DANIEL BOAKYE

adzp33@r.postjobfree.com

202-***-****

Objective

Detailed knowledge of security tools, technologies and best practices with emphasis on FISMA and NIST Publications compliance. Over 8 years experience in Risk Management Framework and Vulnerability, specializing in providing guidance and supporting security assessments and continuous monitoring for government FISMA & NIST). Perform Risk Assessments and compliance reviews to ensure Integrity, Confidentiality, and Availability of system resources. Organized, solutions-focused, deadline-focused, and work well independently, or as part of a team.

Education

University of Ghana – Bachelor’s in Business Administration – August 2004 – May 2008

Certifications

CompTIA Security+ Certification

Certified Authorization Professional (CAP)

Certified Information System Auditor (CISA)

Certified Information Security Manager (CISM)

Summary of Qualifications

Perform Security Assessment and Authorization (A&A) activities

Develop, review and evaluate System Security Plans

Develop and conduct SCA (Security Control Assessments) according to NIST SP 800-53A

Familiar with FISMA, NIST publications, including SP 800-60, SP 800-53rev4, SP -800-137; and FIPS 199

Develop and update POA&Ms

Ability to multi-task, work independently and as part of a team

Strong analytical skills

Effective interpersonal and verbal/written communication skills

Experience

MKS2 WASHINGTON, DC OCTOBER 2018-PRESENT

ISSO- Cybersecurity Analyst

●Analyze and update System Security Plans (SSP), Risk Assessments (RA), Privacy Threshold Assessments (PTA), Privacy Impact Assessments (PIA), Contingency Plans (CP), FIPS 199, Contingency Plan Tests (CPT), System Security Test and Evaluation (ST&E), Security Assessment Reports (SAR) and Plan of Actions and Milestones (POA&Ms)

●Assist System Owners in preparing A&A packages for company’s IT systems, making sure that management, operational and technical security controls comply with security requirements per NIST SP 800-53rev4

●Designate systems and categorize its Confidentiality, Integrity and Availability (C.I.A) using FIPS 199 and NIST SP 800-60

●Conduct Self-Annual Assessments (NIST SP 800-53A)

●Perform Vulnerability Assessments, making sure risks are assessed, evaluated and are mitigated to limit their impact on the information and information systems

●Create standard templates for required A&A documents, including Risk Assessments, Security Plans, Security Assessment Plans and Reports, Contingency Plans, and Security Authorization Packages

●Monitor and prepare required actions and documents pertaining to the A&A of the system throughout its lifecycle, to include security evaluation findings and residual risks

●Conduct comprehensive reviews of security authorization documents to ensure appropriate NIST security controls were used during the assessments and relevant to the Confidentiality, Integrity, and Availability of the systems

●Review SSPs and other A&A documents for all applications to determine if organization’s mandated procedures and tasks are followed, such as using CSAM

●Review and process Interconnection Security Agreements (ISAs), Policy Waivers, Approval to Test (ATT), and Interim Approval to Operate (IATO) documents

●Assist the Government in preparing a written justification, when appropriate, to obtain a written waiver of policy for mandated security features

DELOITTE WASHINGTON, DC

JULY 2014 - SEPTEMBER 2018

Security Control Assessor

As an Assessor, focused on RMF phase 4 (Assessing security controls)

Effectively engaged in preparing for assessments, conducting assessments, and communicating assessment results

Coordinated, participated and attended weekly forums for security advice and updates

●Created Security Assessment Plans (SAP) to document assessment schedules, control families to be assessed, control tools and personnel, client’s approval for assessment, assessment approach and scope, and Rules of Engagement (ROE) if vulnerability scanning was involved

●Used the implementation section of the System Security Plan (SSP) in addressing how each control was implemented (frequency of performing the controls, control types and status) as part of my interview answers during the Security Testing and Evaluation (ST&E) documentation

●Determined assessment method (examining policies and procedures, interviewing personnel and testing technical controls), using NIST SP 800-53A as a guide

●Created Risk Traceability Matrix (RTM) in which to document assessment result (pass/fail)

●Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported

●Created Plans of Actions and Milestones (POA&Ms) to trace corrective action and resolving weaknesses and findings

●Set-up and participate in the Assessment Kick-Off meetings

●Determined threat sources and applied security controls to reduce risk impact.

●Used POA&M tracking tools like CSAM (Cyber Security Assessment and Management), and/or Excel spread sheet to make sure the POA&M is not in delayed status

UNITED STATES ARMY FORT SCOFIELD BARRACKS HI JUNE 2011- JUNE 2014

Desktop Support/Sys Administrator

Provide phone and in person IT white glove support to executives and upper management. Utilized Service Now to document ticket resolution.

Implemented and enhanced information systems and/or procedures based on users requirements by documented analysis and detailed functional specifications.

Installed, configured and troubleshoot hardware and software issues.

Prioritized and implemented requested changes to Epic systems in accordance to change management procedures.

Provide MS Office 365, MS Teams, SCCM, and Skype for Business and VPN support.

Maintain vendor and user relationship and communicated status reports and issues list.

Troubleshoot and successfully resolved Microsoft Outlook.ost/pst, calendar, send and receive issues.

Performed Active Directory password reset, created hostnames and groups.

Followed through on issues for resolution, escalates and communicate status to manager.

Evaluated requests for service and followed through as evidence by completion of system evaluation forms and requirements documentation.

Responded to system issues by following documented on-call and down time procedures.

REFERENCES AVAILABLE UPON REQUEST

Contact this candidate