Information System Security Officer
Resume:
Serge Mathieu Owona
Smithsburg, MD 484-***-**** *****************@*****.***
SUMMARY
US Army: Maryland National Guard, Rank, E4
Firstly, as an Information System Security Officer (ISSO) and NIST 800-53 Control Assessor, I have a combined experience with the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning.
Secondly, I am familiar with other Cybersecurity Framework such as COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC and SSAE18.
Thirdly, I have working experience with GRC tools like ServiceNow, eMass, ACAS, CSAM, DISA STIG Viewer, SCAP, Archer and extended experience of the process of obtaining a system ATO and the requirements to maintain the ATO.
Finally, I have experience in Vulnerability Management, Incident Response (IR), POA&M management, continuous monitoring, as well as risk assessment
SKILLS SET
NIST Guidelines Publications Certification and Accreditation (C&A) NIST 800 53 rev 4 and 5 Experience in Assessing controls and providing artifacts for controls that fails to create POA&M
Performing ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide
Providing security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems
Providing support with security and privacy controls assessments
Providing support with Privacy and security controls families to protect information system
Providing support with Personal identification information for information system (PII)
Providing support with Privacy Threshold Assessment PTA to protect information system that process
Experience with cybersecurity control assessments procedure such Independent Assessment, Third Party Assessment, Validation of security Control
EDUCATION
1.Capitol University (USA-Maryland) Phd in Cybersecurity Leadership (2022-2025)
2.The University of Texas McComb (USA-Texas) Post Graduate in Cybersecurity (2021-2022)
3.Bachelor Degree (Cameroon) in Law 2006
4.University of Yaoundé II (Cameroon) PhD in Law (2015)
CERTIFICATIONS
1.CISM (Cybersecurity Information System Manager)
2.CompTIA Security+ CE (Exp. Date: 04/06/2024)
3.AWS Solutions Architect
4.Oracle OCP
SECURITY CLEARANCE
Active Secret
PROFESSIONAL EXPERIENCE
DISA, Fort Meade Laurel, MD ( COMPQSOFT) DATE : May 2023 to Present
Information System Security Officer (ISSO)
Assisting, supporting the for the Reauthorization for the Legacy system
Using, eMass to assess, monitor security controls and update the leadership
Using Stig Viewer to generate checklist for system and reporting to the Datacenter and Sys Admin for patching and remediation
Assisting ongoing RMF IATT/ATO for the New System projects in support of client security systems using NIST SP 800- 37 Rev 1 as a guide.
Assisting with RMF process, Categorization of the Information System, RMF documentations, CONOPS, BIA, ISCP, SSP, SPP, Drafting and updating Cybersecurity Policies.
US Navy, Walter Reed National Military Medical Command (WRNMMC), Bethesda, MD (DSG-IT)
DATE: 01/202*-**-****
Information System Security Officer (ISSO and ISSE)
POC for SSP, IPP, CP and All the RMF tools and accreditation process
Scanning WRNMMC workstations, servers and IT Infrastructure
POC for the WRNMMC validation process.
Preparing documents and artefacts for the IV&V team (system architecture diagram, SPP, ATO package and any other relevant documents for the Validation Team
Preparing effort request in the CSTAR tool in order to prepare for the IV&V team
Preparing Software and Hardware Inventory for the Cost estimate and validation of the WRNMMC IT infrastructure process
Assisting the IV&V Team with documents and different assesses for the Validation process of the WRNMCC IT process
Registration of New system in eMass, uploading of artifacts in eMass
Uploading of SSP, SAR, IPP and other relevant RMF documents into eMass
Creation, extension of new POA&M and Milestone into eMass
Using HBSS system (Mc Afee Agent to generate Audit Log report for workstations
and IT infrastructure of WRNMMC Lan
Using ePo Orchestrator (Mac Afee Console) to generate scans and Audit Log for WRNCMMC IT infrastructure
Participating in Incident Response Team and effort to remediate WRNMMC incidents and Data breaches
United States Army, MRDC HQ Fort Detrick, MD (Free Alliance) DATE: 11/2021 – 2022
Information System Security Officer (ISSO)
Scanning MRDC LAN SYSTEM VIA ACAS to generate weekly reports
Performed assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.
Ensured that plans of action and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.
A better understanding of NIST 800-53 security controls and documentation for assessment results.
Ensured all supporting artefacts and results will be documented appropriately and timely manner.
Adhered to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing, and implementing security controls, testing, and validating security controls, and analyzing and tracking corrective action plans.
Performed ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide.
Provided security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems
Documented observations for existing IT control processes and identify issues in assessment questionnaires during disaster recovery planning exercises
Conducted assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.
Incident response management by processing computer affected for reimaging
processing cybersecurity incidents that occurred within Network in collaboration with the 2RCC or NIWC CSSP Help Desk for analysis/ processing
Providing updates if necessary to the 2RCC or NIWC CSSP Help Desk
ADRPA LLC DATE: 12/2017 – 10/2021
IT Specialist (Cybersecurity and Help Desk Support)
Ticketing system via ServiceNow
Creating users using internal and external Domain users using Active Directory
Creating groups, roles and responsibilities using Azure Active
Tracking and following up RBAC
MX Tools.box.com to check on the validity and authenticity of emails Using Super Tools or Mxloopup, DMarclookup,
Performs a lead role in the promotion of security awareness programs, assessing gaps and implementing solutions.
Responsible for the end-to-end completion of security requests.
Provisions user security roles and manages security groups across systems, platforms, databases, applications, servers, directors and folders.
Analyzes existing role structures to improve and streamline structures, security administration and improve end-user experience.
Responsible for highly sensitive security access for outsourced vendors and ensuring compliance with policy, regulations and contractual requirements.
Accountable for highly sensitive emergency processes.
Creates or maintains application scripts and uses application-specific tools to create or manage application security.
Tracks and documents security issues and requests and actively monitors the work queue.1
Plans, coordinates, communicates, tests and implements audits ensuring that access entitlements are appropriate for job requirements.
Creates and coordinates completion of detailed security reports to fulfil audit,
Accountable for follow-up of all security work requests including collaborating with other IT areas to ensure timely completion/resolution and obtainment of appropriate approval levels.
Interfaces with users to understand new capabilities, implement procedures, ensure security procedures have been communicated properly and are being adhered to provide input to drive process improvements
Works closely with business areas and IT partners on troubleshooting, pre-implementation activities and assessing application security.
Contact this candidate