Yaya, Taseh
Phone: 713-***-**** • Email: adirns@r.postjobfree.com
Active DoD Secrete Clearance.
Professional Summary
Experienced cybersecurity professional who has demonstrated thorough expertise in security control implementation, assessment and authorizations, and POA&M management. Strong proficiency using NIST 800-53A while assessing systems. Proven ability to lead teams and direct, solve problems creatively, and make strategic decisions in fast paced environments that are beneficial for clients.
Certifications
CompTIA Security +
Certified Authorization Professional: (anticipated: Feb 2021)
Education
Western Governors University
Bachelor of Science in Cyber Security/Information Assurance (In Progress)
Bamenda University of Science and Technology (BUST) Cameroon
Bachelor of Science in Information Technology
Technical Skills
NIST 800-37
FIPS 199
NIST 800-60v1&2
NIST 800-53(rev. 4)
FIPS 200
CSAM
BMC Remedy
SAR
SSP
MS office Suite
Archer
SAP
FedRAMP
Windows 8, 10, 2012
Qualys
POA&M
Continuous Monitoring
Nessus
Splunk
ATO Packages
Vulnerability Analysis/ Management
Professional Experience
Cybersecurity Analyst/ ISSO
DTT Consulting, College Park, MD Jan 2019 – Present
Use existing organizations RMF process to perform assessments using NIST SP 800-53a to ensure the security controls are being implemented properly and are producing the desired outcome.
Coordinate access management related audit and compliance tasks, such as user privileged access reporting and other relevant research and investigations.
Use NIST 800-37 as a guide for assessments and continuous monitoring to make sure security posture was operating at a high level in accordance with organization’s monitoring strategy.
Review security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies to ensure systems are FISMA compliant.
Initiate weekly meetings with various System Owners and Information System Security Officers (ISSO) to provide guidance of evidence needed for security controls and document findings of assessments.
Work with Upper-Management to identify and to prevent 90 percent of reoccurrences in technical and customer problems.
Collaborate with development staff to recreate and solve problems in a test environment.
Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation:
Assist with selecting security controls for two Department of Commerce systems to support these Systems’ Risk Management Framework (RMF) efforts; Directly involved with developing the Contingency Plan and Incident Response plan to support Business Continuity Plan initiatives.
Analyze and evaluated system security documentation, including security plans, security assessment reports, and plan of action milestone (POA&Ms.
Monitor and manage spam filters to mitigate risk from phishing or malware.
Document and analyze changes that occur on information systems and perform continuous monitoring on an ongoing basis in accordance with the organization's monitoring strategy.
Initiate meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
Review updated and developed required security documentation including but not limited to System Security Plans (SSPs), Contingency Plans (CP), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SAR).
Perform assessments, POA&M Remediation, and document creation using NIST SP 800-53.
Security Control Assessor
Texas Department of Criminal Justice. June 2013 – Dec 2018
Leveraged existing organization’s RMF process, review and determine if system/application documentations are accurate, up to date, and displayed thorough details to support the Security Control Assessment/Validation process.
Experience with developing and implementing information security continuous monitoring (ISCM) or continuous diagnostics and mitigation (CDM) strategies, policies, and supporting technologies.
Worked with a team of Information System Owners, Developers and System Engineers to select and Implement tailored security controls in safeguarding system information.
Initiated meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POA&M Remediation, and document creation using NIST SP 800-53.
Review security controls and provide implementation responses as to if/how the systems are currently meeting the requirements.
Develop NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses
Ensure customers follow security policies and procedures following NIST 800-53 and NIST 800-53A.
Perform specific quality control for packages validation on the SP, RA, RTM, PIA, SORN, E-authentication assessment and FIPS-199 categorization
Plan, assign and perform security validation review for C&A documentation, and supervise team members
Provide POA&M Quality and Management (review, update and validate on behalf of the CISO)
Review and upload deliverables in C&A repositories CSAM
Maintain inventory of all Information Security system assigned
Provide guidance and training to the system owner and ISSO on the validation process
Develop and Implement FISMA ISSM Validation processes
Sound understanding and experience with NIST Risk Management Framework (RMF) process.
Document and review System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO).
Sound understanding and experience with NIST Risk Management Framework (RMF) process. Performed assessments and document creation using NIST SP 800-53 Rev.4.
Perform Information Systems Security Audits and Certification and Accreditation (C&A) Test in compliance with the NIST standards.