BISOLA FASEHUN
Baltimore,MD
Summary
Experienced Cybersecurity professional with proven track record of leading teams to conduct comprehensive vulnerability assessments and penetration tests, resulting in the identification and mitigation of critical security risks. Skilled in Data Privacy, Data Security, Cloud Security Architecture, Auditing, Risk Management, Vulnerability Assessment Tools, and Data Analysis. Proven ability to lead teams and direct, solve problems creatively, and make strategic decisions in fast paced environments that are beneficial for clients.
Overview
5
5
years of professional experience
1
1
Certificate
Work History
VULNERABILITY MANAGEMENT ENGINEER
Douala IT
Towson, MD
01.2021 - 02.2024
- Conducted vulnerability assessments across systems, software, and networks to identify potential security vulnerabilities
- Identified dependencies and timelines required to address vulnerabilities, including system patching, deployment of specialized controls, code & infrastructure changes, and changes in build engineering processes
- Reported remediation of vulnerabilities by coordinating agreed-upon action plans and timelines with responsible technology partners and support teams
- Reviewed and reported changes to patching policies, procedures, standards, and audit work programs in a continuous improvement model
- Worked directly with Onapsis engineer on false positive by analyzing and sending console/sensor logs to Onapsis engineer
- Utilized operating systems such as Windows environments, vulnerability and threat management tools
- Used vulnerability Management products from vendors such as Qualys, Tenable, and Onapsis
- Implemented security policies and procedures to ensure compliance with regulatory requirements, such as GDPR and HIPAA, and industry best practices
- Managed and maintained security tools and systems, including SIEM platforms, intrusion detection/prevention systems, and endpoint security solutions
- Responded to security incidents and conducted forensic investigations to determine root causes and implement corrective actions, minimizing the impact of security breaches
- Analyzed identified vulnerabilities, along with identifying remediation techniques
- Compiled vulnerability data and reports for both technical and executive audiences
- Ensured efficiency of compliance activities by coordinating internal and external audits and assessments.
INFORMATION SECURITY ANALYST
Relevant Technologies
Richardson, Texas
01.2019 - 12.2020
- Assisted in the development, maintenance, and revision of policies, standards, procedures, and guidelines of security programs
- Utilized POA&M tracking tools like CSAM (Cyber Security Assessment and Management), Excel spreadsheet to manage the status of the POA&M items
- Maintained and managed security processes tied to critical security and compliance controls
- Used existing organizations RMF process to perform assessments on cloud and on premises systems using NIST SP 800-53a to ensure the security controls are being implemented properly and are producing the desired outcome
- Prepared Privacy Threshold Analysis (PTA); System of Records Notices (SORN); Privacy Impact Assessments (PIA); System Privacy Plans (SPPs), and Privacy Act (PA) statements to analyze new or proposed changes to existing technology
- Gathered all relevant information concerning systems collecting personally identifiable information by program offices to determine which compliance documentation is required
- Initiated meetings with various System Owners and Information System Security Officers (ISSO) to provide guidance of evidence needed for security controls and document findings of assessments
- Worked with a team of Information System Owners, Developers and System Engineers to select and implement tailored security controls in safeguarding system information
- Reviewed security controls and provided implementation responses as to if/how the systems are currently meeting the requirements
- Utilized National Institute of Standards and Technology Special Publication (NIST SP) and FedRAMP standards to ensure the overall compliance of all systems assigned to me
- Documented and analyzed changes that occur on information systems and performed continuous monitoring on an ongoing basis in accordance with the organization's monitoring strategy
- Reviewed, updated, and developed required security documentation including but not limited to System Security Plans (SSPs), Contingency plans (CP), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SAR) to ensure systems are FISMA compliant.
Education
Master of Science -
Georgetown University
07.2022
Bachelor of Science - Bioinformatics
Towson University
12.2018
Skills
- Risk Assessment & Management
- Data Management & Analysis
- System Security Documentation
- Security Compliance (FISMA, NIST, FedRAMP)
- Vulnerability Management Tools (Qualys, Nessus)
- Governance, Risk and Compliance (GRC) tools
- Application Security (OWASP Top 10)
- Microsoft Office Suite
- Project Management and Data Analysis
- Leadership
- ServiceNow
- Linux and Windows
Certification
- CompTIA Security+
- Certified Scrum Master
Work Preference
Work Type
Full TimeWork Location
RemoteHybridTimeline
VULNERABILITY MANAGEMENT ENGINEER
Douala IT
01.2021 - 02.2024
INFORMATION SECURITY ANALYST
Relevant Technologies
01.2019 - 12.2020
Master of Science -
Georgetown University
Bachelor of Science - Bioinformatics
Towson University
- CompTIA Security+
- Certified Scrum Master
Similar Profiles
Charles WeaverCharles Weaver
Information Security Analyst at Douala ITInformation Security Analyst at Douala IT
Constant ngohConstant ngoh
Cloud Engineer at Douala ITCloud Engineer at Douala IT
Nduma Patience Njiteh Epse ZuoNduma Patience Njiteh Epse Zuo
PCA at Bingo Annex DoualaPCA at Bingo Annex Douala