Security Information

Yannick Tiadjoue Ngompe

CompTIA Security plus

**************@*****.*** Cincinnati, Ohio 513-***-****

OBJECTIVE

A skilled IT security professional with over 5 years of experience in the information assurance field. Cooperative team member with a strong work ethic, attention to detail, and value for deadlines who is experienced in multiple technologies, willing to learn, and can adapt and assimilate well in new professional settings. My Goal is to obtain ATO on all my systems.

SKILLS

Microsoft Office

SIEM (Splunk)

Vulnerability and POA&M Management

Patch Management

Experience with FedRAMP, FISMA, NIST

Problem Solving

Flexibility and Adaptability

FedRAMP

Nessus

NIST 800-series

ATO Package documents

POAM Management

Windows

Special Publications: FIPS 199 and 200 (Information/Information System Categorization and Selection of Controls for Info/Info System); NIST 800-18 (SSP), 800-30 (Risk Assessment), 800-34 (Contingency Planning), 800-37 (RMF SDLC), 800-39 (Risk Management), 800-53 (Control Catalog), 800-53A (Control Assessment), 800-61 (Incident Response), 800-137 (Continuous Monitoring),NIST 800-60(security categorization)

EXPERIENCE

Cyber Security Analyst

DTT Tech Consulting – Greenbelt, MD

April 2018 - Present

Develop, reviews, updates, and enforces implementation of Information Security System Policies, System Security Plans (SSPs), and Security baselines in accordance with FISMA, NIST SP 800-18, OMB and industry best security practices.

Support and manage systems to go through the Assessment and Authorization (A&A) process while maintaining Confidentiality, Integrity and Availability (CIA) of the systems and data stored in them and being in compliance with FISMA and NIST Special Publication 800 series.

Conduct reviews of security documents updated by ISSO to ensure FISMA compliance, reviewing and validating of items uploaded into POA&M tracking tool in support of remediated findings.

Assist in Preparation of Assessment & Authorization (A&A) package development and review such as FIPS 199 categorization, E-Authentication risk assessment, System Security Plan (SSP), Privacy threshold analysis (PTA), Privacy Impact Assessment (PIA), POA&M and Contingency Plan, for efficacy and compliance with NIST guidance.

Work with Security Control Assessment (SCA) team to populate the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A as part of the Security Assessment and Accreditation (A&A) Continuous Monitoring Testing/Projects.

Support the review of all Cloud Service Providers (CSPs) documentation for compliance and worked with Stakeholders until the Cloud System documentation met FedRAMP requirements.

Perform Vulnerability Scanning as part of the Assessment and Continuous monitoring and provides remediation to System and Application Administrators.

Creates and tracks Vulnerabilities in the Plan of Action and Milestones (POA&M) of all accepted risks upon completion of Security Control Assessment (SCA).

Review and updated the plan of action and milestones (POA&Ms), security vulnerabilities and mitigation strategies; and develop security A&A artifacts, to include but not limited to, sensitivity assessments, SSP, POA&Ms, and SAR.

Assist System Owners and ISSOs through the Certification and Accreditation (C&A) Process, ensuring that Operational, management and technical control securing sensitive Security Systems are in place and being followed according to the Federal Guideline (NIST SP 800-137 RMF).

Perform Continuous Monitoring of Security Controls by using NIST 800-137 as a guide by testing a portion one-third of the Applicable Security controls Annually and performing periodic Vulnerability Scanning and Testing of Controls.

Contributes in the development of System Security Plans (SSP), Incident Response Plans, Contingency Plans.

Designates systems and categorize their confidentiality, integrity, and availability severity using FIPS 199 and NIST SP 800-60 Vol. 2.

Updates IT security policies, procedures, standards, and guidelines according to organizational and federal specifications.

Performs thorough risk analysis and assessment of IT systems, ensuring compliance with NIST and FISMA guidelines.

Work closely with client’s System owners and security teams to oversee the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for Cloud systems and FISMA systems; generated, reviewed and updated System Security Artifacts.

Work with legal and compliance teams and performed electronic discovery and computer forensics to support investigations and implemented, maintained and monitored network and security performance via Splunk monitoring tool.

Work closely with clients’ Information Assurance Analysts to oversee the preparation of a Comprehensive and Executive Certification & Accreditation (A&A) packages for approval of an Authorization to Operate (ATO); generate, review and update System Security Plans (SSP).

Provides oversight of incident data flow and response, content, and remediation, and partnered with other incident response centers in maintaining an understanding of threats, vulnerabilities, and exploits that could impact networks and assets.

Support the team during monitoring, scanning, reporting, risk assessments and incident response and performed analysis via assessment of vulnerabilities, scrutinized alerts from a myriad of sensors and systems, and responded to security events.

Security Control Assessor

DelTaahTech Consulting llc

February 2016 – March 2018

Conducted comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the systems.

Contributed in the creation of Security Assessment Plans (SAPs), Requirement Traceability Matrixes (RTMs), and Security Assessment Reports (SARs) to document purpose and scope of the assessment, track assessment progress, and deliver assessment findings to clients

Worked with ISSO and Security team to Assess Security Controls selected and ensured the documented result be reflected on the (RTM). As well ensured that Test cases and all weakness noted be reported in our SAR report.

Examined all files and documents published by the client to check ensure document adequacy for complete and in-depth assessment of security controls using NIST SP 800-53A as a guide

Interviewed applicable personnel on security standards to confirm control implementation Interviewed as outlined in organization policies, procedures and NIST SP 800-53A

Tested controls using formal automated tests to validate control implementation and determine control effectiveness

Documented assessment findings of security control implementation and conducted risk assessment on system security controls contingent on control status and examination, interview, and test results

Developed and presented recommendations based on assessment findings to be comprehended by technical and non-technical personnel in order to advise clients on any assessment and authorization issues to aid in client remediation efforts

Utilizes various information system inspection tools to audit systems, analyze potential vulnerabilities and identify mitigation approaches.

Ensure that assigned systems/applications meet (A&A) standards before a recommendation is made for Authorization.

Document the results of the security control assessment, including recommendations for correcting any weaknesses or deficiencies in the controls, analyze findings, and develop risk mitigation technique to address weaknesses.

Certifications and Education

University of BUEA—Bachelor of Science In computer Technology

Security Plus Certified

Contact this candidate