Terence Momoh Ndong

**** ***** **** ** **** Burnie MD 21061.

Email: ac6sse@r.postjobfree.com

Cell: 240-***-****

Career Objective:

An experienced Information Assurance professional who is able to quickly adjust to new environments, technologies, and processes to ensure that the security of system are maintained by interfacing with stake holders in an interdisciplinary environment.

Summary of Skills:

Conversant in FISMA requirements and NIST special publications

Knowledgeable in vulnerability management and compliance regulations

Experienced in the NIST RMF process used for managing cyber security risk

Ability to adapt in a fast paced and time sensitive environment

Experienced in vulnerability management and compliance regulations

Ability to communicate well, both orally and through writing

Strong problem solving, and analytical skills needed for effective product delivery

Ability to adapt in a fast paced and time sensitive environment

Work Experience:

Acethia LLC, Brookeville MD October 2017 - Present

Security Control Assessor

Work as part of a team to perform System Certifications, Annual Assessments, and Continuous Monitoring Assessments.

Reviewed technical, operational and management controls and conducted RMF per the NIST 800-53, NIST 800-37 requirements.

Conduct security assessment on assigned systems to ensure FISMA compliance following NIST SP 800 publications especially NIST 800-53 and Federal Information Processing Standards (FIPS).

Evaluate security controls on information system platforms that include Windows, Linux, UNIX, Databases and Networks

Worked with a team of security assessors and security officers to categorize, select, and implement security controls per NIST and FIPS requirements.

Coordinate with project lead to plan time, prioritize tasks, and use assigned resources.

Draft and review security artifacts including, but not limited to, System Security Plans, inventories, requirement traceability matrices, control allocation tables, and security assessment reports.

Conduct Annual assessments of systems on compliance with organizational policy.

Collaborate with the ISSO to draft and manage POA&M for authorized systems with appropriate remediation suspense dates and track findings until closure.

Experience managing extended ATO’s due to exceptions and waivers ignited by open POA&M’s.

Evaluate and review System Security Plans (SSP), Contingency Disaster Recovery Plans (CDRP), Risk Assessment Reports (RAR), Security Assessment Reports (SAR) and Executive Summaries.

Support higher-level employees in research, examinations, investigations, audits, and inspections of security controls for compliance to NIST SP 800 series.

Review work of peers to ensure timeliness and quality of work. Support the work of other employees.

AlphaHill LLC, Washington DC September 2015 - October 2017

ISSO

Work as a key team member of the RMF process for assigned systems to ensure that the controls are adequately categorized, selected, implemented, assessed, authorized, and monitored, following NIST/FIPS requirements.

Develop and present both verbally and in writing, highly technical information to non-technical audiences at all levels of the organization.

Ensure IT systems have all security controls in place and functioning properly in accordance to NIST 800-53A publications.

Collaborated with SOC analyst to run and analyze vulnerability results from tools like Nessus and WebInspect.

Attended and participated in meetings to update stakeholders on the state of assigned systems and make follow ups for remediation of outstanding vulnerabilities.

Collaborate with external/internal auditors to ensure that systems have ATO's as required by FISMA.

Report incidents within the timeframe prescribed by policy for incident response and develop POA&M’s for remediation of vulnerabilities

Experience managing extended ATO’s due to exceptions and waivers ignited by open POA&M’s.

Ability to develop and update system categorization levels using FIPS 199 and NIST 800-60.

Selecting security controls using NIST 800-53/FIPS 200, implementing security controls, and developing SSP and other key deliverable documents.

InfosPro Solutions (IPS) September 2013 - October 2015

Junior Security Control Assessor

Worked as part of a team that assessed systems following the NIST Risk Management Framework (RMF)

Professional understanding of Unix/Linux (Solaris/Red Hat) and MS Windows Operating Systems

Collaborate with the SOC engineers to request the scanning of systems using tools like Nessus and WebInspect

Familiarity with NIST Special Publications (e.g., 800-53, 800-37)

Knowledge of federal risk management practices and security controls

implementation processes, to include FISMA and the NIST Risk Management

Framework.

Ability to effectively explain technical and nontechnical concepts to a

variety of audiences.

Methodical approach to gathering security documentation needed to validate security control requirements during an assessment.

Ability to follow and comply with existing processes and procedures, and

propose updates.

Work with minimal supervision, set priorities, and give attention to detail

and quality.

Demonstrates strong organizational and time management skills with the ability to multitask and work as a member of a team as well as individually

Self-motivated, reliable and handles stress in a professional manner

Education

Degree in Spiritual Theology Thomas Aquinas Pontifical University Rome, Italy 2010

Bachelor of Art in Public Management

University of Yaoundé. July 1990

Certifications/Trainings

Oracle Certified Associate 2015

Security + Certification in Progress

CAP certification training in Progress

Reference:

Available Upon Request.

Contact this candidate