Detail-oriented Information System Security Officer with a strong educational background in Cybersecurity, supported by field research and professional work experience in Information Security Analysis, Governance Regulatory Compliance, SharePoint, & heterogeneous information security environments.
IT Security: Microsoft Windows Server 2008 & 2012, Linux Servers. Database: Microsoft SQL Server 2008 & 2012, excel, Oracle, DB2, Virtual-box, VMWare work-Station, Using IDS/IPS and other SIEM tools like Splunk to determine the existence and nature of security incidents, and create security incident tickets. Perform Vulnerability scanning, using Nessus scan, Web inspects, and remediation. Use NIST, 800-53rv4and all NIST publications, RMF, FIPS 199, FEDRAMP, and ISO 27001, PCI DSS & FISMA guidelines to ensure overall organizational security compliance.
Information System Security Officer (ISSO)
06/2016 to Current
WASHINGTON TECH SOLUTION
Performing systems and network vulnerability scan to identify and remediate potential risk. Nexpose, Nessus, Qualys, and MBSA vulnerability scanners were used to detect potential risks on a single, and multiple assets across the enterprise network.
Used NIST SP 800-53A as guidelines to conduct Security Assessment.
Utilized NIST SP 800-18 and updated System Security Plans from NIST SP 800-53, Developed and maintained artifacts for the A&A process that included but was not limited to POA&M, SAP, SAR, RTM, CP, RA, PTA, PIA, RA, PTA, CPT, & SSP.
Planned System Security Checklists, Privacy Impact Assessments (PIA), POA&M, and Authority to Operate (ATO) letters.
Ensuring compliance to FISMA and NIST recommendations, as well as companywide security policies and procedures, and organizational guidelines and technical best practices. Review, update, and prepare evidence/artifact as part of audit preparation. Work with Cloud Service Providers to review and validate security packages for compliance, accuracy, and correctness with the FedRAMP Compliance standard.
Developing a variety of Assessment & Authorization deliverables including System Security Plan (SSP), Security Assessment Report (SAR), Contingency Plan (CP), and POA&M for review and approval by Authorization Official.
Reviewing Privacy Impact Assessment (PIA), System Record of Notice (SORN), and initiated corrective measures when security vulnerabilities occurred.
Implementing Risk Management Framework (RMF) following NIST SP 800-37 and Performing System security categorization using FIPS 199 & NIST 800-60v2
Advising Information System Owner (ISO) of security impact levels for Confidentiality, Integrity, and Availability (CIA) using NIST SP 800-60 V2. Utilizing NIST SP 800-18 and update System Security Plans from SP 800-53.
Creating reports detailing the identified vulnerabilities and the steps necessary to remediate them. Applying appropriate information security control for Federal Information System based on NIST 800-37 rev1, SP 800-53 rev4, FIPS 199, FIPS 200, and OMB 130 Appendix III.
Information System Security Officer (1SSO)
01/2014 --- 06/2016
ABIATECH SOLUTIONS INC
Complied with the HIPAA Security Rule and PCI standards.
Conduct kick-off meetings to collect systems information (information type, boundary, inventory, etc.) and categorize systems based on NIST SP 800-60.
Conducted Security Control Assessments to assess the adequacy of Management, Operational privacy, and Technical security controls implemented.
Developed and maintained artifacts for the A&A process that included but are not limited to POA&M, SAP, SAR, RTM, CP, RA, PTA, CPT, & SSP.
Planned System Security Checklists, Privacy Impact Assessments (PIA), POA&M, and Authority to Operate (ATO) letters. Assisted in the development and maintenance of System Security Plans (SSP) and Contingency Plans for all systems.
Developed risk assessment reports, identifying threats and vulnerabilities. Also, evaluates the likelihood that vulnerabilities can be exploited, assess the impact associated with these threats and vulnerabilities, and identify the overall risk level.
EDUCATION AND CERTIFICATIONS
Studying Cybersecurity “Bachelor’s Degree” at Strayer University
Cloud Computing Certification
Scrum Master Certification
Certify Authorization Professional and Security plus in progress
Intensive Training on Certified Authorization Professional and A&A package at Abiatech solution INC.
Degree in computer science in Ngwakele, Cameroon
Fluency in English
Citizen of the USA
Reference available upon request