Resume

Information System Security

Location:

Poughkeepsie, NY

Posted:

October 09, 2023

Contact this candidate

Resume:

AARON BOAHENE

City: Waldorf, MD, *****

Cell: 212-***-****

E-mail: adz9bi@r.postjobfree.com

OBJECTIVE

A highly passionate, detail-oriented and self-motivated Information Security Analyst with extensive experience in both Information Security and Assurance and Networking. Possess an in-depth understanding of security control implementation and enforcement. Provide effective skills to proactively complete projects and assignments on time while working autonomously or in teams in a fast-paced environment. I am seeking to apply my skills and expertise to help achieve Enterprise-wide information risk goals and objectives. Proven ability to lead and direct, solve information security risks problems professionally, and make strategic decisions in fast paced environments.

SKILLS SUMMARY AND TOOLS

• Security Risk Assessment

• Networking/ Network Security

• Information Assurance

• Risk Management Framework (RMF)

• NIST/ FISMA/FEDRAMP

• RAR, SSP, SAP, SAR, POA&M, ATO

• Microsoft Office Suite

• Operating Systems (Windows)/Linux

• SCAP, ACAS, DISA STIGs, eMASS

• Nmap, Zenmap

PROFESSIONAL EXPERIENCE

Information System Security Officer

BIG APPLE MANAGEMENT April 2023 – Present

• Conduct Compliance and Policy Checks for the various Navy flight test systems on the following artifacts: Contingency Plans & Tests, Configuration Management, System Interconnections and System Security Plans

• Generated, reviewed, and updated SSPs against National Institute for Standards and Technology (NIST 800- 18 and NIST 800-53) requirements; this contains the management, operational, and technical safeguards or countermeasures prescribed for an information system

• Risk Management Framework (RMF) and alignment with Joint Commission Accreditation requirements

• Worked closely with system owners and fellow ISSOs to oversee the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for approval of an Authorization to Operate (ATO)

• Updated, retrieved, and uploaded all necessary authorization related documentation into eMASS using approved templates and procedures

• Retrieved, updated, and uploaded all necessary Data Transfer Agent (DTA) related documents into Cyber Security Assessment Management using approved templates and procedures

• Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing.

• Evaluated and uploaded Plan of Action and Milestones (POA&Ms) into Enterprise Mission Assurance Support Service (EMASS) and validate artifacts specified to remediate POA&M items Information System Security Officer

CYBER VISION LLC Jan 2022 – April 2023

• Risk Management Framework (RMF) and alignment with Joint Commission Accreditation requirements

• Updated, retrieved, and uploaded all necessary authorization related documentation into eMASS using approved templates and procedures

• Retrieved, updated, and uploaded all necessary Data Transfer Agent (DTA) related documents into Cyber Security Assessment Management using approved templates and procedures

• Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing.

Prime Technical Services Inc. July 2021 – Jan 2022

• Reviewed and enforced security controls and assessed network security components.

• System Security Plans for information systems detailing on system boundaries, configuration requirements, selected security controls and system interconnections

• Performed Security event monitoring of heterogeneous networks such as Firewalls, IDS/IPS, CiscoASA, DLP devices. Performing security reviews, identify gaps in sec architecture, and developing a security risk management plan and risk analysis

• Perform first line service to resolve network problems as they appear. Detect, analyze, and resolve network switching and transmission system problems while minimizing impact on customer service

• Knowledgeable in network protocols such as OSPF, BGP, and EIGRP.

• Knowledgeable and experienced in working with wireless technologies, Virtual Private Networks

(VPN), Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS) and WAN. Information System Security Officer

MORGAN STANLEY Sept 2020 – Jun 2021

• Manage, troubleshoot connectivity issues, configure, install and un-install all devices on the network including switches, router, Network Monitoring Systems.

• Perform first line service to resolve network problems as they appear. Detect, analyze, and resolve network switching and transmission system problems while minimizing impact on customer service

• Differentiate between primary and secondary network failures. Based on the severity or type of event, determine what additional resources are required.

• Trained and on boarded many new hires and assisted in getting them acclimated to the job. Information System Security Officer

GOTHAM LEASING INC Nov 2013 – 0ct 2019

• Reviewed and analyzed existing C&A packages for completeness and compliance for the Department of Navy (DON)

• Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)

• Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37

• Evaluated and uploaded Plan of Action and Milestones (POA&Ms) into Enterprise Mission Assurance Support Service (EMASS) and validate artifacts specified to remediate POA&M items

• Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing

• Prepared and delivered oral IA-focused presentations to technical and non-technical groups

• Conducted regular penetration testing on systems to determine the weakness in the infrastructure

(hardware), application (software) and people to develop controls

• Performed Vulnerability Assessment to make sure that risks are assessed, evaluated and proper actions been taken to limit their impact on the Information and Information Systems

• Developed, reviewed and updated Information Security System Policies, System Security Plans and Security baseline in accordance with NIST, FISMA, and OMB App.

• Performed security categorization, using FIPS 199 as standard and NIST SP 800-60 as guideline and reviewed Privacy Threshold Analysis (PTA), and Business Impact Analysis (BIA)

• Collaborated closely with members of security team to accomplish mission objectives in a timely manner

• Drafted, prepared and submitted System Security Plan (SSP) to CISO for approval

• Reviewed Contingency Plan (CP) and participated in Contingency Plan Text (CPT), verifying secure operational conditions within planned recovery time

• Developed, maintained, and communicated a consolidated risk management activity

• Determined the information security objectives of the information systems by protecting the confidentiality, integrity and availability of the naval systems TRAINING & CERTIFICATIONS

• CompTIA Security+

• AWS Solution Architect

• AWS Cloud Practitioner

• Scrums Masters

• CISM

EDUCATION

MAY 2005 – MAY 2009 CUNY Bronx Community College

OCT 2019 – MAR 2020 Per Scholars - Networking & Security Training JULY 2021-SEPT 2021 Generation USA

Contact this candidate