Cyber Security Analyst
Resume:
Newark, NJ USA
*************@*****.***
CERTIFICATION
1.Masters Program - Cyber Security Expert : Simplilearn Certified
Introduction to Cyber Security
CompTIA Security+ (SY0-601)
CEH (v11)- Certified Ethical Hacker
CISSP® Training
Certified Cloud Security Professional
CompTIA Network+
CISM
Linux Training
Enterprise Infrastructure Security
Application and Web Application Security
Ransomware and Malware Analysis
Ethical Hacking and VAPT
2.Other Certifications
WAEC Certificate – Ghana. October 2012 – May,2015
Certified Registered Central Service Technician CRCST
International Association of Healthcare Central Service Materiel Management IAHCSMM
3.Projects
Running WebGoat from Ubuntu
Using WebGoat to test Web Application
Vulnerability Assessment and Pen Testing using Kali Linux, Windows 10 and Debian System
Performing Cross Site Scripting
Performing SQL injection
Using OWASP threat dragon for threat modelling
EDUCATION
2022
Post Graduate Boot Camp Cyber security
University of California, Irvine
Portia Asare B.
CAREER OBJECTIVE
A Competent Cyber/information Security Analyst with several years of experience in Information System Security with focus on Risk Management Framework (RMF) NIST 800-37, Assessment and Authorization, vulnerability management and operational policy and procedures having gained good exposure to understand various aspects of Cybersecurity through Master’s Program and the Post Graduate Bootcamp which has developed a great sense of confidence at a very personal level. Experience in all phases of preparing and reviewing complete assessment and authorization (A&A) packages for information systems and applications as defined by the Federal Information Security Modernization Act (FISMA 2002). Hence, I seek a challenging position in the area of Cloud security, Ethical Hacking, Malware Analysis & related fields where I can share my skills and expand my capabilities further in the pursuit of progressive career advancement.
SUMMARY OF QUALIFICATION
Provide support to client in executing the NIST RMF (SP 800-37) process; perform Assessment and Authorization (A&A) documentation in compliance with organization standards and policies.
Develop, review and update A&A artifacts (SSP, E-authentication, SAP, CMP, SAR, ST&E, CP, FIPS 199, POA&M, PTA and PIA referencing appropriate NIST/FIPS Special Publications).
Proficient in conducting penetration testing and patch testing, vulnerability assessments of cloud and web applications to identify potential risks and exploits.
Skilled in using a range of pen testing tools and techniques, including web application scanners, cloud service discovery tools, and vulnerability scanners.
Knowledgeable in cloud security concepts, such as virtualization, cloud network security, and identity and access management.
Coordinate with third party control assessment team to perform comprehensive security control assessments, documenting results and recommendation.
Tracked the security patching and remediation of security weaknesses as they are documented in the Plan of Actions
Compile data to complete Residual Risk/Risk Acceptance Report and updating and management of POA&M.
Experience with analysis of Nessus vulnerability Scans, CSAM, eMASS and MS Office Suite tools.
Ability to multi-task, work independently and as part of a team, with strong analytical and quantitative skills.
Effective interpersonal and verbal/written communication skills, recognized as a collaborative team player with a tireless work ethic, an aptitude for learning new skills, and an ability to multitask while remaining committed to provide quality work.
Experienced Penetration Tester with expertise in conducting comprehensive pen testing, patch release and vulnerability assessments of systems, applications, and networks to identify potential weaknesses and exploits.
Proficient in using a range of pen testing tools and techniques, including network scanners, security patches, vulnerability scanners, and social engineering methods.
Skilled in performing manual and automated vulnerability assessments to identify potential risks and exploits in the target environment.
Solid understanding of the various phases of the pen testing process, including planning and scoping, reconnaissance and information gathering, vulnerability assessment, exploitation and penetration testing, reporting and remediation, and retesting.
PROFESSIONAL EXPERIENCE
April 2021– March 2023
Cybersecurity/ Information Security Specialist
Radyant Inc, Remote
Assisted Program Manager and Facility Security Officer in the preparation of Authority to Operate (ATO) documentation to support facility and system development efforts.
Conducted RMF first step kick off meeting, initial risk assessment and categorization of information security system into Low, Moderate and High system centered on Confidentiality, Integrity and Availability (CIA) of the information type referencing FIPS-199 and NIST 800-60.
Prepared and produced e-authentication artifact identifying the appropriate authentication mechanism base on risk level (single or multifactor) referencing SP 800-63.
Validate the effectiveness of patches in resolving identified vulnerabilities.
Selected and drafted security control baseline in accordance with SP 800-53 rev4 and FIPS 200.
Prepared security Assessment and Authorization (A&A) documentation including system security plan (SSP), Security Test and Evaluation (ST&E), Security Assessment Report (SAR), Contingency Plan (CP) and other artifacts required for the ATO package, referencing SP 800-18, SP 800-53A, SP 800 -171 SP 800-115, SP 800-34.
Conducted a crosswalk review of the NIST SP 800-122 Privacy Controls by reviewing privacy overlays of security and privacy controls on a system.
Monitored and conducted Security Control Assessment to ensure all controls meet security requirements as stipulated in the SSP and NIST SP 800-53A Rev4.
Participated in Change Control Board (CCB) briefings/meetings with all client/system senior management.
Conducted Compliance and Policy Checks for the various Bureaus on the following artifacts: Contingency Plans & Tests, Configuration Management, System Interconnections and System Security Plans.
Supported the configuration management team responsible for the creation of system configuration baseline and implementing change process using SP 800-128.
Collaborated with ISSO to review and analyze security patches & vulnerability scan results and coordinate the remediation response with system security administrators/engineering teams.
Initiated, updated, coordinated, and tracked the patching and remediation of security weaknesses as they are documented in the Plan of Actions and Milestones (POA&M).
Updated, retrieved, and uploaded all necessary authorization related documentation into Cyber Security Assessment Management (eMASS) using approved templates and procedures.
Developed risk waivers and exceptions for information system vulnerabilities and security patches.
Utilized Tenable Nessus Network Security and WebInspect vulnerability scanners to identify system vulnerabilities and assist SO and team to mitigate findings for threat reduction.
Developed and maintained Continuous-monitoring programs for the CSP solutions in line with organization ISCM policies, FISMA and FedRAMP requirements.
Represented the organization at the FedRAMP PMO meetings on Risk Assessment Report (RAR) and agency authorization process including Kick-off meetings.
Feb 2020 – Aug 2022
Cybersecurity/ Info. Security Analyst (ISSO) Role
The Maasai Group, VA
Ensured security policies, procedures; recommendations comply with FISMA, NIST, Organizational guidelines and technical best practices.
Analyzed and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M).
Assisted System Owners and ISSO in preparing assessment and authorization (A&A) package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53, NIST SP 800-171
Designated systems and categorize its C.I.A using FIPS 199 and NIST SP 800-60.
Conducted Self-Annual security control assessment (NIST SP 800-53A).
Participated in Compliance Review Board (CRB) weekly meetings to discuss concurrence statuses of PIA documents created for various DOC’s specific information systems.
Performed vulnerability assessment and security patching to ensure that risks are assessed, evaluated and proper actions have been taken to limit their impact on the information and information systems.
Created dashboards for SharePoint from Overall Scorecard of Compliance and Policy Checks on the various Bureaus.
Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages.
Familiar to vulnerability scanning and GRC/IA tools (Nessus and CSAM).
Documented test results, develops and recommends corrective actions, and develops and documents residual risk and risk assessment statements.
Participated in working security group activities and product development meetings to ensure requirements are met according to standards.
Provided support to the Security Director for maintaining appropriate operation information assurance (IA) posture for the program.
Technical Skills/Tools/Controls/Standards
Audit and Accountability, Security Assessment and Authorization, Compliance Testing, Vulnerability Scans, Patch Management, Risk Assessment, Change Management, Configuration Management, Contingency Planning; Policies and Procedures, Implementation SSP, E-Authorization, PIA, PTA, SORN, POA&M, SAR, SAP, CMP, MOU, ISA. OMB Circular A-123 Appendix A, NIST 800-53, NIST 800 53A, NIST 171, FIPS 199, FedRAMP, ISO/IEC 27002:2015 (Information Security Management), ISO 270001& 270002, COSO/COBIT, Sarbanes-Oxley Act. CSAM, eMASS, Tenable Nessus, MS Office, Microsoft Windows, MS Visio, Tableau, Remedy TTS, E-Auth, SharePoint etc.
.
Contact this candidate