Summary
Overview
Work History
Education
Skills
Timeline
Generic

NNEKA OKEKE Sec+

DC Metro Area

Summary

Self-motivated cyber security Analyst/Assessor with over 7 years’ solid experience providing IT/Cyber Security support across multiple platforms. Strong technical skills and knowledge combined with the ability to clearly communicate security requirements. Passionate in implementing the Risk Management Framework (RMF), Assessing security controls, POA&M Management and Continuous Monitoring. Strong interpersonal skills and adept at working independently or with a team to ensure the confidentiality, integrity, and availability of information systems. I possess strong organizational skills, goal oriented, attention to details, independent thinker, self-starter, excellent interpersonal and communication skills (written and verbal), ability to work effectively in a large complex corporate environment, demonstrated the ability to work independently on projects and produce required results in a time-sensitive environment.

Overview

9
9
years of professional experience

Work History

Cyber Security Analyst

DTTech Consulting LLC, Agriculture
Washington DC
06.2017 - Current
  • Provide a working and holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by National Institute of Technology (NIST) Special Publication (SP) 800-53 (current revision), Recommended Security Controls for Federal Information Systems and NIST SP 800-53A Revision 1, Guide for Assessing the Security Controls in Federal Information Systems
  • Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) and make necessary updates whenever an application or system undergoes a major change
  • Review and update System Security Plan (SSP) with appropriate system and security control requirements and their implementation status
  • Select, baseline security controls from NIST SP 800-53 Rev 4 guide, apply scoping considerations, and customize selection, based on existing security risks in the IT operating environment
  • Develops solutions to security weaknesses in the Requirement Traceable Matrix (RTM) and SAR, while working on POA&M remediation and corrective action plan
  • Assist ISSOs to create solutions to weaknesses based on system functionality
  • Support remediation of high and critical findings by reassessing security controls and providing clarity on recommendations documented in Security Assessment Report (SAR)
  • Facilitate Kick-off assessment project and hold walkthrough meetings with key security POCs to discuss scope, security/ system boundary, and obtain artifacts
  • Request and review vulnerability scans and STIG checklist and ensure findings/ vulnerabilities are properly documented on POA&M or remediated immediately
  • Conduct and document continuous monitoring and scanning of the systems
  • Conduct, track, and document required security training
  • Develop, update, and maintain standard operating procedures (SOPs) and management directives to support the Information Technology Center (ITC), the Network Security Operations Center (NSOC)
  • Provide guidance and continuous monitoring support for Legacy Systems or FedRAMP for Cloud Systems
  • Work closely with OCIO Security ESAM team, system owners and Information System Security Officers (ISSOs) or other designated persons to ensure all IT Security requirements are met and systems are FISMA compliant
  • Ensure that all systems are regularly scanned and audited in accordance with applicable DoD policy and procedures and document as required
  • Assist with the implementation of the Risk Management Framework (RMF)
  • Ensure all security authorization documentation (ATO Package) is maintained and up to date in CSAM, (SSP, CP, CP Test, RA, etc.)
  • Provide POA&M Management support - reviewed existing POA&Ms to determine the status by coordinating with stakeholders; provide possible solutions for remediation, and review artifacts to determine if sufficient for remediation; track POAMs monthly for outstanding requirements and send to POC for review and status updates
  • Facilitate meetings as needed to review and provide guidance to agency
  • Work with agency to complete the system’s annual security assessment (ASA) requirements
  • Coordinate with IV&V team to support the timely implementation of the Security Certification & Accreditation (SC&A) activities required to obtain ATO certification for the managed system(s)
  • Work with ISSO in conducting System Impact Analysis (SIA) and Business Impact Analysis (BIA) ahead of every deployment from Stage to Production, also thereafter for every release
  • Develops core documents such as System Security Plan, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, Configuration Management Plan, etc
  • Performs evaluation of policies, procedures, security scan results, and system settings in order to address controls that were deemed insufficient during Certification and Accreditation (C&A), RMF, and continuous monitoring
  • Reviews documentation to include System Security Plan NIST 800-18 as a guide, Authorization to Operate (ATO), Security Assessment Report (SAR) using NIST800-30 as a guide, FIPPS 199 System Categorization using NIST 800-60 Vol1/Vol2 based on confidentiality, integrity and availability (CIA), policy and procedures, e-authentication, privacy threshold analysis (PTA), privacy impact analysis (PIA), contingency plan (CP) and interconnection security.

Cyber Security Assessor

DTTech Consulting LLC, Agriculture
Washington, DC
07.2015 - 06.2017
  • Work closely with the assessment team and all points of contact to assess & secure Authorization to Operate (ATO) for new Cloud Case Management Platform (CMP) – a PaaS in Appian GovCloud and re-assess integrated cloud application hosted on AWS IaaS
  • Conduct SaaS and PaaS assessments on Cloud systems using FedRAMP/NIST standards and provide authorization recommendations to Agency Authorizing officials
  • Support remediation of high and critical findings by reassessing security controls and providing clarity on recommendations documented in Security Assessment Report (SAR)
  • Reassess security controls on systems with Authorization to Operate (ATO) as part of Information System Continuous Monitoring (ISCM) Program for FISMA Compliance
  • Identified and Assess security controls for the information system
  • Identify, develop and incorporate common artifacts found in RMF authorization package using NIST 800-53A as a guide
  • Completed required A&A (assessment and Authorization) activities on assigned IT systems
  • Reviewed and validated vulnerability scan results at the operating system (OS) and application level and work with stakeholders to architect and implement mitigations
  • Ensure that all systems are regularly scanned and audited in accordance with applicable DoD policy and procedures and document as required
  • Conduct and document continuous monitoring and scanning of the systems.

Oracle support Database Administrator

J Crew Group
Merrimack, NH
06.2013 - 07.2015
  • Successfully installed and configured Oracle 11.1.0.7, Oracle 10.2.0.5 databases on AIX platforms
  • Administered and monitored over 70 databases both on 10g/11g on prod/test/dev environments
  • Administered Oracle Databases 10g/11g of sizes ranging from 100GB to 4TB
  • Migrated databases from File system to Automatic Storage Management (ASM)
  • Worked on Disaster Recovery by converting physical standby databases to SNAPSHOT standby database and opened in the read/write mode for
  • Testing purposes without interrupting the primary production database
  • Performed migration of the oracle databases whose database sizes vary from 300 to 500GB
  • Created new databases/instances on 12c/11g RAC and single instances using customized scripts, DBCA
  • Up-gradation of single instance databases from 10.2.0.4 to 11.2.0.3 on Linux
  • Responsible for using Flashback query mechanism along with automatic undo management
  • Automating Alerts, using SQL to set thresholds and triggers
  • Debugging SQL work with developers to fine tune sql and to enhance performance
  • Experienced in Creating Physical and logical database design Data Models using Erwin Tool
  • Installed 12C grid control and Used Oracle Enterprise Manager Grid control 11g/12c for monitoring databases
  • Performance monitoring and Database/Instance/ clustered Application tuning using Dictionary views, AWR (Stats pack), ADDM, ASM reports, OEM Grid Control, tuned SGA/PGA
  • Parameters, initialization parameters and reorganized physical objects (tables & indexes) and tablespaces to improve the performance
  • Redesigned table and index partitioning strategies, using HINTS to improve the query performance
  • Programming in shell to create shell scripts that automate the database backups and maintenance
  • Implemented Active Data Guard configuration with Fail over and Switch over cases for maximum availability and performance in test and production databases
  • Implementing Data pump, conventional export/import utility of Oracle 11g, 10g for re-organizing Databases/Schemas/Tables to improve the performance
  • Applied Bug fixes patches, Quarterly Security Patches for RAC and non-RAC servers for issues when upgrading, DR switchover testing
  • Creating roles, Managing PostgreSQL database access, working with PostgreSQL parameters, Audit logging for a PostgreSQL DB instance, working with the pgaudit extension, pg_repack extension, PostgreSQL autovacuum, Scheduling maintenance with the PostgreSQL pg_cron extension, Managing PostgreSQL partitions with the pg_partman extension

Education

DSW -

Social Work University of Calabar

ORACLE CERTIFIED ASSOCIATE (OCA 12C - undefined

Bachelor of Arts - English

University of Calabar

Skills

  • Technical Skills:
  • ATO Package Documentation:
  • SSP, SAP, SAR, CP, POA&M, BIA, RTM, PTA, PIA, Policies and Procedures
  • Risk Assessment tools: Nessus Scanner, Retina, Nmap, GRC, CSAM
  • NIST Special Publications: All NIST 800-Series and FedRAMP Standards
  • Projects Supported: Continuous Monitoring, A&A, Vulnerability Management, Categorization, Control Implementation, Control Selection, ATO development and update and Package Update
  • Systems: FISMA & FedRAMP

Timeline

Cyber Security Analyst

DTTech Consulting LLC, Agriculture
06.2017 - Current

Cyber Security Assessor

DTTech Consulting LLC, Agriculture
07.2015 - 06.2017

Oracle support Database Administrator

J Crew Group
06.2013 - 07.2015

DSW -

Social Work University of Calabar

ORACLE CERTIFIED ASSOCIATE (OCA 12C - undefined

Bachelor of Arts - English

University of Calabar

Similar Profiles

  • Jonathan Makka

    Jonathan MakkaJonathan Makka

    Senior Analyst, Nutrition at Sahel Consulting Nutrition and Agriculture LtdSenior Analyst, Nutrition at Sahel Consulting Nutrition and Agriculture Ltd

  • Sharath Chandra Kujala

    Sharath Chandra KujalaSharath Chandra Kujala

    Senior Business Analyst at IndraSur Consulting Services, Pvt. Ltd (Akytech Consulting LLC & ProGov Partners LLC)Senior Business Analyst at IndraSur Consulting Services, Pvt. Ltd (Akytech Consulting LLC & ProGov Partners LLC)

  • Van Danh Nguyen

    Van Danh NguyenVan Danh Nguyen

    Agriculture Veterinarian Manager at Truong Hai Agriculture LLCAgriculture Veterinarian Manager at Truong Hai Agriculture LLC

  • Joshua George

    Joshua GeorgeJoshua George

    Lead Incident Response Analyst at TikTok - USDSLead Incident Response Analyst at TikTok - USDS

  • Kristina Azeem

    Kristina AzeemKristina Azeem

    Senior Director for the Delivery System Transformation (DST) Practice Area at ALTARUM INSTITUTESenior Director for the Delivery System Transformation (DST) Practice Area at ALTARUM INSTITUTE

CREATE PROFILE
NNEKA OKEKE Sec+