Adukwei Brown
Summary
A highly motivated and detail oriented cyber security professional possessing over 10 years work experience in Risk Management, Cyber Security and Security Controls Assessments. Adept at using NIST 800 series publications including SP 800-53/A, 800-18, 800-60, 800-37, 880-30 etc. Experience in develop and maintaining ATO Packages for information systems to include SSP, Risk Assessment, FIPS 199, e-Authentication. Experience in preparing ATO package to include SSP, SAR, POAM Remediation Plan to Authorizing Official to make risk-based ATO decision.
Overview
15
15
years of professional experience
2
2
Certifications
Work History
Information Systems Security Officer
Cydaptiv Solutions
04.2024 - Current
- Developing and maintaining ATO Packages for information systems to include SSP, Risk Assessment, FIPS 199, e-Authentication Conducting annual assessments on assigned systems.
- Establishing meetings with vendors for collection of artifacts for POA&M closure.
- Working with legal department to amend contracts to include security requirements.
- Liaise with system stakeholders to review and update supporting security artifacts such as CMP, CP, IRP and MOU/ISA.
- Working with engineers to ensure timely patching of systems. Conducting meetings with system admins to collect artifacts for POA&M closure.
- Collaborating with stakeholders and Privacy Office to develop and review Privacy Threshold.
- Analyzing Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) for compliance with applicable privacy policies and regulations.
- Performing Contingency Plan Test and write After- Action report for systems under my purview.
- Managing and tracking POA&Ms and collaborating with technical team until POAM closure; or where required, put in a risk waiver or risk acceptance.
- Preparing ATO package to include SSP, SAR, POAM Remediation Plan to Authorizing Official to make risk based ATO decision
- Hosting and facilitating kick-off meetings and presentations with clients on operational security posture of systems in their purview and on security related policies.
- Creating monthly account audits and review audit logs to ensure there is no malicious activity. • Where one exists, a report was made to System Owner for investigation.
- Creating Contingency Planning and Incident Response documentation and conducted required training and reporting.
- Reviewing monthly continuous monitoring reports submitted by Vulnerability Management Group and collaborating with System Engineer as needed to address them.
- Ensuring all system users and people with security responsibilities receive their annual awareness training.
- Reviewing and validating user access rights.
- Approving Privilege Access Request and Role- Based Access Request forms for system users.
- Ensuring all system users sign Rules of Behavior (ROB) before being granted access.
- Participating in Change Request (CR) process (i.e., reviewing/approving change requests from system engineers before it goes to CCB and conducting impact analyses).
- Supporting Change Control Boards as required • Providing weekly report to ISSM on security status of system •
Cybersecurity Analyst
Corecivic Inc.
12.2022 - 02.2024
- Conduct security audits to identify vulnerabilities.
- Develop and maintain incident response protocols to mitigate damage and liability during security breaches.
- Design company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
- Recommend improvements in security systems and procedures.
- Perform risk analyses to identify appropriate security countermeasures.
- Maintained company-wide compliance with industry standards.
- Author security incident reports, highlighting breaches, vulnerabilities and remedial measures.
- Collaborate with legal and procurement teams to incorporate security and privacy requirements into vendor contracts and service level agreements.
- Run audit log scans on Splunk and create monthly account audits and review audit logs to ensure there is no malicious activity. Where one exists, a report is made to System Owner for investigation
- Draft security reports and metrics to track security performance and strategize improvements.
- Assess vendor security as part of the procurement process.
- Manage vendor contracts with third-party agencies for the information security purposes.
- Conduct vendor risk assessments, evaluating security controls, data protection practices, and compliance with contractual obligations and regulatory requirements.
Information System Security Officer
CACI
10.2017 - 11.2022
- Develop and maintaining ATO Packages for information systems to include SSP, Risk
- Assessment, FIPS 199, e-Authentication
- Liaise with system stakeholders to review and update supporting security artifacts such as CMP, CP, IRP and MOU/ISA
- Perform Contingency Plan Test and write After-Action report for systems under my purview
- Collaborate with stakeholders and Privacy Office to develop and review Privacy Threshold
- Analysis (PTA) and Privacy Impact Assessment (PIA) for compliance with applicable privacy policies and regulations
- Manage and track POA&Ms and collaborate with technical team until POAM closure; or where required, put in a risk waiver or risk acceptance
- Prepare ATO package to include SSP, SAR, POAM Remediation Plan to Authorizing Official to make risk-based ATO decision
- Host and facilitate kick-off meetings and presentations with clients on operational security posture of systems in their purview and on security related policies
- Create monthly account audits and review audit logs to ensure there is no malicious activity. Where one exists, a report is made to System Owner for investigation
- Create Contingency Planning and Incident Response documentation and conduct required training and reporting
- Review monthly continuous monitoring reports submitted by Vulnerability Management
- Group and collaborate with System Engineer as needed to address them
- Ensure all system users and people with security responsibilities receive their annual awareness training
- Review and validate user access rights
- Approve Privilege Access Request and Role-Based Access Request forms for system users
- Ensure all system users sign Rules of Behavior (ROB) before being granted access
- Participate in Change Request (CR) process (i.e., reviewing/approving change requests from system engineers before it goes to CCB and conducting impact analyses)
- Support Change Control Boards as required
- Provide weekly report to ISSM on security status of system
Security Control Assessor
19FiftySeven LLC
11.2014 - 10.2017
- Developed Security Assessment Plan (SAP) to include Rules of Engagement (ROE) to present to stakeholders during kick off meeting before assessment
- Conducted security assessment through examining of controls, interviewing appropriate stakeholders, and testing controls to determine extent to which controls are implemented correctly, operating as intended, producing desired outcome to meeting security requirements of the system
- Documented result of assessment and consolidated all findings into Security Assessment Report (SAR)
- Constructed reports and POA&Ms based on results of vulnerability assessment tools such as Nessus scanner with appropriate remediation dates and track findings until closure
- If a POA&M would never be met, familiar with exceptions and waiver procedures
- Put together ATO package to provide accurate security posture of systems to assist
- Authorizing Official (AO) in making ATO decision
- Reviewed and analyzed documents to include System Security Plan (SSP), FIPS 199,
- Contingency Plan, Account Management,Vulnerability Scans etc
- Experience in conducting assessment for cloud systems using FedRAMP approach.
Information Assurance Analyst
Legacy Cyber Tech LLC
07.2010 - 11.2014
- Assessed security solutions and provide recommendations for improvements to current security posture
- Led all efforts to attain Authorization to Operate (ATO) through Risk Management
- Framework (RMF) process – NIST SP 800-37 Rev 2 for assigned systems
- Created, managed and tracked Plan of Action and Milestones (POA&M) of all findings upon completion of Security Control Assessment (SCA) exercises, OIG Audits or through
- Vulnerability scans review until POAM closure
- Responsible for creating Waivers and Risk Acceptance requests when a POAM cannot be closed within the remediation timeline or when POAM cannot be closed
- Developed system security artifacts such as System Security Plan (SSP), Contingency Plan (CP), Incident Response Plan (IRP), Privacy Threshold/Impact assessments (PTA/PIA), FIPS 199 and Risk Assessment (RA) documents in compliance with NIST 800 guidelines to prepare systems for assessment and ATO
- Worked with engineering team and system administrators to gather artifacts to demonstrate system compliance during assessment
- Monitored controls post certification to ensure continuous compliance with security requirements by evaluating threats and vulnerabilities
- This includes but not limited to scan review, audit logs review, change management, annual documents reviews, 1/3 assessments, etc
- Developed and led Contingency Plan Test (CPT) to ensure current Contingency Plan can run smoothly when activated
- As part of CP test, develop lessons learned document
- Developed, reviewed and updated Interconnection Security Agreements (ISAs) for systems within my control
- Monitored computer virus reports to determine when to update virus protection systems
Education
Bachelor of Science - Human And Early Childhood Development
University of California - Davis
Davis, CASkills
Scans: Nessus, Acunetix, Rapid7, Webinspect
Monitoring: Splunk, LogRythm
Repository/GRC: CSAM, RSA Archer, SNowXACTA, eMASS
Operating System: Windows, Linux, Unix, IOS
Certification
CompTIA Security+
Skills
Security Controls Assessment
Risk Identification and Mitigation
Analytical and Problem Solving
Risk Assessment
Communication/Customer Service
NIST SP 800 Series
Information Security & Compliance Conducting risk and Vulnerability Assessment Continuous Monitoring Activities
Security Impact Analysis
Develop RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
Creating ATO package
Third Party Risk Management
Vendor Management
Compliance
Timeline
Information Systems Security Officer
Cydaptiv Solutions
04.2024 - Current
Cybersecurity Analyst
Corecivic Inc.
12.2022 - 02.2024
Information System Security Officer
CACI
10.2017 - 11.2022
Security Control Assessor
19FiftySeven LLC
11.2014 - 10.2017
Information Assurance Analyst
Legacy Cyber Tech LLC
07.2010 - 11.2014
Bachelor of Science - Human And Early Childhood Development
University of California - Davis
Similar Profiles
Elizebeth GhilbertElizebeth Ghilbert
Sr Software Engineer at P Square Toll Solutions India Pvt Ltd / Seeroo IT Solutions (P Square Solutions LLC – Contractor)Sr Software Engineer at P Square Toll Solutions India Pvt Ltd / Seeroo IT Solutions (P Square Solutions LLC – Contractor)
Ana Giselle Javelly TovarAna Giselle Javelly Tovar
Marketing Consultant I at ONIS Solutions / Innova SolutionsMarketing Consultant I at ONIS Solutions / Innova Solutions
Lisa DanielsLisa Daniels
Support Coordinator at Unique Support Solutions/Next Steps Solutions /Personal Support SolutionsSupport Coordinator at Unique Support Solutions/Next Steps Solutions /Personal Support Solutions
LARRY PORTERLARRY PORTER
Associate Chief Security Officer/Information Systems Security Officer at Federal Bureau of Investigation, FBIAssociate Chief Security Officer/Information Systems Security Officer at Federal Bureau of Investigation, FBI
O. Anthony AvensO. Anthony Avens
Senior Information Systems Security Officer (ISSO) and Security Subject Matter Expert (SME) at Interim Business Solutions, LLCSenior Information Systems Security Officer (ISSO) and Security Subject Matter Expert (SME) at Interim Business Solutions, LLC