OSMAN KAMARA
CHANTILLY,VA
Summary
Experienced Information System Security Officer (ISSO) with a Master's degree in Computer Engineering and Cybersecurity supported by over six years of experience providing robust information security. Holds various certifications, including CISM, PenTest+, CASP, CYSA+, Security+, Network+, and AWS, demonstrating a commitment to staying current in the field. Maintains an Active TS/SCI Security Clearance, validating adherence to the highest security standards. Expert information systems security professional equipped to enhance the security posture and protect critical assets. Proven ability to identify vulnerabilities, implement robust security measures, and ensure compliance with industry standards. Strong focus on team collaboration, adaptable to changing needs, and known for delivering results. Expertise in risk assessment, incident response, and security policy development.
Overview
11
11
years of professional experience
9
9
Certification
Work History
Information System Security Officer
ManTech
01.2020 - Current
- Perform Information Security Risk Assessments and security implementation auditing
- Draft and review various documents, such as the Federal Information Processing Standard (FIPS 199), System Security and Privacy Plan (SSP), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), Plan of Action & Milestones (POA&MS), and Business Impact Analysis (BIA), to document and maintain Authority to Operate (ATO) packages for client systems
- Work closely with the operations and engineering teams to ensure that systems are developed and maintained according to the Federal Information Security Modernization Act (FISMA), the National Institute of Standards and Technology (NIST), and agency-specific security requirements and policies
- Conduct Assessment and Authorization (A&A) activities using the NIST Risk Management Framework, NIST SP 800-37, and work closely with third-party assessors to obtain and maintain a system's ATO
- Perform control testing using NIST 800-53A and work closely with system administrators and engineers to remediate control implementation weaknesses
- Conduct vulnerability scans using Tenable Nessus and HP Web inspect, analyze scans for high-risk areas, and work with appropriate operations and engineering teams for mitigation
- Complete quarterly Security Technical Implementation Guide (STIG) using both the SCAP Compliance Checker and the STIG Viewer
- Create, monitor, and coordinate remediation efforts to close the Plan of Action & Milestones (POA&MS) for information system risks
- Responsible for maintaining systems' ATOs and conducting continuous monitoring (ConMon) of security controls, ATO packages, and A&A documents
- Coordinate and participate in Incident Response activities responding to security events and conduct contingency planning and testing with the various Points of Contact (PoC)
- Draft A&A documents and request the Cloud Service Provider's (CSP) System Security Plan, System Assessment Report, and Customer Responsibility Metrix from the Federal Risk and Authorization Management Program (FedRAMP) to obtain ATO for cloud systems
- Appointed as a member of the Change Control Board (CCB) to Conduct the Change Management requirement, collect data about a change from ServiceNow, conduct a System Impact Analysis (SIA), present findings to the Change Authorization Board (CAB) for review, and continuously monitor any change within the systems' environment
- Responsible for managing the assigned information systems' Splunk (SIEM) and ingested audit logs during weekly ConMon
Security Control Assessor (SCA)
ASRC Federal Holding
04.2017 - 01.2020
- Developed Kick Off (KO) meetings, drafted the Security Assessment Plan (SAP), and independently executed security assessments
- Assessed, implemented, and documented security requirements for information systems and utilized NIST Publications for compliance validation for information system categorization and security requirement selection
- Developed a Security Assessment Test plan for assessing the information system
- Reviewed system security documents- System Security and Privacy Plan (SSP), Contingency Plan (CP), Risk Assessment Report (RAR), and E-Authentication for compliance
- Conducted a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by complex and diverse information systems to determine the overall effectiveness of the control implementation
- Functioned as an independent and unbiased advocate who provided evidence to validate the system's trustworthiness for the designated Authorizing Official (AO) and influenced ATO approval
- Briefed management, as needed, on the status of action items and results of activities
- Performed annual security control assessment of information system to ensure compliance with the Federal Information Security Modernization Act (FISMA)
- Interviewed System Owners, System Administrators, and Information System Security officers of the information system to determine the actual state of the security controls and for artifacts gathering
- Assessed Cloud systems, such as Azure and Amazon Web Services (AWS)
- Drafted the Security Assessment Plan (SAP) and requested the Cloud Service Provider's Assessment and Authorization (A&A) documents, including their Customer Responsibility Metrix (CRM), SAP, and Security Assessment Report (SAR), from the Federal Risk and Authorization Management Program (FedRAMP)
- Drafted the Security Requirements Traceability Metrix (SRTM) and recorded passed and failed controls
- Developed a Security Assessment Report (SAR) to document findings and recommended remediation measures
Signal System Support Specialist
The U.S. Army
08.2014 - 03.2017
- Installed, operated, and maintained communications systems for the Army, including satellite and radio, and increased Service availability by 35%
- Utilized U.S
- Army Signal Support systems to maintain, troubleshoot, and optimize network security, including firewalls, routers, switches, and intrusion detection systems
- Developed and implemented security policies and best practices to protect networks from malicious attacks and unauthorized access
- Conducted vulnerability assessments and penetration tests to identify security risks and develop remediation plans
Education
Master of Science - Computer Engineering
Syracuse University
Syracuse, NY03.2026
Master of Science - Cyber Security and Information Assurance
Western Governor University
Salt Lake, Utah01.2023
Bachelor of Arts - Healthcare Administration
University of Arizona Global Campus
Chandler, Arizona01.2017
Skills
- Information Security Specialist
- STIG/SCAP
- NIST SP 800-Series
- Good Communication
- Customer Service
- Risk Management Framework
- Cybersecurity Framework
- PCI DSS security
- FISMA
- ISO 27001
- GRC Tools
- EMASS
- XACTA
- ServiceNow
- CSAM
- Vulnerability Scanning
- Tenable Nessus
- HP Web Inspect
- McAfee
- Cloud Computing
- Firewall
- IDS
- IPS
- Team-player
- Time Management
- Security Control Assessment
- Attention to Details
- Splunk
- Azure Intune
- Sentinel
- SOAR
- ManageEngine Event Log Analyzer
- Wazuh
- Prowler
- Nikto
- Burp Suite
- Nmap
- Wireshark
- Antivirus software
Certification
- CompTIA Security+
- CompTIA Network+
- Microsoft Azure 900
- Microsoft Security, Compliance, and Identity
- Certified Information Security Manager (CISM)
- PenTest+
- CYSA
- CASP+
- System Security Certified Professional
- CompTIA IT Operation Specialist
- CompTIA Secure Infrastructure Specialist
Personal Information
Title: INFORMATION SYSTEM SECURITY OFFICER
Timeline
Information System Security Officer
ManTech
01.2020 - Current
Security Control Assessor (SCA)
ASRC Federal Holding
04.2017 - 01.2020
Signal System Support Specialist
The U.S. Army
08.2014 - 03.2017
Master of Science - Computer Engineering
Syracuse University
Master of Science - Cyber Security and Information Assurance
Western Governor University
Bachelor of Arts - Healthcare Administration
University of Arizona Global Campus
Similar Profiles
Joshua ReddellJoshua Reddell
Senior Executive Director, Practice Integration Lead at ManTechSenior Executive Director, Practice Integration Lead at ManTech
Kevin GladdenKevin Gladden
Agency Engineer at MantechAgency Engineer at Mantech
Joseph LewisJoseph Lewis
Network/System Administrator at ManTechNetwork/System Administrator at ManTech