DC Metro area
A committed Information Security Specialist with 6+ years of IT experience to include Risk Management Framework (NIST 800-37), network monitoring, threat and malicious email analysis, and security awareness training. Has an excellent ability to work independently as well as in a team environment and has a desire to learn new skills. Able to take on a role that requires attention to details and devotion to customer satisfaction.
IT SKILLS SUMMERY
Hands on experience with x86 architecture-based systems.
Network & System Security.
Experience with vulnerability and patch management.
Authentication & Access Control.
Change Control and Configuration Management.
Cyber Security awareness and training.
Security Information and Event Management.
Cyber Security Incident Response.
Verse with ISO 2700-Series.
Good understand of PCI DSS.
Familiar with OWASP top 10 security principles.
Good understanding of boot process.
Good understanding of ILO.
Good understand of HP servers and Storage devices.
Ability to communicate at multiple levels with customers.
Detailed oriented and able to precisely follow documented procedures.
Troubleshooting software/hardware issue with clients via phone, e-mail and on-line portals.
Achieved outstanding performance by maintaining an outstanding record of technical support service, resolving almost 95% of all trouble tickets without escalating to senior support specialists.
Achieved high level of security and performance of systems by initiating installation of new anti-virus software and critical operating system updates.
Supporting client with POA&M evaluation as part of remediation process.
Working knowledge of NIST 800-50, 16.
NIST RMF SP 800-37, FIPS and FISMA dedicated guidelines to comply with federal and private agencies.
Provide training on information security.
Hardware: Servers, Printers, Tablet PCs, IPads, IPhones, PC, PC Peripherals.
Software: Microsoft Suite, VPN, Lotus Notes, Remote Desktop, MS Office, Adobe applications, Internet Explorer, Safari, iOS, Android, SMS, Web-based ticketing applications including Remedy, Amazon Myday, ServiceNow (SNOW),Jira, United Parcel Service HDFS, Wireshark, Trouble Ticketing systems.
Risk Management Framework (NIST SP 800-37)
Operating Systems: Windows 2000, 2003, 2008, IOSX, Linux, Windows server 2008, 2012.
Excellent ability in determining several software and hardware issues.
Extensive troubleshooting and testing skills.
Compliance and operational security
Great understand and working knowledge of agile methodology.
Threats and vulnerability management
Good understand of Local Area Network/Wide Area Network devices (LAN/WAN)
McAfee DLP, McAfee Web Gateway, IronPort, FireEye, Splunk,
EDUCATION AND CERTIFICATIONS
University of Buea-Cameroon; B.A (Oct 2007)
CompTIA A+ Certified (Feb. 2016 )
CompTIA Security + Certified (July 2018)
Scrum Master Certified (Sept. 2018)
Splunk 7.X Certified (Dec. 2018)
ITIL Foundation Certification ( April 2019)
AWS Certified Cloud Practitioner (May 2019)
AWS Certified Developer Associate (Oct 2018)
Certified Information Systems Security Professional, CISSP (In progress)
HCL Technologies Ltd. Rockville, MD Feb 2017 to present
Information Security Specialist.
Perform internal security control assessment according to NIST standards
Conduct third-party risk assessment of interconnected information systems.
Support pertness with corrective action by providing recommendation for POA&M remediation
Maintain cooperative relationship with business partners of interconnected information systems
Prepare and deliver documentation, reports and proposals to senior level personnel
Categorize SSP, select security controls, document security controls implementation, assess security controls, and perform continuous diagnostics and mitigation strategy
Maintain responsibility for supporting federal clients obtaining the authority to operate (ATO) for both new and existing systems
Assist in reviewing and updating security policy and procedure documents as required
Attend daily Scrum meeting to report on daily tasks completion and concerns
Perform continuous monitoring/ongoing authorization to ensure continuous compliance
Support the Security Assessment Team to carry out security control assessment according to NIST standards
Support efforts to perform PCI DSS internal assessment in preparation for external audits
Engage third parties to maintain cybersecurity threat and risk taxonomy
Contributed in the determination of an appropriate level of security commensurate with the impact level to risk informed decision
Document and review security documents per NIST 800 guidelines for government systems to ensure accuracy and compliance
Perform gap analysis for System Security Plans (SSP) and provide comments for updates
Attended and support A&A meetings with the government task lead and system owners
Support the vulnerability management team to perform system scans with Nessus and AppScan
Used Remedy ticketing system to create and review change request tickets
Perform other security related functions as required by management
Perform global information security awareness program with emphasis on changing human behaviors that could negatively impact the organization security posture and reputation
Monitor and identify top human risks in the organization and enforce behaviors needed to mitigate those risks
Collaborate with stakeholders as well as third parties to enhance security awareness initiatives
Develop, review, update and maintain awareness communications, guidance and training materials for internal business users and IT professionals.
Incorporate information security awareness into classroom and virtual learning, including new hire orientation, new manager training.
Recommend and implement improvements to awareness materials, internal team programs, frameworks and processes
Organize, structure and prioritize information from multiple sources
Exercise great flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
Support partners in the security awareness training programs
Coordinating with executive personnel, interagency cyber security and intelligence personnel, which forged mission-focused relationships and enhanced cyber security and decision-making processes across agencies
United Parcel Service Landover MD Jan 2016-Feb 2017
Security Operations Center Analyst
Monitored and analyzed network traffic, Intrusion Detection Systems (IDS), security events and logs.
Trained, educate and mentored new hires on SOP and security awareness.
Coordinate meetings with clients and educate clients on phishing attacks.
Used McAfee DLP Manager to protect intellectual property and ensures compliance.
Used McAfee Web Gateway proxy to grant web access request base on business justifications.
Blocked malicious domains and IPs following company's Standard Operation Procedures.
Analyzed IronPort and FireEye alert for potential threat and vulnerability
Used Splunk to search and analyze email logs for phishing attacks and other related incidents
Used Wireshark to analyze data packets
Investigate process and resolved security email alerts.
Stay up to date with current vulnerabilities, attacks, and countermeasures.
Developed follow-up action plans to resolve reportable issues and communicate with other IT teams to address security threats and incidents accordingly.
Prioritized and differentiate between potential intrusion attempts and false alarms.
Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.
Provide Incident Response (IR) support when analysis confirms actionable incident.
Monitored events responded to incidents and reported findings and also escalate critical tickets.
Utilized Intrusion Detection & Prevention (IDS/IPS) to monitor malicious activities on the network. Analyze firewall logs, IPS and IDS logs to uncover malicious activity going on within the network.
Used ServiceNow to create incident tickets and RFCs.
Amazon Web Service Ashburn Virginia Dec 2014 – Nov 2015
Data Center Technician
In-depth hardware and network diagnostics followed by physical repair.
Experience in problem solving and addressing customer service-related issues by working with internal customer support teams
An Advanced understanding of Computer Hardware, including troubleshooting and repair skills.
Advanced Working understanding of Storage Devices.
Prioritized and managed time on multiple projects simultaneously within strict timelines without supervisor oversight.
An in depth understanding of LAN/WAN devices, Cisco Networking devices such as Routers and Switches.
Escalated incidents to Tier III technicians when necessary.
Experience managing work load via Amazon Myday and Remedy ticketing systems
A Working understanding of Linux Operating Systems.
Melton Communication (Bamenda, Cameroon) June 2012 – Sep 2014
Connect, set up and checked PCs and peripherals for normal operation.
Trained users on basic computer operations and maintenance
Performed routine maintenance tasks, including installing basic software packages, anti-virus updates and set common options; ran basic network monitoring reports and utilities
Set up hardware and performed basic checking of networked PCs.
Troubleshoot, resolve, integrate, test, and maintain operating systems environments such as, but not limited to: Windows 07, 08, MS Office, MS Exchange, etc.
Answered and prioritize incoming telephone, voice mail, e-mail, and in-person requests for assistance from users experiencing problems with hardware, software, networking, and other information system-related technologies.
Walked user through a series of steps to determine problem.
Followed Internet Cafe backup, virus protection and security procedures.
Worked with team members to identify issue trends and suggests long-term strategies to help mitigate incoming issues.
Troubleshoot palm/handheld operating systems, architecture, data backup and recovery.
Log and track calls using problem management database, and maintains history records and related problem documentation.
Provided support for deliveries, relocation, and scanning of IT equipment.
Investigated requests for support; recorded diagnostic information; retrieved details of requests, and resolved to the appropriate level.