Serge Mathieu Owona

Smithsburg, MD 484-***-**** ad1cw7@r.postjobfree.com

SUMMARY

• US Army: Maryland National Guard, Rank, E4

• An Information System Security Officer and NIST 800-53 Control assessor with enormous years of combined experience in the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology

(NIST), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning.

• Through understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, RMF, COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC and SSAE18. Good working experience with GRC tools like ServiceNow, and Archer and Knowledge of the process of obtaining a system ATO and the requirements to maintain the ATO.

• An IT Professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment.

• Understanding of information technology concepts, and cloud computing models (PaaS, SaaS, IaaS). EDUCATION

1. Bachelor Degree (Cameroon) in Law 2006

2. University of Yaoundé II (Cameroon) PhD in Law (2015) 3. Capitol University (USA-Maryland) Phd in Cybersecurity Leadership (2022-2025) 4. The University of Texas McComb (USA-Texas) Post Graduate in Cybersecurity (2021-2022) CERTIFICATIONS

• CompTIA Security+ CE (Exp. Date : 04/06/2024)

• AWS Solutions Architect (Issued Apr 2021)

• Oracle OCP (Issued Apr 2021)

SECURITY CLEARANCE

Active Secret

PROFESSIONAL EXPERIENCE

US Navy, Walter Reed National Military Medical Command (WRNMMC), Bethesda, MD (DSG-IT) DATE: 01/2023-Present

Leave Contract to work remote to take care of my children that just immigrate to USA Information Security Engineer (ISSE)

• POC for SSP, IPP, CP and All the RMF tools and accreditation process

• Scanning WRNMMC workstatations, servers and IT Infrastructure

• POC for the WRNMMC validation process.

• Preparing documents and artefacts for the IV&V team (system architecture diagram, SPP, ATO package and any other relevant documents for the Validation Team

• Preparing effort request in the CSTAR tool in order to prepare for the IV&V team

• Preparing Software and Hardware Inventory for the Cost estimate and validation of the WRNMMC IT infrastructure process

• Assisting the IV&V Team with documents and different assesses for the Validation process of the WRNMCC IT process

• Registration of New system in eMass, uploading of artifacts in eMass

• Uploading of SSP, SAR, IPP and other relevant RMF documents into eMass

• Creation, extension of new POA&M and Milestone into eMass

• Using HBSS system (Mc Afee Agent to generate Audit Log report for workstations and IT infrastructure of WRNMMC Lan

• Using ePo Orchestrator (Mac Afee Console) to generate scans and Audit Log for WRNCMMC IT infrastructure

• Participating in Incident Response Team and effort to remediate WRNMMC incidents and Data breaches

United States Army, MRDC HQ Fort Detrick, MD (Free Alliance) DATE: 11/2021 – 2022 Information System Security Officer

• Scanning MRDC LAN SYSTEM VIA ACAS to generate weekly reports

• uploading reports for MRDC LAN for 6 Systems weekly

• Collaborating with TECHS, WEB, DBA, and subject matter experts for remediation of vulnerabilities identified by ACAS Scanning

• Develop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).

• Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.

• Maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentation for the system.

• Perform risk assessments, develops, and recommend mitigating controls, and remain abreast of advancements that address emerging business and environmental factors impacting assurance levels.

• Work with IT Controls Manager to improve the efficiency and effectiveness of IT audit testing procedures, processes, and attributes.

• Develop Plan of Action & Milestones (POA&M) to remediate actions resulting from security control assessments; monitored and tracked remediation progress using GRC tools like eMass, ServiceNow and Archer.

• Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems.

• Resolve A&A ServiceNow incident tickets for change management.

• Execute day-to-day deliverables that support the ongoing compliance needs related to, PCI, IT policy, compliance, and risk, as well as any new regulatory requirements.

• Develop/Review deliverables associated with a FedRAMP security authorization package including, but not limited to System Security Plan, Information System Contingency Plan, Security Assessment Plan, and Security Assessment Report.

• Review for accuracy of Security Control Assessment (SCA) documentation, including but not limited to the Security Assessment Report (SAR).

• Perform ongoing RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.

• Experience with e-GRC tools such as Archer, Service Now and prevalent to ensure secured and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.

• Ensure compliance with data security policies and relevant legal and regulatory requirements following agency directives and applicable Risk Management Framework (RMF) requirements.

• Review Nessus and Nexpose scan reports for deficiencies and remediation of findings.

• Participates in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages.

• Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms.

United States Army (Trutek LLC) Alexandria, VA DATE: 12/2018 – 10/2021 Information System Security Engineer ( ISSE)

• Performed System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact levels assigned to the Confidentiality, Integrity, and Availability (CIA) based on the information type.

• Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment

(PIA), and System Security Test and Evaluation (ST&E).

• Developed and tracked Plans of Action and Milestones (POA&Ms) to ensure remediation closure.

• Performed security risk assessment and analysis of resources, controls, vulnerabilities, asset decommissioning, and information security threats to the organization’s objective.

• Performed assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.

• Ensured that plans of action and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.

• A better understanding of NIST 800-53 security controls and documentation for assessment results.

• Ensured all supporting artefacts and results will be documented appropriately and timely manner.

• Adhered to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing, and implementing security controls, testing, and validating security controls, and analyzing and tracking corrective action plans.

• Performed ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide.

• Provided security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems

• Documented observations for existing IT control processes and identify issues in assessment questionnaires during disaster recovery planning exercises

• Conducted assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.

• Incident response management by processing computer affected for reimaging

• processing cybersecurity incidents that occurred within Network in collaboration with the 2RCC or NIWC CSSP Help Desk for analysis/ processing

• Providing updates if necessary to the 2RCC or NIWC CSSP Help Desk ADRPA LLC DATE : 12/2017 – 10/2018

IT Specialist (Help Desk)

• Ticketing system via ServiceNow

• Creating users using internal and external Domain users using Active Directory

• Creating groups, roles and responsibilities using Azure Active

• Tracking and following up RBAC

• MX Tools.box.com to check on the validity and authenticity of emails Using Super Tools or Mxloopup, DMarclookup,

• Performs a lead role in the promotion of security awareness programs, assessing gaps and implementing solutions.

• Responsible for the end-to-end completion of security requests.

• Provisions user security roles and manages security groups across systems, platforms, databases, applications, servers, directors and folders.

• Analyzes existing role structures to improve and streamline structures, security administration and improve end-user experience.

• Responsible for highly sensitive security access for outsourced vendors and ensuring compliance with policy, regulations and contractual requirements.

• Accountable for highly sensitive emergency processes.

• Creates or maintains application scripts and uses application-specific tools to create or manage application security.

• Tracks and documents security issues and requests and actively monitors the work queue.1

• Plans, coordinates, communicates, tests and implements audits ensuring that access entitlements are appropriate for job requirements.

• Creates and coordinates completion of detailed security reports to fulfil audit, management or business owner requirements.

Accountable for follow-up of all security work requests including collaborating with other IT areas to ensure timely completion/resolution and obtainment of appropriate approval levels.

• Interfaces with users to understand new capabilities, implement procedures, ensure security procedures have been communicated properly and are being adhered to provide input to drive process improvements

• Works closely with business areas and IT partners on troubleshooting, pre-implementation activities and assessing application security.

TECHNICAL SKILLS

NIST Guidelines Publications Certification and Accreditation (C&A) Assessment and Authorization

(A&A) HIPAA & PRIVACY ACT Training IT Security Compliance Vulnerability Assessment Network Vulnerability Scanning Information Assurance System Risk Assessment System Development Life Cycle Nessus Vulnerability Scanner ACAS HBSS SCAP Splunk SharePoint LAN WAN NIST SP 800-53 SP 800-53A SP 800-37 NIST SP 800-171 FIPS FISMA FedRAMP Risk Management Framework (RMF) FIPS-199 PTA PIA SSP CP SAR POA&M ATO ISA, MOU/A IDS IPS Windows GRC ServiceNow Mitre Linux Microsoft Office NISPOM Belarc Skills & Qualities : Humble, always motivated to go for new professional and career challenges. Team player, Fast Learner, and Ability to adapt, Critical Thinking, integrity, multi-tasking, strong organizational skills, time management and organizational skills, Interpersonal skills, Strong problem-solving, decision- making, reporting, communication, and management skills.

Contact this candidate