John Fuachie
Summary
Security Assessment & Authorization professional skilled in assembling security authorization package using National Institutes of Standards and Technology (NIST) Proficient in the preparation and updating of System Security Plan (SSP), Security Assessment Plan (SAP), Plan of Action & Milestone (POA&M) A reliable, highly motivated, good listener and attentive to details with ability to work under pressure without compromise to quality of results. Great team player with awesome leadership, problem solving and time management skills. Knowledge in FISMA, NIST 800 Series, RMF, Nessus,Assessment and Authorization Packages.
Overview
11
11
years of professional experience
Work History
Information System Security Officer (ISSO)
General Dynamics
03.2020 - 03.2023
- Ensure security policies, procedures; recommendations comply with FISMA, NIST, Organizational guidelines and technical best practices.
- Implement Risk Management Framework (RMF) in accordance with NIST SP 800-37.
- Participates in development and maintenance of system security plans and contingency plans for all systems under their responsibility.
- Develop a variety of Assessment & Authorization deliverables including; System Security Plan (SSP), Security Assessment Report (SAR), Contingency Plan (CP) and POA&M for review and approval for Authorization Official
- Monitor and conduct Security Control Assessment to ensure all controls meet security requirements
- Maintain inventory of all information Security System assigned.
- Verify file integrity, encryption of communication
- Effectively communicate Technical Information to non technical personnel
- Identify active network devices, ports and communication paths.
- Coordinate with ISSO across organization to ensure timely compliance
- Develop Plan of Action and Milestones (POA&M) for identified vulnerabilities and ensure compliance through monthly updates.
Information Security Analyst
Nes Associates
07.2016 - 01.2020
- Perform comprehensive Security Assessments as part of Assessment and Authorization process to determine if controls are being implemented correctly, operating as intended and meeting desired objectives.
- Review A&A Packages to ensure they remain current and security operations are in compliance with NIST 800-53 standards, FISMA and organization’s policies and procedures.
- Assist in developing, defining and maintaining information security policies, standards and procedures relating to Management, Operational and Technical controls.
- Provide assessment reports on severity of findings/weaknesses and recommend corrective actions for mitigating vulnerabilities and exploits to information and information system.
- Review PAO&M in order to validate items uploaded in POA&M tracking tools support closed findings and coordinate promptly with stakeholders to ensure timely remediation of security weaknesses.
- Conduct assessment kickoff meetings, provide expert analysis and advice on systems and programs related to IT security problems and provide recommendations.
- Provide routine support of IT security programs to ensure that security objectives of Confidentiality, Integrity and Availability are in compliance.
- Perform Assessment and Authorization on General Support Systems (GSS) and Major Applications to ensure environments are operating within strong security posture.
Security Control Assessor
Nes Associates
04.2012 - 06.2016
- Performed internal assessments on systems in order to identify potential security control weaknesses and recommended corrective actions for remediation of security challenges.
- Conducted assessment kickoff meetings, provided expert analysis and advised on systems and programs related to IT security problems.
- Conducted comprehensive Security control assessments as part of Assessment and Authorization process to determine overall effectiveness of controls being implemented using NIST 800-53A as guide.
- Reviewed the A&A Packages to ensure they remained current and security operations and recommendations were in compliance with NIST 800-53 standards, FISMA and organization’s policies and procedures.
- Reviewed security documents updated by ISSO and ensured that items updated in the POA&M tracking tools supported the closed findings.
- Conducted internal risk assessments, identify gaps, and communicate with stakeholders at management, and technical levels and recommended appropriate security controls to mitigate threats, risks and vulnerabilities within the system.
- Assisted in the creation and maintenance for the Security Assessment and Authorization ( A&A) documents used to support Federal Government projects in accordance with government requirements; SAP, SAR, RTM for an effective completion of the Security controls assessments.
- Performed vulnerability scans using Tenable Nessus and provided recommendations for mitigating vulnerabilities and exploits to the information and information systems.
- Conducted the A&A process using the NIST 800-37 Risk Management Framework (RMF).
Education
Bachelor of Science - Computer Science
University of Ghana Legon
Accra,GH05.2016
Skills
- National Institutes of Standards and Technology (NIST) Special Publications 800-53 Rev-4, 800-53A, 800-60, 800-30, 800-37
- Proficient in preparation and updating of System Security Plan (SSP)
- Security Assessment Plan (SAP), Plan of Action & Milestone (POA&M) and Security Assessment Report (SAR)
- Organized and efficient, with excellent communication skills Proficient in Microsoft Word, PowerPoint, Outlook, Excel and Microsoft Publisher
Accomplishments
- CompTIA Security Plus.
- CCNA
- Certified Information Systems Auditor (CISA) ongoing
Timeline
Information System Security Officer (ISSO)
General Dynamics
03.2020 - 03.2023
Information Security Analyst
Nes Associates
07.2016 - 01.2020
Security Control Assessor
Nes Associates
04.2012 - 06.2016
Bachelor of Science - Computer Science
University of Ghana Legon