Oretha Adofo

• Recommend additional security solutions, or enhancements to existing security solutions to improve overall enterprise security.
• Conduct cybersecurity risk assessments that include examination of the risk of connecting medical devices and support devices.
• Perform compliance check on medical devices using controls according to NIST 800-53 guidance.
• Implement the security controls and document how the controls are deployed within the information system and environment of operation.
• Assess the security controls using appropriate procedures to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
• Implemented company policies, technical procedures and standards for preserving the integrity and security of data, reports and access.
• Recommended network security standards to third party vendors.

Supported the Department of Veterans Affairs (VA) Office of Information Security (OIS) Specialized Device Cybersecurity Department (SDCD) team.

Responsibilities:

• Perform cybersecurity risk assessments in concert with Biomedical Engineers and vendor representatives on medical devices connecting to the Veterans Administration’s network.
• Plan, design, and create logical network topologies for medical devices on the Veteran Affairs network using Microsoft Visio.
• Perform in-depth risk analyses of security vulnerabilities that impact customer medical systems, including networked infrastructure devices, physical and virtual systems, ports, protocols, and transmission methods, as well as business critical applications, and databases.
• Evaluate and report risk factors using quantitative and qualitative scores to provide a VA authorizing official with awareness of the residual cyber risk prior to connecting these devices to the VA network.
• Acquire, review, and leverage system documentation and data gathered through questionnaires and interviews with vendor/manufacturer representatives to accurately document critical security posture elements in a common reporting format.

Supported Certification and Accreditation (C&A) and security engineering activities for Cardinal Health Enterprise.

Responsibilities:

• Processed and tracked RMF authorization packages from submission to authorization to operate (ATO) approval.
• Reviewed and updated accreditation packages i.e., security plans and Plans of Action and Milestones (POAMs) using Enterprise Mission Assurance Support Service (EMASS) tool.
• Assessed system security controls in compliance with applicable STIGs/SRGs, NIST 800-53, DoD security requirements.
• Conducted Test and Evaluation, parsed scan results using Splunk and produced Plan of Action and Milestones (POAMs).
• Collaborated with ISSOs to request assessment evidence lists, set up assessment interview meetings, review SSP documents, and review system boundaries.
• Prepared systems certification and Accreditation package, ensuring that management, operational, and technical security controls adhere to a formal and well-established security requirement authorized by NIST 800- 53v5.
• Performed vulnerability scanning with Nessus to detect potential risks on single or multiple assets across the enterprise network.
• Conducted compliance reporting using Splunk and for log management and analysis from various sources for monitoring and investigating security incidents and to report unusual activities** on network.