Summary
Overview
Work History
Education
Skills
References
Timeline
Generic

Buba Sali

Laurel,MD

Summary

Dedicated and accomplished System Security Officer with over 5 years of experience in safeguarding critical IT infrastructure and ensuring compliance with industry regulations. Proven expertise in implementing robust security measures to protect sensitive data and mitigate cyber threats. Skilled in conducting risk assessments, developing security policies, and providing comprehensive training to staff. Adept at collaborating with cross-functional teams to optimize security protocols and enhance organizational resilience. Seeking to leverage my skills and experience in a dynamic environment.

Overview

11
11
years of professional experience

Work History

System Security Officer (ISSO)

American Family Insurance
05.2021 - 12.2023
  • Developed and updated Assessment and Authorization (A&A) packages from start to finish in accordance with NIST SP 800-37 Rev 2 (SSP, work with Privacy POC to complete PTA and PIA- Make sure you have a signed PTA from privacy poc if PIA is not needed but if its needed complete the PIA template, FIPs- 199, CP- table top test ( gather in conference room and go over checklist to makesure everyone understands what they are suppose to do( system admin, issm, PM , Completed system categorization from start to finish utilizing FIPS 199 and NIST SP 800-60 as a guide
  • By using the CIA triad and selecting the highest watermark
  • In my last engagement I had a situation were I had to help categorize the system because the junior isso on the team did not properly categorize the system
  • You and I kno that the system description is key to categorizing the system
  • I requested the system description underlining the buzz words which lead me the correct information types using nist 800-60
  • I presented the updated information type and the system owner agreed with me and signed off on the categorization Worked with system owner to select and establish the security control baseline, utilizing NIST SP 800-53 and FIPS 200
  • Based on the moderate categorization of the information system I selected the moderate baseline controls using 800-53 and scope out controls that are not applicable
  • ( study nist control Tailoring and control scoping) Reviewed and updated the information systems security documentation such as (system Security Plan (SSP), Contingency Plan (CP), Contingency Plan Test (CPT), Business Impact Analysis (BIA), FIPS-199, E-authentication, Privacy Threshold Analysis (PTA), etc.)
  • Provide continuous monitoring support for Client’s Information systems in accordance with FISMA guidelines.- Poa&m management, vulnerability management Liaise with external auditors during annual audit and ensure that deficiencies are remediated in a timely manner before recertification follow-ups
  • IG audit, FISMA Audit, GAO Audit Managed and tracked the status of Plans of Actions and Milestones (POA&M items within CSAM
  • Ensured that all the open POA&M actions were completed and validated in a timely fashion to meet client deadlines
  • Experience in analyzing reports from Vulnerability scans, security assessment Report (SAR) and internal / external audit
  • (could be from tennable nessus or invicti(netsparker) remember you only have a readers account
  • Obsolute software, missing updates and patches, weak ciphers, weak ssl, or missed configurations.

System Security Officer (ISSO)

Greensky
08.2019 - 05.2021
  • Prepare, review, update, and maintain IT Security supporting artifacts including SSP ( 800-18)and other A&A documents, such as (E-Authentication, CP, PTA, PIA, and FIPS 199)
  • I use this item to effectively document SSP - common control catalog, cyber security policy, ODV and questionnaire I sent out to system owners and technical poc to complete
  • I love documenting technical controls like AC2 account management or AC11 device lock ( study Ac2 and AC11) because its dynamic and it keeps changing every 6months or less
  • When I was trying to document ssp but system owner wasn’t technical they did not complete requested questionnaire
  • I was able to set up a weekly control session meetings so that they can tell me how the controls were documented which helped me with document controls in SSP Ensure that Client’s Major Application systems are secure and in compliance with relevant federal laws, regulations, standards, and guidance
  • Provides subject matter expertise and acts as an advisor to the Authorizing Official, and the CISO on all matters pertaining to system security related issues
  • Prepare weekly status reports on the consistency and accuracy of the client POA&M data to the Chief Information Security Officer (CISO), and the IT Project Manager – meet biweekly with AO or CISO to give updates on POA&M status Managed and tracked POA&M statuses within CSAM
  • Review vulnerability scans to identify new weaknesses and determine false positives along with mitigation strategies.

Security Control Assessor (ISSO)

Anthem
04.2018 - 08.2019
  • Experience in conducting client facing interviews, Kickoff Meetings and advising upper management
  • Kickoff meeting is setup to kickoff assessment, after assessment we advise upper management if the risk is minimal to allow the system operate Proficient with developing Security Assessment Plan (SAP) and the Security Assessment Report (SAR), and Security Control Assessment (SCA)
  • SAP comes in a template formate but I go in to update system information once im done I send it off to the ciso for archival Experience with review and preparing the Assessment and Authentication package (A&A package) alongside with the information systems security officer (ISSO) Responsible for conducting Assessment Procedures, utilizing assessment methods such as Interviews, Examinations, and Test
  • Experience in debriefing Upper Management on recommendations to grant Authority to Operate (ATO), if the weaknesses are acceptable to the organization
  • Actively involved in continuous monitoring process for all assigned information systems utilizing NIST SP 800-137.

Scrum Master

BlueCross BlueShield
Washington, DC
09.2016 - 03.2018
  • Mentored less experienced team members adapt scrum/agile best practices to deliver quality product in a complex project environment Shield teams from internal and external distractions to help them stay focus on their work Facilitate sprint planning activities, daily stand ups, sprint reviews and sprint retrospectives Work closely with team to ensure quality assurance is carried out, Functional, Regression, Positive, Negative, and integration testing Support team’s commitment Facilitate road mapping, planning sessions and retrospectives Encouraged self-organization, meaning that the team itself should remove issues wherever possible Act as a request buffer when team had a lot of dependencies Support team members in problem identification and decision-making Eliminates impediments by actively addressing issues so the team can remain focused on achieving the objectives of the sprint Identify, track, document and report impediments to enhance productivity and efficiency
  • Anticipate, address and negotiate potential or actual impediments to team delivery
  • Organizes team goals and agendas and facilitates of the team scrum meetings (daily, sprint planning, sprint review, retrospective) Focused on developing more trusted and collaborative team environment where problems can be raised without fear of blame or being judged with a complete focus on problem resolution Facilitated discussions, decision making, and conflict resolution meetings Assisted internal and external communication, improving transparency, and radiating information
  • Assist Product Owner, in preparing and refining and maintaining the product backlog
  • Connected the team with the right resources which could help remove impediments in a timely manner

Scrum Master

PNC Bank
Beltsville, MD
08.2015 - 08.2016
  • Facilitated Scrum ceremonies (Daily Scrum, Refinement, Sprint Reviews, Retrospectives, and Sprint Planning)
  • Directly involved in identifying and assessing user needs and documenting business process via user stories Facilitates the sprint review and demo, sprint retrospective
  • Captures and distributes feedback Teaches problem solving and helps the team become better problem solvers for themselves Responsible for providing metrics, project estimations and timelines to client
  • Responsible for escalating impediments to Sr
  • Management
  • Managed dependencies between other scrum teams (Scrum of Scrums), third parties, and other non-agile waterfall teams Managed the work of consultants, allocating, and utilization of resources in an efficient manner by maintaining a cooperative, motivated, and successful team Resolved cross-functional issues at project level by active communication Tracked and reported status and metrics throughout the project

Project Coordinator

State Farm Insurance
Richardson, TX
06.2013 - 07.2015
  • Kept projects on schedule by managing deadlines and adjusting workflow as needed
  • Tracked all hours and budget expenses
  • Collaborated with project owners and team members to set challenging but realistic goals
  • Translate project objectives into tasks Communicate with Functional Manager/CEO on team members' performance Participate in performance review Make sure deliverable are aligned with the goals and objectives requested Track, analyze and communicate project risks and opportunities Overseeing procurement and communicating to procurement manager any issues arising Involved in Coordinating projects from inception to completion Developing training and briefing material for staff
  • Keeping in close contact with key project members and decision makers Track and report project progress Update documentation

Education

Bachelor - Human Relations

Trinity University

Master's Degree - Information Technology Management

Western Governors University

Skills

  • FISMA Compliance
  • A&A Process
  • Risk Management Framework
  • Risks Assessment
  • System categorization
  • Control Selections
  • POA&M creation
  • SSP documentation
  • Security Risk Assessment
  • Incident Response Planning
  • Vulnerability Management
  • Security Awareness Training
  • Cross-functional Collaboration
  • Tenable Nessus
  • HP Invicti
  • CSAM
  • RSA Archer
  • Microsoft Word
  • Excel
  • PowerPoint
  • OS: Windows
  • Unix
  • Linux
  • Strong Knowledge of SP 800-37 (RMF)
  • Effectively communicate technical information to non-technical personnel
  • Initiative-taking
  • Fast-learner who thrives in a fast-paced
  • Client-facing environment
  • Able to communicate effectively through written and verbal means to co-workers and senior leadership
  • Effectively managed multiple tasks simultaneously
  • Coordinating and ensuring scheduled goals are met

References

Available upon request.

Timeline

System Security Officer (ISSO)

American Family Insurance
05.2021 - 12.2023

System Security Officer (ISSO)

Greensky
08.2019 - 05.2021

Security Control Assessor (ISSO)

Anthem
04.2018 - 08.2019

Scrum Master

BlueCross BlueShield
09.2016 - 03.2018

Scrum Master

PNC Bank
08.2015 - 08.2016

Project Coordinator

State Farm Insurance
06.2013 - 07.2015

Bachelor - Human Relations

Trinity University

Master's Degree - Information Technology Management

Western Governors University

Similar Profiles

CREATE PROFILE
Buba Sali