Serge Mathieu Owona
Smithsburg, MD 484-***-**** ad7wxv@r.postjobfree.com
SUMMARY
US Army: Maryland National Guard, Rank, E4
An Information System Security Officer and NIST 800-53 Control assessor with enormous years of combined experience in the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST), Risk Management Framework (RMF) processes, Risk Assessment (RA), System Development Life Cycle (SDLC), as well as Contingency planning.
Through understanding of NIST 800-53 Rev 4 and 5 security controls. Audit projects including Security Audit, RMF, COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC and SSAE18. Good working experience with GRC tools like ServiceNow, and Archer and Knowledge of the process of obtaining a system ATO and the requirements to maintain the ATO.
An IT Professional with experience in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, as well as risk assessment.
Understanding of information technology concepts, and cloud computing models (PaaS, SaaS, IaaS).
EDUCATION
1.Capitol University (USA-Maryland) Phd in Cybersecurity Leadership (2022-2025)
2.The University of Texas McComb (USA-Texas) Post Graduate in Cybersecurity (2021-2022)
3.Bachelor Degree (Cameroon) in Law 2006
4.University of Yaoundé II (Cameroon) PhD in Law (2015)
CERTIFICATIONS
CISM (Cybersecurity Information System Manager)
CompTIA Security+ CE (Exp. Date : 04/06/2024)
AWS Solutions Architect
Oracle OCP
SECURITY CLEARANCE
Active Secret
PROFESSIONAL EXPERIENCE
DISA, Fort Meade Laurel, MD ( COMPQSOFT)
DATE : May 2023 to Present
Information System Security Officer (ISSO)
Assisting, supporting the for the Reauthorization for the Legacy system
Using, eMass to assess, monitor security controls and update the leadership
Using Stig Viewer to generate checklist for system and reporting to the Datacenter and Sys Admin for patching and remediation
Assisting ongoing RMF IATT/ATO for the New System projects in support of client security systems using NIST SP 800- 37 Rev 1 as a guide.
Assisting with RMF process, Categorization of the Information System, RMF documentations, CONOPS, BIA, ISCP, SSP, SPP, Drafting and updating Cybersecurity Policies.
US Navy, Walter Reed National Military MedicalCommand (WRNMMC), Bethesda, MD (DSG-IT)
DATE: 01/202*-**-****
Information System Security Officer (ISSO and ISSE)
POC for SSP, IPP, CP and All the RMF tools and accreditation process
Scanning WRNMMC workstations, servers and IT Infrastructure
POC for the WRNMMC validation process.
Preparing documents and artefacts for the IV&V team (system architecture diagram, SPP, ATO package and any other relevant documents for the Validation Team
Preparing effort request in the CSTAR tool in order to prepare for the IV&V team
Preparing Software and Hardware Inventory for the Cost estimate and validation of the WRNMMC IT infrastructure process
Assisting the IV&V Team with documents and different assesses for the Validation process of the WRNMCC IT process
Registration of New system in eMass, uploading of artifacts in eMass
Uploading of SSP, SAR, IPP and other relevant RMF documents into eMass
Creation, extension of new POA&M and Milestone into eMass
Using HBSS system (Mc Afee Agent to generate Audit Log report for workstations and IT infrastructure of WRNMMC Lan
Using ePo Orchestrator (Mac Afee Console) to generate scans and Audit Log for WRNCMMC IT infrastructure
Participating in Incident Response Team and effort to remediate WRNMMC incidents and Data breaches
United States Army, MRDC HQ Fort Detrick, MD (Free Alliance) DATE: 11/2021 – 2022
Information System Security Officer (ISSO)
Scanning MRDC LAN SYSTEM VIA ACAS to generate weekly reports
uploading reports for MRDC LAN for 6 Systems weekly
Collaborating with TECHS, WEB, DBA, and subject matter experts for remediation of vulnerabilities identified by ACAS Scanning
Develop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP).
Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.
Maintain and manage Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentation for the system.
Perform risk assessments, develops, and recommend mitigating controls, and remain abreast of advancements that address emerging business and environmental factors impacting assurance levels.
Work with IT Controls Manager to improve the efficiency and effectiveness of IT audit testing procedures, processes, and attributes.
Develop Plan of Action & Milestones (POA&M) to remediate actions resulting from security control assessments; monitored and tracked remediation progress using GRC tools like eMass, ServiceNow and Archer.
Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems.
Resolve A&A ServiceNow incident tickets for change management.
Execute day-to-day deliverables that support the ongoing compliance needs related to, PCI, IT policy, compliance, and risk, as well as any new regulatory requirements.
Develop/Review deliverables associated with a FedRAMP security authorization package including, but not limited to System Security Plan, Information System Contingency Plan, Security Assessment Plan, and Security Assessment Report.
Review for accuracy of Security Control Assessment (SCA) documentation, including but not limited to the Security Assessment Report (SAR).
Perform ongoing RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide.
Experience with e-GRC tools such as Archer, Service Now and prevalent to ensure secured and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.
Ensure compliance with data security policies and relevant legal and regulatory requirements following agency directives and applicable Risk Management Framework (RMF) requirements.
Review Nessus and Nexpose scan reports for deficiencies and remediation of findings.
Participates in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages.
Validated system requirements, security policies and procedures, contingency plans, incident response plans, personnel security, access control mechanisms and identification and authentication mechanisms.
United States Army (Trutek LLC) Alexandria, VA
Information System Security Engineer ( ISSE)
DATE: 12/2018 – 10/2021
Performed System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact levels assigned to the Confidentiality, Integrity, and Availability (CIA) based on the information type.
Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), and System Security Test and Evaluation (ST&E).
Developed and tracked Plans of Action and Milestones (POA&Ms) to ensure remediation closure.
Performed security risk assessment and analysis of resources, controls, vulnerabilities, asset decommissioning, and information security threats to the organization’s objective.
Performed assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess.
Ensured that plans of action and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.
A better understanding of NIST 800-53 security controls and documentation for assessment results.
Ensured all supporting artefacts and results will be documented appropriately and timely manner.
Adhered to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing, and implementing security controls, testing, and validating security controls, and analyzing and tracking corrective action plans.
Performed ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide.
Provided security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis – analyzing current threats to information security and systems
Documented observations for existing IT control processes and identify issues in assessment questionnaires during disaster recovery planning exercises
Conducted assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.
Incident response management by processing computer affected for reimaging
processing cybersecurity incidents that occurred within Network in collaboration with the 2RCC or NIWC CSSP Help Desk for analysis/ processing
Providing updates if necessary to the 2RCC or NIWC CSSP Help Desk
ADRPA LLC
DATE : 12/2017 – 10/2018
IT Specialist ( Cybersecurity and Help Desk Support)
Ticketing system via ServiceNow
Creating users using internal and external Domain users using Active Directory
Creating groups, roles and responsibilities using Azure Active
Tracking and following up RBAC
MX Tools.box.com to check on the validity and authenticity of emails Using Super Tools or Mxloopup, DMarclookup,
Performs a lead role in the promotion of security awareness programs, assessing gaps and implementing solutions.
Responsible for the end-to-end completion of security requests.
Provisions user security roles and manages security groups across systems, platforms, databases, applications, servers, directors and folders.
Analyzes existing role structures to improve and streamline structures, security administration and improve end-user experience.
Responsible for highly sensitive security access for outsourced vendors and ensuring compliance with policy, regulations and contractual requirements.
Accountable for highly sensitive emergency processes.
Creates or maintains application scripts and uses application-specific tools to create or manage application security.
Tracks and documents security issues and requests and actively monitors the work queue.1
Plans, coordinates, communicates, tests and implements audits ensuring that access entitlements are appropriate for job requirements.
Creates and coordinates completion of detailed security reports to fulfil audit, management or business
owner requirements.
Accountable for follow-up of all security work requests including collaborating with other IT areas to ensure timely completion/resolution and obtainment of appropriate approval levels.
Interfaces with users to understand new capabilities, implement procedures, ensure security procedures have been communicated properly and are being adhered to provide input to drive process improvements
Works closely with business areas and IT partners on troubleshooting, pre-implementation activities and assessing application security.
TECHNICAL SKILLS
NIST Guidelines Publications Certification and Accreditation (C&A) Assessment and Authorization (A&A) HIPAA & PRIVACY ACT Training IT Security Compliance Vulnerability Assessment Network Vulnerability Scanning Information Assurance System Risk Assessment System Development Life Cycle Nessus Vulnerability Scanner ACAS HBSS SCAP Splunk SharePoint LAN WAN NIST SP 800-53 SP 800-53A SP 800-37 NIST SP 800-171 FIPS FISMA FedRAMP Risk Management
Framework (RMF) FIPS-199 PTA PIA SSP CP SAR POA&M ATO ISA, MOU/A IDS IPS Windows
GRC ServiceNow Linux Microsoft Office NISPOM Belarc
Qualities :
Fast Learner and Hard worker, good team player, humble and always motivated to go for new professional and career challenges. Ability to adapt, Critical Thinking, integrity, multi- tasking, strong organizational skills, time management and organizational skills, Interpersonal skills, Strong problem-solving, decision- making, reporting, communication, and management skills.