Michael O Balogun
*************@*****.***
Labor Category
Security Analyst
Summary of Experience
Mr. Balogun is an Information Security Analyst with vast experience in managing and protecting enterprise information systems, network systems and operational processes through information assurance controls, compliance verifications, Risk Assessment, Vulnerability Assessment in accordance with NIST, FISMA, OMB App. III A-130, and industry best security practices. Mr. Balogun possess vast experience in the area of IT stretches back 15 years, with jobs in IT Support, Database programming, and Cyber Security.
Specialties/Expertise
Information System Security
Vulnerability Assessment
Penetration Testing
Information Assurance
Privacy
Project Management and Support
Business System Analysis
CSAM
eMASS
Security Life Cycle
System Risk Assessment
System Development Life Cycle
Active Clearance(s) (List All)
Public Trust:
Education
Bachelor of Science, Business Administration University of Maryland Global Campus,2009.
Master of Science, Management, University of Maryland Global Campus, 2016.
Certifications and Training
EC-Council- Certified Ethical Hacker,
Comp TIA Security+
Certified Authorization Professional (CAP) Passed
Employment History & Detailed Work Experience – Last 10 Years
Favor Technical Consulting, LLC (FTC), Vienna, December 2019 – March, 2020
Cyber Security Analyst, Veterans Administration (VA) Veterans Health Administration (VHA), Enterprise Reporting and Analytical Support, (2019 – Present)
Provides enforcement of security and compliance related tasks against VA’s accreditation boundaries of systems, to include performance reporting and analysis of trends across VA’s information security compliance program.
Provides technical and operational security control subject matter expert services on compliance requirements reflective of the Risk Management Framework (RMF)
Ability to data mine eMASS
Familiarity with Veterans Affairs naming conventions
Assists System Owners and Security Teams to provide direction on compliance standards to meet VA’s RMF/ National Institute of Standards and Technology requirements
Provides timelines, monitor completion of tasks by System Owners and escalate non-compliance activities to VA.
Experience with Government Authority to Operate (ATO) process per NIST guideline
Experience with Government Security Requirements as outlined in NIST guideline
VA eMASS experience & knowledge.
Experience with Risk Management Framework processes
Strong analytical skills
Presentation ability (Microsoft PP, Excel) Desired Skills:
Experience with Enterprise Mission Assurance Support Service (eMASS)
Past experience working with the Department of Veterans Affairs (VA), Office of Information & Technology (OI&T).
A S M Research (Accenture Federal Service Company) May,2019-December 2019.
Cyber Security Analyst II CRISP RSS- Bridge. Department of Veteran’s Affairs.
Responsible for executing the reviews of RMF security controls to ensure FISMA and NIST compliance.
• Analyze and update the SSP, RAR, PIA, ST&E and POA&M’s, SOP and VA handbook 6500.
• Support leadership to identify capability gaps in vulnerability management by analyzing POA&M’s associated with Veterans affairs.
• Maintain knowledge of current RMF security trends to effectively communicate to client.
• Document NIST 800-53 security control compliance findings within SAR, VAR and ATO brief decks to include identified vulnerabilities and the corresponding recommended risk mitigations.
• Conduct security controls assessment to ensure controls are implemented to comply with NIST standards.
• Research policies, procedures, standards and guidance and recommend needed changes under specific conditions for the protection of information and information systems.
• Conduct IT control risk assessment that includes reviewing organizational policies, standards and procedures and provide advice on their adequacy, accuracy and compliance with FISMA standards.
Alpha Hill/ 4 Square I T CONSULTING, WASHINGTON DC April 2016 – MAY 2019
Information Security Analyst
Develop, review and update Information Security System Policies, System Security Plans (SSP), and Security baselines in accordance with NIST, FISMA, OMB App. III A-130, NIST SP 800-18 and industry best security practices.
Use of Penetration testing and Vulnerability tools such as Nessus, Metasploit, and Nexpose to explore and reveal vulnerabilities in Information system.
Apply appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200 and OMB A-130 Appendix III.
Conduct systems and network vulnerability scans in order to identify and remediate potential risks.
Performed Federal Information Security Management Act (FISMA) audit reviews using NIST 800-37 rev 1.
Updated IT security policies, procedures, standards, and guidelines according to department and federal requirements.
Developed and Implemented information security governance processes including policies, procedures, requirements, risk management and RBD SOP.
Remarkable Technology Group July,2012-March2016
Senior Cyber Security Analyst
Coordinate and manage team activities during assessment engagements.
Establish schedules and deadlines for assessment activities.
Monitor controls post authorization to ensure continuous compliance with the security requirements.
Update the controls changes from NIST-800 53 rev 3 to NIST-800 53 rev 4 and control assessment changes from NIST-800 53A to NIST 53A rev4
Review Regional Offices’ artifacts and implementation statements in Risk Vision
Updates & closes regional offices Findings/POA&M
Facilitate FISMA Continuous Monitoring Test Cases NIST 800-53 Rev 4 Update.
Conduct Security Risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
Conduct Security Risk Assessment on new Vendors and annual Vendor Risk Assessment.
Assist management in authorizing the IT Systems for operation on the basis of whether the residual risk is at an acceptable level or whether additional compensating controls should be implemented.
Ensure compliance with Baseline security configurations, IT controls and policy standards.
UNATEK INC- Upper Marlboro, MAY 2010- June 2012
I T Support
Perform Software/Hardware installation, Maintenance, repair, Update and testing.
Installed and configured Microsoft Office Suites on multiple machines.
Configured and implemented network interfaces for a Windows Network.
Troubleshoot and resolve TCP/IP connectivity problems.
Created new procedures to improve company’s productivity in the management of information systems
Utilized tools to track, record, and transfer request orders and incident tickets
Added and removed desktop/laptop memory and SATA hard drives to improve performance.
Performed network administration functions, set up network user accounts/permissions, reset passwords, and administer group policies.
Removed hard drives, motherboards, power supply unit, NIC cards, RAM, video cards and sound cards
Installed, configure, re-image and maintain desktop systems, copy and scan documents.
Performed regular hardware and software checks for performance.
Created file back-ups to prevent loss of data
Used Microsoft Administrative tools to manage and monitor systems performance.
Recall Total Management, Cheverly, m d. March 2007- April 2010
Oracle Database Administrator
Expertise in the creation of databases, table spaces, tables, indexes and other database objects.
Installed and managed Oracle Enterprise Manager.
Install and configure relevant network components to ensure database access as well as database consistency and integrity
Troubleshoot and resolve various Oracle connectivity problems.
Provide network troubleshooting and administrative support for the development staff.
Installation and management of Oracle database using database control
Create and manage documentation on the configuration and support of the Oracle databases
Perform bulk load into the database using SQL Loader
Perform standard and fine grain database auditing.
Documented database structure, changes, problems, issues for future reference
Administer database user accounts. Create, modify and deactivate user accounts; assign and monitor user access rights
Created Testing and Development databases following OFA compliance rules.
I T Support Analyst-Professional Records Storage Inc. Landover MD August 2001- March 2007.
· PC hardware installation, configuration, maintenance & upgrades.
· Operating System installation, maintenance & upgrades
· Router, Firewall, Cable Modem, WiFi installation and configuration
· Application Software installations and maintenance.
· Antivirus, Spyware, and Spam protection
· PC support including system tuning and optimization.
·Network, Remote Access, and Peripherals setup and support.
General desktop PC and server support
Telesec Temporary Staffing Agency, Greenbelt Maryland May 1992-March 1995.
Temporary Staff
Sunnydale meat processing PLANT, CHEVERLY, Maryland March 1990-1992.
Temporary Staff
References: Available upon request.