Summary
Overview
Work History
Education
Skills
Certification
Summary of Qualifications
Languages
Timeline
Generic

Bernice Adubofour

Woodbridge,VA

Summary

Detailed Knowledge of security tools, technologies, and best practices with more emphasis on FISMA compliance and NIST Publications. Over 7 years’ experience in Risk Management Framework and Vulnerabilities Management using FISMA and applicable NIST Standards. Perform Risk Assessment and Compliance reviews to ensure Integrity, Confidentiality, and Availability of system resources. Organized, Solutions-focused, deadline-focused, team oriented, work well independently, or in a team. I specialized in providing guidance in support of security assessments and continuous monitoring for government (FISMA & NIST) and commercial clients.

Overview

17
17
years of professional experience
1
1
Certification

Work History

ISSO – Lead Information System Security Officer

NISGA’A TEK, (USCG)
03.2021 - Current
  • Perform certification and re-certification of all SBU and Classified USCG Standard Workstation Image, major applications, stand-alone systems, and general support systems within the local area network (LAN) of all USCG districts up to and including the CG One wide area network (WAN) for accreditation approval
  • Provide Information Systems Security Authorization support to DHS/USCG facilities, conduct evaluations and assessments, and perform documentation support services
  • Working knowledge of the Risk Management Framework (RMF) and experience in the creation of Certification & Accreditation packages and deliverables
  • Monitor risk-related information by leveraging organizational Information Security tools / utilities, analytical methodologies, and security best practices within an existing vulnerability management program
  • Collaborate with security analysts to research vulnerabilities, providing recommendations to Senior Leadership, infrastructure engineering teams, and software deployment teams based on research conducted
  • Collaborate with Privacy Office on privacy documentation; PTA, PIA, SORN (publicly accessible systems).
  • Familiar with DISA Security Technical Implementation Guides (STIG); conducting manual reviews, interpreting STIG guidance, and implementation recommendations. Familiar with drafting documentation relating to vulnerabilities. (POA&Ms, Waivers, Risk Acceptance, etc.)
  • Familiarity with DHS, USCG and other Federal Cyber Security policies and guidelines. To include DHS MD-4300A, USCG COMDTINST 5500.13, DOD 8500.1, and related Federal Information Processing Standards (FIPS) and National Institute of Technology (NIST) Special Publications
  • Comply with the defined A&A process. The process consists of (i) generating an information system initial risk assessment report; (ii) developing the system security plan (SSP); and (iii) supporting the security testing and evaluation, independent verification and validation, independent audits. The SSP is updated in each phase/step as the system development progresses and new information becomes available
  • Prepare the package for delivery to management to obtain signature from the Validating Authority, and subsequently to the Authorizing Official, for authorization to operate the system

ISSO- Cybersecurity Analyst

RIS GROUP LLC
10.2016 - 03.2022
  • Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Threshold Assessment (PTA), Privacy Impact Assessment (PIA), Contingency Plan (CP), FIPS 199, Contingency Plan Test (CPT), System Security Test and Evaluation (ST&E), Security Assessment Reports (SAR) and the Plan of Actions and Milestones (POA&Ms)
  • Assist System Owners and ISSO in preparing Assessment and Authorization (A&A) packages for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4
  • Designate systems and categorize Confidentiality, Integrity and Availability (C.I.A) using FIPS 199 and NIST SP 800-60
  • Conduct Self-Annual Assessment (NIST SP 800-53A)
  • Perform Vulnerability Assessment. Make sure that risks are assessed, evaluated and a proper action have been taken to limit their impact on the Information and Information Systems
  • Create standard templates for required Security Assessment and Authorization (SA&A) documents, including Risk Assessments, Security Plans, Security Assessment Plans and Reports, Contingency Plans, and Security Authorization Packages
  • Support NIST Risk Management Framework (RMF) based Assessment and Authorization (A&A) activities.
  • Monitor and prepare required actions and documents pertaining to the A&A of the system throughout its lifecycle, to include security evaluation findings and residual risks.
  • Conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the systems.
  • Review and process Interconnection Security Agreements (ISAs), Policy Waivers, Approval to Test (ATT), and Interim Approval to Operate (IATO) documents.
  • Review IS security plans and other A&A documents for all applications to determine if DHS mandated procedures and tasks are followed, such as using CSAM.
  • Assist the Government in preparing a written justification, when appropriate, to obtain a written waiver of policy for mandated security features.

Security Control Assessor

SOLIEL LLC
07.2013 - 09.2016
  • As an Assessor, most projects were focused on RMF phase 4 (Assessing security controls)
  • Effectively engaged in the assessment processing & preparing for assessment, conducting assessment, communicate assessment results, and maintain the assessment.
  • Coordinated, participated and attended weekly forums for security advice and updates.
  • Created Security Assessment Plan (SAP) to document assessment schedules, control families to be assessed, control tools and personnel, client’s approval for assessment, assessment approach and scope, Rules of Engagement (ROE) if vulnerability scanning is involved.
  • Used the implementation section of the System Security Plan (SSP) in addressing how each control was implemented (frequency of performing the controls, control types and status) as part of my interview answers during the Security Testing and Evaluation (ST&E) documentation.
  • Determined assessment method (examining policies and procedures, interviewing personnel and testing technical controls), using NIST SP 800-53A as a guide.
  • Created Risk Traceability Matrix (RTM) in which to document assessment result (pass/fail)
  • Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported.
  • Created Plans of Actions and Milestones (POA&Ms) to trace corrective action and resolving weaknesses and findings.
  • Set- up and participate in the Assessment Kick-Off meetings.
  • Determined threat sources and applying security controls to reduce risk impact. Used POA&M tracking tools like CSAM (Cyber Security Assessment and Management), Excel spread sheet to make sure the POA&M is not in delay status

Tier 1 IT Help Desk Associate

INOVA MOUNT VERNON HOSPITAL
04.2011 - 07.2013
  • Troubleshot system performance in absence of System Analyst or the Director ensuring technical and support control efficiency.
  • Assisted with launching new start up programs working closely with personnel to perform suitability reviews by learning and implementing protocols and engaging client awareness.
  • Prepared correspondences-maintained client appointment logs and records, and provided ongoing support to build rapports and disseminate information.
  • Attended medical presentations and seminars to ensure thorough knowledge and awareness regarding latest and new healthcare product on the market.

Contract Specialist

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTHAFFAIRS TMA AM&AMP
01.2009 - 03.2011
  • Managed, monitored and maintained company databases
  • Made requested changes, updates and modifications to database structure and data
  • Ensuring database security, integrity, stability and system availability

Education

Bachelor of Science - Business Management

Virginia State University
12.2008

Skills

  • Software: Microsoft 365, SharePoint, Jira, Jazz, STIGs Compliance, Nessus/ACAS, CSAM/JCAM eMASS, CSAM, Acher
  • Operation Systems: Windows Server 2016, 2019, MS SQL, and Linux Distro Servers
  • Compliance: NIST 800 Rev5, 53,60, 18, 39, 30, ISO 27001, FISMA Compliance, HIPAA and FedRAMP POA&M Remediation, and SOP development
  • Cloud Platforms: AWS, Azure, and AvePoint Online Solution

Certification

  • CompTIA Security+ ce – Active
  • CompTIA CASP+ – Active
  • CISM – Active
  • Secret Clearance - Active

Summary of Qualifications

  • Perform Security Assessment and Authorization (SA&A) documentations
  • Develop, review and evaluate System Security Plan
  • Develop and conduct SCA (Security Control Assessment) according to NIST SP 800-53A
  • Familiar with NIST publication; FIPS 199, SP 800-60, SP 800-53rev4, SP -800-137
  • Develop and update POA&Ms
  • MS Excel, Power Point, Visio, SharePoint, Windows
  • Ability to multi-task, work independently and as part of a team
  • Strong analytical skills
  • Effective interpersonal and verbal/written communication skills
  • Provide Information Assurance and Cybersecurity support for key Government clients
  • Develop and review Standard Operating Procedures (SOP), for POA&M closure

Languages

English
Full Professional
French
Professional Working

Timeline

ISSO – Lead Information System Security Officer

NISGA’A TEK, (USCG)
03.2021 - Current

ISSO- Cybersecurity Analyst

RIS GROUP LLC
10.2016 - 03.2022

Security Control Assessor

SOLIEL LLC
07.2013 - 09.2016

Tier 1 IT Help Desk Associate

INOVA MOUNT VERNON HOSPITAL
04.2011 - 07.2013

Contract Specialist

OFFICE OF THE ASSISTANT SECRETARY OF DEFENSE HEALTHAFFAIRS TMA AM&AMP
01.2009 - 03.2011

Bachelor of Science - Business Management

Virginia State University

Similar Profiles

CREATE PROFILE
Bernice Adubofour