Summary
Overview
Work History
Education
Skills
Accomplishments
Certification
Timeline
Generic

Anita Aidoo

Germantown,MD

Summary

A Self-motivated and highly steadfast IT individual specialized on diversified Information System Auditing or Information Assurance with focus on System Security Compliance; Authorization and Monitoring; Risk assessments; Audit engagements; and Testing IT security controls to ensure Confidentiality, Integrity, and Availability of the system resources. Possessed strong analytical and problem-solving skills garnered from engineering background. Over 5 years of experience in system security monitoring, auditing and evaluation, A&A and Risk Assessment of GSS (General Support Systems) and MA (Major Applications) Performed Certification and Accreditation documentation in compliance with company standards.

Overview

5
5
years of professional experience
2
2
Certification

Work History

Security Control Assessor

Worldwide Consulting
03.2019 - Current
  • Schedule kick off meetings with system owners to help identify assessment scope, system boundary, information system's category and attain any artifacts needed in conducting assessment
  • Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP 800-53A as guide
  • Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with NIST SP 800-53A Rev 4 Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination, and testing
  • Document assessment findings in Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities
  • Review A&A package items using NIST guidance for FISMA compliance such as System FIPS 199 Categorization, e-Authentication Assessment, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT) Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool
  • (CSAM) Request scans and later review scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations
  • Develop documentation [FIPs 199, FIPs 200, PTA, PIA, e-authentication on new or existing systems
  • Provide system/equipment/specialized training and technical guidance
  • Serve as liaison with clients, participating in meetings to ensure client needs are met
  • Independently research and collaborate with teams to develop knowledge regarding environment
  • Take on lead roles within team and effectively train team members based on inherent knowledge.
  • Worked with other teams to enforce security of applications and systems
  • Implemented security measures to reduce threats and damage related to cyber attacks
  • Analyzed network traffic and system logs to detect malicious activities
  • Conducted security audits to identify vulnerabilities
  • Monitored use of data files and regulated access to protect secure information
  • Reviewed violations of computer security procedures and developed mitigation plans
  • Recommend improvements in security systems and procedures
  • Performed risk analyses to identify appropriate security countermeasures
  • Encrypted data and erected firewalls to protect confidential information

Information Assurance Analyst

Geekview Tek Solutions
01.2018 - 03.2019
  • Update and review A&A Packages to include Core Docs, Policy & Procedures, Operations and maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, and POA&M
  • Review and update remediation on plan of action and milestones (POA&Ms), in organization's XACTA 360
  • Work with system administrators to resolve POA&Ms, gathering artifacts and creating mitigation memos, residual risk memos and corrective action plans to assist in closure of POA&M
  • Provided on-site analysis of security posture, to include firewall, router, switch, and security services (Host-Based Security System (HBSS)
  • Conducted vulnerability analysis of workstations and servers to ensure they are hardened
  • Performed network and log analysis for potential on-going attacks against customer sites
  • Worked with technical leads in various organizations and overseeing critical aspects of driving verification on their software, firmware and hardware Cybersecurity designs and implementations
  • Assessed assigned products to determine product security status
  • Designs and recommends security policies and procedures to implement; ensures compliance to policies and procedures
  • Responded to more complex queries and request for product security information and reports from both internal and external customers
  • Provided product recommendations of security packages to product teams; Reviews vendor products and makes recommendations as appropriate
  • Ensured that implementation of Cybersecurity aspects of products and solutions are sound and that can scale to meet customers’ needs
  • Provided training on Cybersecurity within Electrical Sector
  • Conducted security audits to identify vulnerabilities

Education

Master of Science (MSc - Cybersecurity Management and Policy

University of Maryland University Global Campus
Adelphi, MD
06.2023

Bachelor of Arts - Business Administration

Christian Service University Collage
Kumasi,GH
12.2018

Skills

  • Security Assessment & Authorization
  • Third Party Risk Management
  • Policy and Process Development
  • Security Planning
  • Vulnerability Management
  • NIST Security Standards
  • Intrusion Detection and Prevention
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Continuity Monitoring
  • Plan of Actions & Milestones (POA&M)
  • Critical Thinking Skills
  • Compliance with Security Requirements
  • Incident Reports
  • Scanning Tools
  • Preventative Maintenance
  • Splunk SIEM

Accomplishments

  • FISMA Act 2002
  • NIST SP 800-Series
  • Tenable Nessus Scanning
  • ISO 2700X
  • ServiceNow Security
  • Risk Management Framework
  • Cloud Security
  • Business Continuity and Disaster Recovery planning
  • IT general Controls (ITGC) Auditing
  • Splunk Core Skills:
  • Performed comprehensive assessments and wrote reviews of management, operational and technical security controls for audited applications and information systems
  • Experience in performing risk assessment on both commercial and Federal Government information systems
  • Used checkpoint Firewall Analyzer to access predefined Checkpoint firewall reports that help with analyzing bandwidth usage and understanding security and network activities
  • Experience in assessing security controls in AWS cloud environment
  • Improve the efficiency of information security processes and advance the effectiveness of the information security controls of the AWS cloud operating model
  • Participates in Incident Response activities in coordination with other teams as necessary, Reviewing and editing event correlation rules, performing triage on these alerts by determining their criticality and scope of impact, evaluating attribution and adversary details
  • Develop and conduct Security Control Assessments (formally ST&E) per NIST SP 800-53A and NIST SP 800-53R4

Certification

  • CISM - Certified Information Systems Manager
  • Security+

Timeline

Security Control Assessor

Worldwide Consulting
03.2019 - Current

Information Assurance Analyst

Geekview Tek Solutions
01.2018 - 03.2019

Master of Science (MSc - Cybersecurity Management and Policy

University of Maryland University Global Campus

Bachelor of Arts - Business Administration

Christian Service University Collage

Similar Profiles

CREATE PROFILE
Anita Aidoo