman
2015.07 - 2018.09
- Built and maintained Window Server 2008 R2
- As acting ISSO supported the ISSM in configuration and documentation of DOD system
- Implemented security policy on Standalone, Peer-to-Peer, and WAN systems
- Set up profiles and accounts for new users; communicated with and supported all the staff members until they were all set up and fully satisfied with the IT service
- Prepared DSS audits in compliance with NISPOM requirements
- Routinely conducted desk audits with monthly antivirus, encryption, Microsoft offline updates
- Provided information for documents' repository to reflect provided services, procedures, and job aids to streamline processes, make information available for self-sufficient workforce, and increase organizational efficiency
- Placed emphasizes and succeeded in providing my coworkers with training and coaching to share my expertise, expand their knowledge base and improve their skills as a part of a larger goal of in-house cross-training to address staff shortages
- Provided exceptional customer service to all personnel
EXECUTIVE SUPPORT
Northrop Grumman
2014.05 - 2015.04
- Coordinated telecommunication VTC equipment; utilized testing and preventive maintenance practices for Senior Executives meetings and conferences
- Managed mobile devices with MDM AirWatch, such as iPhones, Windows phones including Enterprise accounts on BES for Blackberries phones
- Direct support to Leadership with their Administrator, in office and home
- Provided 24/7 IT support to VIP Executives and followed up to ensure all issues were resolved immediately
- Resolved break/fix incidents; move/change requests within short response time and resolution with SLA agreements within the Window environment
- Utilized Active Directory in applying group policy per department and account creation including hardware
- Trusted Agent Responsibility
PC SUPPORT ANALYST, III
Sallie Mae
2014.01 - 2014.05
- Led and oversaw project in setting up users' Window 7 upgrades including back up data to the home network drives
- Configured and installed VDIs
- Installed SQL 2008, IBM DB2, and PeopleSoft applications
- Provided issue resolutions and IT support for Xerox network printers; VPN connectivity issues during and thought the implementation of the telework program; Avaya Soft-phone, Jupiter and Citrix
- Built applications stacks through SCCM software; pushed and generated corporate reports as requested by Senior Management
SERVICE DESK LEAD
Department of Defense
2013.03 - 2014.01
- Managed a team of IT support staff responsible for resolving the IT Service Desk issue
- Created and implemented policies and procedures for receiving and documenting IT Service Desk requests; and diagnosing, identifying, and resolving IT issues
- Ensured maximum requests resolution within short period of time to utilize the staff in the most efficient way while assisting customers with the best possible service
- Evaluated new information system, products and services to aid the services of the end users
- Updated Enterprise from Windows XP to Windows 7 and imaged Ghost and PXE programs
- Managed users' accounts with VM ware assess to ensure accounts' stability
- Managed Websense DLP / BIT9
- Served as Information Assurance appointee to perform routine weekly Retina scans over the network and defining levels of CATS
- Received all the inbound and outbound system's requests, assigned requests to staff, and resolve the most complicated issues
- Supported classified networks and participated in classified meetings regarding information and network risk assessments
- Coordinated and supported all the PKI's smart cards logging and account creation in the Active Directory
Education
Associate of Science - Business Administration
Pontifical University Catholic University
Ponce, PR2006-05
Skills
- Network Identity Management
- Network Classification Expertise
- Cyber Security
- Engineering Support
- IBM DB2
- Information Assurance Vulnerability Management (IAVM)
- Installation
- Milestones (POA&M)
- Nessus Vulnerability Assessment
- RSA (Crypto system)
- Risk Management Framework
- Smart Card Management
- System Support
- Amazon Web Services
- Configuration Management
- Encryption
- Group Policy
- Information Security Management
- Intrusion Detection Systems
- Threat Mitigation
- Mitigation
- Vulnerability Assessments
- Proactive Maintenance Strategies
- Retina Analysis
- Security Information and Event Management (SIEM)
- System Monitor
- Account Setup and Orientation
- VM (Operating System)
- Virtual Network Security Skills
Certification
TOP SECRET/SCI/CI POLY
Accomplishments
- Supported a critical system’s transition from Conditional to Operate (CTO) to full Authorization to Operate (ATO) through vulnerability assessment, remediation tracking, and security compliance support.
- Develop and maintain RMF/ATO Body of Evidence documentation, including control implementation statements, evidence packages, POA&M actions, and authorization artifacts for federal systems.
- Conduct cloud and enterprise security reviews using ACAS/Tenable, SCAP, DISA STIGs, and SIEM/log analysis to identify vulnerabilities, validate compliance, and support risk-based remediation.
EDUCATION
- CompTIA Advanced Security Practitioner
- AWS Cloud Foundations
- AWS Sys Ops
- DISA HBSS Advanced Analyst
- DISA ACAS
Timeline
SR. CLOUD ISSO
ManTech International Corp
2024.11 - Current
CYBERSECURITY ANALYST LEAD
ManTech International Corp
2023.01 - 2024.11
INFORMATION ASSURANCE
Science Applied International Corporation
2021.11 - 2023.01
CYBER SECURITY ANALYST
United States Marine Corps
2021.07 - 2021.11
SYSTEM ENGINEER/ADMINISTRATOR
DOJ INTERPOL
2019.12 - 2021.05
SYSTEM ADMINISTRATOR
USMC
2019.09 - 2019.12
SYSTEM ADMINISTRATOR
Geo North
2018.09 - 2019.09
NETWORK SUPPORT T4
Northrop Grumman
2015.07 - 2018.09
EXECUTIVE SUPPORT
Northrop Grumman
2014.05 - 2015.04
PC SUPPORT ANALYST, III
Sallie Mae
2014.01 - 2014.05
SERVICE DESK LEAD
Department of Defense
2013.03 - 2014.01
Associate of Science - Business Administration
Pontifical University Catholic University