Security Officer System
Resume:
Ahmed Alusine Kamara
Information System Security Officer (ISSO) ad0xwi@r.postjobfree.com 703-***-**** / 571-***-**** Centreville, VA, 20120
Professional Summary
A well detailed Cyber Security analyst with 7+ years of experience and expertise as an Information Security Analyst, Privacy and Data Security. Management and Operations, Vulnerability Scanning, Certification and Accreditation (A&A), Project Management, NIST 800-53 Rev4 and NIST SP 800-37 rev 1, 800-18, 800-53 rev4 and 800-34, FIPS, FISMA Security Content Automation Protocol, NIST Family of Security Control, POA&M, Incident and Contingency Planning.
Education
BSc. Cybersecurity
Strayer University 2019 Washington
D.C.
Clearance
.
●Top Secret/SCI
CompTIA Security+ ce CompTIA CASP+ ce
Certifications
Microsoft PowerShell Scripting
Professional Experience
Information System Security Officer (ISSO/ISSE)
US Army Intelligence and Security Command. (Peraton)October 2022 – present Springfield-VA
•Performed RMF work on eMASS account on classified and unclassified systems.
•Reviewed and Briefed Systems for Authorization and Assessments.
•Performed RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.
•Extensive knowledge in Categorizing Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)
•Selected and implemented applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide.
•Created, updated, and revised System Security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestones (POA&Ms).
•Performed operation maintenance on POAM’s and documented findings.
•Prepared information systems’ artifacts (SSP, SAR and POA&Ms) for ATO.
•Generated, reviewed, and updated System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.
•Performed continuous monitoring using NIST 800-137 Rev 1 as a guide.
•Prepared and Updated Security assessment Documentation.
•Monitors, evaluates, and reports on the status of information security systems and
•directs corrective actions to eliminate or reduce risks.
•Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Report
•Established a Plan of Actions and Milestones (POA&M) to evaluate and track security weaknesses as discovered.
Information System Security Officer (ISSO)
Defense Threat Reduction Agency. (Teksynap) January 2022 – present Washington, DC
•Performed RMF work on eMASS and Xacta account on classified and unclassified systems.
•Performed STIG checks in STIG viewer and upload STIGS in eMASS and Xacta.
•Performed RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.
•Extensive knowledge in Categorizing Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)
•Selected and implemented applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide.
•Created, updated, and revised System Security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestones (POA&Ms).
•Performed operation maintenance on POAM’s and documented findings.
•Prepared information systems’ artifacts (SSP, SAR and POA&Ms) for ATO.
•Generated, reviewed, and updated System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.
•Performed continuous monitoring using NIST 800-137 Rev 1 as a guide.
•Prepared and Updated Security assessment Documentation.
•Monitors, evaluates, and reports on the status of information security systems and
•directs corrective actions to eliminate or reduce risks.
•Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Report
•Established a Plan of Actions and Milestones (POA&M) to evaluate and track security weaknesses as discovered.
Information System Security Officer (ISSO)
Dept of Justice. (Mantech) March 2021 – January 2022 Washington, DC
•Performed RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.
•Extensive knowledge in Categorizing Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)
•Selected and implemented applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide.
•Created, updated, and revised System Security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestones (POA&Ms).
•Performed operation maintenance on POAM’s and documented findings.
•Prepared information systems’ artifacts (SSP, SAR and POA&Ms) for ATO.
•Generated, reviewed, and updated System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.
•Performed continuous monitoring using NIST 800-137 Rev 1 as a guide.
•Prepared and Updated Security assessment Documentation.
•Monitors, evaluates, and reports on the status of information security systems and
•directs corrective actions to eliminate or reduce risks.
•Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Report
•Established a Plan of Actions and Milestones (POA&M) to evaluate and track security weaknesses as discovered.
Information System Security Officer (ISSO)
Tista Science and Technology Corporation January 2015 – March 2020 Maryland
•Performed RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.
•Extensive knowledge in Categorizing Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)
•Selected and implemented applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide.
•Created, updated, and revised System Security Plans, Contingency Plans, Incident Reports and Plan of Action & Milestones (POA&Ms).
•Prepared information systems’ artifacts (SSP, SAR and POA&Ms) for ATO.
•Generated, reviewed, and updated System Security Plans (SSP) against NIST 800-18 and NIST 800 53 requirements.
•Performed continuous monitoring using NIST 800-137 Rev 1 as a guide.
•Monitors, evaluates, and reports on the status of information security systems and
•directs corrective actions to eliminate or reduce risks.
•Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Report
•Established a Plan of Actions and Milestones (POA&M) to evaluate and track security weaknesses as discovered.
Information System Security officer
Dulles Airport August 2015 – August 2019
Dulles
•Performed cyber security activities including security control assessments in support of Information Technology (IT) systems.
•Conduct RMF assessments and Continuous Monitoring: Performed RMF assessment on several different environments at the Census Bureau using both scanning tools and manual assessment. Assessment included initiating meetings with various System Owners and Information System Security Officers (ISSO), providing guidance of evidence needed for security controls, and documenting findings of assessment.
•Assessed and authorized activities utilizing the Risk Management Framework (RMF)in accordance with the
•NIST 800-37.
•Categorized information systems to obtain an appropriate security impact level in accordance with NIST 800-60.
•Selected appropriate security controls and enhancements for information systems in accordance with the NIST 800-53 to be implemented and documented in the System Security Plan (SSP) as outlined in the NIST 800-18.
•Assessed security controls and effectively annotate weaknesses in the Security Assessment Report (SAR)
•Facilitated the authorization of a system by updating, monitoring, and managing the Plan of Action and Milestone (POA&M) to correct deficiencies.
•Enforced IT security control requirements, recommend configurations for information systems and networks and identify strategies to manage risk through mitigation of IT vulnerabilities, considering the
•rapidly evolving Cybersecurity threat to IT systems.
•Provided, tracked, and reported security requirements throughout the project life cycle of all projects that are within the accreditation boundary of assigned systems.
•Work closely with the office of the Chief Information Security Officer (CISO) to provide guidance and oversight for all requested initiatives.
•Developed, updated, and/or review RMF documentation to include Security Plans,
•Implemented Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Report
•Established a Plan of Actions and Milestones (POA&M) to evaluate and track security weaknesses as discovered.
•Analyzed potential privacy violations to identify FP’s and policy violations with remediation.
•Conducted SIEM analysis and generating dashboard/reports.
•Identified vulnerabilities through scans and penetration tests to report the issues.
•Scanned and Identified Indicators of Compromise (IOC’s).
•Performed threat intelligence and implemented Cyber Kill Chain defense against APT.
•Employed cyber modeling techniques to identify malicious threats and activities.
•Analyzed network traffic for malicious or abnormal activity for attack vectors.
•Identified adversary's Tactics, Techniques, and Procedures (TTPs) for technical mitigated strategies for preventing, controlled, and isolated incidents.
•Performed malware analysis using different malware analysis methodologies.
•Perform ongoing monitoring of implemented security controls, mitigation of system vulnerabilities, testing of security controls including disaster recovery, performance of self- assessments for low level (security rating) systems, and track and close POA&Ms.
•Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A and perform on-site security testing using vulnerability scanning tools such as Nessus.
•Create documents for the FEDRAMP A&A process to retrieve Authorization to Operate on numerous systems.
Network Operations Technician
Metro system / Amazon AWS – Ashburn, VA May 2013- December 2015
Duties
•Daily Functions include the monitoring, assisting, supporting resolving issues, running and terminating cables Constructing racks and other general construction projects as needed by Amazon (AWS).
•Installation and troubleshooting of Fiber Optics, Cat 5, Cat 5e, Cat 6 as well as routing and terminating low Voltage cables for commercial office buildings and large enterprises.
•Vital skills Learned: Working efficiently in teams imposing creative solutions developing economically viable, ethically sound and sustainable solutions work accurately with attention to detail, communicate effectively, show leadership and exercise responsibility, demonstrate project management skills, meet the changing needs of the customer, completing project within the deadline.
Worked with Network Engineers on project coordinators and Technician to assist with implementing network Scaling projects.
Work on migrating software to hardware. Performed troubleshooting for fiber links using light meters, VFL's and related troubleshooting software.
Troubleshooting multiple optic types including LC-SFP+, QSFP+, PSM4, etc. Work with multiple team members at remote sites for link troubleshooting. Worked with Network/Console/DB/Port, mobility, Netlocol and Quip.
Worked with Data Center Operations and Data Center Engineering Operations on different projects. Installed cabling and labels per provided cut-sheets from engineers.
Worked on multiple core scaling projects. Assisted with upgrade for core EC2 fabric.
Worked with Data center operations for deploying switches on high security trouble tickets. Monitored build process for routers and switches. Learned numerous information and hardware management systems.
Audit of deployments to ensure consistency with current network scaling standards. Learned the benefits of commodity hardware and network infrastructure.
Worked extensively on cutsheets to populate and verify port inform.
Northern Virginia Community College
4001 Wakefield Chapel Rd, Annandale VA 22003 August 2008-May 2013
DUTIES AND RESPONSIBILITIES
Assisted in completing pre-project checklists to gather employee information needed before going onsite.
Troubleshoot issues onsite as needed and maintained documentation database for each customer.
Verified network connectivity from server to client systems.
Monitor and report on trends and activity on network sensor platforms.
Maintain inventory taking inventory of the computers in all facets of the deployment lifecycle to include receiving, imaging, deployment, training, and disposal.
Enters all user requests into the Siebel ticketing system.
Provides for the following software applications: MS Office Suite, Adobe Acrobat Pro, and client-specific proprietary software.
Resolving problems, installing hardware and software solutions, and supporting the internal IT Helpdesk.
Enters all user requests into the Remedy ticketing system.
●Provides for the following software applications: MS Office Suite, Adobe Acrobat Pro, and client-specific proprietary software.
●Resolving problems, installing hardware and software solutions, and supporting the internal IT Helpdesk.
●Provide helpdesk support and resolve problems to the end user’s satisfaction.
●Monitor Service Desk for tickets assigned to the queue and process first-in-first-out based on priority.
●Manage PC setup and deployment for new employees using standard, hardware, images, and software.
●Install, remove or repair basic computer systems.
Skills
Performed data gathering techniques (e.g., questionnaires, interviews and document reviews) in preparation for assembling C&A/A&A packages and ATO. MSOffice 365, eMASS and Nessus, CSAM, Plan of Action & Milestones (POAM), Continuous Monitoring (CM), NIST Special Publications Series, System Security Plan (SSP), Security Assessment Reporting (SAR), ACAS Vulnerability Scanning and Risk Assessment Report (RAR)
Contact this candidate