EBENEZER K ADUGAH
Phone: 917-***-****
Email: **********@*****.***
SUMMARY
Ebenezer has extensive background and experience in computer troubleshooting, Information Security, and maintenance of information systems and enterprise networks. He has experience in risk assessment, system controls, auditing policies and procedures, change management, and testing. He also has hands-on experience in vulnerability assessment, implementation of the Plans of Action and Milestones / Corrective Action Plans, as well as remediation of documented threats and vulnerabilities. Experience in the field of risk-based certification and accreditation using NIST RMF. Knowledgeable in NIST Risk Management Framework (RMF), Security Lifecycle, and Vulnerability Management using FISMA and NIST publication. Experience in GDPR, Federal Information Security Management Act (FISMA) guidelines, ITIL,HIPAA,SOC 404,SOC 1&2,PCI DSS FIPS, NIST SP 800, FedRAMP, ISO 27001Also proficient with common information security assessment tools (e.g. CSAM, Nessus, WebsInspect, NetSparker etc.)
EDUCATION
Essex County Community College Newark, NJ
Associate Degree in Accounting May 2016
CERTIFICATIONS
CompTIA Network +
CompTIA Security +
Certified Information Systems Auditor (CISA)
PROFESSIONAL TRAINING
·Computer & Network Support Technician Certificate, Lincoln Technical Institute 2012
·Webcast: Acquisition and handling techniques of computer evidence, January 12, 2013
·Information Systems Security training, February 2018
·Certification and Accreditation Document Review training, March 2018
·Anti-Phishing training, June 2014
·Information Assurance Awareness training, June 2018
·Webcast: Information Security and Privacy – FISMA “Next Gen,” March, 2019
·CAP: Certified Authorization Professional Training, April 2019
WORK EXPERIENCE
United Airlines
Information Security Risk Analyst 07/2018 – Present
·Performs Third Party risk assessments using the security controls implemented by the company as a baseline/ guide.
·Performs Third Party risk assessments using the security controls implemented by the company as a baseline/ guide.
·Reviews assessments performed by 3rd party and provide feedback. Define appropriate risk levels and corrective actions for issues identified.
·Engage in post-assessment activities including validation of initial findings with management and business unit, follow-up on risk remediation and mitigation as well as process exceptions for high risks accepted by the business.
·Conducts risk-based audits including all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members.
·Manages scheduling and execution of assessment, document findings, and recommendations, and provide periodic updates to management.
·Evaluates key information security risks including confidentiality, integrity, and availability of technology components thorough review of Security operational processes, such as vulnerability management, security logging, and monitoring, security incident response, and defense-in-depth strategies.
·Conducts kickoff meetings with vendors and Third-Party Managers to help identify and understand all technology involved in their service delivery and to also establish the scope of assessment
·Reports on assessment outcomes, risk level, and associated recommendations, presents issues to 3rd parties and obtains corrective action plans.
·Assists in providing compliance training to IT audit staff in accordance with the Security awareness training policy and its modules
·Requests, reviews and validates artifacts in the form of screenshots and other documentation to close out and audit items.
·Collates conclusions and recommendations and presents assessment findings to management regarding the effectiveness and efficiency of control mechanisms.
Coalfire Federal
Information Security Analyst 01/2016 to 06/2018
·Assist with the development of the SSP collaborating with clients to determine security implementations are compliant with security policies and procedures using numerous standards.
·Identity and review security implementation details for systems and information systems ensuring they meet the appropriate security requirements.
·Provide recommendations for implementing solutions and serve as a consultant providing inputs in Security as well as Governance, Risk, and Compliance activities.
·Review the FIPS 199 Security Categorization of the overall impact level of systems using NIST SP 800-60.
·Schedule interview meetings with control owners and other stakeholders.
·Perform security assessment by testing information security controls.
·Develop Security Assessment Reports (SAR) to support the accreditation package.
·Work with system engineers to assemble accreditation packages, including SSP, SAR, POA&Ms, etc.
·Review vulnerability scans and perform analysis of results.
·Develop and review Security Documentation including but not limited to System Security Plan, Risk Assessment, Privacy Threshold Assessment, Contingency Plan, Configuration Management Plan, e-Authentication and Incident Response Plan.
·Coordinate and communicate with system Stakeholders as required to complete various A&A tasks.
·Work effectively with other team members to complete required tasks, performing all required tasks in a timely and proficient manner.
Hewlett Packard Enterprise Company (HPE)
Help Desk Technician 01/2013 – 06/2016
·Created and modified user network accounts using Active Roles Server / Active Directory
·Desktop/Laptop/Tablet Imaging experience
·Experienced in the deployment of software to PCs, laptops, and tablets using SCCM
·Utilized ServiceNow to manage company assets regarding hardware installations.
·Supported PC Refresh: replace old computers with new computers; migrating data and settings from old computers to new computers
·Responded to VIP escalations in a timely and efficient manner
·Installed, configured, and troubleshot Microsoft Windows Active Directory components
·Experienced in PC, laptop, tablet, and printer Installation and maintenance
·VPN Support—Initial Setup and troubleshooting of Terminal Session connectivity issues
·Triaged and resolved or escalated per SLA service requests via telephone and/or remote access using
·Possess technical skills and served as a point of escalation for Tier1 techs and as a resource for management and Knowledgebase Technical Writer
·Assisted management in training and mentoring New Hires on processes for working tickets including logging activity through resolution
·SCCM Remote Control Viewer and Windows RDC, as well as deskside support
·VDI Support—Initial Access configurations
·Resolved Exchange email connection problems on company-issued devices
·Provisioned access to the Security Awareness training portal and troubleshoot software-related access problems
·Utilized Command line tools to analyze and resolve PC and network connectivity challenges
On-SiteTechnology
IT Intern 06/2012 – 12/2012
·Learned soft skills required for effective customer service and support
·Examined operating system functions and computer architecture
·Hands-on PC troubleshooting, repair, and maintenance
·Networking concepts including LANs, WANs, protocols, topologies, transmission media, security, and TCP/IP protocol suite
·Installed, configured, and administered Microsoft Windows XP Professional and Vista Operating Systems
·Implementation, administration, and troubleshooting of Microsoft Windows 2008 Server
·Installed, configured, and troubleshot Microsoft Windows 2008 Active Directory components
·Managed, monitored, and optimized the desktop environment using Group Policy
·Implemented and administered DNS, DHCP, Remote Access, Network Protocols, IP Routing, and WINS in a Microsoft Windows 2008 network infrastructure
·Designed Microsoft Windows 2008 Directory Service architecture