Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Kevin Asubonteng

New York,NY

Summary

Cybersecurity professional with experience in the Risk Management Framework (RMF). My primary focus is on identifying, managing, and protecting an information system. Excelled in vulnerability management, implementing information assurance controls, conducting compliance verifications, performing risk and vulnerability assessments, and following security best practices such as NIST, HIPPA, and other industry standards.

Overview

3
3
years of professional experience
1
1
Certification

Work History

Information Security Analyst

Infosys Remote
- 12.2023
  • Maintained and improved compliance with security, regulatory compliances and information security policies
  • Attended kickoff meetings with clients and other assessors to gain an understanding of the system and prepared for the assessment
  • Reviewed policies, standards, and procedures to ensure adherence to NIST standards and provided recommendations for accuracy
  • Provided security consulting services in identifying, assessing, managing, and tracking remediation of risks related to IT infrastructure, applications, platforms, and suppliers
  • Updated documents such as SSP (System Security Plan) and SAR (Security Assessment Report) to ensure accuracy
  • Conducted security audits to identify gaps and weakness in the existing security architecture and recommended solutions to improve them
  • Assessed security controls by testing, interviewing and examining artifacts based on NIST 800-53A requirements to determine if the controls were implemented correctly and working as intended
  • Created security reports outlining findings from risk assessments and recommended solutions for reducing and eliminating identified risks
  • Organized meetings with stakeholders to present assessment findings and provided recommendations
  • Developed, documented and reviewed Security Assessment Plans, Plan of Action and Milestones (POA&M) and (SAR) Security Assessment Reports
  • Identified issues, analyzed information and provided solutions to remediate identified risks during the assessment
  • Executed automated scanning tools such as Tenable Nessus and Qualys to detect suspicious activities and vulnerabilities within the networks or applications and provided vulnerability report
  • Provided POAM support and ensured mitigations were completed on time
  • Monitored security controls continuously to ensure the ongoing functionality throughout the lifecycle of the information system.

GRC Analyst

US Tech Solutions Remote
06.2019 - 08.2022
  • Performed security assessment based upon the Risk Management Framework (RMF)
  • Conducted regular security risk assessments and determine appropriate mitigation strategies based on NIST 800-53 standards
  • Performed risk assessments, identified potential vulnerabilities, and developing strategies to mitigate risks
  • Drafted security assessment reports and documented all failed controls along with recommended remediation steps
  • Assisted the Information Assurance (IA) team in conducting risk assessments, documenting Security Control Assessment, and performing vulnerability testing and scanning
  • Participated in cross-functional teams focused on identifying emerging risks within the security environment
  • Identified, selected, and implemented applicable security controls for systems and applications
  • Provided technical recommendations for mitigating identified security vulnerabilities with cost-effective solutions
  • Prepared and reviewed ATO (Authorize to operate) packages (SSP, POA&M, SAP, SAR.) for continuous operation
  • Performed vulnerability assessments on various networks and systems to identify security weaknesses and misconfigurations
  • Analyzed results of vulnerability scans to determine severity levels of issues discovered.

Systems Admin

NFC Management, New York
New York
- 05.2019
  • Installed security and functionality patches to maintain protections against intrusion and system reliability
  • Provisioned new software and hardware for use, following established security policies
  • Managed onboarding and offboarding of employees
  • Diagnosed and resolved hardware and software issues
  • Installed and configured network printers and other peripheral devices
  • Monitored system performance to ensure everything runs smoothly and securely
  • Provisioned new software and hardware while adhering to established security policies
  • Diagnosed and resolved hardware and software issues, ensuring uninterrupted system functionality.

Education

Associate in Science (A.S.) in Computer Information Systems -

Kingsborough College
01.2006

Bachelor of Science (B.S.) in Information System -

CUNY - Brooklyn College
01.2001

Skills

  • Risk Management Framework
  • Ethical Hacking (Beginner)
  • Regulatory Compliance
  • Vulnerability Management
  • Documentation and Reporting
  • Tenable Nessus
  • NIST 800-53A
  • Risk Mitigation
  • Security Policy
  • Qualys
  • Security Control Assessment
  • Microsoft Suite
  • Security Audit
  • Plan of Actions & Milestones (POA&M)
  • Security Evaluation
  • Managing Security Breaches
  • Qualys Cloud Platform
  • Firewall Security

Certification

  • Security + in progress
  • CompTIA A+
  • Google IT Support Professional Certificate

Timeline

GRC Analyst

US Tech Solutions Remote
06.2019 - 08.2022

Information Security Analyst

Infosys Remote
- 12.2023

Systems Admin

NFC Management, New York
- 05.2019

Associate in Science (A.S.) in Computer Information Systems -

Kingsborough College

Bachelor of Science (B.S.) in Information System -

CUNY - Brooklyn College
Kevin Asubonteng