Security Controls Risk Management
Resume:
EBENEZER OKATAH-BOI
Woodbridge, VA *****
ad2tv9@r.postjobfree.com
Over 10+ years of professional experience in Risk Management Framework and Vulnerability Management using FISMA and applicable NIST Standards. Proven ability to perform Risk Assessment and Compliance reviews to ensure Integrity, Confidentiality, and Availability of system resources. Experience with system Privacy, PII, PTA, PIA, SORN and E-Authentication. Experience in Security Assessment with detailed Knowledge of security tools, technologies, and best practices with more emphasis on FISMA compliance and NIST Publications.
Work Experience
Information Assurance Analyst
Blue Star Cyber LLC - Columbia, MD
July 2017 to Present
• Prepare and update security authorization documentation including System Security Plan, Security Assessment Report, POA&Ms, contingency plan
Conduct PTA and if it’s positive, then PIA is required. The system is then linked to the appropriate SORN.
• Reviewed and updated ATO documentations.
• Documented NIST 800-53A, 800-171A security control compliance findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs)
• Worked with stakeholders and system application teams to conduct testing, interviews, and collection of artifacts relevant to assessment of security controls.
• Prepared the final SAR containing the results and findings from the assessment.
• Initiated a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR.
• Experience with tools, such as CSAM, eMASS, for POAM opening and Closures. etc.
• Assisted with system owners in developing security authorization packages that are compliant with NIST SP 800-37
• Worked with a team of Information Security Owners, Developers and System Engineers to select, implement, and tailor security controls to safeguard system information.
• Conducted assessments of security controls on various impact systems in accordance with agency guidelines to ensure compliance with NIST 800-53A, 800-171A.
• Prepared and updated security authorization documentation including security plan, risk assessment, contingency plan, privacy impact analysis
• Documented NIST 800-53A, 800-171A security control compliance findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs)
• Worked with stakeholders and system application teams to conduct testing, interviews, and collection of artifacts relevant to assessment of security controls.
• Maintained and monitored IT security practices to protect the confidentiality, integrity, and availability of data.
• Developed, implemented, maintained, and oversee enforcement of security policies.
• Assessed network intrusion detection systems IDS/IPS and artifacts including logs, system images and packet captured to enable mitigation of network incidents.
• Analyzed Nessus Scan reports to determine false positives and true positives of scanning results
ATO Engineer
Widepoint Corp - Fort Belvoir, VA
June 2014 to July 2017
• Maintained and documented all information security rules and policies.
• Analyzed and defined security requirements for Multilevel Security (MLS) issues.
• Gathered and organized technical information about an organization’s mission goals and needs, existing security products, and ongoing programs in the MLS arena.
• Designed, developed, engineered, and implemented solutions to MLS requirements.
• Discussed issues such as computer data access needs, security violations, and programming updates with current users.
• Reviewed violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
• Modified computer security files to incorporate new software, correct errors, or change individual access status.
• Determine when to update virus protection systems updates by monitoring current reports of computer viruses.
• Monitored the use of data files and regulated access to safeguard information in computer files Viruses.
• Prepared ATO packages for reviews.
• Used eMASS for POA&M management and Security control reviews.
• Performed risk assessments and executed tests of data processing systems to ensure the functioning of data processing activities and security measures.
• Encrypted data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
• Documented computer security and emergency measures policies, procedures, and tests.
Cyber Assurance Analyst
Key Cyber Solutions - Alexandria, VA
November 2012 to May 2014
• Assisted in the evaluation of security solutions to ensure they meet security requirements for processing classified information.
• Assisted with the preparation and maintenance of documentation such as records on workstations, servers, routers, firewalls, intelligent hubs, network switches, etc. to include system upgrades.
• Developed and maintain documentation for C&A with NIST 800-37
• Developing and maintaining System Security Plans (SSP)
• Performed moderate FIPS categorization
• Implemented and managed NIST 800-53 Rev. 5 or later Security Controls
• Supported the SA&A process
• Supported Continuous Monitoring activities
• Managed POA&Ms and developed remediation strategies
• Aligned systems activities to the NIST Cyber Security Framework
(CSF).
• Supported the incident response process
• Identified and supported system Interconnection Security requirements.
• Supported audit logging review and remediation activities
Education
Associates in Cybersecurity Technology
VIRGINIA COMMUNITY COLLEGE - Annandale, VA
January 2013 to February 2016
BSc. in Computer Science
UNIVERSITY OF GHANA
January 1997 to May 2000
Skills
• Risk assessment, Cyber strong
• RSA Archer
• CSAM
• eMASS
• Nessus Scan [Tenable io]
• Web Inspect
• Splunk) Information Assurance & Privacy Knowledge of HIPAA
• SharePoint FedRAMP Risk Management Framework (RMF) and Authorization (A&A) Assessment E-Authentication
• PTA
• PIA
• RAR
• SSP
• CP
• CPT
• SAR
• POA&M
• 800-53A
• ISA
Contact this candidate