Profiles search
Dominic B. Boamah, phd.
Cybersecurity | Risk Management | Privacy | Compliance | Framework | NIST | ISO | HITRUST | S-SDLC | DevSecOps| AI Security
Prosper, TX, United States
Details
Education:
Ph.D.
Information Technology Management
Capella University
MS
Information Systems
University of Jyvaskyla, Finland
Information Technology Management
Capella University
MS
Information Systems
University of Jyvaskyla, Finland
Experience:
Working with a team of security engineers and business leaders on different projects including :
• Defining Artificial Intelligence (AI) security strategy, architecture, and requirements/best practices.
• Defining security requirements, packaging and delivery to different solutions and product development teams.
• Reviewing and mapping of security requirements to enterprise security solutions.
• Implementation of security solutions automation.
• Threat-modeling of projects to identify potential risk for the development and implementation of relevant controls.
• Using CMMC, NIST, OWASP, and other frameworks/standards to define security requirements.
• Development of security strategy, policies, and standards.
2023 : Present
T-Mobile
Principal, Cybersecurity Solutions Architect
Served as a chief consultant (on contract) for two projects :
1. Led implementation of devsecops in an agile environment.
- Managed the implementation process to ensure true integration of security across the entire SDLC, from requirements to retirement and not just the CI/CD pipeline.
- Played a significant role in discovery workshops to ensure user stories were clearly defined to enhance threat modeling for identification and implementation of relevant and appropriate controls during development.
- Collaborated with development leads to ensure the CI/CD pipeline was properly set up to support integration of appropriate and relevant security best practices and tools across the pipeline.
- Mentored security champions to enhance the cultivation of security-oriented culture across the organization.
2. Risk Management
- Played a leading role in the implementation of FFIEC CAT-based risk management strategy that ensured residual risks were identified and appropriately mitigated.
- Led a team of security analysts and collaborated with leadership to identify risks, especially regarding PCI compliance requirements through assessment of card data environment and evaluation of cybersecurity maturity per the five CAT domains.
- Used threat, vulnerability, and threat vector analysis approach to further analyze and validate identified risks to ensure identification and implementation of relevant and appropriate controls to protect the card data environment and ensure PCI compliance
-Collaborated with leadership to establish a control baseline to be used across the organization, including third parties to ensure adequate and continuous protection of the card data environment and compliance (by default) with PCI security requirements.
2022 : 2023
Three Quality Services
Chief Consultant
- Led and managed a working group to develop a comprehensive process for threat-based enumeration of controls to protect mobile application environment.
- Actively participated in validation of control requirements for a new version of the HITRUST CSF by reviewing assigned requirements to ensure they were clearly defined, readable, and in correct syntax.
- Reviewed the HIPAA privacy standard and implementation specifications and produced a comprehensive tabular report to demonstrate HITRUST's approach to HIPAA compliance.
- Collaborated with other business units to map the HITRUST CSF controls to the NST CSF controls to ensure continuous alignment between the two frameworks to ensure compliance to the NIST CSF within the HITRUST community.
- Reviewed executive order 14028 : Improving the Nation's Cybersecurity and other relevant sources such as Cybersecurity and Infrastructure Security Agency's (CISA) ransomware guide and updated ransomware guidance in the HITRUST Threat Catalogue.
- Collaborated with a group of experts to map the HITRUST CSF control specifications to the FAIR Control Analytics Model (FAIR-CAM) to enable organizations in the FAIR community to leverage the HITRUST CSF control specifications and vice versa.
- Played a critical role in the update of the HITRUST threat wheel by analyzing the importance of threat vectors in the threat and vulnerability analysis component of risk analysis/assessment.
- Conducted initial research on threat actor taxonomy and analyzed the impact of threat actor characteristics (e.g., motivation, capability, etc.) on threat actor activities.
2020 : 2022
HITRUST
Director, Office of Research and Analysis
-Developed, implemented, and collaborated with the Dean and other relevant departments to launch industry-driven trimester graduate programs for non-traditional (working) students.
- Led and managed redevelopment of new courses (including Secure Software Development Life Cycle - S-SDLC) and general update of LU’s undergraduate cybersecurity, IT, and software development programs.
-Led and managed review of IT/Cybersecurity programs to ensure compliance with accreditation policies and requirements.
- Recruited, mentored, and managed both full-time and part-time faculty members.
-Actively collaborated with industry leaders and IT/Cybersecurity experts on program development and ensured the IT/Cybersecurity programs stayed relevant to the needs of industry.
-Actively collaborated with industry leaders and experts to provide practical hands-on experience opportunities to students through internships.
- Collaborated with the IT helpdesk manager to establish a flagship, on campus internship program, to provide hands-on experience to IT/Cybersecurity students.
- Represented the Cybersecurity/IT department at several conferences, workshop, and meetings.
- Taught graduate Cybersecurity and IT Management classes and served as a mentor to over one hundred graduate students.
2016 : 2020
Lindenwood University
Assistant Dean - Cybersecurity and IT
Served as the Lead consultant for different DevSecOps/S-SDLC and Risk Management projects :
1. Implementation of DevSecOps in agile environments.
- Led a team of remote security analysts to plan and execute DevSecOps projects for different clients and played an essential role of addressing any issues relating the three security enablers of people, processes, and technology to ensure delivery of projects on schedule.
- Served as a process champion and worked across functions to cultivate security culture in the day-to-day operations of departments, especially in software development.
- Actively collaborated with leadership and senior members in the DevSecOps team to ensure a true integration of security across the entire SDLC, from requirements to retirement and not just the CI/CD pipeline.
- Collaborated with leaderships of clients to ensure appropriate agile environments existed for agile project execution and collaborated with DevSecOps teams to ensure they followed appropriate agile concepts and rituals to ensure successful project deliveries with expected level of quality and security.
- Played significant role in discovery workshops to ensure user stories were clearly defined to enhance threat modeling for identification and implementation of relevant and appropriate controls during development.
- Collaborated with senior developers to conduct threat modeling using different techniques (e.g., DREAD, STRIDE, etc.) to identify potential threats for subsequent identification, definition, and implementation of relevant and appropriate controls.
- Ensured security best practices were employed across the SDLC, especially during development.
2014 : 2020
Three Quality Services
Co- Founder (Lead Consultant)
• Defining Artificial Intelligence (AI) security strategy, architecture, and requirements/best practices.
• Defining security requirements, packaging and delivery to different solutions and product development teams.
• Reviewing and mapping of security requirements to enterprise security solutions.
• Implementation of security solutions automation.
• Threat-modeling of projects to identify potential risk for the development and implementation of relevant controls.
• Using CMMC, NIST, OWASP, and other frameworks/standards to define security requirements.
• Development of security strategy, policies, and standards.
2023 : Present
T-Mobile
Principal, Cybersecurity Solutions Architect
Served as a chief consultant (on contract) for two projects :
1. Led implementation of devsecops in an agile environment.
- Managed the implementation process to ensure true integration of security across the entire SDLC, from requirements to retirement and not just the CI/CD pipeline.
- Played a significant role in discovery workshops to ensure user stories were clearly defined to enhance threat modeling for identification and implementation of relevant and appropriate controls during development.
- Collaborated with development leads to ensure the CI/CD pipeline was properly set up to support integration of appropriate and relevant security best practices and tools across the pipeline.
- Mentored security champions to enhance the cultivation of security-oriented culture across the organization.
2. Risk Management
- Played a leading role in the implementation of FFIEC CAT-based risk management strategy that ensured residual risks were identified and appropriately mitigated.
- Led a team of security analysts and collaborated with leadership to identify risks, especially regarding PCI compliance requirements through assessment of card data environment and evaluation of cybersecurity maturity per the five CAT domains.
- Used threat, vulnerability, and threat vector analysis approach to further analyze and validate identified risks to ensure identification and implementation of relevant and appropriate controls to protect the card data environment and ensure PCI compliance
-Collaborated with leadership to establish a control baseline to be used across the organization, including third parties to ensure adequate and continuous protection of the card data environment and compliance (by default) with PCI security requirements.
2022 : 2023
Three Quality Services
Chief Consultant
- Led and managed a working group to develop a comprehensive process for threat-based enumeration of controls to protect mobile application environment.
- Actively participated in validation of control requirements for a new version of the HITRUST CSF by reviewing assigned requirements to ensure they were clearly defined, readable, and in correct syntax.
- Reviewed the HIPAA privacy standard and implementation specifications and produced a comprehensive tabular report to demonstrate HITRUST's approach to HIPAA compliance.
- Collaborated with other business units to map the HITRUST CSF controls to the NST CSF controls to ensure continuous alignment between the two frameworks to ensure compliance to the NIST CSF within the HITRUST community.
- Reviewed executive order 14028 : Improving the Nation's Cybersecurity and other relevant sources such as Cybersecurity and Infrastructure Security Agency's (CISA) ransomware guide and updated ransomware guidance in the HITRUST Threat Catalogue.
- Collaborated with a group of experts to map the HITRUST CSF control specifications to the FAIR Control Analytics Model (FAIR-CAM) to enable organizations in the FAIR community to leverage the HITRUST CSF control specifications and vice versa.
- Played a critical role in the update of the HITRUST threat wheel by analyzing the importance of threat vectors in the threat and vulnerability analysis component of risk analysis/assessment.
- Conducted initial research on threat actor taxonomy and analyzed the impact of threat actor characteristics (e.g., motivation, capability, etc.) on threat actor activities.
2020 : 2022
HITRUST
Director, Office of Research and Analysis
-Developed, implemented, and collaborated with the Dean and other relevant departments to launch industry-driven trimester graduate programs for non-traditional (working) students.
- Led and managed redevelopment of new courses (including Secure Software Development Life Cycle - S-SDLC) and general update of LU’s undergraduate cybersecurity, IT, and software development programs.
-Led and managed review of IT/Cybersecurity programs to ensure compliance with accreditation policies and requirements.
- Recruited, mentored, and managed both full-time and part-time faculty members.
-Actively collaborated with industry leaders and IT/Cybersecurity experts on program development and ensured the IT/Cybersecurity programs stayed relevant to the needs of industry.
-Actively collaborated with industry leaders and experts to provide practical hands-on experience opportunities to students through internships.
- Collaborated with the IT helpdesk manager to establish a flagship, on campus internship program, to provide hands-on experience to IT/Cybersecurity students.
- Represented the Cybersecurity/IT department at several conferences, workshop, and meetings.
- Taught graduate Cybersecurity and IT Management classes and served as a mentor to over one hundred graduate students.
2016 : 2020
Lindenwood University
Assistant Dean - Cybersecurity and IT
Served as the Lead consultant for different DevSecOps/S-SDLC and Risk Management projects :
1. Implementation of DevSecOps in agile environments.
- Led a team of remote security analysts to plan and execute DevSecOps projects for different clients and played an essential role of addressing any issues relating the three security enablers of people, processes, and technology to ensure delivery of projects on schedule.
- Served as a process champion and worked across functions to cultivate security culture in the day-to-day operations of departments, especially in software development.
- Actively collaborated with leadership and senior members in the DevSecOps team to ensure a true integration of security across the entire SDLC, from requirements to retirement and not just the CI/CD pipeline.
- Collaborated with leaderships of clients to ensure appropriate agile environments existed for agile project execution and collaborated with DevSecOps teams to ensure they followed appropriate agile concepts and rituals to ensure successful project deliveries with expected level of quality and security.
- Played significant role in discovery workshops to ensure user stories were clearly defined to enhance threat modeling for identification and implementation of relevant and appropriate controls during development.
- Collaborated with senior developers to conduct threat modeling using different techniques (e.g., DREAD, STRIDE, etc.) to identify potential threats for subsequent identification, definition, and implementation of relevant and appropriate controls.
- Ensured security best practices were employed across the SDLC, especially during development.
2014 : 2020
Three Quality Services
Co- Founder (Lead Consultant)
Company:
T-Mobile
Years of Experience:
24
Skills
Analysis, Business Analysis, Change Management, Integration, IT Management, Leadership, MS Project, Process Improvement, Program Management, Project Management, Project Planning, Quality Assurance, Requirements Analysis, SDLC, Software Development Life Cycle (SDLC), Software Project Management, Strategy, Team Building, Telecommunications, Testing, Test Planning, Troubleshooting, Visio
About
A seasoned and passionate cybersecurity professional with over 20 years of cybersecurity/IT engineering and leadership experience with expertise in several areas including devsecops/secure software development (S-SDLC), security engineering and automation, software and security testing, security architecture, security orchestration, third-party risk management, vulnerability management, risk management, controls development and implementation, governance, regulatory compliance, framework and risk catalogue development, breaking complex security issues down to business executives, security strategy development, AI security, and security education/teaching.
Profile Photo
