Ali Amadu Sorgho

• Work directly under the Authorizing Official to review system security assessment package and Vulnerability Scans and make recommendation to the Authorizing Official the length of ATO to be granted for initial systems, systems with conditional/temporal ATO and systems with full ATO coming for their yearly review. Using FISMA Compliance guidelines, Assessment and Authorization Compliance guidelines and Information Assurance Vulnerability Management Compliance guidelines as a guidance tool.
• Actively involved in ATO decision meetings.
• Performed periodic audits on continuous monitoring of system’s security artifacts, Scans, and POAMs before they are due ATO review using FISMA Compliance guidelines, Assessment and Authorization Compliance guidelines and Information Assurance Vulnerability Management Compliance guidelines.
• Guided System Owners and ISSOs through the Re-categorization process and how to utilize the internal tool for Re-categorization.
• Prepared Quick Reference Guide on security issues that will come up.
• Ensured that all systems under the organization’s enclave obtain and maintain an ATO.
• Ensured that Information Assurance and vulnerability Scan metrics are reported accurately. Using FISMA Compliance guidelines, Assessment and Authorization Compliance guidelines and Information Assurance Vulnerability Management Compliance guidelines as a guidance tool.
• Actively involved in migrating traditional systems into the Cloud. Using FedRAMP Compliance guidelines as a tool.
• Conducted CDM meeting to discuss vulnerabilities and potential remediation actions with system and application owners
• Ensured identified weaknesses from vulnerabilities scans are remediated in accordance with NCI defined time frames
• Involved in NCI security awareness program to educate employees and managers on current threat and vulnerabilities

• · Perform comprehensive Security Assessments as part of Assessment and Authorization process to determine if controls are being implemented correctly, operating as intended and meeting the desired objectives.
• · Prepare Assessment and Authorization (A&A) packages, which includes but not limited to SSP, SAP, RTM, RA, SAR and POA&M.
• · Review the A&A Packages to ensure they remain current and security operations are in compliance with NIST 800-53 standards, FISMA and organization’s policies and procedures.
• Assist in developing, defining and maintaining information security policies, standards and procedures relating to Management, Operational and Technical controls.
• Provide assessment reports on the severity of findings/weaknesses and recommend corrective actions for mitigating vulnerabilities and exploits to the information and information system.
• Review the POA&M in order to validate the items uploaded in the POA&M tracking tools support the closed findings and coordinate promptly with stakeholders to ensure timely remediation of security weaknesses.
• Conducted assessment kick-off meetings, provide expert analysis and advice on systems and programs related to IT security problems and provide recommendations.
• Perform vulnerability scans for Database, Network and Web Application for clients using Tenable Nessus.SC and gather information necessary to maintain system security.
• Provide routine support of IT security programs to ensure that security objectives of Confidentiality, Integrity and Availability are met.
• Perform Assessment and Authorization on General Support Systems (GSS) and Major Applications to ensure environments are operating within strong security posture.

MultiCloud Specilization Program. The MultiCloud Bootcamp prepares Technology Professionals to work with Cloud (AWS, Microsoft Azure, Google Cloud and Oracle Cloud) by providing the practical experience needed through the implementation of more than 30 projects based on real scenarios, requested by the largest companies in the world.