AHMAD AHMAD
Bowie
Summary
Cybersecurity and IT Risk professional with 3+ years of hands-on experience in security operations, GRC (Governance, Risk & Compliance), and technical support. Proven track record supporting federal and private sector clients in aligning with NIST 800-53, CMMC, ISO 27001, and FedRAMP frameworks. Skilled in vulnerability management, IAM, incident response, and endpoint security using tools such as Nessus, Rapid7, Tenable, and Splunk. Adept at policy development, audit readiness, and facilitating cross-functional collaboration with internal teams and external vendors. Currently pursuing a Master of Science in Cybersecurity & Information Assurance, with certifications including CySA+, ISC2 CC, and Pentest+ (in progress). Committed to helping organizations build secure, compliant, and resilient environments.
Experienced with analyzing and mitigating security threats to protect critical assets. Utilizes advanced threat detection techniques and robust incident response strategies to minimize risks. Strong understanding of regulatory compliance and risk management, ensuring organizational data remains secure.
Overview
4
4
years of professional experience
1
1
Certification
Work History
Security Analyst & Operations Associate
Williams Adley
01.2023 - Current
- Implemented and maintained security controls aligned with NIST 800-53, CMMC, ISO 27001, and SOC 2 frameworks, including endpoint hardening, application security, and identity access management (IAM), enhancing overall security posture
- Automated Active Directory monitoring and compliance alerts, ensuring adherence to password policy, access control, and account lifecycle management best practices, which improved security compliance
- Conducted comprehensive security monitoring and log analysis, identifying and resolving security events using SIEM (Splunk) to significantly enhance incident response.
- Enhanced vulnerability management and insider threat programs by integrating IDS/IPS, endpoint detection and response (EDR), and network security tools, significantly boosting threat detection capabilities.
- Managed IT asset lifecycle, device hardening, and secure software deployments to reduce attack surface and maintain regulatory compliance, enhancing overall security management
- Enhanced network security by implementing secure components and firewalls with cross-functional teams and vendors, achieving full system compliance.
- Developed and managed comprehensive architecture and technical documentation with auditors, significantly boosting compliance by rigorously applying security controls throughout the enterprise.
Information Technology Audit Associate
Williams Adley
01.2022 - 01.2023
- Conducted threat and vulnerability scans using Nessus, NMAP, Metasploit, providing actionable remediation plans to align with NIST RMF, FedRAMP, and COBIT requirements.
- Configured and maintained firewalls, IDS/IPS, and SIEM solutions to support continuous monitoring and rapid incident response.
- Performed compliance audits and risk assessments against NIST 800-53, and other security frameworks, producing reports for both technical and executive audiences.
- Supported GRC program initiatives by tracking remediation status, reviewing access management controls, and mapping system changes to security requirements.
- Developed onboarding security standards, including IAM configuration, VPN setup, anti-malware installation, and secure baseline imaging
- Authored security policies, SOPs, and technical documents that enhanced audit readiness, streamlined compliance, and strengthened operational effectiveness.
- Collaborated with IT teams, external auditors, and stakeholders to resolve audit findings, strengthen security posture, and maintain compliance.
Education
Master of Science - Cybersecurity/Information Assurance
Western Governors University
Salt Lake, Utah08.2024
Bachelor of Science - Computer Science
Governors State University
University Park, Illinois12.2021
Skills
- Governance, Risk & Compliance (GRC): NIST 800-53, NIST RMF, CMMC, ISO 27001, SOC 2, COBIT, FedRAMP
- Cybersecurity & IT Security: Application Security, Network Security, IAM, Incident Response, Risk Management, Root Cause Analysis, Policy Enforcement, Vulnerability Management
- Tools & Platforms: SIEM (Splunk), Nessus, Rapid7, Qualys, Tenable, IDS/IPS, Wireshark, Burp Suite, Nmap, EDR Solutions
- Cloud & Systems: Microsoft Azure, Active Directory, VPN, SharePoint, SQL
- Processes: Threat & Vulnerability Assessment, Security Monitoring, Audit Readiness, Compliance Reporting, Policy Development, Incident Response Playbooks
- Identity and Access management
- Risk mitigation
- Network security
- Security awareness training
- Security information and event management
- Vulnerability assessment
- Security policy development
- Data security
- Threat intelligence
- Wireshark software
- Social engineering
- Monitoring computer viruses
- Risk assessment
- Security planning
- Time management
- Reliability
- Effective communication
- Task prioritization
- Interpersonal communication
- Security protocols
- Regulatory compliance
- Security testing
Accomplishments
- Performed comprehensive investigations of security breaches and implemented appropriate solutions.
- Used Microsoft Excel to develop inventory tracking spreadsheets.
- Resolved product issue through consumer testing.
- Trained end users on proper security protocol to minimize cybersecurity attacks.
- Collaborated with team of nine in the development and documentation of company policies and procedures
- Created daily database reports to identify and enforce password policy
Affiliations
Associate of International Information System Security Certification Consortium
Certification
- Penetration Testing (Pentest+):CompTIA, July 2024
- Cybersecurity Analyst (CySA+ ce):CompTIA, June 2024
- Cybersecurity (CC):ISC2, February 2024
Timeline
Security Analyst & Operations Associate
Williams Adley
01.2023 - Current
Information Technology Audit Associate
Williams Adley
01.2022 - 01.2023
Bachelor of Science - Computer Science
Governors State University
Master of Science - Cybersecurity/Information Assurance
Western Governors University