Information Security Risk Management
Resume:
Alfred O. Asata
Bowie, Maryland
ad2v44@r.postjobfree.com
Summary
Experienced Information Security Professional with 9 years of experience in IT compliance, Security Assessment Reporting, and Management. Specialties include, but are not limited to Risk Management, Information Assurance, National Institute of Standards & Technology (NIST), Federal Information Processing Standards (FIPS) and Federal Information Security Management Act (FISMA), FedRAMP, SOC2, and Certification & Accreditation. Experience in Linux, functional knowledge of scripting in Bash and troubleshooting. Familiarity with AWS cloud infrastructure, Security Groups, IAM roles, CI/CD, Cloud formation, Ansible. Experienced in Vulnerability Management, Scanning and Remediation. Comfortable learning new programming languages and technologies to resolve security findings and implement new solutions needed to satisfy security requirements.
Key Competence
Areas of Expertise
•Security Control Assessment, Risk Management Framework (RMF), Business Impact Analysis (BIA), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA).
•Security Assessment Reporting, Risk Assessment: FISMA/NIST 800-53/FISCAM/FIPS, POA&M, A&A Packages, STIGS (Security Technical Implementation Guides) Compliance, Identity, Credential, and Access Management (ICAM).
•(AWS) EC2, IAM, S3, SaaS, PaaS & IaaS.
Software/Tools
•Splunk, McAfee, ArcSight, Elastic, Burp suite, Nessus, eMASS, ACAS, HBSS, AppScan, Metasploit, ServiceNow, STIGS, VDI, Microsoft Windows, Linux, Microsoft Office (Word, PowerPoint, Excel, Outlook, and SharePoint), Azure, AFCOS (Automated Fund Control Order System), GFEBS (General Fund Enterprise Business System), DTS (Defense Travel System), Bash/Jenkins/Git.
Experience
Security Specialist July 2022 – Current
Clarus Group/Accenture Federal Services/TSA, Virginia
•Identified threats and vulnerabilities in systems and software.
•Ensured the system security posture is DHS (TSA) security compliant (DHS4300A) and NIST SP 800 compliant.
•Interfaced with key stakeholders to supply updates and status of the system security posture.
•Worked with vendors to troubleshoot issues with current products/applications to ensure the enterprise is protected against threats: Identified vendor supplied upgrades, patches, and fixes of security issues.
•Created and implemented solutions to defend against hacking, malware and ransomware, insider threats and all types of cybercrime in accordance with the DHS (TSA) guidelines and requirements.
•Resolved STIG findings and harden infrastructure servers, storage devices, and windows hosts.
•Worked closely with the infrastructure architecture, development architecture, technical operations, devops and scrum teams to ensure changes are well designed and coordinated across the enterprise.
•Compiled data and analyzed results of audits, inspections, daily logs, incident reports and web/software scans to assess security vulnerabilities.
•Develop consistent and meaningful reports to ensure visibility into all cloud platforms
•Established a proactive Threat and Vulnerability identification, assessment / analysis, validation, remediation, and reporting mechanism for systems in the Government cloud platforms such as AWS, Azure
•Deployed Cloud Native Security solutions such as Azure Defender, Azure Defender for Endpoints and Azure Security
•Integrated Azure directory services and thirdparty platforms to deliver Identity, access, credential management (ICAM) solution.
• Worked closely with stakeholders to identify and mitigate risks, perform security reviews, design top tier security practices, and deliver strategic, innovative cloud-based security offerings
•Provided subject-matter expertise on FedRAMP requirements and execute and monitor controls related to Confluent’s FedRAMP initiatives
•Owned security architecture in the Cloud in Collaboration with SRE (Site Reliability Engineering), network and development teams
•Regularly report status and progress for projects associated with FedRAMP to Confluent leadership
•Conducted AV scans, and vulnerability filter searches (APPSCAN, Tenable Security Center, and Burp Professional) performing analysis to remediate application, OS and URL level vulnerabilities.
•Developed, implemented, and enforced information systems security policies ensuring system security requirements are addressed during all phases of the acquisition and Information System (IS) lifecycle
•Conducted certification and testing in accordance with the Risk Management Framework (RMF) and National Institute of Standards and Technology (NIST) policy; identified deficiencies and provided recommendations of risk mitigation to client.
•Created tickets (IBM Jazz Rational Concert) and draft documents (waivers, closure, Risk Assessment) to track and remediate vulnerabilities.
•Conducted SCA, and continuous monitoring of systems, and activities to obtain Authority to Operate (ATO).
SIEM Security Engineer July 2021 – Current
TestPros Inc/US. Coast Guard, Virginia
•Document incidents and track to remediation
•Observe and respond to Intrusion Detection System (IDS) cues and anti-virus alerts.
•Identify unauthorized access and offering corrective solutions.
•Analyzed SIEM events and logs for the existence of security incidents.
•Recognize/research emerging threat signatures and attack vectors.
•Created signatures and SIEM correlation rules to optimize intrusion analysis efforts.
•Developed custom alerts and SIEM correlations.
•Managed security incident response efforts.
•Maintained Confluent’s FedRAMP Authorization package, including the System Security Plan (SSP), Plan of Action & Milestones (POA&M), and other associated documentation
•Developed a zero-trust strategy and roadmap for hybrid cloud environments that complements the larger USCG zero trust strategy
•Provided findings and recommendations to leadership in the following areas: NIST Policy, FEDRAMP and Cybersecurity
•Applied advanced consulting and extensive technical expertise to resolve issues in PKI, including Red Hat Certificate System
•Created SIEM accounts and standard filters for analysis (e.g., pre-populate filters used for report generation)
•Checked for new devices and map into the SIEM tool (McAfee and Elastic).
•Periodically reviewed and conducted data validation on all Analyst device lists in the SIEM tool (McAfee and Elastic) to ensure consistency (after each device/list mapping, and monthly verification)
•Participated in system/security policy and standards development, including writing, and maintaining guidelines, standards, procedures, and other technical documentation as needed.
•Worked with the Dev team to review and develop AWS technical designs, frameworks, implementation solutions and DevOps and DevSecOps tools implementation.
•Designed and monitored the enterprise-wide scalable operations in AWS Cloud environments.
•Provisioned, configured, and managed AWS services such as VPC/Subnet/Security Group, EC2, ECS, S3, Cloud Watch, Config and IAM.
•Monitored the progress of internal and external organizations to ensure operational requirements are fulfilled for audits and reviews
•Integrated security tools into SIEM and SOAR platforms to feed to security operations
•Investigated security violations and prepare reports specifying preventive action to be taken.
Cybersecurity NCOIC/FM Technician January 2020 – June 2021
District of Columbia Army National Guard (Military Deployment)
•Conducted RMF activities related to DISA STIGs using STIGViewer, and writing & maintaining A&A documentation in eMASS
•Recommended security solution mitigations and enhancements supporting information assurance guidelines and customer requirements.
•Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
•Interfaced with senior NCO’s and lead efforts related to internal and external audits including FedRAMP Assessments
•Installed configured, integrated, and trained others on security solutions in the cloud
•Provisioned, configured and maintained AWS cloud infrastructure defined as code
•Worked hand-in-hand with the development team to ensure adherence to CI/CD guidelines and standard DevSecOps processes
•Implemented cost-control strategies for Cloud-based workloads in AWS.
•Administered and troubleshooted Linux based systems.
•Supported Authorizing Official (AO) actions by developing and delivering accreditation packages with supporting documents and artifacts in accordance with RMF as defined in NIST 800-37 and related agency specific RMF requirements.
•Provided input into Cybersecurity plans containing methods, procedures, and planned reviews for the continuing accreditation and authorization against family controls per NIST SP 800-53 guidance.
•Provided input and implements an organizational access control policy and plan in compliance with risk-levels defined in the National Institute of Standards and Technology (NIST) 800-53, rev 4, Access Control family of controls to include auditing annually, at a minimum.
•Developed processes and procedures for evaluating and documenting information system security vulnerabilities IAW DoD Instruction (DoDI) 8510.01 (RMF for DoD IT)
•Ensured that all information systems meet or exceed compliance requirements.
•Received and post documents to accounting/budget systems.
•Processed treasury checks for payment and pay for invoices.
•Maintained files and prepare financial reports/travel vouchers.
•Prepared payment vouchers in accordance with government regulations.
•Reviewed contracts and invoices and receive reports.
•Performed cashier functions.
•Processed reserve pay transactions.
AWS Cloud Security Engineer November 2018 – December 2019
Avatech Solutions/U.S Navy, Virginia
•Managed IAM users in AWS cloud and assign roles and policies.
•Provisioned EC2 instances and deploy software such as ELK stack and Tomcat according to requirements.
•Installed and configured Jenkins servers, and manage plugins as required
•Assisted architects with basic cloud security hardening steps to ensure AWS Cloud environments are secure.
•Reviewed, analyzed, discussed, and evaluated the implementation of security controls in multiple information system environments, including dynamic cloud services (IaaS, PaaS, and SaaS) or traditional and static Enterprise Resource Planning computing environment
•Scanned servers for vulnerabilities and review findings.
•Assessed the ability of the service provider to maintain an acceptable security posture/risk threshold monthly.
•Participated in the development, customization, and integration efforts of security solutions utilizing Microsoft Azure
•Assisted remediating vulnerability findings and patch Linux servers based on scan reports.
•Collaborated with the Infrastructure team to deliver solutions in the security area.
•Executed security architectures for cloud environments.
•Automated cloud security controls.
•Created reports and risk assessments for Cloud-based applications and infrastructure.
•Logging, monitoring, and responding to detected incidents in the cloud environment.
Information System Security Officer - ISSO January 2017 – October 2018
Aerotek Staffing/DHS, Maryland
•Assessment and compliance of STIG’s (Security Technical Implementation Guides) for proper vulnerability patch and assessment for mitigation and authentication of results.
•Reviewed and analyzed scan results (Nessus and McAfee) for submission into CISA recommended compliance software (Xacta Continuum/ C-Sam).
•Daily Tenable scanning on servers and providing results for patching on vulnerabilities.
•IOC (Indicator of Compromise) compliance and scan results review, and analysis.
•Technical review on company’s AWS servers to ensure proper system connection, set up and vulnerability assessment and scanning reports.
•Reviewed FISMA (Federal Information Security Management Act) score card results for CISA server and security compliance analysis.
•Supported Incident Response and Contingency plan activities for proper roles and responsibilities and guidelines for effective action and outcome during an incident.
•Reviewed and updated for monthly security vulnerability scanning and patching results for proper servers and security posture and compliance.
•Conducted Incident Response training and procedures to ensure proper safety and compliance to information systems.
•Supported Confluent’s Governance, Risk, and Compliance (GRC) program as a member of the Trust & Security team
•Compliant with CISA recommended tools i.e.: Xacta Continuum, C-Sam, Splunk, and Nessus for proper security update and compliance.
•Attended day to day security and infrastructure meetings (MS Teams) for update on security and organization activities.
•Prepared and updated weekly security agenda and compliance meeting via: Microsoft Teams, with CISA security team.
•Created and tailored the POA&M in accordance with the Security posture of the organization and CISA guidelines.
•Worked with network administrator to review and recommend proper server information and input analysis to gain accurate security results.
Security Control Assessor February 2016 – December 2016
CK Security Solutions, Maryland
•Conducted assessment of security control selections on various moderate impact level systems to ensure compliance with NIST SP 800-53A.
•Developed Security Assessment Report (SAR) detailing the results of assessment along with Plan of Action and Milestones (POA&M).
•Developed the Risk Management Framework (RMF) processes: system categorization, security controls implementation, security assessment plan and contingency plan to safeguard the information system.
•Reviewed, updated, and maintained the documentation of System Security Plan (SSP), System Security Test and Evaluation (ST&E), Plan of Actions and Milestones (POA&M), Privacy Impact Assessment, Incident Reports, Configuration Management Plan Test Report and ensure FISMA Compliance.
•Conducted assessment per NIST SP 800-53A and document findings and remediation actions in the POA&M.
•Identified pressing security problems within the AWS environment and provided guidance to the AWS community and clients on secure coding and preventative procedures.
•Participated in weekly meetings to discuss the status of the assessment process.
•Monitored security controls post-authorization to ensure continuous compliance with a security requirement.
•Assisted in establishing a continuous monitoring strategy to monitor and track security-related defects and the status of their resolutions and make recommendations to PM.
•Analyzed data from threat and vulnerability feeds and analyze data for applicability to client’s cyberspace.
•Identified and resolved false positive findings in assessment results.
•Planned, developed, and executed vulnerability scans of organizations information systems.
Cybersecurity Analyst
April 2015 – January 2016
DC Computer Forensics, Washington D.C.
•Obtained and maintained a working knowledge of the status of Orders issued by DODIN, and subordinate organizations compliance with issued orders.
•Gained familiarity with the AWS Cloud Computing environment through testing and assessment.
•Monitored, consumed, and analyzed operational, intelligence, and incident reporting.
•Monitored and queried Security Information and Event Management (SIEM) tools (e.g., Splunk, ArcSight, McAfee, Elk) for anomalous activity.
•Collected, analyzed, and distributed Indicators of Compromise (IOC) in support of the development and implementation of DOD countermeasures.
•Maintained, reviewed, and ensured all Assessments and Authorizations (A&A) documentation are included in system security package.
•Operated risk management framework using confidential 800-37 guide and FIPS 199 as confidential guide to categorize information systems.
•Classified information systems using the RMF processes to ensure system confidentiality, integrity, and availability.
•Worked with system administrators to resolve POAMs, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.
•Determined any likelihood of security / vulnerability risk occurring using the NIST 800-30 guide as a confidential guide.
•Prepared security assessment report in which the vulnerabilities are reported.
•Created SAP (to document assessment schedules, security control families to be assessed, control tools, and personnel, the client’s approval for assessment and the approach scope.
•Worked with stakeholders and system application teams to conduct interviews, and collection of artifacts relevant to assessment of security controls.
•Developed waivers and exceptions for information systems vulnerabilities.
•Provided continuous monitoring to enforce client security policy and create processes that will provide an oversight into the activities of the information system.
•Facilitated meetings with various entities throughout an organization and serve as liaison for security related issues and collect required data points to accomplish organizational objectives.
•Developed an action item list and POA&M to support the remediation process.
Cybersecurity Technician
June 2013 – April 2015
Praetorian, Washington D.C
•Maintained and adapted the lab to support the developmental tasks associated with the lab, including, but not limited to, changes to the hardware and software layouts and configuration.
•Monitored the necessary software associated with labs.
•Ensured compliance with the associated DoD, DON, and NAVSEA Instructions.
•Identified and created procedures and CONOPs for access, boundary controls and media scanning, etc. in accordance with policy, scanning, patching and associated tasks associated with the development environments.
•Identified lab operational states, risks, and improvements to management.
•Maintained accurate software and hardware inventory control of lab components.
•Developed necessary artifacts in support of RMF.
•Worked with confidential and security assessment team to assess security controls selected for implementation into the information system.
•Validated protective measures for physical security are in place to support the systems security requirements.
•Supported the development and maintenance of security plans, policies, procedures, and standards aligned with NIST.
•Maintained an inventory of hardware and software for the information system.
Licenses and certifications
Certified Information Security Manager (CISM)
CompTIA Advanced Security Practitioner (CASP+)
Certified Ethical Hacker (CEH)
CompTIA CySA+ Certification
CompTIA Security+ce Certification
CompTIA Security Analytics Professional
Cisco Certified Network Associates (CCNA)
AWS Solutions Architect – Associates
Microsoft Azure Fundamentals
Scrum Master Accredited Certification
36B Financial Management Tech. Certification/1059
Security Clearance
Secret - Active
DEGREE
Bachelor’s Degree – Computer Networks & Cybersecurity – University of Maryland
Contact this candidate