Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Gwendoline Akum

Katy,TX

Summary

Results-driven and highly proactive cybersecurity and information assurance professional with over 8 years of experience leading and managing a diverse range of IT and cybersecurity initiatives. Skilled in risk management, security controls implementation, and information system authorization (ATO) processes, ensuring compliance with industry standards and regulations. Expertise in identifying, analyzing, and mitigating cybersecurity risks across complex environments, utilizing frameworks such as RMF, NIST 800-53 Rev 5, and NIST SP 800 series.

Demonstrated experience in managing compliance requirements for industry-specific standards, including FISMA, FedRAMP, HIPAA, and conducting detailed reviews of SOC 1 and SOC 2 audit reports. Proven ability to lead cross-functional teams, assess third-party vendor risks, and implement effective security measures across diverse IT infrastructures. Skilled in risk assessments, vulnerability management, security audits, and continuous monitoring to safeguard sensitive information and maintain system integrity.

.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Information System Security Officer (ISSO)

Capgemini
07.2020 - Current


  • Support Security Assessment and Authorization (A&A) Processes: Implement and manage processes within the Security Assessment and Authorization (SA&A) environment, including system security categorization, development of security and contingency plans, security testing and evaluation, system accreditation, and continuous monitoring. Ensure that all assessments align with the Risk Management Framework (RMF) and meet FISMA, NIST, and other regulatory requirements.
  • Risk Management Framework (RMF) and Continuous Monitoring: Provide ongoing support for the RMF and continuous monitoring processes. Assist with managing security assessments through each stage of RMF, from Categorization (Step 1) to Authorization (Step 6) and monitoring. Perform risk assessments to evaluate vulnerabilities and impact, supporting timely identification and mitigation of risks.
  • System Security Categorization and Control Selection: Collaborate with stakeholders to assign FIPS 199 impact level designations and select appropriate security controls based on system categorization. Ensure that selected controls meet the necessary security standards and support overall system security posture.
  • Creation of A&A Documentation: Develop and maintain standard templates and documentation for Security Assessment and Authorization packages, including Security Plans (SP), Security Assessment Plans (SAP), Risk Assessment Reports (RA), System Security Plans (SSP), and Plan of Actions & Milestones (POA&M). Ensure documentation meets regulatory requirements and effectively communicates security posture and risk levels.
  • Guidance and Quality Assurance: Provide expert guidance and quality assurance to System Owners and Information System Security Officers (ISSO) throughout the C&A process. Assist with the development and review of C&A documentation to ensure adherence to NIST 800-53 and FISMA requirements.
  • Security Control Reviews: Review and assess technical security controls to determine their effectiveness and compliance with NIST 800-53 standards. Provide recommendations for improving control implementation and address gaps in security measures. Evaluate security configurations for systems and provide feedback on how well they meet defined security requirements.
  • FISMA Metrics and Program Management: Contribute to the development and management of FISMA metrics, including Annual Testing, POA&M Management, and overall Program Management. Track security weaknesses and vulnerabilities, ensuring timely remediation and reporting to management. Work closely with stakeholders to address risks and improve system security.
  • Vulnerability Scanning and Assessment: Perform vulnerability scans on databases, networks, and web applications using industry-standard tools like Nessus. Analyze scan results, identify vulnerabilities, and collaborate with system administrators to ensure that identified risks are mitigated in a timely manner.
  • Privacy and Data Protection: Conduct Privacy Threshold Analysis (PTA) and recommend the need for Privacy Impact Assessments (PIA) where appropriate. Ensure that all systems comply with privacy regulations and best practices related to data confidentiality and protection.
  • Security Policy and Standards Development: Assist in the development and maintenance of information security policies, standards, and procedures related to management, operational, and technical controls. Ensure that policies align with organizational objectives, industry best practices, and regulatory requirements.
  • Assessment and Authorization (A&A) Package Preparation: Prepare comprehensive A&A packages, including System Security Plans (SSP), Security Assessment Reports (SAR), Security Assessment Plans (SAP), Risk Assessment Reports (RA), and Plan of Action and Milestones (POA&M) for Authorization to Operate (ATO) requests. Review and update A&A packages to ensure they remain current and aligned with NIST 800-53 standards.
  • Compliance and Risk Mitigation: Review POA&M tracking tools to ensure that remediation actions for security weaknesses are being tracked and closed in a timely manner. Collaborate with stakeholders to resolve vulnerabilities and ensure that systems are in compliance with NIST 800-53 and organizational security policies.
  • Expert Consultation on IT Security: Provide expert analysis and consultation on IT security-related issues, advising clients and internal teams on best practices, security frameworks, and mitigation strategies. Develop recommendations for improving security controls, reducing risks, and enhancing the overall security posture of systems.
  • Security Alerts and Regulatory Compliance: Monitor and review policy updates, security alerts, new regulations, and technical advances in IT security. Ensure that systems and operations remain compliant with relevant security standards and governmental regulations.
  • Ongoing IT Security Program Support: Provide continuous support for the organization’s IT security program to ensure that security objectives of confidentiality, integrity, and availability are consistently met. Collaborate with cross-functional teams to strengthen the security architecture and minimize risk exposure.
  • Conduct FISMA-based Security Risk Assessments: Lead comprehensive security assessments for contracting organizations, including detailed interviews, testing, and inspections to evaluate risks and vulnerabilities. Produce thorough assessment reports with actionable recommendations, and conduct out-briefings for senior stakeholders to communicate findings and risk mitigation strategies.

Information Security Control Assessor and Security Analyst

Silicon Valley Bank
02.2017 - 03.2020
  • Network Security Monitoring and Packet Analysis: Monitor and analyze network traffic using Wireshark to identify potential security threats and vulnerabilities in real-time. Leverage packet capture analysis to detect anomalies, unauthorized access, or malicious activities, ensuring prompt action to mitigate risks.
  • Collaboration with Cross-Functional Teams: Partner with network, systems, and security teams to identify, assess, and address potential threats to various network components. Collaborate on threat intelligence sharing and coordinate defensive measures to strengthen network security.
  • Vulnerability Scanning and Risk Management: Perform regular vulnerability scans using Nessus to detect and assess risks across enterprise networks, servers, and systems. Identify non-compliance issues, vulnerabilities, and gaps in security controls, and drive remediation efforts in collaboration with system administrators and security teams.
  • Remediation and Compliance Oversight: Oversee the remediation process for identified vulnerabilities, ensuring that corrective actions are taken promptly by respective teams. Track the status of remediation activities, escalate unresolved issues, and ensure compliance with security policies and regulatory standards.
  • Security Incident Investigation and Reporting: Investigate security breaches, cyber incidents, and anomalies in the network. Document incidents, assess the impact, and generate detailed reports for management, providing recommendations for mitigation and future prevention strategies.
  • Incident Documentation and Damage Assessment: Document and classify security incidents, including analysis of the extent of damage caused. Coordinate with relevant teams to ensure proper containment, eradication, and recovery procedures are followed to minimize operational impact.
  • Standards and Procedures Development: Develop, implement, and maintain comprehensive cybersecurity policies, standards, and procedures aimed at protecting the security and integrity of information systems and sensitive data. Continuously review and update standards to ensure alignment with industry best practices.
  • Network Traffic Threat Mitigation: Analyze network traffic to determine potential countermeasures for detected threats. Implement strategies to neutralize risks and prevent further security breaches by configuring IDS/IPS devices, firewalls, and other security measures as necessary.
  • Log and Alert Monitoring: Review logs and security alerts from various security devices, including Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Data Loss Prevention (DLP) systems, and SIEM tools such as Splunk. Investigate any abnormal patterns and escalate potential threats to ensure timely resolution.
  • Cloud Security Support: Provide guidance and security oversight for the implementation and ongoing management of cloud-based solutions, including private, public, hybrid, and community cloud deployment models. Ensure security controls are properly integrated and maintained in cloud environments to meet organizational security objectives.
  • System Security Plans (SSP) Development: Develop, review, and evaluate System Security Plans (SSP) based on NIST Special Publication 800-53r4. Ensure that plans effectively address security requirements and are aligned with organizational goals and compliance regulations.
  • Cybersecurity Incident Communication and Reporting: Provide detailed daily status updates on ongoing cybersecurity incidents, ensuring that clients and stakeholders are kept informed. Collaborate with customers and internal teams to ensure satisfactory resolution of security issues and minimize system downtime.
  • Database Administration and Maintenance: Configure and manage Database Maintenance Plans, including backups, re-indexing, index reorganization, cleanup of historical data, and update statistics. Ensure that databases are optimized, secure, and operating efficiently.
  • Database Migration and Server Management: Oversee the relocation and migration of databases between servers, ensuring minimal disruption to service and maintaining data integrity throughout the process. Support the server lifecycle, including rebuilding, upgrading, and decommissioning of servers.
  • Database Customization and Optimization: Modify existing databases to meet unique operational needs as determined during initial evaluation and planning phases. Tailor databases and SQL queries to improve efficiency, scalability, and meet specific business requirements while adhering to service-level agreements (SLAs).
  • Continuous Learning and Skill Enhancement: Stay up-to-date with emerging technologies and security trends. Demonstrate a strong willingness to learn and apply new skills to improve overall productivity and efficiency in cybersecurity and database administration tasks.
  • Database Incident Management and Proactive Support: Provide proactive monitoring and support for databases by resolving incidents, ensuring optimal database performance, and maintaining the integrity of database servers. Collaborate with other IT teams to ensure databases are configured and secured according to organizational standards.
  • Database Access Control and Security: Configure and enforce user profiles, access levels, and permissions for each database segment to protect sensitive data and ensure compliance with security policies. Audit access logs regularly to detect unauthorized attempts and strengthen data protection mechanisms.
  • Database Design and Data Modeling: Design and implement well-structured databases and data models to meet business needs and ensure data integrity, availability, and security. Provide solutions that optimize performance and support the organization’s strategic goals.
  • SQL Server Patching and Compliance Management: Lead monthly patching activities for SQL Servers to ensure compliance with security and operational policies. Monitor incidents and investigate issues in ICM queues, prioritizing tasks based on severity to minimize operational risk.
  • Hardware Coordination and Maintenance: Coordinate with hardware teams to address hardware-related issues impacting system performance and security. Schedule and manage maintenance windows to ensure minimal disruption to services during updates or repairs.
  • Server Software Development Lifecycle (SDLC) Support: Drive the Software Development Lifecycle (SDLC) for servers, including rebuilding, upgrading, and decommissioning. Ensure that server configurations are optimized for performance, security, and compliance with relevant standards.
  • Disaster Recovery Implementation and Troubleshooting: Implement and troubleshoot database disaster recovery models, including partitioning, mirroring, log-shipping, replication, clustering, and Always-On Availability Groups. Ensure that data protection strategies are effective and minimize data loss in the event of a system failure.

IT Support Specialist / Helpdesk Technician

Silicon Valley Bank
01.2016 - 01.2017
  • Technical Support for End-Users: Provide exceptional technical support for hardware, software, and network issues, ensuring prompt resolution and minimal downtime. Troubleshoot complex problems across various devices, including desktops, laptops, printers, and mobile devices, in both Windows and macOS environments.
  • Helpdesk Ticket Management: Respond to and resolve support tickets through a helpdesk system, maintaining high customer satisfaction levels by delivering timely, effective solutions. Prioritize and escalate tickets as needed to ensure issues are addressed within agreed SLAs.
  • Hardware and Software Troubleshooting: Perform in-depth troubleshooting and repair of hardware and software-related issues for end-users, ensuring all devices are operational and optimized. Offer immediate assistance for technical challenges related to operating systems, peripheral devices, and software applications.
  • Software Installation and Configuration: Assist with the installation, configuration, and regular maintenance of software applications and operating systems on workstations, ensuring compatibility and smooth operation. Provide expert guidance to users during software upgrades and patches.
  • Active Directory User Management: Manage user accounts, permissions, and access rights within Active Directory (AD), ensuring security, access control, and compliance with organizational policies. Regularly audit user accounts and permissions to maintain data security and integrity.
  • Network Infrastructure Monitoring: Monitor and support the organization’s network infrastructure, including switches, routers, and wireless access points, to ensure optimal performance, connectivity, and uptime. Respond promptly to network-related issues and collaborate with network engineers to troubleshoot and resolve connectivity problems.
  • VPN Support and Remote Access: Configure, troubleshoot, and support Virtual Private Network (VPN) connections, enabling secure remote access for employees. Ensure VPN performance is consistent and troubleshoot any connectivity or security issues that may arise.
  • IT Asset and License Management: Manage and maintain an up-to-date inventory of IT assets, including hardware devices, software licenses, and peripherals. Ensure compliance with software licensing agreements and assist in asset tracking to reduce unnecessary expenses.
  • Backup and Data Recovery Support: Support backup and recovery processes, ensuring the integrity, availability, and recoverability of critical data. Regularly verify backup systems and assist in restoring data when necessary to minimize downtime in the event of data loss or system failure.
  • Microsoft Office 365 Support: Provide first-line support for Microsoft Office 365 applications, including troubleshooting issues with Outlook, Teams, SharePoint, and OneDrive. Resolve issues related to user access, configuration, and performance, ensuring optimal usage of collaboration tools.
  • Procedure Development and Documentation: Develop and document IT support procedures, guides, and troubleshooting steps to improve team efficiency and knowledge sharing. Create user-friendly resources to empower end-users to resolve minor issues independently, reducing overall support workload.
  • User Training and Support: Conduct training sessions for end-users on IT best practices, security protocols, and troubleshooting techniques, promoting self-sufficiency and reducing dependency on IT support. Ensure users understand key system features, tools, and services available to them.

Education

Bachelor of Science - Information Technology

American Intercontinental University
Houston, TX
09-2019

Skills

  • Agile Methodology
  • SDLC
  • CSAM
  • POAM
  • ATO PackagesRisk
  • Assessment
  • NIST 800 Series
  • Nessus
  • FIPS
  • FISMA
  • Migration/Upgrades/Patching
  • Backup/Restore
  • Performance Tuning / Troubleshooting
  • Database Security
  • Cloud Security (AWS, Azure, GCP)
  • CIS Benchmarks
  • Incident Respons
  • Security Auditing
  • PCI-DSS Compliance
    ISO/IEC 27001/27002
  • Disaster Recovery Planning (DRP)
  • Vulnerability Management

Certification

  • Certified Information Security Manager (CISM), Completed
  • CompTIA Security+, Completed


Timeline

Information System Security Officer (ISSO)

Capgemini
07.2020 - Current

Information Security Control Assessor and Security Analyst

Silicon Valley Bank
02.2017 - 03.2020

IT Support Specialist / Helpdesk Technician

Silicon Valley Bank
01.2016 - 01.2017

Bachelor of Science - Information Technology

American Intercontinental University

Similar Profiles

  • Abdoul-rahim Domba

    Abdoul-rahim DombaAbdoul-rahim Domba

    Ingénieur d'études et de recherche at CapgeminiIngénieur d'études et de recherche at Capgemini

    View Profile
  • Bélinda BONACINA

    Bélinda BONACINABélinda BONACINA

    Document Management, quality and configuration at CAPGEMINIDocument Management, quality and configuration at CAPGEMINI

    View Profile
  • Namrata Dwivedi

    Namrata DwivediNamrata Dwivedi

    Front End Developer at CapgeminiFront End Developer at Capgemini

    View Profile
Gwendoline Akum