Nicholas Asare
Dayton,OH
Summary
I am a seasoned Cybersecurity Specialist with 7 years of expertise in FISMA, FedRAMP, NIST, RMF, SDLC, and Contingency planning. My proficiency in NIST 800-53 Rev 4 and 5, coupled with extensive experience in Security Audit, RMF, COBIT, PCI DSS, HIPAA, SAS 70 SSAE 16/SOC, and SSAE18, positions me as a valuable asset. I excel in obtaining and maintaining system ATO, with a comprehensive understanding of ATO requirements.
In my IT professional role, I specialize in vulnerability management, security control implementation, assessment and authorization, POA&M management, continuous monitoring, and risk assessment. Knowledgeable in IT concepts and cloud computing models (PaaS, SaaS, IaaS), I align security plans with business goals. As an Information Security Specialist, I have a proven record in developing and testing security frameworks for cloud-based software, showcasing my strategic mindset and proficiency in robust network defense. Committed to staying current with evolving technologies, I am a forward-thinking professional dedicated to exceeding industry standards, offering a unique blend of technical acumen and strategic vision to fortify organizational cybersecurity postures effectively.
Overview
7
7
years of professional experience
3
3
Certification
Work History
Cybersecurity Analyst
ENCORE TECHNOLOGIES
05.2022 - Current
- Help Sustain and enhance the integrity and security posture of the system by performing the following tasks:
- Assess security controls for compliance
- Develop and update policies, procedures, and standards dictated by guidelines produced by the Government and program mandates
- Help build processes to ensure controls are periodically reviewed and necessary artifacts are updated routinely
- Gather system and security controls documentation and artifacts
- Keep CSAM current with all the necessary requirements
- Track and address applicable POA&Ms
- Provide suggestions and/or potential solutions for obtaining control compliance
- Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), & Privacy Impact Assessment (PIA)
- Performing ongoing continuous monitoring (ISCM) using NIST 800-137 as a guide
- Help systems to obtain and maintain ATO
- Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary.
Information System Security Officer
TECH FLOW CONSULTING
05.2018 - 05.2022
- Document observations for existing IT control processes and identified issues in assessment questionnaire during disaster recovery planning exercises
- Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary
- Perform vulnerability/risk assessment analyses to support A&A activities
- Develop solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and Corrective Action Plan (CAP)
- Perform assessments on FedRAMP based on customer responsibility documentation and controls provided by the Cloud provider to assess
- Maintains and manages Security Authorization and Assessment packages that include System Security Plans (SSP), Contingency Plans (CP), POA&Ms, SAR, and other relevant security documentations for the system
- Performs risk assessments, develops, and recommends mitigating controls, and remains abreast of advancements that address emerging business and environmental factors impacting assurance levels
- Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E)
- Work with IT Controls Manager to improve efficiency and effectiveness of IT audit testing procedures, processes, and attributes
- Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis - analyzing current threats to information security and systems
- Better understanding of NIST 800-53 security controls and documentation for assessment result
- Ensuring all supporting artifacts and results will be documented appropriately and timely manner
- Adhering to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing, and implementing security controls, testing, and validating security controls, and analyzing and tracking corrective action plans
- Performing ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide
- Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis - analyzing current threats to information security and systems
- Performed application controls testing related to data protection, logical access, programming, problem management, contingency planning and back-up, data transmission, input, and output and processing controls
- Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), & Privacy Impact Assessment (PIA)
- Execute day-to-day deliverables that support the ongoing compliance needs related to PCI, IT policy, compliance, and risk, as well as any new regulatory requirements.
Security Control Assessor
SKYTECH CONSULTING LLC
06.2015 - 05.2018
- Performs System Security Categorizations using FIPS 199 and the NIST 800-60 Vol.11 Rev1 guidelines and templates to select provisional impact level assigned to the Confidentiality, Integrity, and Availability (CIA) based on the information type
- Analyzes and updates System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment (PIA), System Security test and Evaluation (ST&E)
- Develops and track Plan of Actions and Milestones (POA&Ms) to ensure remediation closure
- Perform security risk assessment and analysis of resources, controls, vulnerabilities, asset decommissioning, and information security threats to the organization's objective
- Ensure that plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments
- Better understanding of NIST 800-53 security controls and documentation for assessment result
- Ensuring all supporting artifacts and results will be documented appropriately and timely manner
- Adhering to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing, and implementing security controls, testing, and validating security controls, and analyzing and tracking corrective action plans
- Performing ongoing continuous monitoring (ISCM) using NIST 800-137 Rev 1 as a guide
- Provide security control assessor (SCA) services, such as assisting with the Assessment and Authorization process, including A&A scanning, documentation, reporting and analysis - analyzing current threats to information security and systems
- Document observations for existing IT control processes and identified issues in assessment questionnaire during disaster recovery planning exercises
- Conducts assessment of the security and privacy controls implemented by an information system officer to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary
- Extensive experience in IT auditing with emphasis on commercial public companies and federal government departments using ITGC, Application Controls PCI DSS, COBIT, ISO 27001.
Education
Master of Science - Information Security & Assurance
PURDUE GLOBAL UNIVERSITY
Indianapolis, IN05.2021
Bachelor of Science - Statistics
UNIVERSITY OF CAPE COAST
07.2008
Skills
Attention to Detail - Developing
long-range plans for IT security
systems and verifying individual
components to anticipate errors and
minimize risks
Customer Service - Applying
knowledge of programs of customer
organizations, their infrastructures,
Commercial Off the Shelf (COTS)
products, and new and emerging
information technologies and industry
trends
Oral Communication - Communicating orally to deliver a
comprehensive program of technical
support services
Problem Solving - Planning and
carrying out complex systems
assignments, develop new methods,
approaches, and procedures, conduct
in-depth analyses and recommend
solutions of complex systems
hardware and software problems
Results-oriented,
Initiative and Creativity,
Fast Learner and Ability to adapt,
Critical Thinking, integrity,
multi-tasking, strong organizational
skills, Strong attention to detail,
Loyalty Building
Initiative and Creativity
- Multi-Factor Authentication
- Tenable Nessus
- Cybersecurity Policy Development
- Compliance with Security Requirements
- Continuity Monitoring
- Risk Mitigation
- Kali Linux
- Identifying Risks
- Information Auditing
- Threat Detection
- Documentation
- Scanning Tools
- Plan of Actions & Milestones (POA&M)
Certification
- CISM - Certified Information System Manager
- CompTIA Security +
- CISA - Certified Information Security Auditor
- Currently preparing for AWS Certified Cloud Practitioner Exams
Clearance
Currently do not have security clearance but have the ability to obtain one.
Work Authorization
All employers
Cyber Security Training
- NIST Guidelines Publications
- Certification and Accreditation (C&A)
- Assessment and Authorization (A&A)
- HIPAA & PRIVACY ACT training.
- PCI DSS
- ISO 27001
- IT Security Compliance
- Vulnerability Assessment
- Network Vulnerability Scanning
- Information Assurance
- System Risk Assessment
- System Development Life Cycle
- Nessus Vulnerability Scanner
- Splunk
- SharePoint
- Nexpose
- NIST SP 800-53
- SP 80053A
- SP 800-37
- NIST SP 800-171
- FIPS
- FISMA
- FedRAMP
- Risk Management Framework (RMF)
- FIPS-199
- PTA
- PIA
- SSP
- CP
- SAR
- POA&M
- ATO
- ISA
- MOU/A
- IDS
- IPS
- Archer
- Linux
- Microsoft Office
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Citizenship
United States
Quote
The real test is not whether you avoid this failure, because you won’t. It’s whether you let it harden or shame you into inaction, or whether you learn from it; whether you choose to persevere.
Barack Obama
Timeline
Cybersecurity Analyst
ENCORE TECHNOLOGIES
05.2022 - Current
Information System Security Officer
TECH FLOW CONSULTING
05.2018 - 05.2022
Security Control Assessor
SKYTECH CONSULTING LLC
06.2015 - 05.2018
Master of Science - Information Security & Assurance
PURDUE GLOBAL UNIVERSITY
Bachelor of Science - Statistics
UNIVERSITY OF CAPE COAST
Similar Profiles
Peyton KroegerPeyton Kroeger
~BREAK FIX TECHNICIAN~ at Encore Technologies~BREAK FIX TECHNICIAN~ at Encore Technologies
Tauriq DixonTauriq Dixon
Service Desk Analyst at Encore technologiesService Desk Analyst at Encore technologies
PHILIP ALTSHULERPHILIP ALTSHULER
Field Service Technician at Encore TechnologiesField Service Technician at Encore Technologies
Tony ScottTony Scott
Package Handler at FedExPackage Handler at FedEx
Marcquis BatemanMarcquis Bateman
X Ray Tech at Orthopedic Associates Of Southwest OhioX Ray Tech at Orthopedic Associates Of Southwest Ohio