Summary
Overview
Work History
Skills
Certification
LANGUAGES
Timeline
Generic

Toby Awolesi

Montgomery Village,MD

Summary

Experienced and results-oriented Cybersecurity Analyst with over 6 years of proven success in designing, implementing, and optimizing vulnerability management programs. Skilled in leading cross-functional teams, enhancing security operations, and aligning cybersecurity practices with business objectives. Well-versed in proactively addressing emerging threats, streamlining remediation workflows, and strengthening overall security posture.

Proficient in leveraging a wide range of tools including Tenable.sc, Tenable.io, Qualys, Rapid7, ServiceNow, WIZ, Prisma, CrowdStrike, and Nessus for system protection, asset discovery, threat detection, and compliance management. Demonstrated expertise in risk assessment, continuous monitoring, POA&M documentation, mitigation planning, and compliance scanning.

Hands-on experience supporting database administration and the secure architecture, deployment, and management of resilient systems across both on-premises and cloud environments (AWS, Azure, GCP).

Overview

8
8
years of professional experience
1
1
Certification

Work History

Security Analyst

DMI
03.2024 - Current
  • Managed vulnerability scans using Tenable IO, prioritized findings, and worked with IT teams for remediation.
  • Created and maintained POA&Ms and compliance documentation for audits and risk assessments.
  • Performed root cause analysis of incidents and contributed to continuous improvement of detection rules and playbooks.
  • Validated scan results and addressed false positives/negatives through manual testing and vendor coordination.
  • Used ServiceNow to track incident tickets, vulnerabilities, and asset ownership lifecycle.
  • Collaborated with cross-functional teams to enhance endpoint security and reduce attack surface by 35%.
  • Lead end-to-end vulnerability management operations, ensuring timely detection, validation, and remediation across cloud and on-prem environments.

Vulnerability Management Engineer

MindShift Corp
10.2020 - 02.2024
  • Use Qualys and Tenable for end-to-end vulnerability management while created custom CCRI-relevant queries, dashboards, and reports to help you gain insight into the client's most critical assets, reduced overall vulnerabilities per host, and help the organization remain secure and compliant.
  • Identify and recommended appropriate measures to manage, remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the senior management.
  • Provide prompt attention and visibility into risks, vulnerabilities, and issues serving as an escalation path for team member while drove actionable matrices and risk reports to Leadership.
  • Perform security compliance and vulnerability assessments; develop and apply DISA- STIG or CIS benchmark or baselines for various operating systems (Windows, RHEL/CentOS).
  • Perform asset discovery and vulnerability management on client environment using tools such as Rapid7 and CMDB Provide prompt attention and visibility into risks, vulnerabilities, and issues serving as an escalation path for team member while driving actionable matrices and risk reports to Leadership.
  • Track and obtain CVEs data based on the newly zero day announced vulnerabilities and make this information available in a daily Vulnerability dashboard and notification that goes out to stakeholders.
  • Perform third-party risk and vulnerability management activities, including risk analysis, findings creation and reporting, and remediation monitoring using Qualys and Tenable Excellent team player capable of productively contributing to the client mission by supporting fellow teammates in a dynamic growing and changing environment.
  • Review vulnerabilities' data from multiple sources (i.e., external / internal penetration testing, internal / external vulnerability scanning, etc.) across multiple technologies and a changing environment including infrastructure and applications to determine risk rating of vulnerabilities to business assets.
  • Reviewing updated and developed required security documentation including but not limited to System Security Plans (SSPs), Contingency Plans (CP), Plan of Action and Milestones (POA&Ms), Security Assessment Reports (SAR).
  • Evaluated and determined if/when information security violations have occurred through network or device logs, open-source research, vulnerability and configuration scan data, and user provided reports.
  • Provide technical assistance to system owners when needed Obtained the ability to demonstrate understanding and in-depth knowledge of security threats and applying actionable data to processes and procedures.
  • Demonstrate understanding and knowledge correlation analysis, along with an understanding of monitoring programs, such as Splunk Mentor and guide team members with vulnerability assessments, mitigation techniques, and approaches.
  • Stay up to date on latest technology trends, particularly as they apply to vulnerability and risk management Tested DISA-STIGs benchmarks for updates and new releases for technologies such as Fortinet Fortigate Firewall, MS Edge, IBM WebSphere Liberty Servers etc.

Vulnerability and Risk Analyst

GENZTECH
09.2017 - 09.2020
  • Developed, created, and implemented a comprehensive vulnerability management program aligned with the enterprise's objectives and risk appetite.
  • Supported and led a high-performing team of cybersecurity professionals, providing guidance and mentorship to ensure the success of the vulnerability management program.
  • Collaborated with cross-functional teams to identify and prioritize vulnerabilities, developing effective remediation plans that integrated seamlessly into business processes.
  • Ensured understanding and integration of vulnerability management priorities across various teams.
  • Drove continuous improvements in vulnerability management processes and tools through the use of industry-leading technologies, automation, and data-driven insights.
  • Stayed current on industry trends, emerging threats, and best practices in vulnerability management, adapting the program to maintain optimal security posture.
  • Evaluated and recommended vulnerability management tools and technologies, achieving an optimal balance of effectiveness and efficiency.
  • Developed and delivered regular metrics, reports, KPIs, and presentations to executive leadership and key stakeholders, effectively communicating the status and effectiveness of the vulnerability management program.
  • Built a diverse vulnerability management program covering secure software development lifecycle, patch governance, and application security.
  • Logged and tracked discovered vulnerabilities.
  • Used Service Now to triage remediation tasks and assigned to system owner, tracking tasks accordingly.
  • Applied root cause analysis to identify and assess problems and key drivers of success.
  • Developing potential conclusions from data with limited complexity.
  • Completed ad hoc metrics and reporting when requested.
  • Stayed aware of current business and industry trends relevant to the business and cybersecurity.
  • Performed vulnerability scheduled scans as directed by management using Qualys and Tenable.sc.
  • Work with the Business owners to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks.
  • Ensures scan results are presented in appropriate dashboards, reports, and forwarded to other data systems as necessary.
  • Interface with third-party vendors and other Conduent organizations in improving the overall scanning process.
  • Initiate remediation campaign and follow-up with Asset owners to mitigate based on SLA.
  • Performed and lead various levels of data analysis, data and metric reporting, and research on existing and emerging cyber threats, particularly those directed against clients' networks.
  • Strong understanding of IT environments, information security, and privacy.
  • Experience analyzing and evaluating network and security vulnerabilities.
  • Experience with SIEM and EDR tools such as Splunk, MDE, and CrowStrike.
  • Experience with Web Application scanning using Tenable.io.
  • Experience with Host based scanning using Tenable.sc.
  • Install and troubleshoot Nessus Agent Perform compliance and secure baselines scans (CIS, STIG, etc).

Skills

  • Governance Expert
  • Mitigation Expert
  • Triage Expert
  • Troubleshooting (Problem Solving) Expert
  • Leadership Expert
  • Microsoft Windows Expert
  • Database Systems Expert
  • Continuous Monitoring Expert
  • Risk Appetite Expert
  • Data Analysis Expert
  • Software Development Expert
  • Integration Expert
  • Dashboard Expert
  • Security Information And Event Management (SIEM) Expert
  • Risk Management Expert
  • Vulnerability Expert
  • Management Expert
  • Firewall Expert
  • Splunk Expert
  • Correlation Analysis Expert
  • Vulnerability Scanning Expert
  • Vulnerability Management Expert
  • Nessus Expert
  • Presentations Expert
  • Good Clinical Practices (GCP) Expert
  • Research Expert
  • ServiceNow Expert
  • Infrastructure Expert
  • Mentorship Expert
  • Vulnerability Assessments Expert
  • Penetration Testing Expert
  • Amazon Web Services Expert
  • Communications Expert
  • Security Controls Expert
  • Hardening Expert
  • Collaboration Expert
  • Risk Analysis Expert
  • Milestones (Project Management) Expert
  • Automation Expert
  • Technical Assistance Expert
  • Operating Systems Expert
  • Root Cause Analysis Expert
  • CentOS Expert

Certification

  • CompTIA Security+
  • CompTIA Network+
  • CISM (on the way )
  • CSM

LANGUAGES

English

Timeline

Security Analyst

DMI
03.2024 - Current

Vulnerability Management Engineer

MindShift Corp
10.2020 - 02.2024

Vulnerability and Risk Analyst

GENZTECH
09.2017 - 09.2020

Similar Profiles

CREATE PROFILE
Toby Awolesi