Dan Kaggwa
Burtonsville,MD
Summary
Multi talented cyber security professional with over 4 years of experience . Highly driven and detail-oriented with thorough knowledge and understanding of FISMA and Risk Management Framework. Skilled in monitoring, documenting ATO Packages, remediating POAMs, risk assessment, and privacy control. Proven record of evaluating system vulnerability to recommend security improvements and Audit Findings.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Security Control Assessor (SCA)
Accenture
Washington , DC
10.2020 - Current
- Develop a security assessment plan (SAP) to document the assessment scope, schedule, tools, and personnel for a security assessment and authorization (A&A) process.
- Schedule and Conduct kickoff meeting as part of security assessment and authorization (A&A) process.
- Conduct annual security control assessment in accordance with the assessment procedures defined in the security assessment plan (SAP).
- Test cases with the security control assessment results as populated in RTM Using NIST 800-53A Rv4
- Develop, review and updated security documentation including the System Security Plan, PTA, PIA Privacy Impact Assessment, PII, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, and E-Authentication
- Prepare the security assessment report (SAR) for documenting the issues, findings, and recommendations from the security control assessment
- Support the Information System Security Officer (ISSO)/System POCs during the Assessment and Authorization (A&A) process to ensure assigned systems have the proper Authorization to Operate (ATO) using the NIST SP 800-37 Risk Management Framework (RMF) guidance
- Support the ISSO/System POCs to conduct risk and vulnerability assessments of information systems to identify vulnerabilities and to reduce risks to the systems
- Compiling security authorization packages documentation such as system security plan (SSP), security assessment report (SAR), plan of action and milestones (POA&M) and ATO letter that are required by the Federal Information Security Management Act (FISMA) and OMB compliance process
- Conduct effective mapping of the identified vulnerabilities to the security controls and document findings and recommend CAP
- Review and analyze the automated scan results from 3 months back from NESSUS vulnerability scan results.
- Participate in POA&M remediation activities to correct noted findings
- Review artifacts and perform POA&M closure validation to ensure no system weakness remediation is in delay status
- Vulnerability scanning using NESSUS(Tenable), NMAP, to update the security enterprise architecture of the information and information system and Patch management as required for periodic update and security posture.
- Work with tools in FedRAMP, Xacta and CSAM.
- Use CISA STIG benchmark to harden system vulnerability posture.Reviewed technical and administrative controls and conducted RMF per the NIST 800-53, NIST 800-37 and CNSS 1253 requirements.
- Drafted and reviewed security artifacts including, but not limited to, System Security Plans, inventories, contingency plans, security control traceability matrices, and security assessment reports.
- Conducted Annual assessments of sites on compliance with organizational policy.
- Drafted and managed POA&M for authorized systems with appropriate remediation suspense dates and tracked findings until closure. If the POA&M would never be met, familiar with exceptions and waiver process as well as residual risk acceptance.
- As an assessor for cloud systems, designed the A&A process used for the AWS environment and drafted templates to be used in an agile SDLC.
- Experience with Nexpose Rapid 7 scanning tool, SPLUNK audit log aggregation tool, HP Fortify, Webinspect, as well as McAfee EPO.
- Reviewed and assessed seven different systems of different classification, scope, and mission and determined residual risk and mitigation methods to ensure the system was operating in it\'s most secure state.
IT HELP DESK SUPPORT
Aerotek
Hanover, MD
01.2017 - 03.2020
- PC hardware installation, configuration, maintenance and upgrades
- Cable crimping, RJ-45, CAT 5 and coaxial cables
- Operating System installation, maintenance and upgrades
- Engaged and tracked priority issues with responsibility for the timely documentation, and Escalation to next tier of tech support
- Provided information on technical assistance to users concerning the development and maintenance of the computer network or for resolution of special problems
- Earned recommendation for teamwork, flexibility and work excellence in providing IT support during emergencies.
Education
Bachelor of Arts - Business Administration
University of Maryland
MD05-2016
High School Diploma -
Paint Branch High School
Burtonsville, MD06-2012
Skills
- 4years experience in Cybersecurity, Information Technology, and Risk Management
- Leadership and management of an ever-changing workforce
- Ability to adapt in a fast paced and time sensitive environment
- PCI DSS
- Expert knowledge of NIST/FISMA requirements and policy
- Experienced in vulnerability management and compliance regulation
- Highly technical network background with extensive knowledge of security tools and remediation methods
- Incident response management
- Compliance auditing
- System security planning
Certification
- CompTIA Security+
- Certified Information Security Auditor
Contact
Lanham, MD 22204
Education
Burtonsville, MD
Work History
Washington, DC,Washington, DC
Timeline
Security Control Assessor (SCA)
Accenture
10.2020 - Current
IT HELP DESK SUPPORT
Aerotek
01.2017 - 03.2020
Bachelor of Arts - Business Administration
University of Maryland
High School Diploma -
Paint Branch High School