Mohamed Sannoh
Skills
●RISK MANAGEMENT FRAMEWORK (RMF)
●NIST 800-53 REV 4
●NIST 800-30
●NIST 800-53A
●NIST 800-37
●NESSUS
●SPLUNK
●FEDRAMP
●IAAS
●MICROSOFT OFFICE SUITE
●PAAS
●SAAS
●FIPS 199 & 200
●MICROSOFT OFFICE 365
●MAC
●CSAM
●PC
●SYSTEM SECURITY PLAN (SSP)
●SYSTEM SECURITY REPORT (SAR)
●PLANS OF ACTION AND MILLSTONES (POA&M)
●TECHNICAL WRITING
●LIAISING
●ANALYTICS
●DETAILED RESEARCH
●INTERPERSONAL COMMUNICATIONS
Professional Summary
Authorized to work in the US for any employer Results-driven IT professional with notable success in planning, analysis, and implementation of security controls using RMF, NIST 800-53, FIPS 800, and NIST 800-53a to name a few. Strengths in providing comprehensive Risk management framework, FedRAMP and creating POA&Ms, SSPs, and SARs. Also utilized tools such as Nessus, Splunk, and CSAM for assessments. Certified in Comp TIA Security+, and Comp TIA CASP+ with 8 years of experience.
Certifications
●CompTIA CASP+
●CompTIASecurity+
●Testout PC Pro,
Education
-A.S BTI
-B.S Central Penn College (pending)
Experience
Cyber Security Analyst, Penske — 05/2018 -present
●Cyber Security Analyst, Penske
●Assist in conducting cloud system assessments using FedRAMP
●Collaborated with 3PAOs to prepare application materials demonstrating that organization meet both technical competence in security assessment of cloud systems and management requirement for organizations performing inspections.
●Conducts assessments on CSP using NIST SP 800 53-A
●Use AWS as an IaaS for system backups
●Configured OS using AWS DaaS
●Utilize Cisco SaaS services such as Webex
●Ensure proper deployment of software to respected team regarding SaaS securely through AWS DaaS
●Assessing and implementing security controls to any CSP before deployment
●Help manage all services for the AWS platform regarding configuration, monitoring.
●Updates IT security policies, procedures, standards and guidelines according to department
●Utilizes NIST 800-53A (Rev 4) and NIST 800-53 to review/update security controls and make the changes in requirements traceability matrix (RTM)
●Updates and reviews security control plan (SSP), Plan of action (PO&AM), and generate security assessment report (SAR)
●Performs vulnerability scan and monitor continuously with the aid on Nessus
●Supported Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
Junior cyber security analyst, Eurofins Laboratories — 06/2016-05/2018
●Assist in conducting cloud system assessments using FedRAMP
●Updates IT security policies, procedures, standards and guidelines according to department
●Utilizes NIST 800-53A (Rev 4) and NIST 800-53 to review/update security controls and make the changes in requirements traceability matrix (RTM)
●Updates and reviews security control plan (SSP), Plan of action (PO&AM), and generate security assessment report (SAR)
●Performs vulnerability scan and monitor continuously with the aid on Nessus
●Supported Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
●Assembled and produced two running cyber honey pots for data
●Delivered weekly intelligence briefs to Chief Information Security Officer
●Performed industry threat reports
●Worked in both Linux and Windows environments
●Created SAP (to document assessment schedules, control families to be assessed, control tools and personnel, client’s approval for assessment, assessment approach and scope, ROE if vulnerability scanning is involved).
●Conducted risk management by identifying, assessing, responding and monitoring risk respectively.
●Used POA&M tracking tools like CSAM (Cyber Security Assessment and Management), Excel spreadsheet to make sure the POA&M is not in delay status.
●Adapted and quickly learned a new position and industry to further develop analytical and technical skills.
●Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements
●Supported Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
●Managed the mapping of 72 complex technical requirements, functionalities, and capabilities to NIST 800-53 Rev 4 security controls, FISMA, and Fedramp, to ensure compliance with federal standards, policies, and procedures.
SOC Analyst, SAP — 04/2014 - 06/2016
●Worked in a SOC environment, where I assisted in documenting and reporting vulnerabilities (Tier 1).
●Assisted the SOC team in documenting and reporting vulnerabilities by utilizing tools such as Splunk and SNORT.
●Monitored personnel or equipment locations and utilization to coordinate service and schedules.
●Recorded and Assembled facts to prepare reports that document incidents and activities.
●Strong knowledge of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
●Strong knowledge of one or more
●Windows/AD file system, registry functions and memory artifacts
●Unix/Linux file systems and memory artifacts.
●Cybersecurity automation.
●Acquired Knowledge of APT actors; the tools, techniques, and procedures (TTPs).
●Knowledge of TTP methods and frameworks.
●Experience with one or more scripting languages (PowerShell, Python, Bash, etc.).
●Experience managing cases with enterprise SIEM or Incident Management systems.
Network Engineer, Contegix — 09/2012-04/2014
●Operating a large network (1000+ nodes in multi-tier and multi-location networks).
●Troubleshooting and problem solving of Layer 1 through Layer 7 of the OSI model.
●Firewall management, with Cisco ASA and Juniper firewalls.
●Responsible for the implementation of engineering processes that provide for timely and appropriate integration of all engineering disciplines to ensure a network system design that meets all requirements and allows for consistent delivery against all customer SLAs.
●Experience with Cisco Nexus and IOS based enterprise class routers, switches and firewall product lines.
●Experience with VMWare NSX and Virtual Box.
●Routing protocols; specifically, BGP, OSPF and EIGRP.
●Experience with Cisco routers 2900/3900/4300 Series.
●TCP/IP packet analysis using Wireshark.
adgxlf@r.postjobfree.com 484-***-**** Washington D.C. 220057