Fongu Ngufor
Laurel,MD
Summary
Reliable, forward-thinking, and result-oriented Cybersecurity Analyst with over 12 years of experience delivering customized IT security solutions to boost business operations. Employ knowledge of new technologies to suggest improvements to existing and new information systems (hardware/software). A dependable analyst with a track record of success in information security Risk Management and Compliance, attention to detail, and a proactive mindset. Seeks opportunities to improve processes and workflows for team and business benefit. Conscientious, hardworking, and excels at multitasking in fast-paced environments. Cultivates rapport with individuals to optimize project goals and output, resolve complex problems, and deliver innovative improvement strategies.
Overview
13
13
years of professional experience
Work History
Senior FedRAMP/Cloud Cyber Security Analyst
IPkeys Inc
03.2022 - Current
- Review, analyze, evaluate, and comment on CSO’s SSP, SAP, SAR, and POA&M to prepare the Authorization package
- Cloud Continuous Monitoring: Perform DoD and FedRAMP Cloud Authorization ongoing support to include continuous monitoring, annual reviews, and significant change requests of Cloud Service Providers through reviews, recommendations, written reports, and presentations
- Ensure the DoD and FedRAMP’s monitoring programs are maintained by CSPs, through a risk-based approach and provide data for the AO to understand the risk position of cloud service Offering
- Provide ongoing assurances (assessments and validations) that security controls are in place and adhere to DoD and FedRAMP requirements, to ensure compliance
- Ensure system risk safeguards and countermeasures are in place, operating effectively, and utilizing proactive and risk-based approaches in monitoring CSOs
- Integrate security and risk management processes that identify actionable items, based on potential risks
- Validate and ensure CSP performs vulnerability scans of required security controls established by DoD and FedRAMP
- Support continuous monitoring and annual assessments of Cloud Services Offerings through reviews, recommendations, written reports, and briefings.
Sr. Information Systems Security Officer (ISSO)
RMantras Solutions Inc
01.2020 - 01.2022
- Prepared, tracked, and reported on FISMA compliance activities, including annual contingency plan tests, quarterly POA&Ms updates, and reviews by conducting security control assessments referencing NIST SP 800-53, SP 800-37 rev2, to prepare a complete Authorization to Operate packages
- Developed and advised on the development of Assessment and Authorization (A&A) artifacts and security documentation to include, but not limited to System Security Plans (SSP), Plan of Action and Milestone (POA&M), Contingency Plans, Incident Response Plans, and Configuration Management Plan
- Document compliance gap reports by translating technical information and reports for senior management to facilitate risk-based decisions
- Analyzed architecture diagrams and implementation details of IT products and produced technical documentation specific to security certifications
- Communicated effectively with security product vendors such as cloud service providers (CSPs) regarding CSOs, and certifying authorities to address compliance gaps and documentation of comments to meet FedRAMP standards and DoD requirements
- Conducted annual security controls effectiveness testing, documented findings, advised, and monitored remediation efforts on all systems through POA&Ms
- Validated assessment and authorization documents and technical assessment results to confirm that the level of risk is within acceptable limits for each system, network and application
- Conducted onsite information security assessments and assisted with security processes at customer and contractor business partner facilities and made recommendations for presentation to management officials.
Information Security Analyst/Assessor
Perspecta Inc
01.2015 - 01.2020
- Reported to senior officials regarding the identification, implementation, assessment, and monitoring of information systems for major changes that could introduce vulnerabilities and impact the security posture of systems and organizations
- Designed and allocated resources for all phases of the project life cycle (conception, design, execution, and closure)
- These projects involved software development of in-house applications, with special attention to their security capabilities and enhancements
- Enhanced and performed standard operating procedures as applicable for systems to be assessed for an Authorization to Operate (ATO) by reviewing and evaluating network diagrams, datacall, PIA, etc for compliance
- Reviewed and updated the System Security Plan (SSP) based on findings from Access controls and using NIST SP 800-18 rev1, NIST SP 800-53a rev4, and NIST SP 800-53
- Identified compliance issues per NIST and FISMA
- Provided short and long-term solutions
- Documented and revised Privacy Impact Assessment (PIA) following the creation of a positive PTA to ensure PII findings are recorded in the System of Record Notice (SORN).
Oracle Database Administrator
Knight Points Systems, LLC
01.2011 - 01.2015
- Created and configured databases for mission-critical business applications
- Migrating databases from one to another platform
- Configured and Maintained Standby databases
- Created target Database in 12C, 11g, and 10g utilizing Linux, UNIX, and AIX platforms
- Configured system to achieve high availability, load balancing, and automatic failover functionality
- Configured databases to prepare for hot backup using Veritas NetBackup and Oracle RMAN
- Identified potential failures of export and import activity and problem resolution
- Involved in database and transaction log backups and restoration, backup strategies, and scheduling the backups
- Backing up system and user databases and restoring them as required
- SQL performance tuning using AWR, ADDM, and the Oracle “Explain Plan” feature.
Education
Ph.D. Computer and Information Security -
Northcentral University
04.2020
Skills
- Workflow Analysis
- Documentation and Reporting
- Issue Identification
- System Analysis
- Audit Support
- Regulatory Compliance
- Risk Mitigation
- Evidence-Based Decision Making
- Process Improvements
- Compliance Analysis
- Multiple Priorities Management
- Deadline Adherence
- Project Management
- Policy Improvements
- Security Solutions
- MS Excel
- Analytical Thinking
- Team Collaboration and Leadership
- Preliminary Conclusions and Recommendations
- Data Research and Validation
Training And Certificates
- Certified Information Security Manager (CISM)
- Certified Advanced Security Practitioner (CASP)
- AWS Certified DevOps Associate
- Oracle Certified Associate (OCA)
- Certified Scrum Master
Technical Skills And Tools
eMASS, NIST Pub series, CSAM, FISMA, PCI DSS, FedRAMP, ACAS, DISA STIGS, IDS/IPS, System Network Diagram/data flow, Security Assessment Plan (SAP), Security Assessment Reports (SAR), SSP, IdAM, systems and application architectures, Microsoft office suite (Excel, Word, outlook, power Point, Teams, Skype).
Publications
- Understanding the Perspectives of Information Security Managers on Insider Threat. https://advance.sagepub.com/articles/preprint/Understanding_the_Perspectives_of_Information _Security_Managers_on_Insider_Threat/12564146;
- Left-Shift Security, Insider Thread, Security Awareness Training, and Personal Identification Information (PII), and Sensitive Data.
Timeline
Senior FedRAMP/Cloud Cyber Security Analyst
IPkeys Inc
03.2022 - Current
Sr. Information Systems Security Officer (ISSO)
RMantras Solutions Inc
01.2020 - 01.2022
Information Security Analyst/Assessor
Perspecta Inc
01.2015 - 01.2020
Oracle Database Administrator
Knight Points Systems, LLC
01.2011 - 01.2015
Ph.D. Computer and Information Security -
Northcentral University
Similar Profiles
Wakisha W. SolomonWakisha W. Solomon
FSO/Senior Business Analyst at IPKeys TechnologiesFSO/Senior Business Analyst at IPKeys Technologies
Lonell WilliamsonLonell Williamson
Senior Closeout Specialist - Project Manager at Jefferson Solutions – Department of Transportation Federal Railroad AdministrationSenior Closeout Specialist - Project Manager at Jefferson Solutions – Department of Transportation Federal Railroad Administration
Claudia CamposClaudia Campos
Leasing Consultant at Knott RealtyLeasing Consultant at Knott Realty
Andrew GiglioAndrew Giglio
Assistant Manager at Bob Evans RestaurantAssistant Manager at Bob Evans Restaurant
Keshane HinckleyKeshane Hinckley
Special Agent Trainee at United States Secret ServiceSpecial Agent Trainee at United States Secret Service