Profiles search
Frema Gyabaah
Information Security Specialist (Cyber Security)
Stafford, VA, United States
Details
Experience:
•Managing/creating Plan of Action Milestones (POA&M) for mitigation efforts in obtaining an acceptable level of risk for Authorization to Operate (ATO)
•Assist System Owners by providing Cyber Security guidance on applying Risk Management Framework for onboarding systems to obtain an ATO. System types include GSS, Minor Applications and Cloud/FEDRAMP.
•Maintaining system artifacts within CSAM repository
•Managing and editing SSPs, Security Assessment Reports (SAR) and POA&Ms
•Developing a variety of RMF Documentation such as the SSP, IRP, CP, CPT, DRP.
•Coordinate vulnerability management processes with tier 2/tier 3 administrators
•Conduct scan analysis from raw scan data using Nessus database protect scanning tools
•Participate in DHS cybersecurity working groups, including providing comments on DHS draft cybersecurity policies and guidance
•Draft Interconnection Security Agreement Packages between the CBP and other non-DHS entities, track and see document through to completion
•Work closely with supervisor and colleagues to expedite some of the ISAs that are close to expiration.
2020 : Present
Dev Technology Group, Inc.
Information Security Analyst
• Conducted Security Control Assessments (SCA) on Information Systems by interviewing, examining, and testing methods using NIST SP 800-53a rev4 as a guide and documented control findings in the SRTM worksheet.
•Tracked PPSMs and ATC processes between the VA and Cerner
•Liaised with the ISOs and other system personnel for the development and maintenance of the documents required for an ATO package deliverables such as SSPs, SARs, and POA&Ms.
•Created and tracked POA&Ms for remediation of all identified risks upon completion of Security Control Assessment (SCA) exercises and vulnerability scan.
• Prioritize remediation actions based on results of risk assessment and the mission of the organization by using NIST 800-30 guidelines.
•Employed NIST SP 800-60 and FIPS 199 for the categorization of information systems, to determine the appropriate information types, and identify the potential impact in each case to the security objectives of Confidentiality, Integrity and Availability.
2019 : 2020
ACI Federal™
Cyber Security Engineer
•Responsible for developing and maintaining Authorization to Operate (ATO) packages such as the SSP, SAR and POA&M for information systems to comply with organization’s information security requirements.
•Perform Security Impact Analysis on proposed or actual changes to organizational information system as defined in NIST 800-137.
•Perform Configuration Management for the organization information systems as part of the Continuous Monitoring processes.
•Responsible for researching and evaluating relevant information security policies, guidance, and best industry practices, including NIST and FISMA for applicability to IT systems security.
•Ensure systems are compliant with agency guidelines and conduct the ST&E kick-off meeting and populate the Security Requirements Traceability Matrix (SRTM) according to NIST SP 800-53A.
•Conduct Security Control Assessments (SCA) on Information Systems by using the interview, examination and testing methods as needed using NIST SP 800-53A rev4 as a guide and document control findings in the SRTM worksheet.
•Collaborate with Product Managers, Platform Leads and Information Security teams to design and implement appropriate controls for cloud security solutions.
•Extensive knowledge of the Risk Managements Framework and its application to the System Development Lifecycle.
•Review implementation statements and supporting evidence of security controls as to determine if the systems are currently meeting the requirements and provide findings/suggested mitigations to stakeholders.
2016 : 2019
PCCW
Cyber Security Analyst
•Identified hardware, software, and environmental hitches and worked to determine the cause of the problem.
•Coordinated with third-party vendors, customer contacts, or other IT teams to troubleshoot and resolve network issues as they arise through standard procedures.
•Escalated too large or complex issues to management, other IT resources or 3rd party vendors for quick troubleshooting and assistance in reaching a resolution.
•Maintained ongoing communication within the team and externally, to keep all stakeholders aware of relevant, known issues and the steps being taken to remediate.
•Turnup routers and other devices for monitoring and turn down obsolete devices.
•Increased IPV4 and IPV6 Max prefixes as needed and as requested.
2013 : 2015
CISNET Solution
Network Engineer (NOC)
•Assist System Owners by providing Cyber Security guidance on applying Risk Management Framework for onboarding systems to obtain an ATO. System types include GSS, Minor Applications and Cloud/FEDRAMP.
•Maintaining system artifacts within CSAM repository
•Managing and editing SSPs, Security Assessment Reports (SAR) and POA&Ms
•Developing a variety of RMF Documentation such as the SSP, IRP, CP, CPT, DRP.
•Coordinate vulnerability management processes with tier 2/tier 3 administrators
•Conduct scan analysis from raw scan data using Nessus database protect scanning tools
•Participate in DHS cybersecurity working groups, including providing comments on DHS draft cybersecurity policies and guidance
•Draft Interconnection Security Agreement Packages between the CBP and other non-DHS entities, track and see document through to completion
•Work closely with supervisor and colleagues to expedite some of the ISAs that are close to expiration.
2020 : Present
Dev Technology Group, Inc.
Information Security Analyst
• Conducted Security Control Assessments (SCA) on Information Systems by interviewing, examining, and testing methods using NIST SP 800-53a rev4 as a guide and documented control findings in the SRTM worksheet.
•Tracked PPSMs and ATC processes between the VA and Cerner
•Liaised with the ISOs and other system personnel for the development and maintenance of the documents required for an ATO package deliverables such as SSPs, SARs, and POA&Ms.
•Created and tracked POA&Ms for remediation of all identified risks upon completion of Security Control Assessment (SCA) exercises and vulnerability scan.
• Prioritize remediation actions based on results of risk assessment and the mission of the organization by using NIST 800-30 guidelines.
•Employed NIST SP 800-60 and FIPS 199 for the categorization of information systems, to determine the appropriate information types, and identify the potential impact in each case to the security objectives of Confidentiality, Integrity and Availability.
2019 : 2020
ACI Federal™
Cyber Security Engineer
•Responsible for developing and maintaining Authorization to Operate (ATO) packages such as the SSP, SAR and POA&M for information systems to comply with organization’s information security requirements.
•Perform Security Impact Analysis on proposed or actual changes to organizational information system as defined in NIST 800-137.
•Perform Configuration Management for the organization information systems as part of the Continuous Monitoring processes.
•Responsible for researching and evaluating relevant information security policies, guidance, and best industry practices, including NIST and FISMA for applicability to IT systems security.
•Ensure systems are compliant with agency guidelines and conduct the ST&E kick-off meeting and populate the Security Requirements Traceability Matrix (SRTM) according to NIST SP 800-53A.
•Conduct Security Control Assessments (SCA) on Information Systems by using the interview, examination and testing methods as needed using NIST SP 800-53A rev4 as a guide and document control findings in the SRTM worksheet.
•Collaborate with Product Managers, Platform Leads and Information Security teams to design and implement appropriate controls for cloud security solutions.
•Extensive knowledge of the Risk Managements Framework and its application to the System Development Lifecycle.
•Review implementation statements and supporting evidence of security controls as to determine if the systems are currently meeting the requirements and provide findings/suggested mitigations to stakeholders.
2016 : 2019
PCCW
Cyber Security Analyst
•Identified hardware, software, and environmental hitches and worked to determine the cause of the problem.
•Coordinated with third-party vendors, customer contacts, or other IT teams to troubleshoot and resolve network issues as they arise through standard procedures.
•Escalated too large or complex issues to management, other IT resources or 3rd party vendors for quick troubleshooting and assistance in reaching a resolution.
•Maintained ongoing communication within the team and externally, to keep all stakeholders aware of relevant, known issues and the steps being taken to remediate.
•Turnup routers and other devices for monitoring and turn down obsolete devices.
•Increased IPV4 and IPV6 Max prefixes as needed and as requested.
2013 : 2015
CISNET Solution
Network Engineer (NOC)
Company:
Dev Technology Group, Inc.
About
Information Security Analyst with vast experience in managing and protecting enterprise Information Systems, Network Infrastructures and Operational processes through Information Assurance Controls and Risk Assessment in accordance with industry best security practices. Experience with Security Testing and Evaluation (ST&E), Federal Information Processing Standards (FIPS), Contingency plans, Privacy Impact Assessments (PIA), and creating and updating standard operating procedures. Familiar with cyber security practices and tools including FISMA audit and metrics, NIST SP 800 series and RMF artifacts. Experience with vulnerability assessment tools including Tenable Nessus and Cain password recovery.
Profile Photo
