Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Elikem Duse

Woodbridge,VA

Summary

Highly Accomplished Information Security Analyst with over 7 years of experience, specializes in leveraging advanced security tools and technologies to safeguard organizational information systems. Proficiency encompasses key regulatory frameworks, including the Federal Information Security Management Act (FISMA), the NIST 800 Series, and FIPS standards, ensuring compliance and robust security posture. Experienced in a comprehensive range of cybersecurity practices, I excel in vulnerability management, security control implementation, comprehensive assessments and authorizations, Plan of Action, and Milestones (POA&M) management, continuous monitoring, and rigorous risk assessment, contributing to the resilient defense of critical information assets.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Security Control Assessor

MindPoint Group
04.2023 - Current
  • Executed test procedures, as appropriate, against in-scope cloud components in accordance with FedRAMP, FISMA, and NIST 800-53A R4/R5 requirements.
  • Conducts independent comprehensive assessment of management, operational and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls
  • Assess the implementation of NIST SP 800-53 security controls for major applications and general support systems using manual and automated test methods
  • Exercised executive-level oversight and guidance for ongoing support of Authorization to Operate (ATO), review and continuous monitoring of applications, utilizing Nessus for vulnerability scanning and ACAS for security risk assessments
  • Review and validated all artifacts and evidence collected during the assessment are complete and meet FedRAMP requirements
  • Advised Client concerning the impact levels of confidentiality, Integrity, and availability on the Information system
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
  • Support the preparation of the SAR, including, but not limited to, the summary of Assessment results and Authorization Recommendation
  • Assists in preparation of assessment deliverables - Security Control Assessment Report, Security Risk Assessments, etc.
  • Documentation of the findings and recommendations of the security controls assessment, including recommended remediation actions, in a Security Controls Assessment Worksheet to facilitate the preparation of a Plan of Action and Milestones

Information Security Analyst

Serco Inc
12.2020 - 04.2023
  • Create and maintain the Plan of Actions and Milestones (POA&M).
    Work with key stakeholders to implement the necessary remediation actions.
  • Ensured that security assessments are completed, and results documented.
  • Prepared Security Assessment Report (SAR) for the Authorization boundary
  • Provided ongoing support towards the ATO review and continuous monitoring of all assigned applications
  • Conducted risk assessments and security audits to evaluate system compliance
  • Reports to management concerning vulnerabilities, noncompliant artifacts, and scans, risks issues and impediments
  • Participated in control testing to ensure controls are adequate and performing as intended
  • Maintained Risk Analysis and assessed the application using CSAM
  • Experienced with cloud computing (SaaS, Paas and Iaas) fundamentals, end to end security compliance and risk management principles, practice, and methods
  • Prepared audit plan and report detailed results of audit and provided written recommendation to clients
  • Ensured security controls are properly designed and function as intended.

Cybersecurity Analyst

Zimmerman Associates Inc
08.2017 - 11.2020
  • Supported Security Control Assessments using NIST 800-53A Rev4 as guidance for current federal directives and policies
  • Provided support to the Application team on System Security Categorizations using FIPS 199 and the NIST 800-60 Volume2 Rev1 guidelines and templates to select provisional impact levels assigned to the Confidentiality, Integrity, and Availability (CIA) based on the information type
  • Developed and tracked Plan of Actions and Milestones (POA&Ms) and Schedule Completion Date (SCD) through closure
  • Maintained and managed common controls in Archer based on inheritance assigned to Application
  • Performed security risk assessment and analysis of resources, controls, vulnerabilities, et decommissioning, and information security threats to the organization's objective
  • Performed vulnerability assessment using Assured Compliance and Assessment Solution (ACAS) tool making sure risks are assessed and proper actions are taken to mitigate identified vulnerabilities
  • Participated in the System Assessment and Authorization process by working with the key stakeholders to ensure complete and accurate ATO packages
  • Collaborated with system owners and stakeholders to ensure related criteria and guidance such as Risk Management Framework (RMF), Federal Information Systems Management (FISMA) Health Insurance Portability and Accountability Act (HIPAA) are in compliance
  • Played an advisory role in application development, monitoring, and preparation for ATO review
  • Provided support to the Privacy Office in updating all Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) documents
  • Participated in various IT audits for clients within the financial, technology and information security industry, including the development of risk and controls matrix and audit procedures, execution of testing, and communication of findings to key stakeholders

Education

Master of Business Administration - Marketing

Strayer University
Washington, DC

Bachelor of Arts - English & French

University of Cape-Coast
Cape-Coast, Ghana

Skills

  • Risk Management Framework (RMF)
  • NIST 800 Series
  • System Security Plans (SSP)
  • Plan of Actions and Milestones (POA&M)
  • System Assessment Reports (SAR)
  • Assessment and Authorization (A&A)
  • Risk analysis
  • Control
  • Mitigation strategies
  • Security life cycle management
  • Threat and vulnerability assessments
  • Contingency planning
  • Wireshark
  • Nmap
  • Nessus vulnerability scanner
  • SCAP
  • CSAM tools
  • SIEM monitoring
  • Data security principles
  • Incident response strategies
  • Microsoft Windows environments
  • Server administration
  • Microsoft Office Suite

Certification

  • CISM
  • CompTIA Security +

Timeline

Security Control Assessor

MindPoint Group
04.2023 - Current

Information Security Analyst

Serco Inc
12.2020 - 04.2023

Cybersecurity Analyst

Zimmerman Associates Inc
08.2017 - 11.2020
  • CISM
  • CompTIA Security +

Master of Business Administration - Marketing

Strayer University

Bachelor of Arts - English & French

University of Cape-Coast

Similar Profiles

  • BRIAN FEWLASS

    BRIAN FEWLASSBRIAN FEWLASS

    Team Lead - Sr. Cybersecurity Engineer at MindPoint GroupTeam Lead - Sr. Cybersecurity Engineer at MindPoint Group

    View Profile
  • Joshua Brink

    Joshua BrinkJoshua Brink

    Lead Insider Threat Analyst at MindPoint Group / Department of JusticeLead Insider Threat Analyst at MindPoint Group / Department of Justice

    View Profile
  • Sreedhar N.P

    Sreedhar N.PSreedhar N.P

    Senior Associate 2 SA2, Fund Services -Trade Operations- Bank Loans at Intertrust Group ( CSC Group)Senior Associate 2 SA2, Fund Services -Trade Operations- Bank Loans at Intertrust Group ( CSC Group)

    View Profile
Elikem Duse