Summary
Overview
Work History
Education
Skills
Certification
Awards
Timeline
Generic

Elijah Fasehun

York,PA

Summary

Experienced Information Security Consultant with demonstrated history of working in the Cybersecurity industry and two years’ experience in project management. Skilled in Data Privacy, Data Security, Cloud Security Architecture, Auditing, Risk Management, Vulnerability Assessment Tools, and Vulnerability Remediation. Strong information technology professional with a Master of Science – MS focused on Cybersecurity technology from the University of Maryland Global Campus.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Senior Cybersecurity Analyst – Project Lead

PwC
Remote
05.2022 - Current
  • Collaborate with development and DevOps teams to integrate security practices into the Software Development Life Cycle (SDLC), ensuring alignment with security policies.
  • Conduct in-depth reviews of application code to identify vulnerabilities, such as authentication flaws and common web application vulnerabilities.
  • Utilizing Power BI to automate the vulnerability dashboard using the reports from the data lake.
  • Creating, modifying, and running SQL queries in Athena.
  • Developing and maintaining multiple ServiceNow instances.
  • Utilizing security controls (access control, auditing, authentication, encryption, integrity, physical security, and application security).
  • Using operating systems such as Windows, environments, vulnerability, and threat management tools.
  • Using vulnerability management products from vendors such as Onapsis, Qualys, and Tenable.
  • Work directly with multiple teams and asset owners on vulnerability remediation.
  • Analyzing identified vulnerabilities, along with identifying remediation techniques in Rapid7.
  • Compiling vulnerability data and reports for both technical and executive audiences, using reporting from Rapid7, Qualys, and SNOW.
  • Identifying dependencies and timelines required to address vulnerabilities, including system patching, deployment of specialized controls, code or infrastructure changes, and changes in build engineering processes
  • Reporting remediation of vulnerabilities by coordinating agreed-upon action plans and timelines with responsible technology partners, and support teams.
  • Reviewing and reporting changes to patching policies, procedures, standards, and audit work programs in a continuous improvement model.
  • Providing an analysis of impacts to key stakeholders.
  • Creating a standard operating procedure for vulnerability remediation.
  • Creating Dashboards in SNOW VR.
  • Ensure assets are in compliance with our scan compliance policies.
  • Train the new associate and assist in the onboarding process.
  • Assign tasks to the junior analyst, and provide feedback.

Vulnerability Management Engineer

Relevant Technologies
Richardson, Texas
11.2019 - 05.2022
  • Used operating systems, such as Windows environments, vulnerability, and threat management tools.
  • Used vulnerability management products from vendors such as Qualys, Tenable, and Onapsis.
  • Configured SAP assets by discovering them on the Onapsis console.
  • Updated asset license and credentials on Onapsis.
  • Troubleshooted SAP assets on the Onapsis console to make sure the assets are ready for the weekly scan.
  • Analyzed identified vulnerabilities, along with identifying remediation techniques.
  • Compiled vulnerability data and reports for both technical and executive audiences.
  • Identified dependencies and timelines required to address vulnerabilities, including system patching, deployment of specialized controls, code or infrastructure changes, and changes in build engineering processes.
  • Worked directly with the Onapsis engineer on a false positive by analyzing and sending console and sensor logs to the Onapsis engineer.
  • Reported remediation of vulnerabilities by coordinating agreed-upon action plans and timelines with responsible technology partners, and support teams.
  • Reviewed and reported changes to patching policies, procedures, standards, and audit work programs in a continuous improvement model.
  • Provided analysis of impacts to key stakeholders.
  • Ensured the efficiency of compliance activities by coordinating internal and external audits and assessments.
  • Drove timely responses to key alerting outputs by tracking outputs from key monitoring systems, including configuration/vulnerability management, IDS, and endpoint management.
  • Creation of user guides, dashboards, run books, trend analysis reports, and presentations for training.

Information Security Analyst

Douala IT
Towson, MD
11.2017 - 08.2019
  • Created and tracked for corrective actions the Plan of Action and Milestones (POAM) of all accepted risks upon completion of Security Control Assessment (SCA) exercises, and documented in the system security plan (SSP).
  • Monitored controls post-authorization to ensure continuous compliance with the security requirements by evaluating threats and vulnerabilities through Nessus scan results, and worked with the IT staff for mitigation actions.
  • Updated Authorization to Operate (ATO) packages, such as the SSPs, SAR, and POAMs, for information systems, to ensure they are in compliance with the organization's information security requirements.
  • Developed and reviewed system security artifacts, such as contingency plans (CP), incident response plans (IRP), privacy impact assessments (PIA), MOUs/ISAs, and risk assessment (RA) documents for compliance with NIST 800 guidelines and the agency's security requirements.
  • Developed and updated Authorization to Operate (ATO) packages, such as the SSP, SAR, and POAM, for information systems to ensure they are in compliance with the organization's information security requirements.
  • Trained new analysts to ensure proper completion of access requests and problem resolution.

Education

Master of Science – MS - Cybersecurity Technology

University of Maryland Global Campus

Bachelor of Science - Business Administration

Towson University
Towson, MD

Skills

  • Risk Assessment & Management
  • PO&AM Management tool
  • System Security Documentation
  • Security Assessment & Authorization
  • Vulnerability Assessment Tools
  • Vulnerability Management Tools
  • Scan Compliance
  • Microsoft Office Suite
  • SharePoint
  • Auditing
  • Project Management
  • Leadership
  • Detail-oriented
  • Firewall
  • Qualys
  • Tenable
  • ServiceNow
  • Crowdstrike
  • Rapid7
  • Splunk
  • SQL
  • Onapsis
  • SNOW
  • PowerBI
  • Zscaler
  • Cloudview
  • JIRA

Certification

  • CompTIA Security+
  • Amazon Web Services Solutions Architect Associate (AWS)
  • Certified Authorization Professional (CAP), in progress
  • Certified Ethical Hacker (CEH), in progress

Awards

  • Associate of the year, 04/01/18, Douala IT
  • Associate of the year, 01/01/21, Relevant Technologies

Timeline

Senior Cybersecurity Analyst – Project Lead

PwC
05.2022 - Current

Vulnerability Management Engineer

Relevant Technologies
11.2019 - 05.2022

Information Security Analyst

Douala IT
11.2017 - 08.2019

Master of Science – MS - Cybersecurity Technology

University of Maryland Global Campus

Bachelor of Science - Business Administration

Towson University

Similar Profiles

  • Joseph Moore

    Joseph MooreJoseph Moore

    W/R SR Treat PLT Operator at PWCW/R SR Treat PLT Operator at PWC

    View Profile
  • SHATHA ALGHAMDI

    SHATHA ALGHAMDISHATHA ALGHAMDI

    Senior Consultant at PwCSenior Consultant at PwC

    View Profile
  • Nikolas Schmidt

    Nikolas SchmidtNikolas Schmidt

    Consultant / Teamlead / People Manager - Forensics at PwCConsultant / Teamlead / People Manager - Forensics at PwC

    View Profile
Elijah Fasehun