Shadrach Y. Boateng
California,MD
Summary
A highly passionate, detail-oriented and self-motivated Information Security Analyst with extensive experience in both Information Security and Assurance and Networking. Possess an in-depth understanding of security control implementation and enforcement. Provide effective skills to proactively complete projects and assignments on time while working autonomously or in teams in a fast-paced environment. I am seeking to apply my skills and expertise to help achieve Enterprise-wide information risk goals and objectives. Proven ability to lead and direct, solve information security risks problems professionally, and make strategic decisions in fast paced environments.
Overview
12
12
years of professional experience
1
1
Certification
Work History
Information System Security Officer
Tria Federal
09.2023 - Current
- Support DHS USSS IT Systems cybersecurity compliance and validation within the NIST Risk Management Framework (RMF)
- Develop FIPS 199 to determine High water mark of information system
- Conduct Security Assessment and Authorization (A&A) support for IT systems
- Conduct Security A&A documentation review
- Categorize Systems with NIST 800-60 Rev. 2 based on information types processed by the system
- Select and tailor Security control based on security categorization High water mark of the system
- Assist in the development, documentation, implementation, and maintenance of security policies, guidelines, and standards operating procedures (SOPs) for DHS IT systems and networks.
- Conduct and participate in security assessments and audits, identifying vulnerabilities and creating tickets for corrective actions.
- Maintained software and hardware inventory of all information Security System assigned.
- Review and approve change request tickets as integral part of organisations change management process
- Register new developing systems in CSAM
- Conduct annual Contingency Plan Test (CPT) and update both CP and CPT documents
- Develop new system SOPs and update existing IT Security Compliance SOPs to reflect the current Information System architecture
- Monitor and report on FISMA Compliance activities on a weekly basis
- Conduct Plan of Action and Milestone (POA&M) management and quality control activities and continuously monitor system controls
- Test 1/3 of total security controls annually
- Ensure Plan of Action & Milestone (POA&M) reports are maintained and security vulnerabilities are tracked and remediated accordingly
- Provide artifacts in accordance with existing POA&Ms and submit for review and closure.
- Conduct monthly meetings with stakeholders and provide system current status
- Collaborates with ISSM and RMF Package stakeholders to obtain signatures/approvals
- Conduct meeting with project stakeholders to clearly communicate task and system ATO needs
Information System Security Officer
Resource Management Concept (RMC)
04.2023 - 09.2023
- Serve as an Information Systems Security Officer (ISSO) for Government information systems in support of a Program Management Activity (PMA).
- Conduct Compliance and Policy Checks for the various Navy flight test systems on the following artifacts: Contingency Plans & Tests, Configuration Management, System Interconnections and System Security Plans
- Generated, reviewed, and updated SSPs against National Institute for Standards and Technology (NIST 800-18 and NIST 800-53) requirements; this contains the management, operational, and technical safeguards or countermeasures prescribed for an information system
- Develop Plan of Action and Milestones (POA&M) for identified vulnerabilities and ensure compliance through monthly / quarterly updates
- Risk Management Framework (RMF) and alignment with Joint Commission Accreditation requirements
- Worked closely with system owners and fellow ISSOs to oversee the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for approval of an Authorization to Operate (ATO)
- Updated, retrieved, and uploaded all necessary authorization related documentation into eMASS using approved templates and procedures
- Retrieved, updated, and uploaded all necessary Data Transfer Agent (DTA) related documents into Cyber Security Assessment Management using approved templates and procedures
- Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing.
- Evaluated and uploaded Plan of Action and Milestones (POA&Ms) into Enterprise Mission Assurance Support Service (EMASS) and validate artifacts specified to remediate POA&M items
- Create Memorandum for the Record (MFR) request when systems already in operation needs upgrade to the boundary, addition or removal of new hardware/software, and any administrative changes by conducting security posture validation and security control impact.
- Keeping an updated inventory list of all external hard drive assets assigned to users.
- Use eMaster to generate POA&M to review security control vulnerability and impact.
- Run Evaluate STIG script in Powershell to scan systems against current STIG compliance to identify open STIG finding to be fixed.
- Review, submit artifacts and request POA&M closure after POA&M remediation.
Information System Security Officer
22nd Century Inc.
01.2022 - 04.2023
- Conduct Compliance and Policy Checks for the various Navy flight test systems on the following artifacts: Contingency Plans & Tests, Configuration Management, System Interconnections and System Security Plans
- Generated, reviewed, and updated SSPs against National Institute for Standards and Technology (NIST 800-18 and NIST 800-53) requirements; this contains the management, operational, and technical safeguards or countermeasures prescribed for an information system
- Risk Management Framework (RMF) and alignment with Joint Commission Accreditation requirements
- Worked closely with system owners and fellow ISSOs to oversee the preparation of a Comprehensive and Executive Certification & Accreditation (C&A) packages for approval of an Authorization to Operate (ATO)
- Updated, retrieved, and uploaded all necessary authorization related documentation into eMASS using approved templates and procedures
- Retrieved, updated, and uploaded all necessary Data Transfer Agent (DTA) related documents into Cyber Security Assessment Management using approved templates and procedures
- Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing.
- Evaluated and uploaded Plan of Action and Milestones (POA&Ms) into Enterprise Mission Assurance Support Service (EMASS) and validate artifacts specified to remediate POA&M items
- Keeping an updated inventory list of all external hard drive assets assigned to users.
- Use eMaster to generate POA&M to review security control vulnerability and impact.
- Run Evaluate STIG script in Powershell to scan systems against current STIG compliance to identify open STIG finding to be fixed.
Information System Security Officer
Prime Technical Services Inc.
07.2021 - 01.2022
- Reviewed and enforced security controls and assessed network security components.
- System Security Plans for information systems detailing on system boundaries, configuration requirements, selected security controls and system interconnections
- Performed Security event monitoring of heterogeneous networks such as Firewalls, IDS/IPS, CiscoASA, DLP devices. Performing security reviews, identify gaps in security architecture, and developing a security risk management plan and risk analysis
- Perform first line service to resolve network problems as they appear. Detect, analyze, and resolve network switching and transmission system problems while minimizing impact on customer service
- Knowledgeable in network protocols such as OSPF, BGP, and EIGRP.
- Knowledgeable and experienced in working with wireless technologies, Virtual Private Networks (VPN), Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS) and WAN.
Information System Security Officer
Electronic On-Ramp(EOR)
09.2020 - 06.2021
- Manage, troubleshoot connectivity issues, configure, install and un-install all devices on the network including switches, router, Network Monitoring Systems.
- Perform first line service to resolve network problems as they appear. Detect, analyze, and resolve network switching and transmission system problems while minimizing impact on customer service
- Differentiate between primary and secondary network failures. Based on the severity or type of event, determine what additional resources are required.
- Trained and on boarded many new hires and assisted in getting them acclimated to the job.
- Knowledgeable and experienced in working with wireless technologies, Virtual Private Networks (VPN), Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS) and WAN.
- Knowledgeable in network protocols such as OSPF, BGP, and EIGRP.
Information System Security Officer
United States Navy, Camp Lejeune
11.2013 - 10.2019
- Reviewed and analyzed existing C&A packages for completeness and compliance for the Department of Navy (DON)
- Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)
- Conducted risk assessments regularly; ensured measures raised in assessments were implemented in accordance with risk profile, and root-causes of risks were fully addressed following NIST 800-30 and NIST 800-37
- Evaluated and uploaded Plan of Action and Milestones (POA&Ms) into Enterprise Mission Assurance Support Service (EMASS) and validate artifacts specified to remediate POA&M items
- Assessed security controls in accordance with assessment procedures defined in the Security Assessment Plan (SAP) through examination, interviews, and testing
- Prepared and delivered oral IA-focused presentations to technical and non-technical groups
- Conducted regular penetration testing on systems to determine the weakness in the infrastructure (hardware), application (software) and people to develop controls
- Performed Vulnerability Assessment to make sure that risks are assessed, evaluated and proper actions been taken to limit their impact on the Information and Information Systems.
- Developed, reviewed and updated Information Security System Policies, System Security Plans and Security baseline in accordance with NIST, FISMA, and OMB App.
- Performed security categorization, using FIPS 199 as standard and NIST SP 800-60 as guideline and reviewed Privacy Threshold Analysis (PTA), and Business Impact Analysis (BIA)
- Provided subject matter expertise with the development of security policy documentation that follows Federal Information Security Management (FISMA) requirements, and National Institute of Standards and Technology (NIST)
- Collaborated closely with members of security team to accomplish mission objectives in a timely manner
- Drafted, prepared and submitted System Security Plan (SSP) to CISO for approval
- Reviewed Contingency Plan (CP) and participated in Contingency Plan Text (CPT), verifying secure operational conditions within planned recovery time
- Developed, maintained, and communicated a consolidated risk management activity
- Determined the information security objectives of the information systems by protecting the confidentiality, integrity and availability of the naval systems.
Education
Biology (Chemistry, Biology, Calculus)
SUNY College at Old Westbury
05.2012
MS - Cyber security Management & Policy
UMGC
06.2025
B.S. - Computer Networks and Cyber security
UMGC
12.2023
Computer Networks & Security Training
Per Scholars
03.2020
Skills
- Security Risk Assessment
- Networking/ Network Security
- Information Assurance
- Risk Management Framework (RMF)
- NIST/ FISMA/FEDRAMP
- Contingency Plan Testing (CPT)
- RAR, SSP, SAP, SAR, POA&M, ATO
- Microsoft Office Suite
- Operating Systems (Windows)/Linux
- SCAP, ACAS, DISA STIGs, eMASS, CSAM
- Nmap, Zenmap
- Business Impact Analysis (BIA)
Certification
- CompTIA Security+ CE (Exp. Date: 2026-08-05)
- CompTIA A+ CE (Exp. Date: 2026-08-05)
- CompTIA Network+ CE (Exp. Date: 2026-08-05)
- CISM (Exp. Date: 2025-01-31)
SECURITY CLEARANCE
Top Secret
MILITARY
Veteran
Timeline
Information System Security Officer
Tria Federal
09.2023 - Current
Information System Security Officer
Resource Management Concept (RMC)
04.2023 - 09.2023
Information System Security Officer
22nd Century Inc.
01.2022 - 04.2023
Information System Security Officer
Prime Technical Services Inc.
07.2021 - 01.2022
Information System Security Officer
Electronic On-Ramp(EOR)
09.2020 - 06.2021
Information System Security Officer
United States Navy, Camp Lejeune
11.2013 - 10.2019
MS - Cyber security Management & Policy
UMGC
B.S. - Computer Networks and Cyber security
UMGC
Computer Networks & Security Training
Per Scholars
Biology (Chemistry, Biology, Calculus)
SUNY College at Old Westbury
Similar Profiles
Bradley EstesBradley Estes
Communications Analyst at Tria FederalCommunications Analyst at Tria Federal
Christopher PetersonChristopher Peterson
Senior Software Engineer at Tria FederalSenior Software Engineer at Tria Federal
Barry MeltonBarry Melton
Communications Manager (remote) at Tria FederalCommunications Manager (remote) at Tria Federal
Colton RisorColton Risor
Certified Pest Control Technician at GuardianCertified Pest Control Technician at Guardian
Het PatelHet Patel
Volunteer at Philips HealthcareVolunteer at Philips Healthcare