CYBER SECURITY OFFICER

AdeSegun Okunade

****************@*****.*** 708-***-****

An innovative I.T professional, with 3 years’ experience improving cyber security and information assurance for the federal agencies. With extensive experience in Risk Management Framework (RMF), Federal Information Security Management Act (FISMA) and Federal Risk & Authorization Management federal Process (FedRAMP) to support authorization to operate (ATO) activities. Highly motivated, quick study, open to new challenges and strive for unconditional excellence in the workplace. Core Competencies

- Vulnerability Scanning. - Security Information and Event Management

- Risk Management Framework - Cloud Deployment

- POA&M Management - Assessment & Authorization

- Security Control Assessment - NIST, FISMA, FEDRAMP, FIPS, HIPAA

- Security Control Assessment - Xacta, eMASS, CSAM, Nessus Tenable

- Jira Ticketing System - Problem-solving skills

- Excellent communication - Deadline-oriented

- Excellent customer service

Education

Bachelor of Science in Accounting Olabisi Onabanjo University 2008 Certification

CompTIA Security +

Work Experience

Havilah Group LLC – Baltimore, MD 06/2019 – Present Information System Security Officer (ISSO)

● Performed assessment and authorization (A&A) efforts under the NIST Risk Management Framework

(RMF).

● Ensured the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each IS.

● Provided liaison support between the system owner and other IS security personnel.

● Ensured that selected security controls are implemented and operating as intended during all phases of the IS lifecycle.

● Developed, maintained, reviewed, and updated system security documentation such as FIPS 199 Categorization, System Security Plans (SSPs), Information System Contingency Plan (ISCP), Configuration Management Plan (CMP), Incident Response Plan, (IRP), Standard Operating Procedures (SOPs) etc. on a continuous basis.

● Conducted required IS vulnerability scans according to risk assessment parameters.

● Developed Plan of Action and Milestones (POAMs) in response to reported security vulnerabilities.

● Managed the risks to ISs and other Agency assets by coordinating appropriate correction or mitigation actions and overseeing and tracking the timely completion of (POAMs).

● Monitored security controls for assigned Agency ISs to maintain Authorized to Operate (ATO).

● Uploaded all security control evidence to the Governance, Risk, and Compliance (GRC) application to support security control implementation during the monitoring phase.

● Ensured that changes to an Agency IS, its environment, and/or operational needs that may affect the authorization status are reported to the system owner and IS Security Manager (ISSM).

● Ensured the removal and retirement of ISs being decommissioned in coordination with the system owner and ISSM.

Havilah Group LLC – Baltimore, MD 06/2019 – Present Security Control Assessor (SCA)

● Performed security control testing activities based on NIST 800-53A.

● Developed Security Assessment Plans (SAP) and Security Assessment Reports (SAR).

● Conducts security control interviews, documentation review, testing security controls and artifact collection.

● Performed risk analyses to demonstrate effective risk management and developing security assessment reports.

● Managed project schedules successfully, developing required deliverables using established client templates, meeting with client leadership, and conducting stakeholder interviews.

● Developed POAM for failed controls.

● Deep understanding of NIST Special Publications; specifically, 800-30 rev 1, 800-37 rev 2, 800-39, 800-137, 800-34, 800-53, 800-60 rev 1, volume 1&2, 800-18 rev. 1, and 800-128.

● Ability to obtain a security clearance.

Emjay Global LLC 02/2016 - 06/2019

I.T Help Desk Technician

● Performed assessment and authorization (A&A) efforts under the NIST Risk Management Framework

(RMF).

● Taking initial telephone or email inquiries and troubleshooting and managing relatively simple hardware, software, or network problems

● Recognizing and escalating more difficult problems.

● Logging call activity.

● Test and evaluate computer hardware, software, and/or systems (networks)

● Perform periodic maintenance of the computer network (WAN/LAN, hardware, and software)

● Troubleshoot computer-related problems; develop and implement solutions to those problems in a timely manner.

● Understand and be understood by non-IT employees/customers.

● Work independently and as part of a team of technicians.

● Make decisions quickly and decisively, often with limited information.

Contact this candidate