Resume

Sign in

Security Information

Location:
Columbus, Ohio, United States
Posted:
April 26, 2018

Contact this candidate

Resume:

FRANKLIN ASONG

Email: ac49cg@r.postjobfree.com Tel: 614-***-****

CERTIFICATIONS

CompTIA Security + In progress

isc2 Certified Authorization Professional (CAP) in progress

SUMMARY:A well detailed Information Security Analyst/Security Assessor, Privacy and Data Security Management & Operations, Vulnerability Scanning, Certification and Accreditation (A&A), Project Management, NIST 800-53 Rev1 and rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev3 and 800-34,FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, POA&M, Incident and Contingency Planning.Used Splunk for monitoring Logs, Alerts, and Aggregations.

EDUCATION

University of Buea: Bachelors in Biochemistry 2011

Ohio State University: Master’s in chemistry 2014

Columbus state community college: Cyber security 2014

WORK EXPERIENCE

Green Valley Corporation – Norfolk, VA // Jan 2015 – Present

Cyber Security Analyst

Risk Management Framework (RMF) Using NIST 800-37 as a guide, assessments and Continuous Monitoring: Performed RMF assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.

Knowledge of Several Computer Environments: Performed Update, Install, Configure, evaluation and guidance on security control implementation on multiple environments include Windows server, Windows 7, Windows XP, Red Hat 6/7 and Centos 6/7.

Security Documentation: Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs).

POA&M Remediation: Performed evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISCAM audits.

Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4.

Developed Solution to Security weaknesses: Developed solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP. Assisted ISSOs create solutions to weaknesses based on system functionality and pre-existing architecture and an Audit liaison officer with respect to respond to auditor.

Communications between multiple clients to perform POA&M remediation for CAP remediation. Handled internal communications within Office of Information Security and external communications with several different divisions on a daily basis. Maintain excellent working relationships with both internal and external customers using communication skills.

Provided services as security controls assessors (SCAs) and perform as an integral part of the Assessments and Authorizations process to include A&A scanning, documentation, reporting and analysis requirements. Analyzed current threats to information security and systems. Analyze security findings and data. Published reports and keeps metrics for client systems.

Worked with Security Operation Center Analyst in making sure Intrusion detection and prevention systems (IDS/IPS) such as SNORT to analyze and detect Worms, Vulnerabilities exploits attempts and IDS monitoring and management using Security Information and event management (SIEM-SECURITYCENTER BY TENABLE),to collect and Analyze large volumes of logs and network traffic and alerts to assess, prioritize and differentiate between potential intrusion attempts and false alarms. Identified trends and root causes of system failures or vulnerabilities using NESSUS Vulnerability Scanner, Nmap to scan ports, weak configuration and missing patches.Assured that the Information Systems Security department's policies, procedures, and practices as well as other systems user groups are in compliance with FISMA, NIST, and general agency standards.

Worked with ISSO and Security team to Access Security Controls selected, in Updating SAP, ROE where Vulnerability scanning and penetration testing procedures are included in the assessment, conduct assessment meeting kickoff and security Control meeting with ISSO and System Owner .Assessment finding result be reflexed on the (RTM) or Test case and all weakness noted be reported in our SAR report.Knowledge of SAN-20 and ISO 27001 Security controls and Mapping with NIST.

Reviewed documentation to include System Security Plan NIST 800-18 as a guide, Authorization to Operate (ATO),Security Assessment report(SAR) using NIST800-30 as a guide, FIPPS 199 System Categorization using NIST 800-60 Vol1/Vol2 based on confidentiality, integrity and availability (CIA), policy and procedures, e-authentication, privacy threshold analysis (PTA), privacy impact analysis (PIA), contingency plan (CP) and interconnection security agreement as per NIST 800-47, certification and accreditation (C&A) packages and system standard operating procedures.

Technology: NESSUS, TAF,Xacta, CFACTS and CSAM, SPLUNK.



Contact this candidate