Profiles search

Kayode Oshodi, CySA, M.Sc.

Security Assessor | Information Security Analyst | IT Auditor
Ft. Washington, MD, United States

Details

Experience: * Conduct IT control risk assessments including reviewing organizational policies, standards

and procedures, as well as providing advice on their adequacy, accuracy and compliance

with industry standards

* Prepare Security Assessment and Authorization (SA&A) packages to ascertain that

management, operational and technical security controls adhere to NIST SP 800-53

standards.

* Effectively transform traditional Security Assessment and Authorization (SA&A) programs

into a six-step life cycle process consisting, Categorization of information systems, Selection

of security controls, Implementation systems, Monitoring of security controls.

* Create standard templates for required security assessment and authorization documents,

including security plans, contingency plans, and security authorization packages

* Compile, write, update, finalize, and produce all FISMA documentation and associated

artifacts as required by Client in a manner compliant with all Federal security requirements

and policies

* Ascertain all FISMA documents are updated within 6 months of a new policy release

* Review all ISSO provided documentation for accuracy and relevancy, provide follow-up to

ISSOs to ensure documents are properly completed.

2020 : Present

Top Group Technologies

Information Security Analyst

* Performing security control testing activities based on NIST 800-53A and conducted a

comprehensive assessment of security controls and control enhancements to determine the

effectiveness of the controls

* Developed Security Assessment Plans (SAP) that outline all the assessment activities and

conducted security control interviews, documentation review, and artifact collection

* Performed risk analyses to demonstrate effective risk management and prepare security

assessment reports (SAR) containing the results and findings from the assessment

* Populate the Security Requirements Traceability Matrix (SRTM) according to NIST SP 800-

53A

* Designated systems and categorized CIA using FIPS 199 and NIST SP 800-60 and

provided liaison support for System Owners and other IS security personnel in preparing

C&A packages, ensured that management, operational, and technical security controls

adhered to a formal and well-established security requirement authorized by NIST SP 800-

53 Rev4 on a different information system

* Supported implementation of security controls and operating as intended during all phases

of the IS lifecycle

* Assisted in uploading all security control evidence to the Governance, Risk, and Compliance

(GRC) application to support security control implementation during the monitoring phase.

2019 : 2020

Havilah Group LLC

Security Control Assessor
Company: Top Group Technologies
Spoken Language: English

About

Dynamic GRC and Cybersecurity Analyst with hands-on and extensive background designing, implementing

layered network security, security risk analysis, system architecture plans and processes with security standards and business goals. Highly skilled in assembling security authorization package using National Institutes of Standards and Technology (NIST) Special Publications 800-53 Rev-4, 800-53A, 800-60, 800-30, 800-37, 800-171, FIPS 199, FIPS 200. Proficient with additional frameworks such as HIPAA, PCI-DSS, TPRM, ISO 27001,SOX, SOC. Results-driven with notable success in planning, analysis and implementation of security initiatives.



Assessment and Authorization (A&A) | NIST 800 Series | Plan of Actions and Milestone (POAM) | System Security Plan (SSP) | System Assessment Report (SAR) | Risk Analysis | Risk Assessment | Risk Control & Mitigation Security Life Cycle | Threat Reports | Contingency Planning | Data Security | Developing security plans | Implementing security programs | Implementing security controls | Wireshark | Nmap | Nessus Software | TPRM| ISO 27001 | PCI DSS | Risk Management Framework (RMF) | SOX | HIPAA| SSAE | SIEM Monitoring | JIRA | iOS/OS platform security | Mobile/tablet device security | Ethical hacking |Vulnerability assessment |Network security | Firewall management | Encryption | Access control and authentication | Log management and monitoring



Other Areas of Expertise:

Vendor risk management | Compliance management | Risk assessment and mitigation strategies | Contract and SLA review | Information security policy and procedure development | Security Awareness Training | Excellent communication skills.

GRC Tools: Nessus Tenable, Wireshark, Nmap, OWASP Zap, AlienVault, RSA Archer, Xacta.

Operating System: Windows 7, 8, Vista, XP, 2000, UNIX

Microsoft Tools: MS Office (Excel, Word, PowerPoint), MS Visio, SharePoint, and MS Projects

Browsers: Internet Explorer 7,8, 9, Firefox, Chrome, Safari