Fatu Dukuray
Rolesville,USA
Summary
Dynamic IT security analyst with over 6 years of experience specializing in Risk Management Framework, system monitoring, and regulatory compliance. Proven expertise in FISMA compliance aligned with NIST standards, complemented by a strong foundation in developing security policies, procedures, and guidelines. Demonstrated ability to build and nurture strategic partnerships while excelling in project management, incident response, and disaster recovery initiatives. Recognized for superior analytical and organizational skills, thriving both independently and as an integral team contributor.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Information Security Analyst
Evergreen Information Security and Technology
12.2016 - Current
- Conduct kickoff meetings, get systems information (information type, boundary, inventory, etc.) and categorize systems based on NIST SP 800-60.
- Assist System Owners and ISSOs through the Certification and Accreditation (C&A) process.
- Facilitate weekly meetings with the Point of Contact to discuss documentation progress. Develop meeting minutes for weekly meetings and upload to respective SharePoint site. Also, review and update required documents for ATO such as System Categorization, System Characterization Document, Privacy Threshold Analysis, Privacy Impact Assessment (if applicable), Contingency Plan, Contingency Plan Test Results, Business Impact Analysis, Incident Response Plan, Incident Response Test Results, and Configuration Management Plan and upload to XACTA after System Owner review and approval.
- Develop and update system security plans with the summary of the federal information system security requirements and identifies the controls in place or to achieve the requirements.
- Update detailed weekly project summaries status of assessment requirement. Provide weekly highlevel updates on ATO Flow board monitored by client’s upper management.
- Verify that management, operational and technical controls for securing either sensitive Security Systems or IT Systems controls are established compliance to the federal guidelines (NIST 800-53). Also adequate measures are taken to implement information security requirements for IT systems all through their life cycle, from the requirements definition phase through disposal.
- Supports the Information System Security Officers (ISSOs), the System Owner, the Information Owners, and the Privacy Act Officer to carry out Privacy Threshold Analysis (PTA), and Privacy Impact Analysis (PIA) and obtains security control assessment to assess the adequacy of management, operational privacy and technical security controls implemented.
- Ensures risk assessment reports are developed, identifies threats and vulnerabilities targeted to the systems, analyses the possibility that vulnerability can be exploited, assesses the impact of the threats and vulnerabilities to the organization, and identifies the overall risk level.
- Completes assurance of vulnerability mitigation, training on C&A tools, supporting System Test and Evaluation (ST&E) efforts and other support to the IT Security Office.
- Prepares Security Assessment Report (SAR) given a comprehensive report of the system assessment in addition to plan of action and milestones (POA&M).
- Monitors and advises in the development of Information Security Continuous Monitoring Strategy and ensures effectiveness of all security controls, vulnerabilities, and threats organizational risk management decisions.
- Conducts Federal Risk and authorization Management Program (FedRAMP) adhering to the procedures in performing security assessment, authorization and continuous monitoring for cloud products and services.
IT Security Analyst
NetApp Inc
02.2016 - 12.2016
- Performed IT risk assessment and documented the system security keys controls.
- Met with IT team, gathered evidence, developed test plans, testing procedures and documented test results and exceptions.
- Created and Conducted walkthroughs, formulated test plans, test results, and developed remediation plans for each area of the testing.
- Created audit reports for distribution to management and senior management documenting the results of the audit.
- Contributed in the SOX testing of the General Computer Controls.
- Developed a Business Continuity Plan and liaison with vendors and best practices.
- Monitored security measures for the protection of computer networks and information and coordinated with System administrators to provide fixes for assessing vulnerabilities identified in systems and recommended resolutions of security risks within the assigned systems.
- Supported the completion of the annual PCI DSS, SOX, HIPAA Report on Compliance.
- Obtained and reviewed evidence of compliance to support technical or complex PCI DSS networking requirements.
- Conducted annual onsite performance and regulatory compliance reviews to ensure Third Party adherence to contractual, regulatory, and operational compliance to minimize the risk.
Lab support Co-op
NetApp Inc.
11.2015 - 02.2016
- Received work assignments and tasks via ticketing Quick Touch system, and project managers (replace a failed disk, attach a KVM, trace cable, verify location, and reseat drives), and provide timely written and oral updates of work progress.
- Managed equipment lifecycle (e.g. racking, decommissioning, database update/tracking).
- Installed and deployed new equipment such as NetApp storage, multi-vendor servers, network equipment (Cisco and Brocade), and virtualization (VMware).
- Performed basic maintenance and break/fix tasks under direct supervision of more experienced support engineer.
- Completed full project installation requests for various technical customers that deploy equipment in GDL1, including rack, cable, configure equipment such as storage systems, servers, and switches, assign IP addresses, and update ELMs, supervisor, and the customer.
Education
Bachelor of Applied Science - Computer Science and Engineering
A&T State University
Associate of Art - undefined
Wake Technical Community College
Raleigh, NC05.2019
Skills
- Regulatory compliance expertise
- Operating systems: UNIX and Windows
- Threat intelligence
- Security awareness training
- Vulnerability assessment
- Risk mitigation
- Network security
- Problem-solving
- Monitoring computer viruses
- Risk analysis & mitigation
- Critical thinking skills
- Compliance management
Certification
- Certified Data Privacy Solutions Engineer (CDPSE)
- CompTIA Security + certificate
- CEH 12 Certification
- PL-900: Power Platform Fundamentals Certificate
- PL-300: Power BI Data Analyst Associate Certificate
Languages
English
French
Timeline
Information Security Analyst
Evergreen Information Security and Technology
12.2016 - Current
IT Security Analyst
NetApp Inc
02.2016 - 12.2016
Lab support Co-op
NetApp Inc.
11.2015 - 02.2016
Associate of Art - undefined
Wake Technical Community College
Bachelor of Applied Science - Computer Science and Engineering
A&T State University
Similar Profiles
Dorcas A. JohnsonDorcas A. Johnson
Information Security Analyst at Evergreen Information Security & Technology LLCInformation Security Analyst at Evergreen Information Security & Technology LLC
Elgin HowellElgin Howell
Owner/Technician at Howell Information Technology and SecurityOwner/Technician at Howell Information Technology and Security
Hossain MohammadHossain Mohammad
CCTV & Network Technician at Last Vision for Security Systems and Information TechnologyCCTV & Network Technician at Last Vision for Security Systems and Information Technology
Jenny HerreroJenny Herrero
Cheese Customer Service (Full-Time) at WegmansCheese Customer Service (Full-Time) at Wegmans
DALTON PURSERDALTON PURSER
Elevator Mechanic Apprentice at TK ElevatorElevator Mechanic Apprentice at TK Elevator