AUGUSTINE OTULE
Summary
A dedicated and detail-oriented cybersecurity professional with over 7 years of experience in risk management, vulnerability management, security control assessment, authorization packages, continuous monitoring, and regulatory compliance, based on the NIST SP 800 series, FISMA, and OMB policies. I am skilled at navigating complex IT environments, ensuring compliance, and reducing security risks. I have a proven track record of delivering security solutions, collaborating with diverse teams, and contributing to the maintenance of secure operations within enterprises.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Cyber Security Assessor
Solutions By Design II, LLC
02.2019 - 03.2021
- Work with a team of Information System Owners, Developers, and System Engineers to select and implement tailored security controls.
- Assessment, Authorization, and Information Assurance support, including security test and evaluation (ST&E), security control assessment scanning, vulnerability assessment, POA&M management, and IT security policies and procedures.
- Facilitate the development and maintenance of the Plan of Action and Milestones.
- Reviewed, updated, and developed required Plan of Action and Milestones (POA&Ms).
- Experience developing and updating system categorization levels using FIPS 199/NIST 800-60, selecting the controls using NIST 800-53/FIPS 200, implementing controls, and reviewing SSP and other key deliverable documents.
- Review system vulnerability scans and audit logs, and work with system administrators to remediate findings and document non-remediated findings in the POA&M.
- Develop Security Assessment Plans (SAPs), RTM, and SAR, and perform assessment per NIST SP 800-53A.
- Scheduled kick-off meetings with system owners to help identify assessment scope, system boundary, the information system's category, and to obtain any artifacts needed in conducting the assessment.
- Interviews System Administrators to assist in generating custom reports and/or artifacts in support of the A&A process.
- Carried out continuous monitoring after Authorization to Operate. (ATO) to ensure continuous compliance with the security requirements.
- Put together Authorization Packages (SAP, POA&M, and SAR) for Information Systems to the Authorization Officer.
- Reviews and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E), and the Plan of Actions and Milestones (POA&M).
- Reviews and updates A&A package items using NIST guidance for FISMA compliance, such as the System FIPS 199 Categorization, e-Authentication, Contingency Plan (CP), Contingency Plan Test (CPT), Privacy Threshold Analysis (PTA), and Privacy Impact Assessment (PIA).
- Performed comprehensive assessments and reviews of management, operational, and technical security controls for audited applications and information systems.
- Documented assessment findings in a Security Assessment Report (SAR) and produced a plan of action and milestones (POA&M) for all controls having weaknesses or deficiencies.
Information Security Analyst
ManTech
02.2017 - 01.2019
- Conduct interviews with key client stakeholders to evaluate the current information security practices.
- Reviews security policy and procedural documentation.
- Support information security governance, risk, and compliance activities aligned with the NIST Risk Management Framework (RMF).
- Designate systems and categorize their C.I.A. using FIPS 199 and NIST SP 800-60.
- Develop test plans, testing procedures, and evidence needed to validate the controls using SP 800-53A.
- Perform IT risk assessment and document the system security key controls. SP 800-53A.
- Reviews existing documents, policies, and procedures, and previous assessment reports.
- Conduct walkthrough to identify threats and vulnerabilities.
- Coordinate and manage team activities during assessment engagement.
- Reviews Management, Operational, and Technical security policies and procedures.
- Establish schedules and deadlines for assessment activities.
- Monitor controls post-authorization to ensure continuous compliance with security requirements.
- Reviews and updated System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E), BIA, PTA, and the Plan of Actions and Milestones (POA&M).
- Assist System Owners and ISSO in preparing certification and Accreditation package for companies' IT systems, making sure that management, operational, and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4.
Information Assurance Analyst
Xent-IT
03.2012 - 01.2017
- Performed HIPAA assessment and generated assessment reports to be shared with senior management using NIST SP 800-66 R1 and NIST SP 800 53 Appendix J as a guide.
- Assesses security controls in accordance with the assessment procedures defined in the security assessment plan (SAP) through examination, interviews, and testing.
- Developed HIPAA compliance reports, documenting auditing findings and development of corrective action plans using OCR protocol.
- Developed test plan that included controls/Safeguards to be assessed, method of assessment (examination, interview, or testing), sampling method, sampling size, and artifacts needed to satisfy control/safeguard requirements. Assessment reports were created using an Excel spreadsheet or Microsoft Word.
- Involved in risk assessment by evaluating and tracking reported security incidents.
- Tracked remediation activities to ensure the confidentiality, integrity, and availability of Electronic Personal Health Information (ePHI).
- Validated information system security plans to ensure NIST control requirements are met.
- Developed resultant SCA documentation, including but not limited to the Security Assessment Report (SAR).
- Reviewed security logs to ensure compliance with policies and procedures and identified potential anomalies.
- Managed vulnerabilities with the aid of Nessus vulnerability Scanners to detect potential risks on a single or multiple assets across the enterprise network.
- Reviewed the SAR post assessment created and completed POAM's milestones to remediate findings and vulnerabilities.
- Monitored security controls post authorization to ensure continuous compliance with the security requirements.
Education
Bachelor of Science - Economics & Statistics
University of Benin
NIG01.1998
Skills
- Security frameworks and methodologies
- Risk Assessment
- Vulnerability Assessment
- Risk Monitoring
- Incident Response
- Collaboration
- Detail-oriented
Accomplishments
- Effectively managed the compilation and submission of several ATO packages for DHS information systems that enabled secure and approved business functionality.
- Reduced open vulnerabilities by more than 40% through prioritized remediation planning in conjunction with system administrators.
- Ensured HIPAA compliance throughout enterprise systems by conducting end-to-end security assessments based on OCR and NIST 800-66.
- Facilitated a continuous monitoring framework post-authorization, ensuring systems-maintained security compliance and minimizing audit findings.
- Streamlined POA&M management processes, increasing transparency and closure rates of security weaknesses across federal clients.
- Noted for outstanding customer collaboration & receipt of certification & accreditation packages to customers within their scheduled time.
Certification
- CompTIA Security+
- Certificate of Cloud Security Knowledge (CCSK)
- Tenable Certified Security Centre Sales Engineer
- ITILv3, 2018
- CompTIA CySA+, 2020
- CompTIA CASP+, 2020
- Certified Information Systems Security Professional (CISSP) 2021
- Associate Certified Chief Information Security Officer (C|CISO) 2024
Timeline
Cyber Security Assessor
Solutions By Design II, LLC
02.2019 - 03.2021
Information Security Analyst
ManTech
02.2017 - 01.2019
Information Assurance Analyst
Xent-IT
03.2012 - 01.2017
Bachelor of Science - Economics & Statistics
University of Benin
Core Technical Skills
- Network & System Security Plan
- Risk Management
- CSAM
- Xacta
- Splunk
- Authentication and Access Control
- Vulnerability Assessment
- System Monitoring
- Regulatory Compliance
- Requirements Traceability (RTM)
- TenableiO
- Dbprotect
- WebInspect
Similar Profiles
CASEY K. RENOCASEY K. RENO
Site Aquisition Specialist at inRange Solutions II, LLCSite Aquisition Specialist at inRange Solutions II, LLC
Johanna GarciaJohanna Garcia
HR Benefits Coordinator at Resource Employment Solutions II, LLCHR Benefits Coordinator at Resource Employment Solutions II, LLC
Sheyla RiveraSheyla Rivera
HR Generalist at Resource Employment Solutions II, LLCHR Generalist at Resource Employment Solutions II, LLC
Daniel Ohene-Djan OsaeDaniel Ohene-Djan Osae
Cyber Security Assessor at DeloitteCyber Security Assessor at Deloitte
NNEKA OKEKE Sec+NNEKA OKEKE Sec+
Cyber Security Analyst at DTTech Consulting LLC, AgricultureCyber Security Analyst at DTTech Consulting LLC, Agriculture