Summary
Overview
Work History
Education
Skills
Certification
WORK AUTHORIZATION
CORE QUALIFICATIONS
CLEARANCE
Languages
Timeline
Generic
Abu B Kanu

Abu B Kanu

Stafford,VA

Summary

Highly motivated, success-oriented, passionate, analytical person with excellent communication skills who combines professional and interpersonal skills to accomplish the mission, vision, and goals of the organization. Dynamic IT Security and FISMA/ Information Systems Security and Compliance Analyst with over 10 years of progressive experience in System Development Life Cycle (SDLC), and FedRAMP. Experienced in using FISMA and applicable NIST SP 800 series of GSS (General Support Systems) and MA (Major Applications). As a proficient IT information Assurance professional, I also have extensive background in maintaining Oracle database security from back end to front end Applications and experience working in DOS, DOD secure environments. Ability to motivate, lead, and work with a team in IT Security. Seeking to utilize my background and experience within a progressive and responsible position, with attention to detail, passion for excellence, to enhance the confidentiality, integrity, and availability of the information system.

Overview

14
14
years of professional experience
1
1
Certification

Work History

Security Control Assessor (SCA)

Deloitte (Supporting DMDC)
10.2018 - 01.2026
  • Provide Assessment and Authorization (A&A) support and security guidance in all phases of the System Accreditation and Risk Management Framework processes.
  • Briefing Senior leadership on system security postures
  • Review security and privacy plans to facilitate development of the assessment Plans.
  • Ensuring that customers' requests for security access are completed promptly, providing second-level technical support to the project team and end users.
  • Prepares security and privacy assessment reports containing the results and findings from the assessment.
  • Review System Security documentation in compliance with NIST 800, including 800-18, 800-30, 800-53, 800-53A, 800-60, and other NIST 800 series documents
  • Conduct Security Authorization reviews in compliance with Risk Management Framework (RMF) and present findings/brief to Senior Leadership

Information Systems Security Officer (ISSO)

Intercon (Supporting DOS)
02.2016 - 09.2018
  • Scheduled and conducted working sessions/interviews with stakeholders to gather and analyze security controls implementation and the information system security posture.
  • Provides an assessment of the severity of the deficiencies discovered in the system, environment of operation, and common controls, and can recommend corrective measures and actions to address the identified vulnerabilities.
  • Prepares security and privacy assessment reports containing the results and findings from the assessment
  • Knowledge of Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), CMP, and CP
  • Developed Assessment & Authorization (formerly known as Certification and Accreditation C&A) packages for compliance with NIST 800 guidance, including System Security Plans (SSP), System Categorization documents, Risk Assessments, Security Assessment Plan (SAP), System Security Test and Evaluation (ST&E), Security Assessment Report (SAR), and the Plan of Actions and Milestones (POA&M)
  • Review the security and privacy plans to facilitate development of the assessment Plans.
  • Tracked and updated Plans of Action and Milestones (POA&M) regarding the mitigation and remediation status. Worked with the Vulnerability Assessment Team (VAT) to analyze the vulnerability scans conducted with Nessus and Tenable scans and inform the System Owners and their technical POC to remediate the findings.
  • Supported the Security Assessment and Authorization (SA&A), FISMA compliance, NIST requirements, and continuous monitoring for Security Controls.

Information Systems Security Officer (ISSO)

Northern Virginia Training Center (NVTC)
03.2012 - 02.2016
  • Develop and implement security-related directives and guidance for Information Assurance, Information Technology, and Information Management.
  • Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies, and report findings in the POA&Ms document
  • Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
  • Conduct Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), CMP, and CP
  • Developed Assessment & Authorization (formerly known as Certification and Accreditation C&A) packages for compliance with NIST 800 guidance, including System Security Plans (SSP), System Categorization documents, Risk Assessments, Security Assessment Plan (SAP), System Security Test and Evaluation (ST&E) and Security Assessment Report (SAR) and the Plan of Actions and Milestones (POA&M)
  • Scheduled and conducted working sessions/interviews with stakeholders to gather and analyze security controls implementation and the information system security posture.
  • Tracked and updated Plans of Action and Milestones (POA&M) regarding the mitigation and remediation status. Worked with the Vulnerability Assessment Team (VAT) to analyze the vulnerability scans conducted with Nessus and Tenable scans, ACAS, and informed the System Owners and their technical POCs to remediate the findings.
  • Supported the Security Assessment and Authorization (SA&A), FISMA compliance, NIST requirements, and continuous monitoring for Security Controls.
  • Put together an ATO package to provide an accurate security posture of systems to assist the Authorizing Official (AO) in making an ATO decision.
  • Participated in kick-off meeting and client interviews to complete the Risk Assessment, Security Control Assessment, and Plan for remediation actions and Security Continuous Monitoring Plan.
  • Knowledge in cloud technology using FedRAMP templates
  • Updated existing Authorization packages throughout the life cycle of the Major applications and General Support Systems.

Education

Bachelor of Science - Cybersecurity and Information Assurance

WGU

Associate of Science - Information Technology

NVCC

Skills

  • Experienced in the development of System Security Plans (SSP), Contingency Plans, Disaster Recovery Plans, Incident Response Plans/Training, and Configuration Management
  • Review the security and privacy plans to facilitate development of the assessment Plans
  • IAM – Responsible for how users within the organization are given access, making sure their information is protected, including saving critical applications, data, and systems from unauthorized access
  • Brief Leadership on systems security posture
  • Experienced with GRC Tools (EMASS, SERVICE NOW(SNOW))
  • Emass – To generate RMF, Review, manage, and track POAMs
  • Conducts a comprehensive assessment of implemented controls to determine their effectiveness
  • Plans, System Security Checklists, Privacy Impact Assessments, POA&M
  • Familiar with VMware and other Virtual Machine Applications
  • Good communication and writing skills
  • Experience with Data Loss Prevention (DLP) Symantec
  • Experience with Vulnerability Management
  • Experience working with Application Security Management (ASM)
  • Experience with Privileged Access Management (PAM)
  • Experience scripting
  • Proactively helping clients create Memos
  • Hands-on experience with a web gateway/proxy such as McAfee
  • Experience with ISO 2700, 27001
  • Working knowledge of NIST 800-53, NIST RMF, FIPS, and FISMA
  • Experienced working with NIST SP 800-53 rev 3 and rev 4
  • FISMA Reports, Standard Operating Procedures (SOP) as part of POA&M remediation
  • Experienced with vulnerability scanning and penetration testing using tools like Nessus, Web Inspect, and Nextpose
  • Experienced in doing Security Control Assessment and Reviewing ATO packages
  • Experience with reviewing security controls
  • Experience with Payment Card Industry Data Security Standards (PCI/DSS
  • Experienced in Risk Management Frameworks (RMF) processes and compliance using NIST publications and standards
  • Experience with FedRAMP and Cloud services
  • Experience working with Splunk to Analyze Data
  • Experience working with Oracle Database 11g,12c,18c,19c
  • Experience with Amazon Web Services (AWS)
  • Experience with Oracle RAC
  • Experience working with Linux, Unix-Based Systems, and Windows operating systems (ALL)

Certification

  • CASP
  • CompTIA Security+
  • CISA(in process)
  • CISM
  • Amazon Web Services (AWS)
  • CEH (Certified Ethical Hacker)
  • Business Analysis (BA)
  • Oracle Administration Certified Associate (OCA)
  • Oracle Database: SQL Fundamental I

WORK AUTHORIZATION

U S CITIZEN

CORE QUALIFICATIONS

  • Extraordinary work ethic, able to prioritize work assignments appropriately and manage pressures of conflicting demands or changing priorities.
  • Strong analytical and documentation skills, proven operational knowledge of FISMA compliance, NIST requirements and continuous monitoring for security controls.

CLEARANCE

Top Secret

Languages

English
Full Professional

Timeline

Security Control Assessor (SCA)

Deloitte (Supporting DMDC)
10.2018 - 01.2026

Information Systems Security Officer (ISSO)

Intercon (Supporting DOS)
02.2016 - 09.2018

Information Systems Security Officer (ISSO)

Northern Virginia Training Center (NVTC)
03.2012 - 02.2016

Associate of Science - Information Technology

NVCC

Bachelor of Science - Cybersecurity and Information Assurance

WGU

Similar Profiles

CREATE PROFILE