Information Security Technology

Location:

Frederick, MD

Posted:

February 26, 2025

Contact this candidate

Resume:

General Information

Name: Isiaka Balogun

Security Clearance: Active Top Secret SCI & Secret

Education

Bachelor of Science, Computer Science, University of Ilorin

Master of Science, Information Technology, Ladoke Akintola University of Techology

Master of Science, Cybersecurity, University of Maryland

Certifications

CompTIA Security+ certification.

Certified Ethical Hacker (CEH)

Certified Authorization Professional (CAP)

Certified Information System Auditor (CISA)

AWS Certified Solutions Architect - Associate (SAA-C03)

Microsoft Certified: Azure Fundamentals

Certified Information Security Manager (CISM)

Certified Information Systems Security Professionals (CISSP) Certification, in progress.

Years of Experience

Experience Summary

Results-driven Information Security Specialist with 8 years of combined work experience in Information Security and Information Technology with proven knowledge and ability to effectively utilize information security tools, technologies, controls, policies and procedures implementation and best practices to prevent and mitigate organization risks.

Proficient and experience in all aspects of Information System, Security Authorization (SA) and Continuous Monitoring process with emphasis on Federal Information Security Management Act (FISMA), using National Institute of Standard Publications SP 800-3, SP 800-53 Rev. 4, SP 800-137, FIPS 199, FIPS 200, FIPS 800-60, SP 800-30, SP 800-39 and industry best security practices.

Performs day-to-day security operations of the system Evaluate security solutions to ensure they meet security requirements for processing classified information Manage changes to system and assesses the security impact of those changes.

Development, and implementation of applications and workloads solutions aligned with Zero Trust principles to determine capability based on maturity requirement

Map ZT capabilities, requirements, and existing client capabilities, and new or approved capabilities required for the applications and workloads pillar as outlined by NIST 800 Rev 5, NIST 800-207 and any future memoranda, EO's, and standards.

Provide expertise for segmenting workloads to isolate them from each other, reducing the attack surface and minimizing the impact of potential breaches.

Provides expertise for establishing continuous monitoring solutions and capabilities to detect and respond to anomalies and potential security threats within applications and workloads.

Provide expertise in the review, assessment, and solution recommendation for Zero Trust maturity evaluations.

Stay up to date with emerging technologies and industry trends related to application security, application access controls, application threat protections, and secure application development.

Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed Assist with the management of security aspects of the information system

Provide security certification test and evaluation of assets, vulnerability management and response, security assessments, and customer support Provide support for proposing, coordinating, implementing, and enforcing information systems security policies and standard

Experience in vulnerability management scanning and identifying gaps/issues using security assessment tools such as Nessus, Excellent knowledge in Risk Assessment and Risk Management Framework (RMF).

Ability to work independently and take ownership of and complete relatively complex tasks, effectively using available resources, as needed, with minimal guidance.

Excellent knowledge Security Assessment Plan (SAP), Security Assessment Report (SAR), POA&M Matrix Validation, Risk Assessment Report (RAR).

Employment History

AnaVation LLC

05/2021 – Present

Information Systems Security Officer

Develop, maintain and manage Security Assessment and Authorization (SA&A) packages that include System Security Plans (SSP), Contingency Plans (CP), Security Impact Analysis (SIA), POA&Ms, and other relevant security documentation for existing and new systems.

Ensure preparation of security documentation and deliverables in support of Authority to

Adequate security measures are in place for their systems to obtain the best possible monthly FISMA scores.

Attend Program Increment (PI) planning Proceed (ATP) and ATO readiness.

Ensure that all system security documents are created and maintained in the Cyber Security and Assessment Management tool and submitted to the ISSM team and document review for validation.

Serve as the system Subject Matter Expert (SME) to the Security Control Assessor (SCA) during a security assessment.

Gather artifacts to support security control implementation and ensure these are readily available for the SCA during a security assessment.

Develop and adhere to the ATO/ATP package schedules.

Identify/document system dependencies and work with teams to minimize risk.

Determine if there is a need for any compensating controls due to residual risk.

Work with various teams to select the applicable security controls and control inheritance in Assessment Management tool.

Work with system administrators and developer teams to document security control implementation statements.

Maintain an inventory of system’s virtual machines, hardware, and software.

Create Plans of Action and Milestones (POA&Ms) within the Assessment Management tool, document and address milestones, upload all supporting artifacts, and submit requests for POA&M closure to the Information System Security Manager (ISSM) Team.

Document contingency plans and coordinate annual contingency plan tests.

Contact Post-Deployment Security Verification (PDSV) to ensure that vulnerability and compliance scans are generated weekly.

Review Continuous Monitoring scan results to assess the vulnerability status of the system on a regular basis to determine if there is any new vulnerability or to verify if previous vulnerabilities have been remediated. Work with PDSV and system teams to identify and remove any false positive scan results.

Communicate system security issues to the System Owner, Project Manager (PM), and Federal Leads.

Assist in developing system-level security policies.

Review, acknowledge, and address Information Security Vulnerability Management alerts (ISVMs) that we receive from ISVM Teams page.

ISSOs are responsible for completing quarterly, and ad-hoc FISMA data calls that are reported to the CISO’s office. These data calls consist of various security metrics for IT systems and their assets.

Document and present bi-weekly slides to federal leadership on the overall security posture and POA&M status of systems.

Track tickets for risk reduction and remediation.

Conduct scanning analysis and troubleshooting (vulnerability and compliance scans).

Submit anti-virus scans to the Compliance Team each month.

Ensure Technical Insertion and Technical Reference Model approval and compliance of commercial proprietary software prior to use.

Deliver status reports to federal leadership and relevant contractor PMs. These reports include updates on current vulnerabilities identified in security scans, remediation ticket status, security documentation updates, and any other relevant security information.

Track and research any red or yellow FISMA scorecard metrics and identify which check failed for a given metric. Ensure that sessions and provide security input in the discussions, along with generating detailed notes that are relevant to their assigned ARTs.

Review and provide security input on CRs, ICRs, and Critical Change Requests.

River Front Services, Inc

07/2021 – 05/2021

Information System Security Officer

Meet with System Owners (SO) and provide guidance to them on the security posture of the ATO status, and update security packages accordingly.

Analyze and report vulnerability findings to SO and their technical point of contact for remediation.

Work with systems owners and engineers to review and update POA&MS.

Able to conduct research and present findings to stakeholders.

Document, organize and implement security control requirements

Identify current and new risks

Use workflows to develop security artifacts with assessors in preparation for assessment.

Conduct both technical and non-technical internal audits and testing to validate system and operational requirements compliance

Prepare vulnerability test plans and coordinate the testing and result procedures

Assess customer-based solutions and provide recommendations for any improvements to current security posture

Ability to review and write security related policies and procedures and influence policy

Support annual assessments in accordance with guidance in the DHS (CISA) Information Security Performance Plan

Using CSAM in Creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates

Using CSAM to manage assessment motive, controls management, offer controls for inheritance, select controls for inheritance, controls implementation and assessment reports/views

Using Tenable Security Center and Professional to perform monthly OS Nessus Scan

Support the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks

Review and update security authorization documents as needed, but at least annually

Contingency Plan tests at least annually and updating the plan

Conduct monthly OS Nessus Scan Analysis and Remediation Plan

System self-assessments as part of an Ongoing Authorization program

Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management

Maintain knowledge of inventory in accreditation boundary

Use DHS (CISA) and mandated enterprise IA Compliance Tools such as CSAM, and Tenable

Support the planning of certifying and accrediting their assigned information system or information systems

Ensure CM processes are followed to ensure that any changes do not introduce new security risks

Support the management system Information Security Vulnerability Management (ISVM) Compliance

Department of Justice

08/2020 – 04/2021

Information System Security Officer

Review and update security authorization documents as needed, but at least annually

Help coordinate with the customer’s Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements

Contingency Plan tests at least annually and updating the plan

Conduct monthly OS Nessus Scan Analysis and Remediation Plan

System self-assessments as part of an Ongoing Authorization program

Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management

Maintain knowledge of inventory in accreditation boundary

Use DOJ and mandated enterprise IA Compliance Tools such as CSAM, and Tenable

Support the planning of certifying and accrediting their assigned information system or information systems

System/Splunk log analysis

Using CSAM in Creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates

Using CSAM to manage assessment motive, controls management, offer controls for inheritance, select controls for inheritance, controls implementation and assessment reports/views

Using Tenable Security Center and Professional to perform monthly OS Nessus Scan

Support the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks

Support annual assessments in accordance with guidance in the DOJ Information Security Performance Plan

Ensure CM processes are followed to ensure that any changes do not introduce new security

Support the management system Information Security Vulnerability Management (ISVM) Compliance

Department of Homeland Security

06/2020 – 08/2020

Information System Security Officer

Creation, monitoring, and updating the status of POA&Ms to ensure weaknesses are resolved in accordance to their scheduled completion dates

Support the creation of Waivers or Risk Acceptance Memos to assist in the effective management of system risks

Support annual assessments in accordance with guidance in the DHS Information Security Performance Plan

Review and update security authorization documents as needed, but at least annually

Help coordinate with the customer’s Privacy, Records, and Information Governance Divisions related to compliance documentation and other requirements

Contingency Plan tests at least annually and updating the plan

Conduct monthly OS Nessus Scan Analysis and Remediation Plan

Conduct quarterly Data Base and Web Inspect Scan Analysis and Remediation Plan

System self-assessments as part of an Ongoing Authorization program

Monitor and respond to Information Security Vulnerability Management (ISVM)/Patch Management

Maintain knowledge of inventory in accreditation boundary

Proactively ensure security requirements are included in development cycle (Waterfall or Agile)

Use DHS and mandated enterprise IA Compliance Tools such as IACS (XACTA 360), Continuum, Archer Dashboard (CDMT), Splunk and Service Now

Support the planning of certifying and accrediting their assigned information system or information systems

System/Splunk log analysis

Support the management system Information Security Vulnerability Management (ISVM) Compliance

Steampunk

12/2019 - 2020