Ayawo Thon
Cincinnati,Ohio
Summary
Security Assessment and Authorization professional experienced in Risk Management Framework (RMF) and FISMA/NIST standards. Goal-oriented IT professional with significant success in planning, analyzing and implementing of security plans and initiatives. Excel in developing comprehensive, secure network designs and systems.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Senior Cyber Security Analyst (Contractor)
Bank of America
Charlotte, NC
09.2020 - Current
- Schedule kick off meetings with system owners to help identify assessment scope, system boundary, the information system's category and attain any artifacts needed in conducting the assessment
- Create Requirement Traceability Matrix (RTM) and document whether controls being assessed passed or failed using NIST SP800-53A as a guide
- Develop Security Assessment Plans (SAPs) and Conduct assessment of security control selections on various Moderate impact level systems to ensure compliance with the NIST SP 800-53A Rev 4
- Conduct security control interview meeting and Artifact gathering meeting with various stakeholders using assessment methods of interview, examination, and testing
- Document assessment findings in a Security Assessment Report (SAR) and recommend remediation actions for controls that failed and vulnerabilities
- Review A&A package items using NIST guidance for FISMA compliance such as the System FIPS 199 Categorization, eAuthentication Assessment, PTA, PIA, Contingency Plan (CP) and Contingency Plan Test (CPT)
- Perform vulnerability assessment of information systems to detect deficiencies and validate compliance using POA&M tracking tool (CSAM)
- Request scans and later review the scan results for common vulnerabilities such as missing patches, weak password settings, unnecessary services not disabled, and weak configurations
- Met and surpassed all deadlines for company work goals and compliance training
Cyber Security Analyst (Contractor)
Target Corp.
Minneapolis, MN
09.2018 - 09.2020
- Maintained security and performed threat investigation for Target systems and identified issues that could compromise data integrity or secrecy
- Performed validation and removed any security issues found
- Participated in Security Assessment activities on IT systems and applications, including Security Audits and Compliance, Risk Assessments, Security Plans, and System Test and Evaluations
- Collaborated with a 6-member team that developed a new intrusion detection system that reduced false positives by 75% and decreased CPU usage of an existing system by 60%
- Reviewed a set of tools that allowed the Target to track down and prosecute a group of 500 cyber criminals who scammed customers over $5M
- Monitored websites for malware and security risks
- Assisted in developing a new database modeling technique that improved data analysis time by 80% in the first month of employment
Junior Cyber Security Analyst (Contractor)
Capital One Bank
Mclean, VA
10.2015 - 08.2018
- Worked with 4+ internal and external audit groups to undertake regulatory issues and maintained compliance
- Assisted a 10-member development team in designing a secure authentication infrastructure by implementing a new security standard that decreased customer complaints by 75%
- Applied a comprehensive Information Security program for Capital One Bank, reducing the risk of data loss by 90%
- Worked with 20 business units and reduced security threats, vulnerabilities, and compliance risks by 70%
- Helped reduce risks by an average of 35% by implementing best processes for Risk Mitigation and Management
- Identified over 150 new viruses and hidden malware in under two years, saving the Capital One Bank over 10,000 computers from destruction
Education
Bachelors of Business Administration - minor in Finance
Strayer University
Greensboro, NC03.2014
Skills
- Vulnerability Assessment
- Incident Response
- Threat Management
- Info Security Management
- SOC 2
- PCI DSS
- HIPAA
- IBM QRadar
- COSO
- COBIT
- ISO 27001
- ISO27002
- NIST RMF
- FISMA
- FEDRAMP
- Ethical Hacking
- Network Security
- Vulnerability Management
- Data Encryption
- Cybersecurity frameworks
- Intrusion Detection
- Access Control
- Compliance Monitoring
- Reverse engineering
- Data Security
- Analytical Skills
Certification
- IBM Cybersecurity Analyst Professional Certificate, 01/2023
- CompTIA Security+ Certification, 06/2025
- Certified Info System Security Professional (CISSP), 09/2025
- FISMA Compliance Training, 10/2015
- Information Assurance Awareness Training, 06/2015
- Information Systems Security Training, 01/2015
References
Available upon request.
Timeline
Senior Cyber Security Analyst (Contractor)
Bank of America
09.2020 - Current
Cyber Security Analyst (Contractor)
Target Corp.
09.2018 - 09.2020
Junior Cyber Security Analyst (Contractor)
Capital One Bank
10.2015 - 08.2018
Bachelors of Business Administration - minor in Finance
Strayer University