Fredrick Bosompem
Washington,USA
Summary
Detail-oriented ISSO support / Security Control Assessor with over 6 years of extensive experience in evaluating, implementing, and maintaining information security controls to ensure the confidentiality, integrity, and availability of critical systems and data. Strong expertise in interpreting and applying NIST Special Publications, including 800-53 Revision 5 a and b, 800-137, 800-171, and 800-37, to ensure compliance with federal cybersecurity standards and best practices. A dept at performing security assessments, risk analysis, and compliance audits for public and private sector organizations. Expertise in identifying security vulnerabilities, assessing system configurations, and recommending effective mitigations to address potential threats.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Information System Security Officer
Customer Value Partners
01.2023 - Current
- Collaborate to identify vulnerabilities, implement effective security solutions
- Conducting security control assessments for PaaS, SaaS, and IaaS environments.
- Ensuring cloud providers meet federal security standards (e.g., FISMA, NIST).
- Evaluated and improved security controls by conducting thorough risk assessments.
- Reduced cybersecurity vulnerabilities through the development of tailored mitigation strategies.
- Collaborated with IT teams to address identified security weaknesses, fostering a proactive approach to risk management.
- Author recommendations associated with assessment findings on how to improve the customer's security posture in accordance with NIST controls.
- Managing security assessments and compliance with FedRAMP requirements for cloud services.
Systems Engineer
Cyber Pro
02.2021 - 01.2023
- Company Overview: ISCI-ITOS TSS
- Assessed the security controls using appropriate procedures (NIST 800-53A) to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcomes to meet their security requirements for the system.
- Provided some technical support in system architecture, system design, system integration, and technical management.
- Assisted in providing technical input to the systems engineering process.
- Assisted in developing and implementing installation plans.
- Assisted in preparation and presentation of systems assurance reviews.
- Identified requirements and deficiencies in hardware and software products.
- Responsible for creating, reviewing, and maintaining documentation required by VA to maintain authorization of systems within the Security Boundary.
- Developed and updated System Security Plan (SSP), Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M) to ensure the system stays current in a dynamic IT environment to ease system reauthorization.
- Prepared Plan of Action and Milestones (PO&Ms) for client systems based on security control assessment findings.
- Created standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization ATO packages.
- Performed Security Categorization (FIPS 199 and NIST SP 800-60 vol 2), Privacy Threshold Analysis (PTA), e-Authentication with business owners and stakeholders.
- Developed, reviewed, and updated other security artifacts such as Interconnection Security Agreement (ISA) and a Memorandum of Understanding or Agreement (MOU/A) for interconnected systems using NIST SP 800-47.
- ISCI-ITOS TSS
Security Control Assessor
CyberRisk Beyond Solutions Inc
05.2019 - 01.2021
- Assessed security controls in accordance with the assessment procedures defined in the security assessment plan (SAP) through examination, interviews, and testing.
- Conducted security assessments by reviewing System Security Plans (SSP) to create Kick-Off Presentation Slides, Security Assessment Plans (SAP), and Security Control Assessment (SCA) matrices.
- Drafted Security Assessment Reports (SAR) to provide stakeholders with information regarding the security posture of their systems following the controls outlined in NIST SP 800-53 Rev. 4.
- Conducted meetings with various system teams to gather evidence, developed test plans, testing procedures and documented test results and exceptions.
- Conducted Self-Assessment with the NIST 800-53A to ensure controls were implemented correctly and producing desired outcome and as part of Continuous monitoring strategy following NIST 800-137.
- Worked effectively with all levels of management, staff, and cross-functional security teams within the organization to identify and implement information assurance controls authorized by NIST SP 800-53.
- Reviewed existing security documents (e.g., System boundaries, System Security Plan (SSP), Privacy Impact Analysis (PIA), Incident Response Plan, Contingency Plan (CP), etc.) and perform quality gap analysis for improvements.
- Conducted security control assessment of low, moderate, and high impact federal information systems to include cloud service offerings in accordance with FedRAMP requirements.
- Created Risk Traceability Matrix (RTM) in which to document assessment result (pass/fail).
- Prepared Security Assessment Reports (SAR) in which all the weaknesses are reported.
- Created Security Requirements Compliance Metrix (SRCM) and tabulated results of assessment using NIST SP 800-53A as a guide for determining assessment methods.
IT Help Desk Technician
Data Link University
07.2017 - 01.2019
- Resolved technical issues for students and staff, enhancing system uptime by over 40%.
- Provided IT support, leading to improved user satisfaction and faster response times.
- Trained new team members, contributing to a 15% reduction in ticket resolution time.
- Reduced downtime for end-users by quickly diagnosing and resolving hardware and software issues.
- Configured hardware, devices, and software to set up work stations for employees.
- Maintained accurate records of all help desk interactions, allowing for improved analysis of recurring issues and identification of areas requiring additional support resources.
Education
Bachelor of Arts - Political Science and Information Studies
University of Ghana
Skills
- RMF
- NIST Cybersecurity Framework
- NIST Special Publications
- GRC tools
- CSAM
- EMASS
- Risk management processes
- Cybersecurity laws and regulations
- FedRAMP
- SCA documentation
- Security Assessment Plan
- Security Assessment Report
Certification
- CompTIA Security+, CompTIA
- Certified Information Security Manager
- Certified Information Security Auditor
Timeline
Information System Security Officer
Customer Value Partners
01.2023 - Current
Systems Engineer
Cyber Pro
02.2021 - 01.2023
Security Control Assessor
CyberRisk Beyond Solutions Inc
05.2019 - 01.2021
IT Help Desk Technician
Data Link University
07.2017 - 01.2019
Bachelor of Arts - Political Science and Information Studies
University of Ghana
Similar Profiles
Anuja YerraAnuja Yerra
Senior Lead Technologist (MicroStrategy Lead) and Scrum Master at Customer Value PartnersSenior Lead Technologist (MicroStrategy Lead) and Scrum Master at Customer Value Partners
Eric FruEric Fru
SOC Analyst/Cyber Security Engineer at Customer Value PartnersSOC Analyst/Cyber Security Engineer at Customer Value Partners
P. Alex HardinP. Alex Hardin
Lead Help Desk Analyst at Customer Value Partners, Inc.Lead Help Desk Analyst at Customer Value Partners, Inc.
Kimberly PughKimberly Pugh
Health System Specialist at U.S DEPARTMENT OF VETERANS AFFAIRSHealth System Specialist at U.S DEPARTMENT OF VETERANS AFFAIRS
Atem P. MalakAtem P. Malak
Co-Founded at Pawuoi Clinic on Wheels (PaCOWs)Co-Founded at Pawuoi Clinic on Wheels (PaCOWs)