Hadje Djamon Domkreo

Cell Phone: 301-***-****

Email: ad4c1x@r.postjobfree.com

Active Top-Secret Clearance

CYBER SECURITY ANALYST

A Cyber Security Analyst with 7 years ‘diversified experience in Information Assurance which includes System Security Compliance, Authorization, Continuous Monitoring, Risk Assessments, Audit Engagement and Annual Self-Assessment of systems security controls to achieve the Security Objectives of Confidentiality, Integrity and Availability of the information and information system resources. Clear understanding of SDLC, with outstanding experience in RMF process, skilled in assembling authorization packages using documents like NIST 800 series. FIPS 199, FIPS 200, FedRAMP, OMB, FISMA and Industry best Practices. Applied all assessment methodologies of interview, testing and observation (documentation and artifact reviews) making sure that the implementation statement meets the control requirement of the systems.

Technical Skills

Microsoft Office Suite (Word, excel, PowerPoint)

NIST Standards

FISMA, FIPS, HIPAA

CSAM

Security tools: WebInspect, Nessus

RMF/SDLC

NIST SP-800 Series

Deloitte & Touche LLP

Client: Department of Justice

Date: 2020 -Present

Role/Title: Information System Security Officer

Location: Rosslyn, VA

Support all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.

Perform FedRAMP Government-wide program that provides a standardized approach for security assessment, authorization, and continuous monitoring for cloud products

Security Documentation: Perform updates to System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments, and Incident Response Plans, create Change Control procedures, and draft, review, update Plans of Action and Milestones (POAMs).

POA&M Remediation: Performed evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, continuous monitoring, and FISMA audits.

Ensured all systems and applications are certified and accredited and that RMF packages were processed, reported and coordinated in a timely fashion with the organization.

Employer: Full Circle Solutions Inc.

Client: City of Baltimore

Date: 2019 – 2020

Role/Title: Security Control Assessor

Location: Maryland

Performed security control assessments…

Conduct security assessment interviews to determine the Security posture of the System and to develop a Security Assessment Report (SAR) in the completion of the Security Test and Evaluation (ST&E) questionnaire using NIST SP 800-53A

Assist with the internal auditing of information security processes. Assess threats, risks, and vulnerabilities from emerging security issues and also identify mitigation requirements.

Performed security controls assessments using NIST SP 800-53A as a guide by means of the assessment methods such as Interview, Examination and Testing.

Developed and conducted ST&E (Security Test and Evaluation) and perform on-site security testing using vulnerability scanning tools such as Nessus.

Determined effectiveness of Technical, Operational and Management security controls by assessing whether controls are implemented correctly, operating as intended, and meeting security requirements.

Employer: Matrix Point Solutions Inc

Date: 2016 -2019

Role/Title: Security Control Assessor

Location, Adelphi, MD

Performed security control assessments for all assigned systems

Schedule kick off meetings with system owners to help identify assessment scop, system boundary, the information systems category and attain any artifacts needed in conducting the assessment.

Create requirement traceability Metrix (RTM) and documentation controls are being passed or failed using NIST SP 800-53A as a guide

Document Assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities.

Employer: United State Army

Date: 2014 – 2016

Role/Title: Security Control Assessor

Location: Fort Jackson, SC

Performed security control assessments for all the control families

Reviewing Privacy Impact Assessment (PIA) documents after a positive PTA is created and ensuring that PII findings are recorded in the System of Record Notice (SORN)

Performing ongoing continuous monitoring using NIST 800-137 Rev 1 as a guide.

Review Reports from scans using vulnerability scanning tools such as Nessus and WebInspect

Created and finalized Security Assessment Report (SAR) and give recommendations to ISSO on how to mitigate or remediate reported weaknesses and vulnerabilities.

EDUCATION AND CREDENTIALS

M.S., Health Care Administration (December 2019) - University of Maryland University College - College Park, MD

B.S., Healthcare Management (May 2012) - Towson University, Maryland – Towson MD

CERTIFICATION

Certified Information Security Manager – 2021

Certified Information System Security Professional – 2021(In Progress)

CompTIA Security+ 2020

Certified Safe Agilist - 2019

Certified Scrum Master – 2018

Contact this candidate