IBRAHIM KIMANI
OWINGS MILLS,MD
Summary
I am an experienced Information Assurance Analyst specializing in A&A and compliance under FISMA, FedRAMP, and NIST guidelines, ensuring security standards and operational continuity.
Overview
10
10
years of professional experience
Work History
Information System Security Officer
Orbryde Technologies Inc
Bowie, Maryland
12.2019 - Current
- Develop and maintain security Authorization packages based on the requirement in NIST 800-37 (past and current revisions) – SSP, SAR and POAMs
- Conduct internal assessment and complete SAR - guided by NIST 800-53A
- Serve as the security advisor for project teams on all matters involving the security of assigned information systems
- Develop and maintain Categorization docs, SSP, SAR and POAMs, Audit Plan, Configuration Management Plan, Contingency Plan, Business Continuity plans
- Maintain security documentation templates, Categorization, SSP, Audit Plan, Configuration Management Plan
- Analyzed security report for vulnerabilities
- Ensure all POAMS actions are completed and tested in a timely manner
- Select and recommend appropriate security controls based on NIST 800-53 to secure the systems
- Conduct Monitoring of the security controls to ensure they are working as intended and producing the desired results
- Familiar with NIST 800 Series (18, 37, 53, 115, 137 and FIPS standards 199 & 200
- Support the assessment of the security risks of IT services
- Analyze the security process of the systems development lifecycle (SDLC)
- Select and integrate appropriate security controls into SDLC processes to ensure project teams meet requirements for developing secure applications
- Conduct training and mentoring to junior colleagues
- Establish schedules and deadlines for assessment activities
- Maintain information security policies, standards, and guidelines.
Information Security Analyst-Junior
Orbryde Technologies Inc
Bowie, Maryland
05.2016 - 12.2019
- Provided security expertise and guidance in support of security assessments
- Supported A&A (C&A) activities according to the A&A project plan
- Facilitated Security Control Assessment (SCA) and Continuous Monitoring Activities
- Updated and reviewed A&A Packages to include Core Docs, Policy & Procedures, Operations and Maintenance Artifacts, SSP, SAR, FIPS 200, FIPS 199, POA&M, CPTPR, BIA, PTA, PIA, and more
- Updated, reviewed, and aligned SSP to the requirements in NIST 800-53, rev4
- Mitigated the impact of searches running upon aged datasets by developing scheduled reports outputting the results to summary indexes
- Author recommendations associated with findings on how to improve the customer’s security posture in accordance with NIST controls
- Review SAR post assessment: created and completed POAM’s milestones to remediate findings and vulnerabilities
- Supported change management process by informing business owners about their risk posture so that they could make risk-based decisions before deploying systems or changes to production
- Collaborated with Linux Administrator to perform day-to-day troubleshooting of issues with various servers on different platforms
- Monitor controls post authorization to ensure continuous compliance with the security requirements
- Assisted in preparing documentation of supported products for users
- Assisted in preparing user training materials and conducted training sessions as assigned.
Help Desk Support Technician
Orbryde Technologies Inc
Bowie, Maryland
05.2014 - 05.2016
- Analyzed issues to identify troubleshooting methods needed for quick remediation
- Monitored systems in operation and quickly troubleshot errors
- Assisted with updating technical support best practices for use by team
- Suggested software and hardware modifications to reduce lag time and improve overall speed
- Provided basic end-user troubleshooting and desktop support
- Documented support interactions for future reference
- Patched software and installed new versions to eliminate security problems and protect data.
Education
Certified Authorization Professional CAP (CGRC) -
CompTIA Security + CE -
Dandora High school -
Nairobi Kenya
Skills
- Tenable Nessus Scans
- NIST 800-137 rev 1&2
- FIPS 199 & 200
- Assessment and Accreditation
- Risk mitigation
- Incident Response
- Disaster Recovery Planning
- Protecting networks
- Risk Assessment
- Firewall configuration
- Vulnerability Management
- Cryptography
- Network Security
- Intrusion Detection
- Penetration Testing
- Data Security
Affiliations
Play soccer and tennis balls.
Timeline
Information System Security Officer
Orbryde Technologies Inc
12.2019 - Current
Information Security Analyst-Junior
Orbryde Technologies Inc
05.2016 - 12.2019
Help Desk Support Technician
Orbryde Technologies Inc
05.2014 - 05.2016
Certified Authorization Professional CAP (CGRC) -
CompTIA Security + CE -
Dandora High school -
Nairobi Kenya
Similar Profiles
Chong Soo KenChong Soo Ken
Cloud Finance Speciallist (Cloud BG CFO) at Sparkoo Technologies (Malaysia) Sdn. Bhd (Cloud Subsidiary for Huawei Technologies (Malaysia) Sdn Bhd)Cloud Finance Speciallist (Cloud BG CFO) at Sparkoo Technologies (Malaysia) Sdn. Bhd (Cloud Subsidiary for Huawei Technologies (Malaysia) Sdn Bhd)
SRIRAM RSRIRAM R
Software Quality Analyst at GAVS Technologies (formerly Neurealm Technologies Pvt Ltd)Software Quality Analyst at GAVS Technologies (formerly Neurealm Technologies Pvt Ltd)
Venkata Nagaraju InakolluVenkata Nagaraju Inakollu
Technical Lead(System Design) at Relysys Technologies Pvt Ltd (now Invendis Technologies pvt ltd)Technical Lead(System Design) at Relysys Technologies Pvt Ltd (now Invendis Technologies pvt ltd)
Dennard AbrahamDennard Abraham
Security Officer at Clifton T. Perkins Hospital CenterSecurity Officer at Clifton T. Perkins Hospital Center
LAMONT WALKERLAMONT WALKER
Senior Client Processor at T. Rowe PriceSenior Client Processor at T. Rowe Price