Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Eugene Otubuah

Bethesda

Summary

Information Security Analyst with over nine years of experience supporting federal information security programs in accordance with FISMA and the Risk Management Framework (RMF) NIST SP 800-37. Skilled in preparing, reviewing, and maintaining Assessment and Authorization (A&A) packages, conducting security control assessments, and providing guidance to system owners on compliance requirements. Demonstrated ability to perform risk assessments, vulnerability management, and continuous monitoring activities to ensure the confidentiality, integrity, and availability of federal information systems. Adept at interpreting and applying NIST publications, federal policies, and security best practices to strengthen organizational security posture, and support mission objectives.

Overview

10
10
years of professional experience
1
1
Certification

Work History

Information Systems Security Officer (ISSO)

Cherokee Federal
Chevy Chase
06.2020 - Current
  • Ensured that security policies, procedures, and recommendations comply with FISMA, NIST, and organizational guidelines.
  • Analyzed and updated System Security Plan (SSP), Risk Assessment (RA), and Privacy Impact Assessment (PIA).
  • Assisted system owners in preparing Assessment and Authorization (A&A) packages for IT systems per NIST SP 800-53 requirements.
  • Categorized systems based on C.I.A using FIPS 199 and NIST SP 800-60 guidelines.
  • Conducted self-annual security control assessments in accordance with NIST SP 800-53A standards.
  • Participated in weekly Compliance Review Board meetings to review PIA document statuses.
  • Performed vulnerability assessments to evaluate risks and implement mitigation strategies.
  • Developed standard templates for security assessment documents to streamline compliance processes.
  • Review and process Interconnection Security Agreements (ISAs), Policy Waivers,
  • Approval to Test (ATT), and Interim Approval to Operate (IATO) documents.

Security Control Assessor

Coalfire
Arlington
02.2017 - 06.2020
  • Assessed security controls through interviews, testing, review, and observation.
  • Record accurate assessment results, identifying findings, and recommendations to mitigate them.
  • Execute, examine, interview, and test procedures in accordance with the applicable compliance framework (NIST SP 800-53A and FedRAMP).
  • Validate the respective information system security plans to ensure NIST control requirements are met.
  • Author recommendations associated with assessment findings on how to improve the customer’s security posture in accordance with NIST controls.
  • Ensure cybersecurity policies are adhered to, and that required controls are implemented.
  • Develop resultant SCA documentation, such as the Security Assessment Plan (SAP) and the Security Assessment Report (SAR).
  • Develop and maintain a Continuous Monitoring program for the CSP solutions in line with the organization's ISCM policies, FISMA, and FedRAMP requirements.

Cybersecurity Analyst

Coalfire
Fairfax
10.2015 - 02.2017
  • Conducted FISMA Annual Security Controls Assessments (ASCAs) on FISMA-reportable systems. Scheduled and facilitated ad-hoc discovery sessions with relevant stakeholders.
  • Organized and led the Control Selection Meeting, Control Assessment Meeting (CAM), and Findings Review meetings with system stakeholders.
  • Prepared a customized Assessment Plan based on the Control Selection Memo (CSM), and collaborated closely with the System POC to coordinate data collection. Developed a Security Assessment Report (SAR) based on assessment results.
  • Updated the System Security Plan (SSP) to the latest templates before the assessment.
  • Performed software testing that included writing SQL queries and automating test cases by writing basic scripts.

Education

Bachelor of Science - Architecture

Kwame Nkrumah University of Science And Technology
Ghana
04-2021

Master of Science - Construction Project Management & Architecture

Northumbria University
England
05-2014

Skills

  • Develop, review, and update A&A artifacts (SSP, E-authentication, SAP, CMP, SAR, ST&E, CP
  • POA&M, PTA, and PIA referencing appropriate NIST/FIPS special publications
  • Develop and conduct SCA (Security Control Assessments) according to NIST SP 800-53A
  • Familiar with FISMA, NIST publications, including SP 800-60, SP 800-53 rev5, SP 800-37
  • and FIPS 199
  • Experience with the analysis of Nessus vulnerability scans, BigFix, web app CSAM, eMASS, and MS
  • Microsoft Office Suite tools
  • Ability to multitask, work independently, and as part of a team, with strong analytical and
  • Quantitative skills
  • Effective interpersonal and verbal/written communication skills are recognized as a collaborative team
  • player with a tireless work ethic, an aptitude for learning new skills, and an ability to multitask while
  • Remaining committed to providing quality work
  • Proficient with SharePoint, ServiceNow, and Archer

Certification

  • CompTIA Security+
  • Certified Information System Auditor (CISA)
  • Certified Information System Security Professional (CISSP) - In Progress

Timeline

Information Systems Security Officer (ISSO)

Cherokee Federal
06.2020 - Current

Security Control Assessor

Coalfire
02.2017 - 06.2020

Cybersecurity Analyst

Coalfire
10.2015 - 02.2017

Bachelor of Science - Architecture

Kwame Nkrumah University of Science And Technology

Master of Science - Construction Project Management & Architecture

Northumbria University

Similar Profiles

CREATE PROFILE
Eugene Otubuah