Post Job Free
Sign in

Cyber Security Information

Location:
Stafford, VA
Salary:
$120,000
Posted:
July 17, 2023

Contact this candidate

Resume:

KENNETH KISSIEDU

** ********** *****, ********, 703-***-**** adyc4t@r.postjobfree.com

PROFESSIONAL SUMMARY

Information Security Professional with a passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for cloud-based software. Versed in robust network defense strategies. Over 7 years of experience in developing and implementing security solutions in fast-paced environments. Results-driven IT professional with notable success in planning, analysis and implementation of security initiatives. Strengths in FISMA, Risk Management Framework (RMF) & PCI-DSS.

EDUCATION

Certified Information Security Manager (CISM) - Active

CompTIA Security+ Ce - Active

Certified Information Systems Security Professional (CISSP) - In Progress

Kwame Nkrumah University Of Science and Technology - 04/2010

BSc in Agricultural Science with Concentration in Economics

Information System Technician A” School, Pensacola Florida, United States of America

Cyber Awareness Training, Department of Defense (DOD)

Risk Management Framework, NIST 800-37, Defense Security Services (DSS)

SKILLS

Standards/ Controls/ Framework: Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, ITIL, ISO 17799, Assessment and Authorization, STIGs General Computer Controls, Application control Testing, Compliance Testing, Vulnerability Scans, Project Management, Risk Assessment, Change Management, Configuration Management, Contingency Planning; Policies and Procedures, Implementation; Intrusion Detection Systems, Incident Response, GDPR, Media Protection, Physical Security, Computer operations, Environmental Security, Network Security, System Security, Personnel Security, OMB Circular A-123

Software/Tools/Artifacts/Platforms: Appendix A, OMB Consulting, NIST 800-53, FIPS, FISMA, FedRAMP, eMASS, XACTA 360, Nessus, ServiceNow, Security Center, Veracode, Crowdstrike, AnyConnect, Confluence, JIRA, Agile development, Splunk, Tenable, Elastic,

Web Inspect, UNIX, Sun Solaris, SQL Server, Windows; FIPS-199, SORN, E-AUTH., PTA, PIA, RA, SSP, CP, CPT, ST&E, SAR, POA&M,

ATO, CSAM, ISA, MOU, Network, Remedy, IDS, SSH, FTP, MS office suite, Power Point, Visio, Word, SharePoint, Excel, Access, Teams.

WORK HISTORY

Information Systems Security Officer 01/2022 to present

Department of Defense (IPT Associates/ Avint LLC) Arlington, Virginia

Coordinated and supported risk assessments and ensure corrective action on any identified security exposures.

Ensured implementation of protection measures are documented per NIST 800-53, maintains the SSP and associated artifacts, including risk assessments, Privacy Impact Assessments, vulnerability assessments, Plan of Action and Milestones (POA&Ms).

Collaborated with other analysts to review and analyze security vulnerability scan results and coordinating the remediation response to system security administrators/ engineering teams.

Participated in Change Control Board (CCB) briefings/meetings with all client/system senior management.

Conducted RMF first step kick off meeting, initial risk assessment and categorization of information security system into Low, Moderate and High system centered on Confidentiality, Integrity, and Availability (CIA) of the information type referencing FIPS-199, NIST 800-60 and NIST 800-30.

Reviewed and updated remediation on plan of action and milestones (POA&Ms), in organization's eMASS.

Worked with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in the closure of the POA&M.

Provided Assessment & Accreditation (A&A) support services by performing security control assessments (SCA), which could include interviews & examinations, security test and evaluation (ST&E), vulnerability assessments, and penetration testing in support of an Authority to Operate (ATO).

Performed security controls assessments in accordance with NIST SP 800-53A, to include interviews, examinations, and vulnerability testing.

Performed security assessments ensuring NIST control requirements are met.

Helped security teams complete control audits and assessments, clearly communicating findings to senior leadership.

Updated and reviewed A&A packages to include Core Docs, Policy & Procedures, Operations, and maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M.

Performed monitoring, testing, maintaining, and completing assessments of security controls.

Reviewed program documentation such as Risk Assessments, Security Plans, and Contingency Plans

Conducted periodic assessments of facilities, as needed, to ensure compliance with security requirements tailoring requirements, as needed.

Information Security Analyst 12/2018 to 12/2021

Naval Station Norfolk, Mid-Atlantic Calibration Center (US Navy) Norfolk, VA

Developed, assessed, and analyzed cyber security documentation for client information systems in accordance with FISMA, NIST RMF for Federal Civilian Agencies, FedRAMP, and departmental standards.

Conducted cyber security reviews and tests to ensure that cyber security features and controls are functioning as planned and are effective.

Worked with system owners and technical leads to develop and maintain security documentation.

Acted as a system security POC for multiple systems within the environment & coordinated monthly vulnerability scanning activities and analysis results.

Validated and maintained security documentation including, but not limited to system security plan (SSP), risk assessment (RA), contingency plan (CP), privacy impact assessment (PIA), e-Authentication assessment, FIPS categorization.

Prepared and produced e-authentication artifact identifying the appropriate authentication mechanism base on risk level (single, two-factor or multifactor) referencing SP 800-63.

Developed security documentation including system security plan (SSP), Security Control Test and Evaluation (ST&E), Security Assessment Report (SAR), Contingency Plan (CP) and other artifacts required for the ATO package.

Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.

Conducted Walkthroughs, Test plans, Test results and develop remediation plans for each area of testing.

Assisted the system owner to create the business Impact Analysis (BIA) document that formed part of the contingency plan and I also assisted in reviewing and updating it.

Provided support for implementing and following the Federal Information policies and guidelines throughout the whole Certification and Accreditation process for securing clients' information systems (NIST SP 800 series).

Initiated, updated, coordinated, and tracked the patching and remediation of security weaknesses as they are documented in the Plan of Actions and Milestones (POA&M).

Updated, retrieved and uploaded all necessary authorization related documentation into Cyber Security Assessment Management (CSAM) using approved templates and procedures.

Reviewed FedRAMP package (SAR, SSP and POAM) and compare provider package to the organization's requirements.

Conducted Systems Risk Assessment through Risk Analysis, assessed the various assets within the systems authorizing boundaries and rigorously identified all possible vulnerabilities that exist within the system.

Security Control Assessor / Information Security Analyst 06/2016 to 12/2018

Cyber Security Analyst, (USS Cole, USS Navy) Norfolk, Virginia

Performed FISMA-based security control assessments for various assigned information systems, by conducting interviews (System Owner), testing and examinations of implemented security controls to ensure controls are implemented correctly and performing assigned functions.

Conducted assessment of information system controls on various platforms and devices to include Windows, Linux, UNIX operating systems, Databases and Networks devices.

Developed security assessment plan (SAP) containing the security control objective and determine if statements and the method of testing; referencing NIST SP 800 53A.

Conducted pre-assessment meeting with clients to discuss assessment scope, rules of engagement (ROE) and timeline for the assessment.

Reviewed security artifacts including, but not limited to, System Security Plans, inventories, screenshots of technical files, Scan data, requirement traceability matrices, control allocation tables, and security assessment reports.

Identified and document the appropriate security assessment level of effort and project management information to include tasks, reviews (including compliance reviews), resources, due dates, and milestones for the system being tested.

Performed independent verification and validation (IV&V) of company system and provide an authorization recommendation based on determination of risk.

IV&V included unprivileged and privileged scans against each applicable system, unprivileged and privileged database scans against each applicable database management system (DBMS)

Assisted ISSO's to create and manage POA&Ms for identified system vulnerabilities and track findings to ensure that they are remediated and closured.

Managed temporary ATO's due to unforeseen contingencies realized during assessments leading to the creation of open POA&M's to track and remediate critical and high vulnerabilities before a 3-year ATO can be granted.

Developed security assessment report (SAR) to contain weaknesses and recommendations on how to fix them; also document and tracking identified weaknesses within the plan of action and milestone (POA&M)

Conducted post assessment meetings with clients to discuss SAR and POA&M.

*REFERENCES AVAILABLE UPON REQUEST*



Contact this candidate