Security Information

Olayinka Aiyedun

Bowie, MD. *****

240-***-****

E-mail: adjpxp@r.postjobfree.com

OBJECTIVE

Information Technology security professional with proven experience in Information Assurance, Audit and Evaluation, Testing and Monitoring, FISMA/NIST, SA& A and Risk Assessment of General Support Systems (GSS), Major and Minor Application. A dynamic and detail-oriented Cyber Security Analyst, leadership and excellent communication skill with five years of experience applying NIST and FISMA guidelines to align and comply with the needs of private and federal agencies. Also, very familiar with relevant NIST Publications SP 800 series and Federal Information Processing Standards (FIPS) - FIPS 199 and FIPS 200. Also, a functional knowledge of DoD 8510.01, Committee of National Security Service Instruction (CNSSI) 1253

CLEARANCE

Secret Clearance

KEY SKILLS

Experience with FISMA Audit & Metrics and NIST SP 800 Series

Perform comprehensive assessments and write reviews of management, operational and technical security controls for audited applications and information systems using CSAM, eMASS

Develop System Assessment & Accreditation (A&A/C&A) documentation in compliance with organizational standards.

Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A and NIST SP 800-53Rev.4.

In depth knowledge of FISMA, RMF, ISO Frameworks.

Analytical, communication and interpersonal skills

Ability to multi-task, work independently and as part of a team

PROFESSIONAL EXPERIENCE

Broadleaf-Inc May2020 – Till Date

Information Assurance Validator

Hands-on experience utilizing DoD-approved scanning/testing tools (Nessus, Security Technical Implementation Guides (STIG) Checker, Security Content Automation Protocol (SCAP), etc.), and performing analysis of output.

Interact with the Information Systems Security Manager (ISSMs), System Information Systems Security Officer (ISSOs), Information Systems Security Engineers (ISSEs), and Security Controls Assessor (SCA) regarding interpretation of STIG requirements and applicability of security controls and required documentation/artifacts needed prior to a validation event.

Conduct STIG research and ensure compliance with all necessary STIG checklists.

Review security controls and developer documentation; and, report missing or outdated documentation to stakeholders.

Completing and submitting a Security Assessment Plan (SAP).

Upload validation results into eMASS and other repositories.

Emagine IT Feb 2020 – May 2020

(Contractor) Cybersecurity Division

DHA – Mid-Level IV&V Validator

Supports the Defense Health Agency with assessment and authorization (A&A) efforts.

Conducts cybersecurity analysis in preparation for A&A.

Covers technical information security aspects including, but not limited to, identifying risks, providing mitigation plan of action, analyzing system designs.

Identifies key stakeholders in the A&A effort for medical systems and networks and works with them to confirm that the system documentation reflects the current security configuration of the system, in terms of hardware and software components, data flow, interconnections, and ports, protocols, and services

Identifies potential risks associated with the configuration of the system and appropriate mitigation strategies

Conducts status meetings and determines next steps in moving the systems toward a successful accreditation effort

Works with the cybersecurity team to develop and implement the detailed test plan and review findings from self-assessment to determine readiness for independent assessment

Conducts manual checks of the systems during independent testing and reports them in a plan of action and milestones (POA&M) document

Uses the automated tool (eMASS) to capture and report test results

Assists the system owners and system SAs in interpreting and applying mitigation strategies

Documents residual risks by conducting a thorough review of all the vulnerabilities, architecture, and defense in depth and provides the cybersecurity risk analysis and mitigation determination results for the Test Report

Assists the Validator with producing the risk assessment artifacts describing residual risks identified during A&A testing

Develops/maintains agency level cybersecurity policy and processes that implement DoD Cybersecurity program

Familiar with DISA STIGs/FDCC requirements, defense-in-depth, and other information security and assurance principles and associated supporting technologies

Communicates the security posture of systems up the chain of command via eMASS so that accreditation decisions can be made based on a thorough understanding of the risks associated with the particular configuration of systems and networks

Identifies strategies for improving the A&A processes and procedures to meet increasingly tight timelines and budgets

Security Control Assessor June 2018 – Dec 2019

Emagine IT

(Contractor) Cybersecurity Division

USDA – Rural Development (RD)

Federal Contractor

Conduct kick off meetings to collect systems information (information type, boundary, inventory, etc.) and categorize systems based on NIST SP 800-60.

Conduct IT controls risk assessments including reviewing organizational polices standards and procedures and providing advice on their adequacy, accuracy and compliance with industry standards.

Assist with the development of system Security Plan (SSP) to provide an overview of federal information system security requirements and described the controls in place to meet those requirements.

Conduct document reviews of NIST, OMB, FISMA and other policy documents and vendor publications related to enterprise technologies and recognize, modify and update procedures resulting from the new guidance.

Develop Security Assessment Reports (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POA&M).

Provide Continuous Monitoring support through POA&M's, system and user audits, analyze and report scanning results, and update all corresponding security documents as needed.

Assist ISSO in preparing certification and Accreditation package for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.

Provide ISSO support by assisting in reviewing risk waivers and ISA, MOU review before authorization.

Create and update the following Security Assessment and Authorization (SA&A) artifacts: FIPS 199, System Security Plan (SSP), Risk Assessment (RA), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, System Security test and Evaluation (ST&E), Contingency Plan, Plan of Actions and Milestones (POA&M).

Information Security Analyst Aug. 2016 - Jun 2018

ANCHORAGE CONSULTING LLC, BOWIE, MD

(Contractor) Cybersecurity Division

Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), Security Control Assessment (SCA) and the Plan of Actions and Milestones (POA&M)

Conducted IT controls risk assessments that included reviewing organizational polices, standards and procedures and provided advice on their adequacy, accuracy and compliance with FISMA Standard.

Assisted in preparing certification and Accreditation package for agency’s systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.

On a quarterly basis, conduct reviews on Information Systems security documents for all hosted systems to include: Plan of Action & Milestones (POA&Ms) and Security Control Assessment (SCA).

Performed Risk assessment making sure risks are assessed, evaluated and proper actions taken to limit impact on the information and information systems.

Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans and security authorization packages.

EDUCATION

B.sc Business Administration - Olabisi Onabanjo University Ogun State, Nigeria

OND Computer Science and Technology - Federal Polytechnic Offa, Kwara State, Nigeria

Maxat Institute of Computer Training - Diploma in PC Assembling and Troubleshooting

CERTIFICATION

CompTIA Security+

Certified Authorization Professional (CAP)

Certified Data Privacy Solutions Engineers (CDPSE)

Certified Information Systems Manager (CISM)

Certified Information Systems Security Professional (CISSP) In Progress

TECHNICAL SKILLS

Software/ Hardware/Platform: Windows, Security Control Testing, MS Office Suite (Power Point, Visio, Word, Share Point, Excel, Access, Nessus.

Contact this candidate