Cyber Security Analyst
Performance-driven Cyber Security Analyst with over 6 years’ experience managing and defending enterprise information systems, network system and operational processes through risk management, assessment of internal/external security vulnerabilities, information assurance, develop security control policies and procedures, implementing and testing security controls. Knowledgeable ensuring compliance with industry standard regulations: FISMA/NIST 800 series, ISO 27001, PCI DSS, SOX, HIPAA and processes.
Experience in developing documentations such as SSP, SAP, PTA, PIA, E-Authentication, SAR, SRTM, etc.
Good knowledge of RMF processes and compliance with NIST publications and standards: - NIST 800-53 Rev 5 and NIST SP 800-37 rev 2, 800-18, 800-53A, 800-30, 800-137, FIPS199 & 200, SOX, GBLA, PCI DSS, HIPAA, FEDRAMP
Performing daily ongoing (A&A) Assessment and Authorization projects in support of findings.
Experience in developing and conducting ST&E (Security Test and Evaluation) according to NIST SP 800-53A and perform on-site security testing and reviewing vulnerability scan results.
Good knowledge of Security Control Assessment, internal audits as part of Information System Continuous Monitoring activities prior to external auditing
Experience using and analyzing technical assessment tools such as Nessus, Wireshark, Snort and Nmap.
Good Knowledge of networking technologies (including OSI Model, TCP/IP, DNS, WAN/LAN/VLAN, IDS/IPS, Switches, Routers
Problem solving skills identifying issues and determining the reliability and significance using sound judgment to review, evaluate alternatives and make recommendations
Knowledge of SIEM tools – Splunk, to perform searches, and create reports, alerts and dashboards, GRC tools e.g CSAM and Vulnerability Scanning tools: Acutinex, Tenable, Web Scanner.
Security Control Assessor
DelTaahTech Consulting Feb 2018 - Present
Coordinating client interview (Working Sessions) to determine system security posture and assisting in package/completion of the system security Assessment Plan using NIST SP 800-53A needed to maintain organization’s Authorization to Operate (ATO)
Preparing Security Assessment and Authorization package which consists of Requirement Traceability Matrix, Risk Exposure Table, SAR, and POA&Ms Report in compliance with FISMA, NIST and OMB A-130 appendix III
Conducting technical and non-technical security risk assessments on network systems via document review, network vulnerability scans, and walk through of new and existing information for FISMA compliance using NIST guidelines and controls
Reviewing technical Security Controls and providing implementation responses as to if/how systems are currently meeting the requirements
Conducting Information Systems Security Audits and Certification and Accreditation (C&A) Test in compliance with the NIST standards
Providing POA&Ms quality and management review, update and validate on behalf of the CISO
Performing analysis with Security Information and Event Management (SIEM) software products
Conducting vulnerability management strategic testing and techniques
Providing continuous monitoring support for Information Systems in accordance with FISMA guidelines and conducting FISMA-based security risk assessments
Participating in System Security Categorization (FIPS199), reviewing Privacy Impact Assessment (PIA) document after a positive PTA is created
Information Security Analyst
DelTaahTech Consulting April 2015-Jan 2018
Coordinated implementation and improvement of enterprise-wide security standards, policies, and procedures (manage Active Directories and user permissions within a cloud-based environment, user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)
Coordinated periodic compliance scans, host discovery scans, web searches for related URLS, and maintain an accurate documentation
Developed, reviewed, and updated Information Security Systems policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices
Performed vulnerability scanning using Nessus scanning tool to detect potential risks on a single/multiple assets across the enterprise network
Performed vulnerability/risk analyses of information systems and applications during the assessment phase of the system development
Conducted trend analysis of monthly vulnerability assessment results to identity high risk vulnerabilities impacting information assets and coordinated proper remediation accordingly
Performed risk assessments, reviewed and updated Plans of Action and Milestones (POA&Ms), Security Control Assessments, and specific security document. (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev 5, FIPS 200 (Security Controls), NISP SP 800-53A rev 5(Assessing Security Controls)
Analyzed and defined security requirements for information systems and network infrastructure
Performed continuous monitoring functions, including coordinating mitigation of gaps, findings, and other security issues; and other required testing
Responded and participated in resolving security incidents, failed log on attempts, failed port connections to the network and investigates and escalates
Analyze scan data to determine if its false positive or actual alert and suggest ways to remediate issues discovered
Documented all activities during an incident and provided leadership with status update during the life cycle of the incident
Coordinated implementation of security policies and procedures by monitoring security profiles, reviews security violation reports and investigates possible security exceptions
Coordinated audits and security logs to detect possible security violations
University of Bamenda Cameroon
Certified in Risk and Information Systems Control (CRISC)
Tenable Nessus, SIEM tools: Splunk,
Service-Now, Microsoft Office (, MS Word,, Excel, Microsoft Share