Audu Lateef
Summary
As an experienced Information System Security Officer with over 8 years of dedicated service, I have demonstrated a proven track record of implementing and maintaining robust security measures to safeguard critical information assets. My expertise encompasses the development and enforcement of security policies, risk assessment, incident response, and compliance with industry regulations. I possess a deep understanding of security frameworks, such as NIST, ISO, and CIS, and have effectively managed security audits and assessments. With a focus on proactive threat detection and mitigation, I have successfully cultivated a culture of security awareness and best practices within organizations. My commitment to staying abreast of emerging security trends and technologies has enabled me to provide strategic guidance and leadership in protecting sensitive data and ensuring operational continuity.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Information System Security Officer - ISSO
United States Navy
06.2021 - Current
- Liaised with system stakeholders to review and update supporting security artifacts such as CMP, CP, IRP and MOU/ISA
- Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the 'stack,' and monitor to see that vulnerabilities are re-mediated as appropriate
- Perform Contingency Plan Test and write After-Action report for systems under my purview
- Develop and maintain ATO Packages for information systems to include SSP, Risk Assessment, FIPS 199, e-Authentication/Digital Identity Statement
- Manage and track POA&Ms and collaborate with technical team until POAM closure; or where required, put in a risk waiver or risk acceptance
- Prepare ATO package to include SSP, SAR, POAM Remediation Plan to Authorizing Official to make risk based ATO decision
- Host and facilitate kick-off meetings and presentations with clients on the operational security posture of systems in their purview and on security related policies
- Create monthly account audits and review audit logs to ensure there is no malicious activity
- Where one exists, a report is made to the System Owner for investigation
- Create Contingency Planning and Incident Response documentation and conduct required training and reporting
- Review monthly continuous monitoring reports submitted by the Vulnerability Management Group and collaborate with System Engineer as needed to address them
- Ensure all system users and people with security responsibilities receive their annual awareness training
- Review and validate user access rights
- Approve Privilege Access Request and Role-Based Access Request forms for system users
- Ensure all system users sign the Rules of Behavior (ROB) before being granted access
- Direct the Change Request (CR) process (i.e., reviewing/approving change requests from system engineers before it goes to CCB and conducting impact analyses)
- Support Change Control Boards as required
- Coordinate with System Owner and liaised with ISSM, stakeholders and Privacy Office to develop and review Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) for compliance with applicable privacy policies and regulations
- Collaborate with ISSM and Authorizing Official (AO/DAO) to Manage any hardware, software, or firmware adjustments to all systems.
Security Control Assessor
United States Navy
04.2016 - 06.2021
- Developed Security Assessment Plan (SAP) to include Rules of Engagement (ROE) to present to stakeholders during kick off meeting before assessment
- Performed Media management activities, handle and controlled, labeled, virus scanning solutions-software and appropriate transfer of data (uploading/downloading) between different classification domains via manual and automated processes
- Performed Continuous Monitoring (ConMon) in accordance with NIST SP 800-137 (Continuous Monitoring) and audit of anomalous or malicious user activity
- Conducted security assessment through examining of controls, interviewing the appropriate stakeholders, and testing the controls to determine the extent to which the controls are implemented correctly, operating as intended, producing the desired outcome to meeting the security requirements of the system
- Documented the result of assessment and consolidated all findings into the Security Assessment Report (SAR)
- The report contains a summary of key findings and recommendations
- Constructed reports and POA&Ms based on the results of vulnerability assessment tools such as Nessus scanner with appropriate remediation dates and track findings until closure
- If a POA&M would never be met, familiar with exceptions and waiver procedures
- Put together ATO package to provide an accurate security posture of systems to assist Authorizing Official (AO) in making ATO decision
- Reviewed and analyzed documents to include System Security Plan (SSP), FIPS 199, Contingency Plan, Account Management, Vulnerability Scans etc
- Experience in conducting assessment to systems in the cloud using Fedramp approach
- Ensured all systems are operated, maintained and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A).
Lead Cloud Engineer
Xifin INC
12.2013 - 03.2016
- Enhanced network performance by implementing AWS transit Gateway, resulting in a 30% reduction in latency for inter-VPC Communication
- Collaborated with development teams to implement CI/CD Pipelines using AWS Code Pipeline and Code Build, reducing deployment time by 50%
- Ensured AWS environment adhered to security best practices by Configuring AWS IAM policies and conducting regular security audits
- Automated infrastructure scaling using AWS Lambda and CloudWatch, resulting in improved application performance during peak loads
- Achieved a 100% compliance rating in AWS Trusted Advisor by addressing identified security and performance issues
- Designed and deployed AWS Cloud environments, including VPCs, subnets, and security groups, ensuring secure and scalable infrastructure
- Developed and tested disaster recovery plans for critical applications, achieving RTO for 2 hours and RPO for 15 minutes
- Utilized AWS CloudFormation to automate the provisioning of cloud resources, reducing deployment by 40%
- Implemented automated backups using AWS backup to ensure data integrity and availability
- Research assigned IT security systems to provide insight on IT security architectures and IT security recommendations for assigned systems.
Education
Master of Science - System Engineering
National University
Bachelor of Science - Geology
University of Ado Ekiti
Skills
- Information Security Policy
- Microsoft Office suites
- Attention to Detail
- Security Compliance
- Information Assurance
- Security Controls
- NIST
- Troubleshooting
- Program Management
- AutoCAD
- Vulnerability Assessment
- Risk Management Framework
- Information security
Software And Hardware Experience
Nessus, Acunetix, Rapid7, Webinspect, DBProtect, Qualys, ACAS, Splunk, LogRhythm, CSAM, RSA Archer, XACTA, SNOW, eMass, Windows, Linux, Unix, IOS, Oracle, SQL server, MariaDB, Redis, Java, Python, PowerShell
Certification
- Certified Information Security Auditor (CISA)
- CompTIA Security+
- AWS
- CISM
Clearance
Secret
Affiliations
Professional Member ISACA
Languages
English
Full Professional
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
Information System Security Officer - ISSO
United States Navy
06.2021 - Current
Security Control Assessor
United States Navy
04.2016 - 06.2021
Lead Cloud Engineer
Xifin INC
12.2013 - 03.2016
Master of Science - System Engineering
National University
Bachelor of Science - Geology
University of Ado Ekiti