Profiles search
Ojong Bate
Sr. Cyber Security SME
Ft. Washington, MD, United States
Details
Experience:
Cybersecurity compliance / validation of A&A packages
2022 : Present
C & G Consulting, Inc / Serco/ US Navy
Sr Cybersecurity SME
Support the RD Cybersecurity Compliance Program that includes but is not limited to IT Security Authorization (Assessment and Authorization, Continuous Monitoring and FedRAMP Certification), Plan of Action and Milestones (POA&M) Management, and IT Privacy
Provide concurrency support for all RD IT Security Authorization & Accreditation related activities.
Review and maintain Security Authorization processes and procedures for all RD Information Systems and provide subject matter expertise according NIST, USDA, RD and industry standards using the NIST Risk Management Framework.
Develop, review, and document an assessment of USDA Key Controls annually on all RD Information Systems and provide subject matter expertise using (but not limited to) NIST, USDA, RD, and industry standards.
Review, update and maintain a documented continuous monitoring process that facilitates continuous assessment for existing systems and provide subject matter expertise according NIST, USDA, RD policies, procedures, and industry standards.
Create, review and document Authority to Operate (ATO) package artifacts for DAA/AO approval.
Develop and deliver Security Authorization training as needed to stakeholders, IT Staff, and customers
Conduct Security Authorization activities of new RD Information Systems according to NIST, Department, and RD requirements
Review and maintain the incident response plan and standard operating procedures
Conduct periodic testing and exercises to assess the agency Incident Response capability
Coordinate incident handling activities with contingency planning activities
Develop and track Incident response metrics
Develop and implement incident handling and reporting procedures
Track and document information system security incidents
Develop and deliver training on Incident Response technologies, methodologies, roles and responsibilities, government standards, and industry best practice.
2020 : 2022
RD/ USDA
Sr. Cyber Security Compliance Analyst
Maintain Security Authorization and Accreditation (A&A) Certification for assigned systems and track A&A for systems
Update A&A as required for systems and provide advice, establish timeline for successful A&A of systems.
Prepare ATO packages for system recertification and Maintain all required documentation for ATO.
Support incidence response team in remediation, documentation, and reporting of all incidence.
Manage POAMs and provide oversight of system vulnerability assessment and Monitor remediation efforts of findings and communicate progress to stakeholders.
Provide advice on proposed change request and works closely with auditors to identify key controls to be assessed
Support independent security control Assessments for all assigned systems.
Use DISA Stigs for hardening of hardware/Software
Run SCAP scan on FISMA systems and analyze vulnerabilities
Analyze vulnerability reports and produce summary guidance for System Owners and administrators
Review appropriate Stigs and SCAP Benchmarks for all systems under the accreditation process.
2018 : 2019
DOL/OSHA
Sr. Cybersecurity Engineer
Independent security control assessor
2018 : 2019
Aurotech Corp
Security Control assessor
Independent security control assessor
2015 : 2018
SJCS
A&A compliance Analyst
2022 : Present
C & G Consulting, Inc / Serco/ US Navy
Sr Cybersecurity SME
Support the RD Cybersecurity Compliance Program that includes but is not limited to IT Security Authorization (Assessment and Authorization, Continuous Monitoring and FedRAMP Certification), Plan of Action and Milestones (POA&M) Management, and IT Privacy
Provide concurrency support for all RD IT Security Authorization & Accreditation related activities.
Review and maintain Security Authorization processes and procedures for all RD Information Systems and provide subject matter expertise according NIST, USDA, RD and industry standards using the NIST Risk Management Framework.
Develop, review, and document an assessment of USDA Key Controls annually on all RD Information Systems and provide subject matter expertise using (but not limited to) NIST, USDA, RD, and industry standards.
Review, update and maintain a documented continuous monitoring process that facilitates continuous assessment for existing systems and provide subject matter expertise according NIST, USDA, RD policies, procedures, and industry standards.
Create, review and document Authority to Operate (ATO) package artifacts for DAA/AO approval.
Develop and deliver Security Authorization training as needed to stakeholders, IT Staff, and customers
Conduct Security Authorization activities of new RD Information Systems according to NIST, Department, and RD requirements
Review and maintain the incident response plan and standard operating procedures
Conduct periodic testing and exercises to assess the agency Incident Response capability
Coordinate incident handling activities with contingency planning activities
Develop and track Incident response metrics
Develop and implement incident handling and reporting procedures
Track and document information system security incidents
Develop and deliver training on Incident Response technologies, methodologies, roles and responsibilities, government standards, and industry best practice.
2020 : 2022
RD/ USDA
Sr. Cyber Security Compliance Analyst
Maintain Security Authorization and Accreditation (A&A) Certification for assigned systems and track A&A for systems
Update A&A as required for systems and provide advice, establish timeline for successful A&A of systems.
Prepare ATO packages for system recertification and Maintain all required documentation for ATO.
Support incidence response team in remediation, documentation, and reporting of all incidence.
Manage POAMs and provide oversight of system vulnerability assessment and Monitor remediation efforts of findings and communicate progress to stakeholders.
Provide advice on proposed change request and works closely with auditors to identify key controls to be assessed
Support independent security control Assessments for all assigned systems.
Use DISA Stigs for hardening of hardware/Software
Run SCAP scan on FISMA systems and analyze vulnerabilities
Analyze vulnerability reports and produce summary guidance for System Owners and administrators
Review appropriate Stigs and SCAP Benchmarks for all systems under the accreditation process.
2018 : 2019
DOL/OSHA
Sr. Cybersecurity Engineer
Independent security control assessor
2018 : 2019
Aurotech Corp
Security Control assessor
Independent security control assessor
2015 : 2018
SJCS
A&A compliance Analyst
Company:
C & G Consulting, Inc / Serco/ US Navy
About
I am a dynamic and success-oriented Security Control assessor and IT Auditor with five plus years of experience in System Development Life Cycle (SDLC), Risk Management Framework (RMF), Security and Vulnerability Management. Excellent knowledge in FISMA, ISO, HIPAA, and NIST Special Publications such as FIPS199, 200, SP800-30/37, 800-53r4, 800-53A,800-60, 800-34,800-18, 800-62, 800-64, 800-137, 800-66, 800-171.
SKILLS
Risk management, Assessment, Vulnerability scanning, creation of artifacts and audit reports.
Problem solving and critical thinking ability and decision-making skills.
Good communication and organizational skills.
Knowledge of NIST, FISMA, and FedRAMP compliance standards.
Profile Photo
