Information Security Analyst

Nana Baffour

Phone:310-***-**** Email: ********.**@*****.*** Los Angeles, Ca

Cybersecurity Analyst

Results-driven cybersecurity professional with over eight years of experience in developing and managing cybersecurity programs for successful business operations. I specialize in designing and managing security of network and cloud infrastructures to protect company sensitive data. With strong emphasis on best industry standards, defense in depth, least privilege and zero trust principles, I achieve a better security posture for managing threats and responding to incidents.

TECHNICAL SKILLS & FRAMEWORKS

CIS Benchmark, Zero Trust Maturity Model, Risk Management Framework RMF, MITRE Attack Framework, Threat Modeling, ISO 27001, GDPR, Threat Intelligence, Scripting(python), PCI DSS, Secure Application and Deployment, Vulnerability Management, SIEM Tool, Identity and access management (Active Directory), NIST 800-53, Endpoint Protection, MDM, Network and Cloud Security, Data Loss Prevention, HIPAA and Project Management.

PROFESSIONAL EXPERIENCE

Information Security Analyst Advocates Inc. Framingham, Ma. Remote

June 2023 – Present

Develop and implement security controls to remediate against threats.

Operate SIEM tool, investigate logs to detect and respond to incidents.

Help organizations with industry best practices to manage and protect data throughout its life cycle.

Perform threat intelligence to identify potential threat tactics, techniques and procedures to better mitigate against such threats.

Review and update policies and procedures to meet new challenges.

Analyze data logs and develop a road map to continuously improve the effectiveness of controls.

Design secured application architecture, test applications for vulnerabilities and manage its deployment.

Design and maintain secured networks and cloud infrastructure.

Troubleshoot hardware, network and applications to resolve issues.

Manage identity and access privileges according to organization policies.

Design and implement Data Loss Prevention (DLP) tool for full visibility of data transits.

Perform Third Party Risk Assessment to help senior management make better decisions for business operations.

Perform periodic audits to identify gaps and suggest remediations.

Perform vulnerability scans, triage and prioritize them and implement patches or remediation plans.

IT Specialist, 25B US Army HQ, Hanscom, MA Feb 2015 – May 2022

I constructed a cyber defense matrix for a high-level assessment of security controls. Conducted risk assessment and developed a POAM to track security measure implementation; evaluate security packages such as system security plans (SSP), PTA, PIA, SAR, POA&MS. Spearheaded team of information security professionals responsible for the development of security policies, procedures, RMF, security assessment and authorization (A&A) packages. Worked with clients and ensured that they adhere strictly to security policies and procedures following NIST 800-53.

CERTIFICATIONS

• CompTIA Security+

• Certified Information Security Manager (CISM)

EDUCATION

Ms. Cybersecurity Harvard University, USA 2026

BSc. Computer Science KNUST, Ghana, 2013

Contact this candidate