DANIEL BOAKYE
adzp33@r.postjobfree.com
Objective
Detailed knowledge of security tools, technologies and best practices with emphasis on FISMA and NIST Publications compliance. Over 8 years experience in Risk Management Framework and Vulnerability, specializing in providing guidance and supporting security assessments and continuous monitoring for government FISMA & NIST). Perform Risk Assessments and compliance reviews to ensure Integrity, Confidentiality, and Availability of system resources. Organized, solutions-focused, deadline-focused, and work well independently, or as part of a team.
Education
University of Ghana – Bachelor’s in Business Administration – August 2004 – May 2008
Certifications
CompTIA Security+ Certification
Certified Authorization Professional (CAP)
Certified Information System Auditor (CISA)
Certified Information Security Manager (CISM)
Summary of Qualifications
Perform Security Assessment and Authorization (A&A) activities
Develop, review and evaluate System Security Plans
Develop and conduct SCA (Security Control Assessments) according to NIST SP 800-53A
Familiar with FISMA, NIST publications, including SP 800-60, SP 800-53rev4, SP -800-137; and FIPS 199
Develop and update POA&Ms
Ability to multi-task, work independently and as part of a team
Strong analytical skills
Effective interpersonal and verbal/written communication skills
Experience
MKS2 WASHINGTON, DC OCTOBER 2018-PRESENT
ISSO- Cybersecurity Analyst
●Analyze and update System Security Plans (SSP), Risk Assessments (RA), Privacy Threshold Assessments (PTA), Privacy Impact Assessments (PIA), Contingency Plans (CP), FIPS 199, Contingency Plan Tests (CPT), System Security Test and Evaluation (ST&E), Security Assessment Reports (SAR) and Plan of Actions and Milestones (POA&Ms)
●Assist System Owners in preparing A&A packages for company’s IT systems, making sure that management, operational and technical security controls comply with security requirements per NIST SP 800-53rev4
●Designate systems and categorize its Confidentiality, Integrity and Availability (C.I.A) using FIPS 199 and NIST SP 800-60
●Conduct Self-Annual Assessments (NIST SP 800-53A)
●Perform Vulnerability Assessments, making sure risks are assessed, evaluated and are mitigated to limit their impact on the information and information systems
●Create standard templates for required A&A documents, including Risk Assessments, Security Plans, Security Assessment Plans and Reports, Contingency Plans, and Security Authorization Packages
●Monitor and prepare required actions and documents pertaining to the A&A of the system throughout its lifecycle, to include security evaluation findings and residual risks
●Conduct comprehensive reviews of security authorization documents to ensure appropriate NIST security controls were used during the assessments and relevant to the Confidentiality, Integrity, and Availability of the systems
●Review SSPs and other A&A documents for all applications to determine if organization’s mandated procedures and tasks are followed, such as using CSAM
●Review and process Interconnection Security Agreements (ISAs), Policy Waivers, Approval to Test (ATT), and Interim Approval to Operate (IATO) documents
●Assist the Government in preparing a written justification, when appropriate, to obtain a written waiver of policy for mandated security features
DELOITTE WASHINGTON, DC
JULY 2014 - SEPTEMBER 2018
Security Control Assessor
As an Assessor, focused on RMF phase 4 (Assessing security controls)
Effectively engaged in preparing for assessments, conducting assessments, and communicating assessment results
Coordinated, participated and attended weekly forums for security advice and updates
●Created Security Assessment Plans (SAP) to document assessment schedules, control families to be assessed, control tools and personnel, client’s approval for assessment, assessment approach and scope, and Rules of Engagement (ROE) if vulnerability scanning was involved
●Used the implementation section of the System Security Plan (SSP) in addressing how each control was implemented (frequency of performing the controls, control types and status) as part of my interview answers during the Security Testing and Evaluation (ST&E) documentation
●Determined assessment method (examining policies and procedures, interviewing personnel and testing technical controls), using NIST SP 800-53A as a guide
●Created Risk Traceability Matrix (RTM) in which to document assessment result (pass/fail)
●Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported
●Created Plans of Actions and Milestones (POA&Ms) to trace corrective action and resolving weaknesses and findings
●Set-up and participate in the Assessment Kick-Off meetings
●Determined threat sources and applied security controls to reduce risk impact.
●Used POA&M tracking tools like CSAM (Cyber Security Assessment and Management), and/or Excel spread sheet to make sure the POA&M is not in delayed status
UNITED STATES ARMY FORT SCOFIELD BARRACKS HI JUNE 2011- JUNE 2014
Desktop Support/Sys Administrator
Provide phone and in person IT white glove support to executives and upper management. Utilized Service Now to document ticket resolution.
Implemented and enhanced information systems and/or procedures based on users requirements by documented analysis and detailed functional specifications.
Installed, configured and troubleshoot hardware and software issues.
Prioritized and implemented requested changes to Epic systems in accordance to change management procedures.
Provide MS Office 365, MS Teams, SCCM, and Skype for Business and VPN support.
Maintain vendor and user relationship and communicated status reports and issues list.
Troubleshoot and successfully resolved Microsoft Outlook.ost/pst, calendar, send and receive issues.
Performed Active Directory password reset, created hostnames and groups.
Followed through on issues for resolution, escalates and communicate status to manager.
Evaluated requests for service and followed through as evidence by completion of system evaluation forms and requirements documentation.
Responded to system issues by following documented on-call and down time procedures.
REFERENCES AVAILABLE UPON REQUEST