Incident Response Vulnerability Management

ADEBAYO Y. MAJOLAGBE

Upper Marlboro MD, *****

+1-240-***-**** ******@*****.***

OBJECTIVE

IT Security professional with 10+ years of experience in designing and implementing effective cybersecurity solutions. Demonstrates proficiency in incident response, security monitoring, and vulnerability management within diverse IT ecosystems. Proven track record in reducing risks and ensuring compliance with NIST, RMF, and related frameworks. Skilled at enhancing security postures through detailed assessments, documentation, and strategic control implementations.

SKILLS

•Security Operations: Incident Response, Vulnerability Management, Security Monitoring (Splunk, ACAS), Log Analysis, Threat Analysis

•Risk Management & Compliance: NIST RMF (800-37, 800-53, 800-53A), FISMA, FedRAMP, FIPS, Policy Development, Security Assessments, POA&M Management

•Network Security: Firewalls (ASA, Palo Alto), Intrusion Detection/Prevention Systems, Network Monitoring (Wireshark)

•Vulnerability Assessment & Penetration Testing: Nessus, Qualys, Nmap, Kali Linux, Web Inspect, IBM Guardium

•Cloud Security: Azure Fundamentals, AWS

•System Administration: Windows Server (2019,2022), Active Directory, SCCM, Linux (RedHat, CentOS)

EXPERIENCE

BAE Systems Mar 2023 - Present

ISSE

•Conducted vulnerability and risk assessments that reduced critical vulnerabilities by 60%, contributing to accreditation processes and bolstering overall cybersecurity defenses.

•Analyzed system inspection tools and maintained security monitoring practices to identify and mitigate potential threats.

•Developed and reviewed comprehensive security documentation, including Risk Assessment Reports and Accreditation Packages, to meet compliance requirements.

•Collaborated with system administrators to validate patch management, antivirus definition updates, and security tool implementations, reinforcing system integrity.

•Supported ISSO teams for systems deployed in AWS Cloud and MS Azure by ensuring readiness for annual assessments through artifact gathering and updates to security documents.

•Reviewed authorization documentation for completeness and accuracy in compliance with security policies and regulatory standards.

•Executed periodic facility assessments to verify adherence to security requirements.

•Managed POA&M processes, reducing critical vulnerability remediation time by 30% through streamlined corrective actions.

Steampunk Oct 2022 - Mar 2023

ISSE

•Analyzed Nessus vulnerability scans and DISA STIG compliance reports for Windows Server 2019, recommending remediation for over 50 critical vulnerabilities and achieving a 20% reduction in overall system risk.

•Formulated, implemented, and enforced information systems security policies to ensure security requirements were integrated during all phases of the system lifecycle.

•Developed Security Control Assessments and documented findings with recommendations for enhancing the customer's security posture in accordance with NIST controls.

•Contributed to A&A process activities by producing systems concept of operations, security design documentation, implementation plans, operational procedures, and maintenance training materials.

•Assisted in transitioning information systems from NIST 800-53 Rev 4 to Rev 5, maintaining compliance with evolving standards.

•Ensured timely software patching and implemented measures to protect systems from emerging threats, reinforcing incident response capabilities.

•Researched current and emerging cybersecurity technologies to propose innovative technology insertions for projects.

•Resolved security-related issues on an ad hoc basis, ensuring sustained security posture amid evolving threats.

Okinyx IT Mar 2021 - Sep 2022

Information Security Analyst

•Performed security assessments and reviewed authorization documentation for NIST compliance.

•Implemented and monitored continuous monitoring systems, ensuring adherence to cybersecurity policies.

•Developed Security Control Assessment (SCA) documentation and recommendations to enhance security posture.

•Analyzed security, audit, firewall, and AV logs, identifying and mitigating potential anomalies such as unauthorized access attempts and malware infections, reducing incident response time by 15%.

•Conducted risk assessments and developed mitigation strategies.

SAIC Sep 2019 - Mar 2021

Sr. Information System Security Officer (ISSO)

• Managed cybersecurity of information systems, ensuring maintenance of security and privacy posture.

• Served as a principal advisor on security and privacy controls, facilitating Authorization to Operate (ATO).

• Developed and implemented security monitoring strategies, ensuring control effectiveness.

• Managed POA&M processes, ensuring timely remediation of vulnerabilities.

• Utilized Security solutions such as Splunk, and firewall appliances.

Information Innovators Inc. / Salient CRGT

Information System Security Officer (ISSO)

• Provided system security guidance, ensuring compliance with federal guidelines (NIST, FIPS).

• Managed Risk Management Framework (RMF) implementation for on-premises and cloud systems.

• Developed and reviewed security documentation, including SSPs, Contingency Plans, and Risk Assessment Reports.

• Performed vulnerability and compliance scan analysis, coordinating remediation efforts.

• Report on security posture to senior management.

General Dynamics IT

Sr. System Administrator (Site Lead/SME)

• Managed system performance and security for USCIS, providing incident response and resolution for 1500 + users.

• Provided Tier 3 support, troubleshooting complex problems and ensuring minimal disruption.

• Led a team, training junior technicians and developing training materials.

• Maintained and analyzed system performance and maintained system security.

• Ensured desktops and laptops were compliant and encrypted.

EDUCATION

University of Maryland University College

Sep 2022

M.S., Cyber Security Management & Policy

University of Maryland University College

May 2007

B.S., Information Technology

CERTIFICATIONS

• EC-Council Certified Ethical Hacker (CEH)

• Security+ CE

• Azure Fundamentals

• Scrum Master

• CCNA

• ITIL Foundation V3

• CISSP: In Progress

Mar 2011 - Sep 2019

Jul 2008 - Mar 2011

Contact this candidate