Security Information

Yaya, Taseh

Phone: 713-***-**** • Email: adirns@r.postjobfree.com

Active DoD Secrete Clearance.

Professional Summary

Experienced cybersecurity professional who has demonstrated thorough expertise in security control implementation, assessment and authorizations, and POA&M management. Strong proficiency using NIST 800-53A while assessing systems. Proven ability to lead teams and direct, solve problems creatively, and make strategic decisions in fast paced environments that are beneficial for clients.

Certifications

CompTIA Security +

Certified Authorization Professional: (anticipated: Feb 2021)

Education

Western Governors University

Bachelor of Science in Cyber Security/Information Assurance (In Progress)

Bamenda University of Science and Technology (BUST) Cameroon

Bachelor of Science in Information Technology

Technical Skills

NIST 800-37

FIPS 199

NIST 800-60v1&2

NIST 800-53(rev. 4)

FIPS 200

CSAM

BMC Remedy

SAR

SSP

MS office Suite

Archer

SAP

FedRAMP

Windows 8, 10, 2012

Qualys

POA&M

Continuous Monitoring

Nessus

Splunk

ATO Packages

Vulnerability Analysis/ Management

Professional Experience

Cybersecurity Analyst/ ISSO

DTT Consulting, College Park, MD Jan 2019 – Present

Use existing organizations RMF process to perform assessments using NIST SP 800-53a to ensure the security controls are being implemented properly and are producing the desired outcome.

Coordinate access management related audit and compliance tasks, such as user privileged access reporting and other relevant research and investigations.

Use NIST 800-37 as a guide for assessments and continuous monitoring to make sure security posture was operating at a high level in accordance with organization’s monitoring strategy.

Review security plans (SP), contingency plans (CP), contingency plan tests (CPT), privacy impact assessments (PIA), and risk assessment (RA) documents per NIST 800 guidelines for various government agencies to ensure systems are FISMA compliant.

Initiate weekly meetings with various System Owners and Information System Security Officers (ISSO) to provide guidance of evidence needed for security controls and document findings of assessments.

Work with Upper-Management to identify and to prevent 90 percent of reoccurrences in technical and customer problems.

Collaborate with development staff to recreate and solve problems in a test environment.

Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation:

Assist with selecting security controls for two Department of Commerce systems to support these Systems’ Risk Management Framework (RMF) efforts; Directly involved with developing the Contingency Plan and Incident Response plan to support Business Continuity Plan initiatives.

Analyze and evaluated system security documentation, including security plans, security assessment reports, and plan of action milestone (POA&Ms.

Monitor and manage spam filters to mitigate risk from phishing or malware.

Document and analyze changes that occur on information systems and perform continuous monitoring on an ongoing basis in accordance with the organization's monitoring strategy.

Initiate meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.

Review updated and developed required security documentation including but not limited to System Security Plans (SSPs), Contingency Plans (CP), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SAR).

Perform assessments, POA&M Remediation, and document creation using NIST SP 800-53.

Security Control Assessor

Texas Department of Criminal Justice. June 2013 – Dec 2018

Leveraged existing organization’s RMF process, review and determine if system/application documentations are accurate, up to date, and displayed thorough details to support the Security Control Assessment/Validation process.

Experience with developing and implementing information security continuous monitoring (ISCM) or continuous diagnostics and mitigation (CDM) strategies, policies, and supporting technologies.

Worked with a team of Information System Owners, Developers and System Engineers to select and Implement tailored security controls in safeguarding system information.

Initiated meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.

Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POA&M Remediation, and document creation using NIST SP 800-53.

Review security controls and provide implementation responses as to if/how the systems are currently meeting the requirements.

Develop NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses

Ensure customers follow security policies and procedures following NIST 800-53 and NIST 800-53A.

Perform specific quality control for packages validation on the SP, RA, RTM, PIA, SORN, E-authentication assessment and FIPS-199 categorization

Plan, assign and perform security validation review for C&A documentation, and supervise team members

Provide POA&M Quality and Management (review, update and validate on behalf of the CISO)

Review and upload deliverables in C&A repositories CSAM

Maintain inventory of all Information Security system assigned

Provide guidance and training to the system owner and ISSO on the validation process

Develop and Implement FISMA ISSM Validation processes

Sound understanding and experience with NIST Risk Management Framework (RMF) process.

Document and review System Security Plan (SSP), Security Assessment Report (SAR), Security Plan of Action and Milestones (POA&M), Authorization letter/memorandum (ATO).

Sound understanding and experience with NIST Risk Management Framework (RMF) process. Performed assessments and document creation using NIST SP 800-53 Rev.4.

Perform Information Systems Security Audits and Certification and Accreditation (C&A) Test in compliance with the NIST standards.

Contact this candidate