Baudelaire, Aghomo Noumedem

Core competencies:

Over 17+ years of combined experience in Cyber Security RMF and SOC Operations | SDLC for System
acquisition, development and implementation | Cyber security Framework NIST publications, FISMA |Cyber
threat hunting | Malware analysis | PCAP analysis | Vulnerability Scanning | Threat correlation | Advanced
Persistent Threat (APT) hunting | TTP analysis | Cyber Threat Intelligence | Insider Threat analysis | Cyber
Incident Response | Cyber Threat Hunting | Cyber intrusion analysis | Certification and Accreditation | Continuous
Monitoring | Vulnerability Management | Cyber Threat Framework | Cybersecurity Framework (NIST, RMF, CIS ) |
Perimeter security – Firewall, IDS/IPS, VPN, Proxy
Security Engineer and Analyst Skills

 Practical use, implementation and a solid knowledge of information security principles

 Performs Audit Assessment with ITGC and Application Controls.
 Detailed-oriented to IT/IA Infrastructure guidelines, practices and planning inconsistent with various NIST
publications, FISMA& other corporate IT Security /Audit guidelines
 Extensive knowledge of FISMA, C&A, NIST SP 800-series (53, 53a, 37, 60) FIPS 199, FIPS 200, RMF, SSP,
SAR, IT Audit, Configuration Management, Contingency Plan, Privacy Impact Analysis (PIA), Privacy Threshold
Analysis (PTA)
 DOJ CSAM system use for documentations
 Extensive experience working in a Security Operation Center
 Extensive Vulnerabilities management and analysis experience, Experience with Qualys scanner and analysis.
 Experience with Nessus scanner and analysis.
 Extensive experience with firewalls and an in-depth understanding of computer/network security concepts, VPNs,
proxies, and networking, Experience working with Cisco ASA SourceFire Suite.
 Experience using Splunk for events log and traffic Analysis
 Experience working with TrendMicro for malware analysis in the SOC
 Experience with capture and analyzing of network traffic, using a variety of network tools such as Wireshark and
Nmapto assess security-related events.
 Strong understanding of network security protocols and products from Cisco
 Hands on experience with Vulnerability Scanning & management (Nessus Security Center,HP Web Inspect etc...)
 Hands on experience with intrusion detection/prevention systems IDS\IPS
 Experience hardening and creation of rules for firewalls, switches, routers and other network equipment
 Experience writing filters, plugging, access control lists, and monitoring rules for new and existing continuous
monitoring products
 Hand on experience in security systems, including firewalls, intrusion detection systems, anti-virus software,
authentication systems, log management, content filtering, etc
 Thorough understanding of the latest security principles, techniques, and protocols
 Familiarity with Splunk System Event Management dashboard, application creation and back end infrastructure.
 Extensive knowledge of FISMA, C&A, NIST SP 800-series (53, 53a, 37, 60) FIPS 199, FIPS 200, RMF, SSP,
SAR, IT Audit, Configuration Management, Contingency Plan, Privacy Impact Analysis (PIA), Privacy Threshold
Analysis (PTA)

Network Engineer Skills

 Experience configuring, implementing, and supporting solutions using Cisco network equipment
 Knowledge of IP traffic flow, protocol analysis, capturing and monitoring of live traffic streams
 Experience troubleshooting complex problems in a Cisco network environment. Knowledge of LAN and WAN
QoS configuration.Good knowledge of OSPF/EIGRP/Spanning Tree protocols
 Ability to use Network Sniffers, analyze data to resolve network issues
 Ability to analyze network performance data to identify trends and potential problems, and support
recommendations to modify and/or upgrade network equipment or services
 Broad understanding of all aspects of LAN and WAN operation, load balancing, routing, topology, QoS,
 Experience implementing and supporting virtual private networks (VPN).
 Knowledge of the OSI seven layers model, TCP/IP four layers model, how network behaves at different level
of the OSI and TCP/IP model
 In depth knowledge of networking principles including TCP/IP protocols, IPv4, IPv6 and Subnetting
  Knowledge of VLAN configuration with VLAN Trunk and VLAN Access mode.Knowledge of static NAT and
Dynamic NAT. Ability to create and apply ACL’s to meet organizational security policy requirements

Platforms And Tools

Platforms: Windows 10, Windows Server 2016, Linux /Red Hat/ Kali, Mac OS
FedRAM and CSAM
SIEM Tools: Splunk Enterprise Security, Splunk UBA, Splunk Phantom, ArcSight, IBM Qradar
Insider Threat: ForcePoint, Microfocus Interset UEBA, SpectorSoft Veriato, ObserveIT, Splunk UBA, TeraMind
Forensic: EnCase, SANSInvestigative Forensic Toolkit (SIFT)
PCAP: WireShark, FireEye PX, Moloch,
Threat Intel: FireEye iSight Patners, ThreatConnect, LookingGlass, Infoblox ThreatCenter, Anomali, Cisco Talos,
Deep SightIntelligence, McAfee Threat Intelligence Exchange, LookingGlass Scout Vision, AlienVault,
MISP, AlienVault
Firewalls: Palo Alto Next-Generation Firewall (NGFW), Palo Alto Panorama, Cisco Firepower, Cisco Next-
Generation FirewallVirtual (NGFWv), Cisco Adaptive Security Appliance (ASA)
IPS and IDS: Cisco Firepower, Cisco Sourcefire, TippingPoint Threat Protection System, F5 Network's BIG-IP
Ticketing: BMC Remedy ITSM, Service Now
Scanners : Nessus Tenable, Qualys, Web Inspect.
Patching: Tanium, Microsoft (WSUS, SCCM), IBM Tivoli BigFix,
Malware analysis: Cuckoo Sandbox, Kali Linux, OPSWAT
Other Security tools: Fire Eye NX/ PX/ EX/ IA, Symantec Endpoint Manager, McAfee ePO Orchestrator (HBSS),
CiscoAdvanced Malware Protection (AMP), Cisco IronPort Email Security, Trend Micro, Carbon
Black, Attivo, DBProtect, Digital guardian, Cylance, Nessus, SolarWinds, Infoblox, Gigamon,
Akamai

CERTIFICATIONS

 Certified Ethical Hacker ( CEH )

 Palo Alto Certified Network Security Engineer ( PCNSE)
 Splunk Certified Power User
 Cisco Certified Network Associate ( CCNA Security )
 Certified Security+
 Certified Network+
 Certified SolarWind Professional
 Cisco Certified Network Professional (CCNP Routing &Switching )
 Microsoft Certified Solutions associate – MCSA ( in progress)

PROFESSIONAL EXPERIENCE

Senior Cyber Security Analyst/Engineer 05/2019–Present

GDIT - CSRA, Virginia May 2019 to Present

From June 2020 to Present – Support the USAID Bureau of Humanitarian Assistance

 Prepare/update System Security plan, Security Assessment Report and POA&M to maintain compliance status
and reauthorization
 Create and maintain existing information system security documentation, including System Security Plan (SSP),
Security Controls Matrix and/or Assessment, and Security Configuration Guide (controlled changes to the
system).
 Prepare system documentation for assessment in accordance with the Risk Management Framework (RMF) and
NIST Special Publications (800-37, 800-53 and others); identify deficiencies and provide recommendations for
solutions.
 Create security policies and maintain existing information system security documentation.
 Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package.
 Work with the Information Assurance (IA) team to perform basic system administration and maintain various IA
tools, including audit collection and reporting systems, vulnerability management programs, and other continuous
monitoring capabilities.
 Security Assessment and Authorization (SA&A) Support
 Assessment& Management (CSAM) tool for the development and housing of All ITsecurity documentation.
 Knowledge of and experience with the CSAM system, andits most currently recommended usage, is required
 Participate in the change management process, including reviewing Requests for Change (RFC) and assist in the
assessment of a potential change's security impact.
 Develop enterprise risk analysis strategy to support the House network infrastructure, major applications, and
desktop systems
 Identify and evaluate system technical, management, and operational security controls in accordance with NIST
SP 800-53A
 Prepare assessment report for systems in compliance with SP 800-53a and document the assessment in the
security assessment report (SAR) along with POA&M
 Prepare, update and maintain Plan of Action & Milestones (POA&M)
Ensure that systems’ that systems' Plan of Action & Milestone (POA&Ms) are closed or update provided where
necessaryin thePOA&M tracking tool CSAM.
 Coordinate various cyber security activities that includes risk assessment, incident response, configuration change
control, and vulnerability scan remediation. Document and finalize Security Assessment Report (SAR)
 Vulnerability Scanning, analysis and remediation management.
 Conduct Vulnerability Assessments of Network and Security devices with Nessus Tenable
 Participatedin the continuous monitoring of the system using various tools such as: Nessus Scanner, WebInspect
and Wireshark for packet capture.
 Lead of the continuous Vulnerability assessment team using Nessus Security Center and IBM Qradar Security
Event Management for daily security check
 Frequently used of Nessus Security Center for vulnerability scanning, web application auditing and credentialed
patch analysis and provide appropriate recommendations

From May 2019 to June 2020 – Support the Federal Deposit Insurance Corporation

 Install, configure and maintain Palo Alto and Cisco ASA Firewalls
 Created Firewall policy rules according to the company’s guidelines for Cisco ASA firewall and Palo alto Firewall.
 Work with appropriate teams: Cloud Team, Monitoring Team, DevOps Team, Infra-Testing Team, Database
Support, and so on to implement designs and changes.
 Configure and troubleshoot Palo Alto Firewall HA fail over pair
 Maintained and administered perimeter security systems such firewalls and IDS/IPS
 Routinely used of CLI to manage, monitor and troubleshoot Palo Alto and ASA Firewalls.
 Migrated users from legacy firewall security appliance to NGFW appliance.
 Constantly troubleshoot and perform traffic analysis using Palo alto Monitor winglet
 Used of Panorama Centralized monitoring and management to maintain and manage over 100 Palo alto firewalls
 Created Firewall policy rules according to the company’s guidelines for Cisco ASA firewall and Palo alto Firewall
 Malware monitoring and filtering using Cisco IromPort M380
 Malware analysis and protection using FireEye security platform.

SOC Analyst Tier II, ATR Inc. 05/2019– December 2020

Support the US Census Bureau
 Security Operation Center Analyst using Splunk SIEM, Cisco FirePower Threat defense center, Carbon Black
endpoint protection and other tools to gathering information and respond quickly and effectively to security events
and threats.
 Support Tier I analysis with deep analysis using various in house tools and authorized OSINT Tools.
 Performed security event analysis with Splunk
 Created and run search queries in Splunk SIEM tool to help with identifying and troubleshooting security issues
 Tracking suspicious network, application, and user behavior within Tanium report.
 Used of Carbon Black for threat hunting and incident response
 Used of Carbon Black phishing automation to protect system against most recent threats
 Frequently used of Tanium for traffic analysis and containment in case of breach.
  Provide second level IDS monitoring, analysis and incident response to information security alerts events
 Performs detailed examination and analysis of Phishing sites;
 Performs detailed analysis of other fraud types (Vishing, 419 Scams, and Pharming).
 Analyze a variety of network and host-based security appliance logs (Firewalls, NIDs, HIDS, sys Logs, etc.) to
determine the correct remediation actions and escalation paths for each incident.
 Provided strong troubleshooting skills as needed for network related security issues in support to the NOC &
SOC.
 WAF alerts, endpoint malware alerts and other emerging log sources/technologies. Working familiarity with cyber
security frameworks (such as Cyber Kill Chain, MITRE ATT&CK) and applying these frameworks to the enterprise
security program. Look through network flow,
 PCAP, logs, and sensors for evidence of cyber-attack patterns, hunt for Advanced Persistent Threats (APT).
 Monitor open source and commercial threat intelligence for IOCs, new vulnerabilities, software weaknesses, and
other attacker TTPs.
 Develop advanced queries and alerts to detect adversary actions. Coordinate threat hunting activities across the
network leveraging intelligence from multiple internal and external sources, as well as cutting-edge security
technologies.
 Assist with response and investigation efforts into advanced/targeted attacks. Hunt for and identify threat actor
groups and their techniques, tools and processes. Identify gaps in IT infrastructure by mimicking an attacker’s
behaviors and responses. Provide analytic investigative support of large scale and complex security incidents.
 Perform Root Cause Analysis of security incidents for further enhancement of alert catalog.
 Continuously improve processes for use across multiple detection sets for more efficient Security Operations.

Cyber Security Engineer, ASM Research / Accenture Federal - 06/2018–05/2019

Support the Library of Congress, D.C

 Implementation of the security Stack for the new Data Center

 Preparing the company for AWS cloud migration for security tools: design necessary application re-factorization,
establish baselines, create migration plan, and other.Splunk SIEM implementation
 Splunk indexer installed Amazon EC2 Cloud Instances using Amazon Machine Images (Linux) and windows
 Splunk forwarder installed in multiple instances. Splunk cluster aggregation installed on Amazon EC2 Cloud
Instances using Amazon Machine Images (Linux) and windows. Migration to Cloud Platform
 Aligned security vision with the Cloud Office to ensure DevSecOps principles were honored. Finally, implemented
security controls in an automated and replicable manner using CloudFormation
 Working with the development team to refactoring on-premises applications to the cloud, using containerization
and Lambda functions
 Coordinated the deployment of FireEye security monitoring platform
 Implemented out of the box Palo Alto firewall PA 5200 serie
 Implemented out of the box Panorama 5000 series for PA 5200 management. Palo Alto Firewall and panorama
High Availability (HA) configuration completed. Implemented Palo Alto proxy forwarder for outbound traffic.
 Out of the box installation of Cisco Firepower 2110 and 4150
 Run and coordinated all vulnerabilities scan with Qualys Vulnerability Management
 Provided support for the ATO package in regard for vulnerability timeline and remediation
 Coordinated all vulnerability remediation with different teams for ATO package
 Run and coordinated compliance scan remediation with different teams, Provide all Scans documentations to the
LOC
 Execute and support vulnerability assessments: vulnerability scanning, penetration testing, outcomes analysis,
issues remediation on the cloud platform.
 Provide technical oversight on Security Compliance Program to ensure all software systems are implemented
according to information security policies and technical guidelines
 Conduct in-depth technical security review, risk assessment, and source code reviews of software systems during
all phases of the system development life cycle and provides recommendations for improvements
 Assist in the categorization, description of systems functionalities and boundaries in compliance with the NIST SP
800-60, FIPs 199
 Assist with C&A reviews, security test and evaluations (ST&E), and drafting associated reports
 Conduct security awareness training and expected rules of behavior for end-users
 Establish and maintain user accounts, profiles, file sharing, print sharing, access privileges and security
Cyber Threat Hunter, ASM-Research 03/2016– 06/2018
Support the Department of Veteran Affairs

 Member of the Incident Response Team and vulnerability management team, application vulnerability
assessment, risk analysis and compliance testing in support to the SOC/NOC infrastructure.
 Coordinate various cyber security activities that includes risk assessment, incident response, configuration change
control, and vulnerability scan remediation.
 Identify, track and remediate vulnerabilities identified within all security tools
 Generated monthly metrics reports regarding outstanding issues for management review.
 Performed a compliance gap analysis and presented a list of recommendations.
 Performed risk assessments to ensure compliance
 Frequently used of US-CERT alerts and threats publication and the National Vulnerability Database for
vulnerability analysis.
 Assisted in the support and preparation of IT systems and applications risk assessments.
 Prepared reports on audit findings and made recommendations for correcting unsatisfactory conditions, improving
operations and reducing the compliance cost.
 Provided strong troubleshooting skills as needed for network related security issues in support to the NOC & SOC.
 Identify, track and remediate vulnerabilities identified within all security tools of the NOC & SOC
 Create and run search queries in Splunk SIEM tool to help with identifying and troubleshooting security issues
 Performed impact analysis and risk assessment on security plans as submitted by the network and web scans
result.
 Performed regular system scans using Qualys Scanner tools and provide metrics to client
 Maintained situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and
Focused Operations (FO) incidents.

Cyber Security Engineer, 12/2014– 12/2015

Raytheon Intelligence, Information& Services, Riverdale office, MD
 Member of the Incident Response Team in charge of Networking issues, using the System Operation Center
( SOC ) and Cisco ASA SourceFire defense center to gathering information and respond quickly and effectively to
security events and threats
 Research, analysis, and response for alerts; including log retrieval and documentation. Conduct analysis of
network traffic and host activity across a wide array of technologies and platforms.
 Perform general SIEM monitoring, analysis, content development, and maintenance. Assist in incident response
activities such as host triage and retrieval, malware analysis, remote system analysis, end- user interviews, and
remediation efforts.
 Compile detailed investigation and analysis reports for internal SOC consumption and delivery to management.
 Track threat actors and associated tactics, techniques, and procedures (TTPs) by capturing intelligence on threat
actor TTPs and developing countermeasures in response to threat actors. Analyze network traffic, IDS/IPS/DLP
events, packet capture, and FW logs. Analyze malicious campaigns and evaluate effectiveness of security
technologies.
 Review alerts generated by detection infrastructure for false positive alerts and modify alerts as needed. Provide
forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application
logs, as well as logs from various types of security sensors.
 Participatedin the continuous monitoring of the system using various tools such as: Nessus Scanner, WebInspect
and Wireshark for packet capture.
 Lead of the continuous Vulnerability assessment team using Nessus Security Center and IBM Qradar Security
Event Management for daily security check
 Frequently used of Nessus Security Center for vulnerability scanning, web application auditing and credentialed
patch analysis and provide appropriate recommendations
 Conducting event management, compliance automation, and identity monitoring activities using HP ARCsight
SIEM
 Responsible to provide response to all network Vulnerabilities and threats to the system
 Used of Qradar for the Daily security checks and participated in the analysis of the findings as needed.
 Responsible for the monitoring of the posture of the Cisco NIDS/IPS within the system
 Participated in the Installing of ASA firewalls, networking, data encryption and other security measures
 Responsible for the regular update of the intrusion Prevention System sensors signature.
Security Analyst, 01/2011 – 12/2014
41 Energy Inc, TUSTIN, CA

 Evaluated Information System threats and vulnerabilities to determine whether additional safeguards are needed
for a wide range of IS security related areas including architectures, firewalls, electronic data traffic, and network
access
 Participated the SDLC (System Development Lyfecycle)
 Used Cisco ASA SourceFire defense center for advance threats monitoring, network and web visibility and
analysis.
 Used of Cisco ASA fireSight to monitor and stop advance threats on Endpoints
 Recommend and implement solutions to diagnose network performance issues
 Responsible for the evaluation and approval of Firewall changes(Cisco ASA)
 Perform inventory control and asset management log
 Writing Nessus filters, choosing plugging for vulnerability scan and continuous monitoring of the system
 Used of Splunk for compliance during the continuous monitoring phase of the Risk Management Framework
 Prepare/update System Security plan, Security Assessment Report and POA&M to maintain compliance status
and reauthorization
 Develop, conduct, and prepare reports for security audits, reviews and other actions, as appropriate
 Develop enterprise risk analysis strategy to support the House network infrastructure, major applications, and
desktop systems
 Identify and evaluate system technical, management, and operational security controls in accordance with NIST
SP 800-53A
 Prepare assessment report for systems in compliance with SP 800-53a and document the assessment in the
security assessment report (SAR) along with POA&M
 Prepare, update and maintain Plan of Action & Milestones (POA&M)
 Coordinate various cyber security activities that includes risk assessment, incident response, configuration change
control, and vulnerability scan remediation
 Document and finalize Security Assessment Report (SAR)

 Provide technical oversight on Security Compliance Program to ensure all software systems are implemented
according to information security policies and technical guidelines
 Conduct in-depth technical security review, risk assessment, and source code reviews of software systems during
all phases of the system development life cycle and provides recommendations for improvements
 Participate in network and systems design to ensure implementation of appropriate systems security features
 Assist in the categorization, description of systems functionalities and boundaries in compliance with the NIST SP
800-60, FIPs 199
 Assist with C&A reviews, security test and evaluations (ST&E), and drafting associated reports
 Conduct security awareness training and expected rules of behavior for end-users
 Establish and maintain user accounts, profiles, file sharing, print sharing, access privileges and security
 Installing firewalls, networking, data encryption and other security measures
 Recommend and implement solutions to diagnose network performance issues
 Determine, diagnose and evaluate workstation and application performance issues
 Recommending security enhancements and purchases
 Implement policies and procedures for responding to security incidents, and for investigating and reporting
security violations and incidents; assist with forensic investigations across the corporation
 Involve in determining system categorization, selecting/implementing security controls, and assessing the
implemented controls to verify and ensure effectiveness
 Escalate issues when necessary, and following up on any escalated issues
 Perform systems testing and networking connectivity testing (including firewalls and VPN systems)