Security Information

Frank Ezomo

347-***-**** • *****.*****@*****.*** • New Jersey

A dynamic Cyber Security analyst with 6 years of experience in the information technology field. Successful in IT Risk Compliance, implementing security controls, managing vulnerabilities, performing continuous monitoring on systems, and supporting the entire A&A process. Ability to adapt well to changing environments and proven competence to lead and direct. I am an ambitious, intuitive, and reliable Cyber Security professional with a strong capability to deliver within timelines and on budget.

AREAS OF EXPERTISE

• Cyber Security

• RMF, NIST, FIPS

• SIEM

• SDLC

• TCP/IP

• Application testing/support

• User training/Supervision

• Network and Internetworks

• Project Management

• Agile (Scrum)

• Cloud – (SaaS, PaaS, IaaS)

• MS Azure, Windows Server

• Software Implementation

• PCI DSS

• Switches and Routers

PROFESSIONAL EXPERIENCE

XCEED – Cyber Security Analyst July 2018 – Current

• Research, analyse and draft documents, such as, the Standard Operating Procedures (SOP) in accordance with company policies and NIST guidelines

• Gather and maintain artifacts needed for ATO

• Apply security control benchmarks to my assigned systems using tools like DISA STIGS to strengthen the security settings of Server (hardening)

• Review Nessus scan results to identify vulnerabilities, provide remediation strategies and preform follow-up to determine if risks have been mitigated

• Review and update inventory such as hardware and software and create a list to track assets

• Review request forms and agreement forms for users requesting access to systems and conduct Information Awareness training

• Research approved and unapproved software in software registry and request software adds, removals, wavier and version updates

• Assists in developing and testing Contingency Plans (CP), Disaster Recovery Plans (DRP) and Incident Response Plans (IRP) for systems

• Attends project meetings with stakeholders to ensure security is addressed throughout the System Development Life Cycle (SDLC). Assesses and communicates any risks associated with development practices

• Audits program testing, evaluation, and analysis of results with guidance from NIST RMF

• Selects security control baseline according to system categorization, tailored controls specific to the system based upon NIST 800-53 rev 4 and FIPS 200 guidance and added applicable overlays (i.e. Privacy Controls)

MBA Tech – Security- Control Assessor April 2016 – June 2018

• Conducted system security control assessment in accordance with strong understanding of NIST SP 800-53 Rev4, control selection/implementation, and NIST SP 800-53a, security control assessment, to determine control implementation and effectiveness

• Developed and prepared the Security Assessment Plan (SAP), Security Assessment Report (SAR), POA&M. Develop a preliminary Security Assessment Report (SAR)

• Reviewed documents such as SOP, SLA, MOA, implementation statements and requested evidences for missing artifacts

• Lead meetings to obtain reports and status update for individual team member tasks

• Documented control findings within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs)

• Assisted in designing and implementing risk mitigation strategy to foster organization cyber resilience

• Worked with clients to discuss appropriate remediation actions and deadlines for all identified gaps

• Analysed information system processes to determine deficiencies within their controls that could violate applicable law, regulation, framework or internal policies and procedures

• Monitored vendor services/activities relating to information security, confidentiality, integrity, availability and privacy

AlliedSoft – Business Analyst/Implementation Consultant April 2012 – April 2016

• Developed and managed the scope of delivery, create schedules and updated project portal for a number of projects

• Conducted initial meetings, envisioning sessions, UATs, perform project closure formalities and moved the project to support

• Communicated with stakeholders, provided progress report and periodic project updates

• Conducted trainings for users and process owners and got feedback to populate product version regular update with new requests and “nice to have” functionalities

• Managed all project communications and documentations, including User Manuals

• Maintained a high-level client relationship system with data integrity, confidentiality understanding and respect

EDUCATION/CERTIFICATION

• CompTIA Security+ Professional

• ICSI CNSS Certified Network Security

• Certified Scrum Master

• CCNA (CISCO Switching and Routing)

• Bachelor of Science in Statistics with Computer Science – University of Benin, Nigeria

• Diploma in Computer Engineering – University of Benin, Nigeria

Contact this candidate