Security Information

Clovert Ntoboh

Upper Marlboro, MD *****

M: 240-***-****

*************@*****.***

Professional Summary

I am a self- motivated Cyber Security Analyst with over 4 years of experience. I am looking for an opportunity where I will utilize my skills and past experiences to assist the organization with gaining ATO for systems, perform Continuous monitory on Implemented controls, monitoring and analyzing networks which combines professional and interpersonal skills to accomplish the mission, vision, and the goals of the organization. I have a great ability to motivate and proactively work with team members to achieve the overall goal of securing the IT systems while progressively learning, teaching, and expanding my knowledge and scope within the IT Security industry and more.

Professional Experiences

Abiatech Solutions January 2017-PRESENT

Cyber security Analyst.

• Perform risk assessment, supports client in developing, reviewing, and updating security artifacts such as SSP, SAR, SAP, POA&M, CP, BIA, PTA, PIA, RA, ISA, IR, MOU, DRP and SLA for compliance, accuracy, and completeness.

• Perform Vulnerability management and Continuous Monitoring following NIST & FISMA Standards and Guidelines.

• perform vulnerability scans using Nessus tool within the network to uncover Vulnerabilities.

• Work on FedRAMP systems, hosted by cloud service Providers, making sure the customer responsibility is addressed.

• Play Critical role, in Incidence response Preparation, identification, containing that incident, eradicating that Incident, recovering from that incident and lessons learned from that incident.

(CSIRT)

• Analyze reports and prioritizing vulnerabilities to be remediated after system scans and with the help of SIEM tool such as Splunk.

• Categorize information systems using FIPS 199 and NIST 800-60 and document the categorization in the SSP.

• Assist ISSO in selecting security controls using FIPS 200, NIST 800-53rev4 as a guide and in documenting these controls in the System security plan (SSP).

• Document implementation details in SSP ensuring the control requirements in NIST 800-53A match the control descriptions in NIST 800-53

• Continuously Monitor the Security controls by participating in annual security control assessment y assisting with providing artifacts, reviewing, and updating documentation.

• Taking part in penetration testing.

• Review and update POA&Ms to ensure POAMs are closed in timely manner.

• Track the POA&M based on the findings and recommendations from the SAR.

• Assist in establishing and implementing an Ongoing Authorization (OA) program designed to review the security posture of designated systems on a continual basis.

• Work with ISSO to manage POA&Ms and obtain waivers.

• Review all findings with system owners, ISSO, and key stakeholders to confirm understanding of security weaknesses for POA&M development.

• Work with key client stakeholders to evaluate current information security practices.

• Prepare and review Assessment and Authorization package documentation (SSP, SAR, and POA&M) to assist Authorizing official in making risk-based decisions.

• Complete Weekly Activity Reports outlining all activities for the work week

• Ensure compliance with annual FISMA deliverables and reporting by reviewing and updating these deliverables.

• Participate in weekly team meetings to obtain security updates and to present status report on ongoing projects.

• Coordinate with ISSO and other team members to create remediation plans to resolve deficiencies uncovered from assessments.

• Perform security impact analyses to support change management program.

• Review and update policies to ensure compliance with regulations, customer contracts, information security management frameworks (e.g., HIPAA, ISO 27001, NIST etc.), etc.

• Work with teams across the organization to update and/or create new processes and procedures.

• Designs training materials for computer security education and awareness programs.

• Evaluates overly complex security systems according to industry best practices to safeguard internal information systems and databases.

• experience with configuration management e.g., making sure end point devices are configured base on my organization policies from default to customize setting to enhance security.

• experience in supporting security applications on desktop computers in large environment by making sure that these applications are up to date, they receive updates patches from vendors and scanning these applications for vulnerabilities such as week password settings and open ports.

• Develop, maintain and review ATO packages for cloud migrated systems. SKILLS SUMMARY

• Solid experience working with NIST 800 series

• Experience with Nessus Vulnerability Scanning tool Tenable.

• knowledge of Network ports, protocols, security, threats, risk, and vulnerability management

• Working Experience with SIEM tools like Splunk for gathering and analyzing security logs.

• Working Knowledge of the OSI model.

• RMF framework.

• Experience with Who is domain tool.

• Familiarity with Pen testing steps.

• Excellent mastery of Microsoft word, excel, power point, and google Slide creation.

• MacAfee life Safe and Sophos Familiarities.

• Experience with Trouble shooting on windows.

• Excellent oral and written communication skills.

• Strong team member, analytical and leadership skills.

• Organized and detailed orientated.

EDUCATION AND CERTIFICATION

• Bachelor of Science in Computer Science.

• CompTIA Security +

• Scrum master Certify

• Cyber security analyst (CYSA+)

• CompTIA security analytic profession (CSAP)

Contact this candidate