Oluwatobi Isaiah Oni

Email: ad11ck@r.postjobfree.com Phone: 804-***-****

Fairburn, GA 30213.

Experience Summary

Motivated Cybersecurity analyst professional seeking a position as Information Security Analyst. Passionate about security principles, managing risks, vulnerabilities, and threats. Familiar with security and privacy rules associated with RMF, FISMA, NIST 800 series, and FIPS publications. Supporting Security Assessment and Authorization process from initiation to continuous monitoring, Vulnerability Scanning, POA&M management and SAR process.

Competencies

●Risk Assessments and Analysis

●Understanding of cyber risks and threats

●Vulnerability Assessment - Nessus

●Problem solving and analytical skills

●Strong interpersonal skills

●Process Improvement

●Research/Analysis

●RMF Framework

●Independent Verification and Validation

●Analysis and reporting

●Policy and Procedure Documentation

●Excellent written and verbal communication

●Fed Ramp

●NIST SPs (800-53A, 800-53)

Certification

Security +

CYSA+

Education .

Cybersecurity Analyst Training with CyberAsquare Institute 2018.

Bachelor of Science, Virginia State University, 2018.

Advance Computer Concepts Northern Virginia Community College, 2015.

Experience Details

CyberAsquare Training Institute, Junior Information Security Analyst 01/2021-Present Mclean, VA

Conduct risk assessments regularly to ensure measures raised in assessments are implemented in accordance with risk guidance in NIST 800-30 and NIST 800-37

Develop NIST-compliant vulnerability assessments, technical documentation, and Plans of Action and Milestone (POA&M), and address system weaknesses.

Knowledge of security policies and procedures based on NIST 800-53 and NIST 800-53A.

Experience in documenting policy and IT Security artifacts in accordance with NIST.

Support the System Owner through the NIST Risk Management Framework & Systems Assessment and Authorization processes.

Understand FIPS 199 guidelines process in Security Categorization, in selecting the Managerial, Operational, and Technical (MOT) Controls using NIST SP 800-60.

Provide guidance through the phase of FISMA SA&A, including Monitoring of the SA&A artifacts compliance, annual self-assessment (NIST SP 800-53A) guidelines and quarterly self-assessment completion using NIST SP 800-26 guidelines.

Knowledge of NIST SP 800-37, SP 800-39, SP 800-53, SP 800-53A, SP 800-34, SP 800-18, SP 800-128 during documentation, review, and update.

Review and update the System Security Plan (SSP) using SP 800-18 guidelines.

Review and update Risk Assessment (RA) using NIST SP 800-30 guidelines.

Reviewed and updated Contingency Plan (CP) using NIST SP 800-34 guidelines.

Ability to develop POA&M (Plan of Action & Milestone) document to take corrective actions resulting from ST&E (System Test & Evaluation).

Performed comprehensive Security Assessment Controls and write reviews of management, Operational and Technical Security Controls for audited applications and information systems.

Compile data to complete Residual Risk Report and to insert contents into the POA&M.

Develop Security Assessment Reports (SAR)

Complete necessary requirements to assist system owners achieve ATO's.

SCRX Consulting, Junior Information Security Analyst 03/2018 – 01/ 2021

Arlington, VA

Review and update System Security Plan (SSP) based on findings from assessing controls using NIST SP 800-18 rev1, NIST SP 800-53a rev4 and NIST SP 800-53.

Conduct client interview to determine the Security posture of the System and to assist in the completion of the Security Assessment Plan using NIST SP 800-53A test required to maintain organization's Authorization to Operate (ATO).

Update SSP with the Information System owner when necessary.

Contribute to initiating FISMA metrics such as Annual Testing, POA&M Management, and Program Management

Conduct risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37

Create Security Assessment Plans to initiate Information Security Assessment

Perform specific quality control for packages validation on the SP, RA, RTM, E-authentication assessment and FIPS-199 categorization

Perform continuous monitoring on Information systems using NIST SP 800-137

Document security compliance using Governance, Risk & Compliance (GRC) tool

Generate Security Assessment Reports (SAR).

Conducted vulnerability assessment using Nessus tool

Ability to translate business requirements into control objectives

Maintain inventory of all Information Security system assigned

Plan, assign and perform security validation review for C&A documentation, and supervise team members

Contact this candidate