Develops FISMA compliant security policies and procedures
*Perform Certification and Accreditation in compliance with company/ organization standards
*In-depth knowledge of NIST, and related Special Publications, DIACAP Implementation processes.
*Perform comprehensive assessments and reviews management, operational and technical security controls for audited applications and information systems.
*Strong analytical skills, quantitative skills, and excellent verbal/written communication skills
*Ability to multi-task, prioritizes daily duties, and meet strict deadlines
*Highly adept to learning new technologies
*Effective in communicating and working with diverse groups.
FIPS 199/ FIPS 200
NIST Special Publications (NIST SP)
Security Categorization (SC)
Security Technical Implementation Guides (STIGs)
Continuous Monitoring (CM)
Security Assessment Reporting(SAR)
HIPAA Microsoft Office Suite (Ms Word, Ms Excel, Ms PowerPoint, Outlook, and Share Point)
DIACAP C&A Implementation Process
Certification & Accreditation (C&A)
Plan of Action & Milestones (POAM)
Department of Defense MCLB
Department of Health and Human Services
Department of Defense
Department of Health Services
03/2017 to Current
Cybersecurity Analyst/Information Assurance EngineerCenturum Information Inc － Albany, GA
Perform Information assurance security engineering and testing support in support of GCSS-MC (Global Combat Support Systems Marine Corps).
Providing ISSE, C&A, IV&V, RMF, and Subject Matter Expert (SME) support to the Marine Corps Enterprise Information Technology Services (MCEITS) Program Office.
Developing the RMF packages for myriad systems (like the GCSS-MC) that will allow those systems to be hosted within the MCEITS environment.
Support Annual Security Reviews, Annual Security Testing, Annual Contingency Plan testing, and the quarterly updates/POA&M updates in compliance with the FISMA.
Provide support to obtain and maintain certification and accreditation (C&A) of fielded systems and systems in development under DIACAP (DoD Information Assurance Certification and Accreditation Process) and RMF (Risk Management Framework) guidelines.
Experience in vulnerability testing and using DoD approved tools (Nessus ACAS, SCAP, Vulnerator, HBSS, etc.).
Experience evaluating systems utilizing the National Institute of Standards (NIST) SP 800-53.
Experience with the C&A process and with DIACAP/RMF package documentation.
Create and analyze vulnerability assessment reports from ACAS, SCAP, and HP Fortify scan results and identify compliance strategies.
Participate in weekly meetings with Network Security Operations cybersecurity analysts for status on any cyber-related tasks.
Document Standard Operating Procedures for any systems under the purview of the GCSS-MC as tasked by the Cybersecurity Lead and/or Network Security Operations.
Supporting the implementation of enterprise cybersecurity standards.
Developing and implementing system specific cybersecurity standards and procedures; and programs.
Proficient in analyzing cybersecurity-related technical problems and provides technical support for resolution.
Execute defined cybersecurity processes, procedures, and reporting requirements;.
Satisfying information assurance and security requirements through the application of information system security best practices based upon the analysis of user, policy, regulatory, and resource demands.
06/2016 to 02/2017
Information Security AnalystTimeless Solutions Inc － Hyattsville, Maryland
Scheduled kick off meeting with Stakeholders to help identify assessment scope, system boundary, information types (information process, store or transmitted by the information system), and eventually categorize information system accordingly.
Ensured that system's security controls, policies and procedures are examined, and validated.
Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures, interview appropriate personnel, and provide recommendations on adequacy, accuracy and compliance with regulatory standards using NIST SP 800-53A.
Help guide System Owners and ISSOs through the Security Assessment and Authorization (SA&A) process ensuring that management; operational and technical controls for securing either sensitive Security Systems and IT Systems are in place and are followed according to federal guidelines (NIST 800-53).
Other responsibilities included assurance of vulnerability mitigation, training on C&A tools, supporting System Test and Evaluation (ST&E) efforts and other support to the IT Security Office.
10/2012 to 05/2016
Information Security Analyst/Unit Supply SpecialistUnited States Army － Fort Benning, GA
Participated in weekly meeting to discuss the status of the assessment process.
Designated systems and categorized its C.I.A using FIPS 199 and NIST SP 800-60.
Developed test plans, testing procedures and evidence needed to validate the controls using NIST SP 800-53A.
Responsible for the development, implementation, assessment, and monitoring of common controls.
Conducted a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by the information systems to determine the overall effectiveness of the controls and the extent to which the controls were implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements.
Documented assessment findings in a security assessment report and produced a plan of action and milestones for all controls having weaknesses or deficiencies.
Reviewed system and audit logs and liaised with Database Administrators to remediate findings.
Monitored Office of Management and Budget and FISMA security requirements.
Reviewed existing documents, policies and procedures, and previous assessments reports.
Established schedules and deadlines for assessment activities.
08/2009 to 05/2012
IT Security SpecialistGhana Health Service － Accra, Ghana
Verified and validated security categories for various information systems.
Coordinated with the information system owners in the continuous monitoring of DOE information systems and its environment of operation to include developing and updating the security plans, managing and controlling changes to the systems, and assessing the security impact of those changes.
Performed Vulnerability Assessments to ensure that risks are assessed, evaluated and proper actions have been taken to limit their impact on the Information and Information Systems.
Worked on Cyber Security projects developing a workshop for vulnerability identifications, analysis, remediation reporting to staff and end users.
Facilitated remediation of new vulnerabilities by collaborating with cyber security team and endpoint teams.
Worked closely with both business oriented executives and technical teams to ensure that adequate processes are in place and actions are being taken to mitigate identified risks proactively using HIPAA.
Developed and maintained relationships with internal and external customers to formulate information security governance solutions.
Researched and maintained knowledge base regarding information security issues, solutions and potential implications.
Education and Training
Bachelor of Science: Cyber Security Management and PoliciesUniversity of Maryland University College － Adelphi, MarylandCyber Security Management and Policies
Bachelor of Science: Computer ScienceGhana Telecom University － AccraGhanaComputer Science
Activities and Honors
National Society for Leadership and Success
Budget, C, consulting, SC, Database, Department of Health, documentation, HP, information security, Information Systems, Information Technology, managing, meetings, Ms Excel, Microsoft Office Suite, Office, Outlook, Ms PowerPoint, Share Point, Ms Word, Enterprise, Network Security, organizational, personnel, policies, processes, producing, Publications, reporting, requirement, Risk Management, Sarbanes-Oxley, technical support, training materials
Nessus Security Scan
*SY0-401: CompTIA Security Certification: Expected August 2017
*CASP Certification expected September 2017
*Active Secret Clearance