Francis Wanyoh: 781-***-****:

adv3yo@r.postjobfree.com: US Citizen: Stoneham Ma

EDUCATION & CERTIFICATE

● University of Buea: Cybersecurity 2010 - 2014

● Penn Foster Institude: HRM Certified. 2015 - 2017

● WTS: Information Technology, Certified. 2022 - 2023

● CompTIA Security + Certified. 2022

● CISSP: In progress

WORK HISTORY

Company: ISite Technologies, NY: 06/ 2020 - present Job Title: Cyber Information Security Analyst.

Ensuring asset security such as company information/data by monitoring and implementing the correct applicable controls that enforces several levels of Confidentiality, Availability, and Integrity (CIA) and applicable security measures such as firewall and network, and routers.

Using Open Web Application Security Project (OWASP) to view, track, tackle and mitigate web security vulnerabilities affecting the organization mission critical application. Web Inspect is the organization’ web application scanning tool used to track these findings and confirm mitigation of these findings.

Developing and implementing an enterprise-level security assessment by carrying out Access Control Tests (like Vulnerability testing, Security Audits and Software testing) and Security assessments.

Solely conducts regular security and privacy policy and plan reviews, reports on findings, recommends policy and plan updates. Also, helping to develop agency security policies for review and approval by senior management. And develops comprehensive FISMA-compliant ATO packages for all internal, hosted, and cloud-based information systems.

Responsible for going through the POA&M process properly, Updating the POA&M tracking tool, CSAM and effectively remediating the vulnerabilities present and finally closing the POA&M. Also, verifying and confirming that each POA&M content is updated and is being assigned to the right subject matter expert (SME) or proof of concept (POC) to have them work on remediating the vulnerabilities for that POA&M.

Running scans on POA&Ms using Nessus tool to confirm all identified findings have been remediated and uploading the validation scan result into the POA&M tracking Tool (CSAM) with any artifacts for POA&M closure.

Prioritizing the POA&Ms according to the Impact level of the vulnerabilities present in them so that they can be remediated in time according to FISMA/ organization requirement. Meeting timelines and making sure the provided evidence for assessment is confirmed and uploaded onto the SharePoint site for assessment.

Assisting with continuous monitoring using NIST SP 800-137 as a guide to make sure the assigned system is secure and can effectively perform normal operations without compromising its CIA requirements or compliance.

Staying up to date on security trends related to threats, and vulnerabilities Company: MTN, Douala: 04/2017 - 06/2020

Job Title: Volunteer Vulnerability Management Analyst:

Performed Application Security Scan using (SAST, DAST, etc.) Monitored application security flaws and notified the Subject Matter Expert (SME) for remediation.

Supported System Development teams with results from scans through reviewing findings with Application Teams and document and tracked security findings through remediation.

Performed evaluation of policies, procedures, security scan results, & system settings to address controls that were thought insufficient during Security Assessment and Authorization (A&A), RMF & continuous monitoring.

Performed vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle using (RMF) guide.

Understanding approaches for addressing vulnerabilities including system patching, deployment of specialized controls, code or infrastructure modification, changes in development processes, cloud and mobile devices.

Identifying and resolving any false positive findings in assessment results, and documents all issues and assists in their resolution.

Performed security awareness and training exercises to help keep peers, contractors, aware of cyber-attack methodologies using NIST 800-171 as guidance.

Ensuring company’s systems and servers have a clear picture in identifying and granting access to authorized users and allowing them to perform legitimate actions while restricting unauthorized users. This identity and access management can be implemented physically (usernames and passwords, Access Cards, Biometrics and Fingerprint Scanners), Authentication (Presenting ID to confirm your person), Authorization

(Checking appointment/staff list), and Multifactor Authentication

(combination of Password, Access Card, and Biometrics). SKILLS & TOOLS

Excellent project & time management skills.

Strong problem-solving skills.

Good written and oral communication.

Strong ability to analyze, assess risk and vulnerability scan results.

Excellent at system categorization & security control selection.

Ability to assess and prioritize vulnerability remediation

Effective organizational and Customer service skills.

Ability to work effectively in a private & in team space.

Physical Penetration Tester

Proficient in tools like; Microsoft Outlook, Jira, SharePoint, Nessus. Likes/Hobbies

Learning New Things, Problem solving, Meditating, cooking, Sport, & Sightseeing.