Summary
Overview
Work History
Education
Skills
Certification
Affiliations
Citizenship
RELEVANT EXPERIENCE
Timeline
Generic

Nkafu Amingwa

Summary

Cybersecurity leader with a strong background in risk management and compliance auditing. Demonstrated expertise in enhancing security postures through effective policy development and team leadership. Proficient in vulnerability analysis and security control assessments, with in-depth knowledge of federal regulations including FISMA and NIST RMF. Recognized for implementing impactful security solutions that improve organizational security across various environments.

Overview

13
13
years of professional experience
1
1
Certification

Work History

Lead, Security Control Assessor

Iron Vine Security Solutions/ECS Federal
Rockville
06.2022 - Current
  • Managed a team of security control assessors for US Bureau of Census.
  • Participated in risk assessment meetings with senior management teams.
  • Performed security control assessments of information systems and networks to ensure compliance with relevant security policies, standards, and procedures.
  • Collaborated with IT teams to enhance cybersecurity measures and protocols.
  • Reviewed and updated information security policies, standards, and procedures per federal regulations.
  • Provided comprehensive input for Risk Management Framework documentation and system life-cycle support plans.
  • Ensured remediation plans were established for vulnerabilities identified during assessments and audits.
  • Supported compliance activities by enforcing adherence to system security configuration guidelines.

Cyber Security Analyst

M9 Solutions
Washington, DC
06.2021 - 03.2022
  • Provide consulting to Agencies on Requests for Service for the design, development, and deployment of Ongoing Assessment, Ongoing Authorization, and other Information Assurance (IA) initiatives
  • Develop an Authority to Operate (ATO) documentation including System Security Plans (SSPs), Privacy Impact Statements (PIAs), Contingency Plans, Business Impact Assessments (BIAs), and Plans of Actions and Milestones (POA&Ms)
  • Provide continuous monitoring to enforce client security policy and procedures and create processes that provide increased visibility to system owners on impacts to the security posture of systems
  • Conduct security assessments to include testing of wireless, cloud, and web-based applications and environments
  • Ensure system security measures comply with applicable government policies
  • Monitor configuration management changes and assess the impact of modifications and vulnerabilities for each system
  • Ensure that system security requirements are addressed throughout the project and system lifecycle
  • Ensure effective controls and processes are in place and working effectively to maintain a strong security system.
  • Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities
  • Develop, maintain, and facilitate the appropriate closure of POA&Ms and facilitate with the Agency-designated security Point of Contact (PoC)/ISSO any related remediation activities
  • Review, analyze, and update DHS CDM, cybersecurity and privacy policies and procedures in accordance with applicable federal laws, regulations, and standards that consider unique business objectives
  • Provide guidance and support in policy development, review, preparation of final reports, and additional program elements requiring policy expertise

Cyber Security Governance Analyst

ManTech International
Reston VA
03.2020 - 01.2021
  • Provide consulting to agencies on requests for service for the design, development, and deployment of ongoing assessment, ongoing authorization, and other information assurance (IA) initiatives.
  • Develop an Authority to Operate (ATO) documentation, including System Security Plans (SSPs), Privacy Impact Statements (PIAs), Contingency Plans, Business Impact Assessments (BIAs), and Plans of Actions and Milestones (POA&Ms).
  • Provide continuous monitoring to enforce client security policy and procedures, and create processes that provide increased visibility to system owners on impacts to the security posture of systems.
  • Conduct security assessments to include testing of wireless, cloud, and web-based applications and environments.
  • Ensure system security measures comply with applicable government policies.
  • Monitor configuration management changes and assess the impact of modifications and vulnerabilities for each system.
  • Ensure that system security requirements are addressed throughout the project and system lifecycle.
  • Ensure effective controls and processes are in place, and working effectively, to maintain a strong security system.
  • Perform vulnerability and risk assessment analyses to support Assessment and Authorization (A&A) activities.
  • Develop, maintain, and facilitate the appropriate closure of POA&Ms, and facilitate with the Agency-designated security Point of Contact (PoC)/ISSO any related remediation activities.
  • Review, analyze, and update DHS CDM, cybersecurity, and privacy policies and procedures in accordance with applicable federal laws, regulations, and standards that consider unique business objectives.
  • Provide guidance and support in policy development, review, preparation of final reports, and additional program elements requiring policy expertise.
  • Analyzed data trends to support decision-making processes for clients.
  • Collaborated with cross-functional teams to enhance project outcomes and efficiencies.

OTA Cyber Security Analyst Engineer

Garud Technology Services
Ellicott City
08.2019 - 02.2020
  • Worked closely and in collaboration with FEMA, DHS, and DOD, with extensive knowledge of cybersecurity compliance, resilience T&E requirements, processes, and the use of approved tools and industry best practices.
  • Led the testing and evaluation of system cyber resilience for Major Automated Information Systems (MAIS) upgrades that support business flow, resource planning, and data reporting. Work included developing Security Plans, Security Assessment Plans, Cybersecurity Strategies, Program Protection Plans, Security Assessment Reports, and RMF Plan of Action and Milestones.
  • Leveraged expertise in cybersecurity to plan and prioritize tasks, coordinate government participation in operational test events, oversee testing, and analyze test results.
  • Prepared reports of test results, including summaries of demonstration events, final test reports, and recommendations to improve system cybersecurity and cyber resilience posture.
  • Developed a strategy and budgeted resources for cyber resilience testing with a representative threat and operating environment.
  • Developed test plans for cyber resilience testing in IT&E, and OT&E. This includes evaluating capability, resiliency, and the ability to sustain operations in a cyber-contested environment.
  • Participated in risk assessment exercises designed to identify areas of vulnerability within the organization's IT infrastructure.

Information Security Architect

AMS Staffing/DOT
Washington, DC
01.2019 - 07.2019
  • Led a diverse team in a fast paced, matrixed environment to develop and manage the network security architecture aligning to key management principles, practices and corporate and federal compliances.
  • Collaborated with stakeholders, program managers and cyber operations teams to ensure overall IT security compliance for 29 systems and multiple operating administrations with geographically dispersed support and security needs including identifying changes, report change in the risk posture, SA&A, risk analysis and mitigation.
  • Implemented perimeter and data security for cloud computing service models using the FedRAMP process.
  • Ensured external connections to and from DOT information systems and networks have approval from Trusted Internet Connection Access Provider (TICAP) or Managed TIC Provider Service (MTIPS) as well as appropriate compliances using NIST RMF, NIST SP 800-53, 800-60, 800-171, NISTIR 8170.

Information Assurance Analyst

CNSI
Rockville
04.2018 - 01.2019
  • Directed cross functional teams of 150+ people and budget of $200M balancing business needs with security concerns and expressing issues to leadership.
  • Advised system development teams and stakeholders on enhanced system information security, reliability and project decisions throughout the System Engineering Lifecycle process.
  • Reviewed corporate security policies and provided recommendations to ensure compliance with industry’s best practices including NIST, FISMA, RMF and organizational guidelines; verifying user compliance against the latest security mandates.
  • Maintained Plan of Action & Milestone (POA&M) reports, tracked security vulnerabilities and risk assessment recommendations based on findings assessed and remediated through monthly updates. Used Cyber Security Assessment and Management (CSAM) to record, manage and assess common threats and vulnerabilities and JIRA to create and track issues and tasks.
  • Developed, captured and reviewed security metrics in the governance risk and compliance tool according to the best practices per the Information Systems Security Officer (ISSO) Guide, V10.
  • Performed perimeter and data security using FedRAMP process during the migration to AWS.
  • Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy

Information Assurance Analyst

IPS LLC
Washington, DC
02.2012 - 03.2018
  • Supported ISSO tasks for IT systems in accordance with NIST SP 800-37 requirements. Performed information assurance certification, accreditation analysis, security assessments and made recommendations to bring their systems into compliance.
  • Maintained security posture status via FISMA Scorecard, where the information can be reviewed by Approval Authorities and other external IA organizations when necessary.
  • Supported POA&M tracking, Vulnerability Management, Ongoing Authorization, Service Level Agreement compliance.
  • Implemented perimeter and data security using FedRAMP process including security approvals and certifications when migrating systems to AWS during tenure at HUD.
  • Analyzed organizational cyber policy

Information Assurance Analyst

US Dept of Labor
Washington, DC
02.2012 - 03.2015
  • Collaborated with cross functional teams of 75+ people, aligned to the best practices driven in the ISSO Guide, V10, when developing, updating, or reviewing required security artifacts in the governance risk and compliance tool.
  • Ensured proper access controls are implemented for both system access and physical access to data processing facilities.
  • Created, updated and assessed compliance of system ATO packages.
  • Performed vulnerability scanning on web applications and databases, identified security threats, vulnerabilities and recommended ways to minimize threats. Performed data gathering techniques for assembling C&A/A&A packages.

Education

Master of Science - Cyber Security

University of Maryland Global Campus
Hyattsville, MD
01-2027

Graduate Certificate - Project Management

Georgetown School of Continuing Education
Washington DC
05-2011

MS - Conflict Resolution

George Mason University
Fairfax, VA
06-2009

BA - International Studies

Austin College
Sherman, TX
05-1995

Skills

  • Cyber Security
  • Cybersecurity analysis
  • Risk management
  • Policy development
  • Security assessment
  • Project management
  • Compliance monitoring
  • Team leadership
  • Critical thinking
  • Effective communication
  • Vulnerability analysis
  • Cloud security
  • Compliance auditing
  • Identity management
  • Application security assessment
  • Social engineering awareness
  • Incident response management
  • Two-factor authentication
  • System security planning
  • Security control evaluation
  • Access control management
  • Vulnerability assessment
  • Identity and Access management
  • Health
  • Government IT

Certification

Risk Management Framework (RMF); FISMA; NIST Publications including NIST SP 800-37, 800-53, and 800-70; FIPS 199/200; Information Systems Security Officer (ISSO) Guide, V10; HIPPA, FedRAmp, Cyber Security Framework (CSF)

Affiliations

National Association for African Catholics - Advocate, People with Disabilities (2009-Present); Archdiocese of Washington - Advocate, People with Disabilities (2009-Present); Archdiocese of Washington - Member, Global Solidarity Committee/Justice and Peace (2011-Present)

Citizenship

U.S. Citizenship

RELEVANT EXPERIENCE

  • Assistant to Wage & Hour Administrator, US Dept of Labor, Washington, DC 02/2010-01/2012
  • Assistant to Director & Deputy Director, US Dept of Health and Human Services, Washington, DC 01/2006-12/2008
  • Language Specialist, US Department of Homeland Security, Washington, DC 04/2004-1/2006
  • Staff Researcher, CSIS, Washington, DC 01/2000-12/2005
  • Staff Researcher, Foreign Affairs Subcommittee, US House of Representatives, Washington, DC 01/1997-12/1999
  • Staff Assistant, US House of Representatives, Washington, DC 06/1995-12/1996

Timeline

Lead, Security Control Assessor

Iron Vine Security Solutions/ECS Federal
06.2022 - Current

Cyber Security Analyst

M9 Solutions
06.2021 - 03.2022

Cyber Security Governance Analyst

ManTech International
03.2020 - 01.2021

OTA Cyber Security Analyst Engineer

Garud Technology Services
08.2019 - 02.2020

Information Security Architect

AMS Staffing/DOT
01.2019 - 07.2019

Information Assurance Analyst

CNSI
04.2018 - 01.2019

Information Assurance Analyst

IPS LLC
02.2012 - 03.2018

Information Assurance Analyst

US Dept of Labor
02.2012 - 03.2015

Master of Science - Cyber Security

University of Maryland Global Campus

Graduate Certificate - Project Management

Georgetown School of Continuing Education

MS - Conflict Resolution

George Mason University

BA - International Studies

Austin College

Similar Profiles

CREATE PROFILE
Nkafu Amingwa