Ayo Arasanmi

Phone: 407-***-****

Washington DC Metropolitan Area (DC, Maryland and Virginia)

Email Address: ada5vw@r.postjobfree.com

Information Assurance Guidelines

NIST 800-60

NIST 800-53

NIST 800-53A

NIST 800-37

NIST 800-34

NIST 800-30

NIST 800-18

FIPS 199

FIPS 200

FEDRamp

FISMA

OMB

HIPPA

Key Skills and Knowledge

Software Development Lifecycle (SDLC)

Security Assessment and Authorization (SA&A)

Certification and Accreditation (C&A)

Exposure to Federal Skills and Authorization Management Program (FedRAMP)

Security Planning

Disaster Recovery

Business Continuity Planning

Risk Assessments

Vulnerability Management

Network/Cyber Security

Program Management

Project Management

Security Test & Evaluation

Security Training & Awareness

Incident Response

Proposals (some experience)

Policy and Process Development

Technical Documentation

Assessment Tools

Nessus

WebInspect

EDUCATION:

Bachelor of Science, Geology: Obafemi Awolowo University

Bachelor of science, Cybersecurity & information assurance(in view)WGU

PROFESSIONAL CERTIFICATIONS:

Comptia Security+

CompTia Linux+

TRAINING:

Certified Authorized Professional (CAP)

SKILLS SUMMARY:

Over six (10) years of work experience in a wide array of positions within the cybersecurity industry to include compliance, vulnerability management, help desk, program management, client/customer services, research, technical writing, operations and administrative management tasks. I have experience with applying FIPS Publications, NIST Publications, OMB and FISMA guidelines to comply with a variety of industry standards for various organizations.

Experience in all phases and roles of the Security Assessment and Authorization (SA&A) process from initiation to continuous monitoring including the assessment of Security, Testing & Evaluation (ST&E), development of system security plans (SSP), Contingency Plans, Disaster Recovery Plans, Continuous Monitoring, Compliance Management, Incident Response Plans/Training, Configuration Management Plans, Privacy Threshold Assessments, Privacy Impact Assessments (PIA), POA&M management, and Standard Operating Procedures (SOP), in accordance with Federal, Agency and Organizational policy, to include FISMA, NIST, OMB, FIPS, and HIPPA instruction.

I also possess in-depth experience in performing information security risk analysis on standard operating procedures, creating and updating user manuals and conducting extensive analysis to ensure the accurate technical content of such documentation.

DETAILED PROJECT EXPERIENCE:

Parsons Cooperation, 04/2016 – Present

Security Control Assessor: Perform new and on-going assessment of security controls to ensure they are functioning as expected. Gather all security documentation to get the ATO package ready for the Authorizing Officer review and approval.

Worked as security control assessor, utilize Risk Management Framework (800-37) and other several NIST publications (NIST 800-30, 800-53A, FIPS 199, FIPS 200) to assess the security controls applicable to information and information systems, identify and assess associated risk, and recommend possible measures to address the risk

Assess information and information systems using mechanisms such as review of system security documents such as System Security Plan, Risk Assessment Report, Contingency Plan, etc. interview of information system administrators, and technical testing using Nessus and WebInspect to perform vulnerability and compliance scan

Develop Security Assessment Plan to assess the information system, also develop Security Assessment Report to document findings and recommend remediation measures

Participate in the management of Plan of Action and Milestone (POA&M) using Cyber Security Assessment and Management (CSAM), and review POA&M for closure

Maintain Authorization to Operate package in accordance with the client’s requirement and compliant to FISMA

Manage project artifacts such as the System security plan, risk assessment, security control write-up, contingency plan, contingency plan test(conduct), configuration management plan, privacy impact assessment, POAM, FIPS 199, system design document, operating maintenance and manual, version description document, user manual Interface with federal employees and contractors to perform the security assessment activities.

Report all applicable activities to the Project Management Office (PMO) team

Determine if IT security functions, systems or programs are in compliance with federal, and government standards, appropriately implemented agency-wide, and are being operated efficiently.

Reviews and creates audit reports on user and system activities

Works closely with stakeholders to ensure policies and procedures are implemented and followed

Ensure ongoing integration of information security with business strategies and day-to-day operations

Possess solid understanding of security architecture, policies and application security capabilities of major operating systems

Quarterly reporting of Plan of Actions and Milestone (POA&M) items

THE HCI Group, April 2014 – April 2016

Information Security Specialist

Utilize NIST Publications to assess, implement, and document security requirements for Federal information systems, develop policies and procedures, and ensure information system security documentations are in compliance

Develop Security Control Assessment Test Plan used in assessing the information system security controls

Perform annual security control assessment of information system to ensure FISMA compliance

Perform vulnerability and compliance scan, using Nessus and WebInspect, to detect vulnerabilities and validate compliance with policies and standards

Examine Nessus and WebInspect scan report to validate findings and eradicate false positive. Research remediation measures for the vulnerabilities

Perform risk assessment and develop Security Assessment Report with findings and suggest remediation

Interface with system owners and administrators to present the vulnerabilities and recommend remediation strategy

Monitor remediation of vulnerabilities and findings from review, interview and technical assessment of the security controls through Plan of Actions and Milestones (POA&M) using CSAM

Review POA&M for closure in CSAM. Maintain system document inventory in CSAM

Validate security control tailoring in FIPS 200 and FIPS 200 Matrix

Develop Standard Operating Procedures in support of system categorization using FIPS 199

Assist in the development and review of information system documentations such as System Security Plan, E-Authentication, Contingency Plan, Risk Assessment Report

Ensure information system maintains Authorization to Operate package in other to continue operation

Conducted effective Security, Testing and Evaluation (ST&E) and vulnerability assessments of networked and stand-alone information systems to the extent of conclusively validating all management, operational and technical controls found within NIST SP 800-53 and other policies and procedures such as agency policies and procedures, audit reports, standard operating procedures etc.

Provided advice and makes recommendations as an authoritative leader in the software development lifecycle, cyber security, networks, and networks operations arena.

Created security documentation to include Security Plans (SP), format for the ST&E test plan, Plan of Actions and Milestones (POA&M), Configuration Management Plans, Privacy Impact Assessments (PIA), Privacy Threshold Assessments (PTA), SORNs, etc. Utilized technical writing to ensure all documents were accurate.

Recommended solutions to the most difficult security problems in existing systems and systems development.

Assisted with application of formal methods in security architecture, security system design and engineering, and security technology integration and deployment.

Supported customers at the highest levels in the development and implementation of doctrine and policies.

Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.

OTHER POSITIONS HELD:

Cerner Analyst/Support: May 2011 – April 2014

IT Helpdesk: June 2008 – May 2011

Contact this candidate