Summary
Overview
Work History
Education
Skills
Certification
Additional Information
References
Timeline
Generic

SAFO DONKOR

Alexandria,VA

Summary

Extensive knowledge with a variety of security tools, techniques, and best practices with more emphasis on FISMA compliance and NIST Publications. Obtain 5 years of technical experience in Risk Management Framework (RMF) and Vulnerabilities Management using FISMA and applicable NIST Standards. Perform Risk Assessment and Compliance reviews to ensure Integrity, Confidentiality, and Availability of system resources. Organized, Solutions-focused, deadline-focused, team oriented, work well independently, or in a team. Specialized in providing guidance in support of security assessments and continuous monitoring for Federal Government projects.

Perform Security Assessment and Authorization (SA&A) documentations Develop, review, and evaluate System Security Plan Develop and conduct SCA (Security Control Assessment) according to NIST SP 800-53A Extensive knowledge of NIST publication; FIPS 199, SP 800-60, SP 800-53rev4, SP -800-137 Develop and update POA&Ms MS Excel, Power Point, Visio, SharePoint, Windows Provide Information Assurance and Cybersecurity support for key Government projects.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Information Systems Security Officer (ISSO)/Implementation Specialist

Apex Systems / Maryland Department of IT (MDDOIT)
01.2023 - 03.2024
  • Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Threshold Assessment (PTA), Privacy Impact Assessment (PIA), Contingency Plan (CP), FIPS 199, Contingency Plan Test (CPT), System Security Test and Evaluation (ST&E), Security Assessment Reports (SAR) and the Plan of Actions and Milestones (POA&Ms)
  • Assist System Owners and ISSO in preparing Assessment and Authorization (A&A) packages for company’s IT systems, making sure that management, operational and technical security controls adhere to a formal and well-established security requirement authorized by NIST SP 800-53 R4
  • Designate systems and categorize its Confidentiality, Integrity and Availability (C.I.A) using FIPS 199 and NIST SP 800-60
  • Conduct Self-Annual Assessment (NIST SP 800-53A).
  • Perform Vulnerability Assessments.
  • Ensure all potential risks are assessed, evaluated and proper action have been taken to limit their impact on Information and Information Systems
  • Create standard templates for required Security Assessment and Authorization (SA&A) documents, including Risk Assessments, Security Plans, Security Assessment Plans and Reports, Contingency Plans, and Security Authorization Packages
  • Support NIST Risk Management Framework (RMF) based Assessment and Authorization (A&A) activities.
  • Monitor and prepare required actions and documents pertaining to the A&A of the system throughout its lifestyle, to include security evaluation findings and residual risks
  • Conduct comprehensive reviews of security authorization documents to ensure appropriate NIST security guidelines were used during assessments and selections of security controls are relevant to confidentiality, integrity, and availability of systems.
  • Review and process Interconnection Security Agreements (ISA), Policy Waivers, Approval to Test (ATT), and Interim Approval to Operate (IATO) documents.
  • Review IS security plans and other A&A documents for all applications to determine if organization’s mandated procedures and tasks are followed, such as using CSAM.
  • Assist government in preparing written justification, when appropriate, to obtain written waiver of policy for mandated security features.
  • Conducted regular risk assessments for proactive identification and mitigation of potential vulnerabilities.
  • Ensured business continuity by developing disaster recovery plans and conducting regular testing exercises.
  • Increased user awareness through targeted cybersecurity training programs tailored to employee roles.
  • Collaborated with IT teams to integrate security best practices into system development and operations.
  • Contributed towards reducing overall enterprise risk by consistently analyzing and refining the organization''s risk appetite and tolerance levels.
  • Conducted security audits to identify vulnerabilities.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Established effective communication channels between cross-functional departments to facilitate prompt exchange of relevant cybersecurity information.
  • Maintained compliance with industry standards such as HIPAA, GDPR, ISO 27001, and NIST by enforcing strict protocols and controls.
  • Designed secure networks by applying defense-in-depth principles that minimized attack surfaces while maintaining usability requirements for endusers.

ISSO

Apex Systems / Ability IT Consultancy (FDM)
06.2019 - 12.2022
  • Focused heavily on RMF (Risk Management Framework) phase 4 (Assessing Security Controls).
  • Effectively engaged in assessment processing & preparing for assessment, conducting assessment, communicate assessment results, and maintain the assessment.
  • Coordinated, participated, and attended weekly forums for security advice and updates.
  • Created Security Assessment Plan (SAP) to document assessment schedules, systems security control tools and personnel, client’s approval for assessment and Rules of Engagement (ROE) utilizing vulnerability scanning.
  • Used the implementation section of the System Security Plan (SSP) in addressing how each control was implemented (frequency of performing the controls, control types and status) as part of my interview answers during the Security Testing and Evaluation (ST&E) documentation.
  • Determined assessment method (examining policies and procedures, interviewing personnel and testing technical controls), using NIST SP 800-53A as a guide.
  • Created Risk Traceability Matrix (RTM) in which to document assessment result (pass/fail).
  • Prepared Security Assessment Reports (SAR) in which all weaknesses are reported.
  • Created Plans of Actions and Milestones (POA&Ms) to trace corrective action and resolving weaknesses and findings.
  • Set- up and participate in Assessment Kick-Off meetings.
  • Determined threat sources and applying security controls to reduce risk impact.
  • Used POA&M tracking tools like CSAM (Cybersecurity Assessment and Management), Excel spreadsheet to make sure the POA&M is not in delay status.
  • Self-motivated, with a strong sense of personal responsibility.
  • Skilled at working independently and collaboratively in a team environment.
  • Demonstrated respect, friendliness and willingness to help wherever needed.
  • Assisted with day-to-day operations, working efficiently and productively with all team members.
  • Passionate about learning and committed to continual improvement.
  • Worked flexible hours across night, weekend, and holiday shifts.
  • Managed time efficiently in order to complete all tasks within deadlines.
  • Learned and adapted quickly to new technology and software applications.

Security Control Assessor

Defense Point security
06.2016 - 09.2019
  • Focused heavily on RMF (Risk Management Framework) phase 4 (Assessing Security Controls)
  • Effectively engaged in assessment processing & preparing for assessment, conducting assessment, communicate assessment results, and maintain the assessment.
  • Coordinated and participated in weekly forums for security advice and updates.
  • Created Security Assessment Plan (SAP) to document assessment schedules, systems security control tools and personnel, client’s approval for assessment and Rules of Engagement (ROE) utilizing vulnerability scanning.
  • Used the implementation section of the System Security Plan (SSP) in addressing how each control was implemented (frequency of performing the controls, control types and status) as part of my interview answers during the Security Testing and Evaluation (ST&E) documentation.
  • Determined assessment method (examining policies and procedures, interviewing personnel, and testing technical controls), using NIST SP 800-53A as guide.
  • Created Risk Traceability Matrix (RTM) in which to document assessment result (pass/fail).
  • Prepared Security Assessment Reports (SAR) in which all weaknesses are reported.
  • Created Plans of Actions and Milestones (POA&Ms) to trace corrective action and resolving weaknesses and findings.
  • Set- up and participate in Assessment Kick-Off meetings.
  • Determined threat sources and applying security controls to reduce risk impact.
  • Used POA&M tracking tools like CSAM (CyberSecurity Assessment and Management), Excel spreadsheet to make sure the POA&M is not in delay status.
  • Actively participated in cross-functional meetings to discuss issues related to information assurance and risk management processes.
  • Supported incident response efforts by analyzing security breaches and recommending appropriate corrective actions.
  • Maintained up-to-date knowledge of emerging cyber threats, ensuring relevant expertise in assessing security risks.
  • Contributed to business continuity plans by identifying critical assets and evaluating their associated risks.
  • Collaborated with IT teams to address identified security weaknesses, fostering a proactive approach to risk management.
  • Performed gap analyses on existing security controls, identifying areas requiring improvement or additional measures.
  • Worked with other teams to enforce security of applications and systems.
  • Conducted security audits to identify vulnerabilities.
  • Executed penetration testing to identify security weaknesses and develop disaster recovery plans.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Drafted security reports and metrics to track security performance and strategize improvements.

Education

Master’s Degree (MBA) in Supply Chain Management -

University of Maryland Global Campus
Adelphi,MD
11.2022

Bachelor’s Degree (BSc.) in Marketing -

Kwame Nkrumah University of Science And Technology
Ghana
10.2014

Skills

  • Log Analysis
  • Physical Security
  • Access Control Management
  • Two-Factor Authentication
  • Security policy development
  • User Awareness Training
  • Intrusion Detection
  • Disaster Recovery Planning
  • Vulnerability Scanning
  • Risk Assessment
  • Compliance Management
  • Developing security plans
  • Security assurance
  • Information Protection
  • Disaster Recovery

Certification

  • CompTIA Security+ CE
  • Certified information system auditor-CISA
  • Scrum Master Accredited Certified

Additional Information

Proactively monitoring, analyzing, and responding to events and incidents

References

Reference available upon request.

Timeline

Information Systems Security Officer (ISSO)/Implementation Specialist

Apex Systems / Maryland Department of IT (MDDOIT)
01.2023 - 03.2024

ISSO

Apex Systems / Ability IT Consultancy (FDM)
06.2019 - 12.2022

Security Control Assessor

Defense Point security
06.2016 - 09.2019

Master’s Degree (MBA) in Supply Chain Management -

University of Maryland Global Campus

Bachelor’s Degree (BSc.) in Marketing -

Kwame Nkrumah University of Science And Technology
  • CompTIA Security+ CE
  • Certified information system auditor-CISA
  • Scrum Master Accredited Certified

Similar Profiles

  • Bishwash Sapkota

    Bishwash SapkotaBishwash Sapkota

    Commissioning/Operation Engineer at Walmart Advanced Systems & Robotics (Contract through Apex Systems LLC)Commissioning/Operation Engineer at Walmart Advanced Systems & Robotics (Contract through Apex Systems LLC)

    View Profile
  • John John

    John JohnJohn John

    Summer Intern at Maryland Department of Transportation Maryland Aviation Administration (MDOT MAA)Summer Intern at Maryland Department of Transportation Maryland Aviation Administration (MDOT MAA)

    View Profile
  • JARDON SHARPE

    JARDON SHARPEJARDON SHARPE

    Splunk Engineer at Apex SystemsSplunk Engineer at Apex Systems

    View Profile
SAFO DONKOR