Summary
Overview
Work History
Education
Skills
Certification
References
Timeline
Generic

Cosmas Enwereama

Laurel,MD

Summary

An Information Security Analyst with over 6 years of professional experience in Information System Security, Information Assurance, Risk Management Framework and Audit Engagement. Knowledgeable IT security professional with [Number] years of experience designing and implementing security solutions in high-availability environments. Skilled in [Skill] and [Skill] and adept at delivering strong risk management practices.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Information Security Analyst

Holy Cross
Silver Spring, MD
11.2020 - Current
  • Perform assessment of the information systems and its environment of operation based on the guidance of NIST SP 800-53 Rev
  • 4, NIST SP 800-53A Rev
  • 4, and NIST 800-37 Rev.1
  • Guided by the Risk Management Framework (RMF) concept of operations and operational procedures in protecting the Confidentiality, Availability, and Integrity of the security of information system
  • Reviewed and analyzed vulnerability scans report from vulnerability scanning tools (e.g
  • Nessus and WebInspect)
  • Assess all the configuration management (change configuration/release management) processes
  • Develop findings based on the examination, test and interview sessions conducted and document finding on an appropriate tool
  • Provide recommendation within the Security Assessment Report (SAR)
  • Ensures that Plans of Actions and Milestones (POA&M) is in place for vulnerabilities identified during Risk Assessment
  • Review audited system logs and any other security documents as assigned
  • Planned and conducted security authorization reviews and Information Assurance case development for initial installation of information systems
  • Participated in meetings, providing updates on assigned systems and advising possible solutions to system owners and team members
  • Ensured that the appropriate operational security posture is maintained for the enterprise’s information systems
  • Performs physical and environmental security assessments as needed
  • Engages with the management to understand and manage threats and opportunities
  • Expertise in Risk Management Framework (RMF) and hands-on knowledge of GRC tool such as Archer, CSAM and XACTA
  • Serves as a peer reviewer to other Security Analysts
  • Experience Assessing FedRAMP systems (Cloud based systems).

Information Security Analyst

Breezeway Technologies
Upper Marlboro, MD
05.2019 - 10.2019
  • Developed, updated, and reviewed system RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
  • Collaborated with system owners to identify Key Controls to be assessed on a recurring annual basis
  • Analyzed and advised on the risk and remediation of security issues based on reports from vulnerability assessment scanners and patch management tools
  • Worked with System Owners and provided support for the development of the system security plans (SSP), Privacy Impact Analysis (PIA), E-Authentication, Configuration Management Plans, Contingency Plans and Contingency Plan Test
  • Developed test plans, procedures and obtained evidence for systems undergoing assessment
  • Documented test results and provided recommendations for remediation
  • Ensured proper documentation in Plan of Action and Milestones (POA&M) and coordinated with various groups on accurate and timely remediation
  • Ensured biannual IT Application Security audits were completed and findings documented and addressed
  • Supported the Enterprise Risk Management team in preparing and maintaining Business Continuity Plans (BCP) and Disaster Recovery (DR) plans, exercises, and updates
  • Ensured the cybersecurity incident response plans were consistent with and complimentary to BCP and DR plans.

Information Security Analyst

Qutosystems, Spring
, MD
07.2018 - 04.2019
  • Guided by the Risk Management Framework (RMF) concept of operations and operational procedures in protecting the Confidentiality, Availability, and Integrity of the security of information system
  • Reviewed and analyzed vulnerability scans report from vulnerability scanning tools (e.g
  • Nessus and WebInspect)
  • Assess all the configuration management (change configuration/release management) processes
  • Develop findings based on the examination, test and interview sessions conducted and document finding on an appropriate tool
  • Provide recommendation within the Security Assessment Report (SAR)
  • Ensures that Plans of Actions and Milestones (POA&M) is in place for vulnerabilities identified during Risk Assessment
  • Review audited system logs and any other security documents as assigned
  • Planned and conducted security authorization reviews and Information Assurance case development for initial installation of information systems
  • Participated in meetings, providing updates on assigned systems and advising possible solutions to system owners and team members.

Education

Master of Science - Cybersecurity Technology

University of Maryland Global Campus
College Park, MD
09.2022

Skills

  • TECHNICAL SKILLS:
  • Security Control Assessor
  • Information Security Analyst
  • NIST special Publications (NIST SP)
  • FIPS 199 / FIPS 200
  • System Security Categorization (SC)
  • System Security Plan (SSP)
  • Incident Response (IR)
  • Contingency Planning (CP)
  • Vulnerability Management
  • Security Assessment Reporting (SAR)
  • Certification & Accreditation (C&A)
  • Continuous Monitoring (C&M)
  • Plan of action & Milestones (POA&M)
  • Risk Assessment
  • Research and Development
  • Information and Data Integrity
  • Experience in Unix
  • Vmware Administrator
  • Windows Administrator
  • Network Protocols
  • Linux Internals and Utilities
  • System Configuration Unix/Linux
  • Installed Firmware Upgrades
  • Team Player and Result Oriented
  • Network Specialist
  • Self-Starter

Certification

CompTIA Security+ CompTIA Advanced Security Practitioner (CASP) Amazon Web Services Certified Solutions Architect: Associate Certified Information Security Manager (CISM) Certified Ethical Hacker (CEH) – Candidate

References

REFERENCES AVAILABLE UPON REQUEST

Timeline

Information Security Analyst

Holy Cross
11.2020 - Current

Information Security Analyst

Breezeway Technologies
05.2019 - 10.2019

Information Security Analyst

Qutosystems, Spring
07.2018 - 04.2019

Master of Science - Cybersecurity Technology

University of Maryland Global Campus

Similar Profiles

  • Nora Morales

    Nora MoralesNora Morales

    ER Admin Clerk at Holy Cross Hospital - Holy Cross HospitalER Admin Clerk at Holy Cross Hospital - Holy Cross Hospital

  • CHARDONNEY LEWIS

    CHARDONNEY LEWISCHARDONNEY LEWIS

    Registered Nurse- Internal Float Poal at Holy Cross Hospital - Holy Cross HospitalRegistered Nurse- Internal Float Poal at Holy Cross Hospital - Holy Cross Hospital

  • Sig Gudis BSN-BC

    Sig Gudis BSN-BCSig Gudis BSN-BC

    RN at Holy Cross Hospital - Holy Cross HospitalRN at Holy Cross Hospital - Holy Cross Hospital

  • Swaesy Valdez

    Swaesy ValdezSwaesy Valdez

    Patient Care Technician at Holy Cross Hospital - Holy Cross HospitalPatient Care Technician at Holy Cross Hospital - Holy Cross Hospital

  • Morgan Premo

    Morgan PremoMorgan Premo

    Computer Science at Computer Science ClubComputer Science at Computer Science Club

CREATE PROFILE
Cosmas Enwereama