Information Security

Eric Asaah

DC Metro area

Cell: 240-***-****

Email:****.********@*****.***

A committed Information Security Specialist with 6+ years of IT experience to include Risk Management Framework (NIST 800-37), network monitoring, threat and malicious email analysis, and security awareness training. Has an excellent ability to work independently as well as in a team environment and has a desire to learn new skills. Able to take on a role that requires attention to details and devotion to customer satisfaction.

IT SKILLS SUMMERY

Hands on experience with x86 architecture-based systems.

Network & System Security.

Experience with vulnerability and patch management.

Authentication & Access Control.

Change Control and Configuration Management.

Cyber Security awareness and training.

Security Information and Event Management.

Cyber Security Incident Response.

Verse with ISO 2700-Series.

Good understand of PCI DSS.

Familiar with OWASP top 10 security principles.

Cyber Operations.

Good understanding of boot process.

Good understanding of ILO.

Good understand of HP servers and Storage devices.

Ability to communicate at multiple levels with customers.

Detailed oriented and able to precisely follow documented procedures.

Troubleshooting software/hardware issue with clients via phone, e-mail and on-line portals.

Achieved outstanding performance by maintaining an outstanding record of technical support service, resolving almost 95% of all trouble tickets without escalating to senior support specialists.

Achieved high level of security and performance of systems by initiating installation of new anti-virus software and critical operating system updates.

Supporting client with POA&M evaluation as part of remediation process.

Working knowledge of NIST 800-50, 16.

NIST RMF SP 800-37, FIPS and FISMA dedicated guidelines to comply with federal and private agencies.

Provide training on information security.

TECHNICAL SKILLS

Hardware: Servers, Printers, Tablet PCs, IPads, IPhones, PC, PC Peripherals.

Software: Microsoft Suite, VPN, Lotus Notes, Remote Desktop, MS Office, Adobe applications, Internet Explorer, Safari, iOS, Android, SMS, Web-based ticketing applications including Remedy, Amazon Myday, ServiceNow (SNOW),Jira, United Parcel Service HDFS, Wireshark, Trouble Ticketing systems.

Risk Management Framework (NIST SP 800-37)

Operating Systems: Windows 2000, 2003, 2008, IOSX, Linux, Windows server 2008, 2012.

Excellent ability in determining several software and hardware issues.

Extensive troubleshooting and testing skills.

Compliance and operational security

Great understand and working knowledge of agile methodology.

Threats and vulnerability management

Good understand of Local Area Network/Wide Area Network devices (LAN/WAN)

IPv4/6,IPsec,DHCP,DNS,SNMP

TCP/IP Protocols

McAfee DLP, McAfee Web Gateway, IronPort, FireEye, Splunk,

Nessus, AppScan

Adobe Photoshop

EDUCATION AND CERTIFICATIONS

University of Buea-Cameroon; B.A (Oct 2007)

CompTIA A+ Certified (Feb. 2016 )

CompTIA Security + Certified (July 2018)

Scrum Master Certified (Sept. 2018)

Splunk 7.X Certified (Dec. 2018)

ITIL Foundation Certification ( April 2019)

AWS Certified Cloud Practitioner (May 2019)

AWS Certified Developer Associate (Oct 2018)

Certified Information Systems Security Professional, CISSP (In progress)

PROFESSIONAL EXPERIENCE

HCL Technologies Ltd. Rockville, MD Feb 2017 to present

Information Security Specialist.

Perform internal security control assessment according to NIST standards

Conduct third-party risk assessment of interconnected information systems.

Support pertness with corrective action by providing recommendation for POA&M remediation

Maintain cooperative relationship with business partners of interconnected information systems

Prepare and deliver documentation, reports and proposals to senior level personnel

Categorize SSP, select security controls, document security controls implementation, assess security controls, and perform continuous diagnostics and mitigation strategy

Maintain responsibility for supporting federal clients obtaining the authority to operate (ATO) for both new and existing systems

Assist in reviewing and updating security policy and procedure documents as required

Attend daily Scrum meeting to report on daily tasks completion and concerns

Perform continuous monitoring/ongoing authorization to ensure continuous compliance

Support the Security Assessment Team to carry out security control assessment according to NIST standards

Support efforts to perform PCI DSS internal assessment in preparation for external audits

Engage third parties to maintain cybersecurity threat and risk taxonomy

Contributed in the determination of an appropriate level of security commensurate with the impact level to risk informed decision

Document and review security documents per NIST 800 guidelines for government systems to ensure accuracy and compliance

Perform gap analysis for System Security Plans (SSP) and provide comments for updates

Attended and support A&A meetings with the government task lead and system owners

Support the vulnerability management team to perform system scans with Nessus and AppScan

Used Remedy ticketing system to create and review change request tickets

Perform other security related functions as required by management

Perform global information security awareness program with emphasis on changing human behaviors that could negatively impact the organization security posture and reputation

Monitor and identify top human risks in the organization and enforce behaviors needed to mitigate those risks

Collaborate with stakeholders as well as third parties to enhance security awareness initiatives

Develop, review, update and maintain awareness communications, guidance and training materials for internal business users and IT professionals.

Incorporate information security awareness into classroom and virtual learning, including new hire orientation, new manager training.

Recommend and implement improvements to awareness materials, internal team programs, frameworks and processes

Organize, structure and prioritize information from multiple sources

Exercise great flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change

Support partners in the security awareness training programs

Coordinating with executive personnel, interagency cyber security and intelligence personnel, which forged mission-focused relationships and enhanced cyber security and decision-making processes across agencies

United Parcel Service Landover MD Jan 2016-Feb 2017

Security Operations Center Analyst

Monitored and analyzed network traffic, Intrusion Detection Systems (IDS), security events and logs.

Trained, educate and mentored new hires on SOP and security awareness.

Coordinate meetings with clients and educate clients on phishing attacks.

Used McAfee DLP Manager to protect intellectual property and ensures compliance.

Used McAfee Web Gateway proxy to grant web access request base on business justifications.

Blocked malicious domains and IPs following company's Standard Operation Procedures.

Analyzed IronPort and FireEye alert for potential threat and vulnerability

Used Splunk to search and analyze email logs for phishing attacks and other related incidents

Used Wireshark to analyze data packets

Investigate process and resolved security email alerts.

Stay up to date with current vulnerabilities, attacks, and countermeasures.

Developed follow-up action plans to resolve reportable issues and communicate with other IT teams to address security threats and incidents accordingly.

Prioritized and differentiate between potential intrusion attempts and false alarms.

Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions.

Provide Incident Response (IR) support when analysis confirms actionable incident.

Monitored events responded to incidents and reported findings and also escalate critical tickets.

Utilized Intrusion Detection & Prevention (IDS/IPS) to monitor malicious activities on the network. Analyze firewall logs, IPS and IDS logs to uncover malicious activity going on within the network.

Used ServiceNow to create incident tickets and RFCs.

Amazon Web Service Ashburn Virginia Dec 2014 – Nov 2015

Data Center Technician

In-depth hardware and network diagnostics followed by physical repair.

Experience in problem solving and addressing customer service-related issues by working with internal customer support teams

An Advanced understanding of Computer Hardware, including troubleshooting and repair skills.

Advanced Working understanding of Storage Devices.

Prioritized and managed time on multiple projects simultaneously within strict timelines without supervisor oversight.

An in depth understanding of LAN/WAN devices, Cisco Networking devices such as Routers and Switches.

Escalated incidents to Tier III technicians when necessary.

Experience managing work load via Amazon Myday and Remedy ticketing systems

A Working understanding of Linux Operating Systems.

Melton Communication (Bamenda, Cameroon) June 2012 – Sep 2014

Support Technician

Connect, set up and checked PCs and peripherals for normal operation.

Trained users on basic computer operations and maintenance

Performed routine maintenance tasks, including installing basic software packages, anti-virus updates and set common options; ran basic network monitoring reports and utilities

Set up hardware and performed basic checking of networked PCs.

Troubleshoot, resolve, integrate, test, and maintain operating systems environments such as, but not limited to: Windows 07, 08, MS Office, MS Exchange, etc.

Answered and prioritize incoming telephone, voice mail, e-mail, and in-person requests for assistance from users experiencing problems with hardware, software, networking, and other information system-related technologies.

Walked user through a series of steps to determine problem.

Followed Internet Cafe backup, virus protection and security procedures.

Worked with team members to identify issue trends and suggests long-term strategies to help mitigate incoming issues.

Troubleshoot palm/handheld operating systems, architecture, data backup and recovery.

Log and track calls using problem management database, and maintains history records and related problem documentation.

Provided support for deliveries, relocation, and scanning of IT equipment.

Investigated requests for support; recorded diagnostic information; retrieved details of requests, and resolved to the appropriate level.

Contact this candidate