Shola Iyiola

Tyson, VA
• Assist Account Security Officer (ASO) and Segment Security Officers (SSO) to ensure operational security measures are implemented.
• Conduct document reviews of NIST, FISMA and other policy documents related to enterprise technologies and recognize, modify and update procedures resulting from the new guidance.
• Develop core documents such as System Security Plan, Contingency Plan, Incident Response Plan.
• Manage and create documentation for four systems.
• Review and continuously monitor implemented security controls.
• Create and maintain security checklists, templates and other tools to aid in the A&A process.
• Perform risk analyses to determine and recommend essential safeguards.
• Proactively mitigate system vulnerabilities and recommend compensating controls.
• Prepare security authorization packages in accordance with the Client contractual requirements.
• Document implementation statements for the appropriate security control requirements based on NIST 800-53 rev 4 and FIPS 200.
• Handle communication with customers and answer security compliance questionnaires, while educating other developers on compliance, workflows and processes.

Bowie, MD
• Developed and updated security authorization packages in accordance with the company’s requirement in compliance with FISMA.
• Conducted kick off meetings to collect systems information (information type, boundary, inventory, etc.) and categorize systems based on NIST SP 800-60.
• Assisted System Owner and ISSO in preparing certification and Accreditation package for agency’s systems, making sure that management, operational and technical security controls adhered to a formal and well-established security requirement authorized by NIST SP 800-53 R4.
• Performed vulnerability assessment making sure risks were assessed, evaluated and proper actions taken to limit impact on the information and information systems.
• Created and updated the following Security Assessment and Authorization (SA&A) artifacts: FIPS 199, Risk Assessment Report (RAR), System Security Plan (SSP), Configuration Management Plan (CMP), Contingency Plan (CP), Contingency Plan Test (CPT), Security Control Baseline, E-Authentication, Security Test & Evaluation (ST&E), System Assessment Plan (SAP) System Assessment Report (SAR) and Plan of Action & Milestone (POA&M).
• Provided Continuous Monitoring support through Plan of Action & Milestone (POA&M), system and user audits, analyze and report scanning results, and update all corresponding security documents as needed. 
• Gathered necessary information to maintain security and establish functioning authorization boundary protection and security measures.
• Defined, created and maintained security documentation for Certification and Accreditation (C&A)/Assessment and Authorization (A&A) in accordance with government and organizational requirements.
• Ensured systems and applications Assessment and Authorization (A&A) packages were complete and thoroughly documented in accordance with requisite federal requirements.
• Provided support by assisting in reviewing risk waivers and ISA, MOU review before authorization.

Houston, TX
• Provided services as a security control assessor (SCA) and performed integral part of the Assessment & Authorization process to include SA&A documentation, reporting, reviewing and analysis requirements.
• Prepared Security Assessment and Authorization (SA&S) packages to ensure management, operational and technical security controls adhered to NIST SP 800-53 standards.
• Conducted initial assessment meetings with System Owners and all stakeholders.
• Assisted with the assessment of System Security Plan (SSP) to provide an overview of federal information system security requirements and described the controls in place to meet those requirements.
• Developed Security Assessment Plan (SAP) detailing the method in which assessment would be conducted.
• Developed Security Assessment Reports (SAR) detailing the results of the assessment along with Plan of Action and Milestones (POA&M).
• Reviewed SAR at post assessment, created and completed POA&M to remediate findings and vulnerabilities.
• Conducted assessment on General Support System (GSS), Major & Minor Applications.
• Perform security control assessment using NIST 800-53A guidance and as per continuous monitoring requirements.
• Developed security control test plans and conducted in-depth security assessments of information systems that evaluate compliance of administrative, physical, technical, and organizational policies to maintain NIST compliance.
• Conducted security assessment on Agency’s Information System using the Cyber Security Assessment Management (CSAM) assessment tool to ensure compliance with standards and communicate result of findings.
• Conducted assessment on Security Assessment and Authorization (SA&A) artifacts: FIPS 199, System Security Plan (SSP), Risk Assessment (RA), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, System Security test and Evaluation (ST&E), Contingency Plan, Plan of Actions and Milestones (POA&M).
• Ensured that risks were assessed, evaluated and proper action actions taken to limit impact on the Data & Information Systems.
• Conducted comprehensive assessment of the management, operational, technical security control employed within or inherited by an Information System to determine the overall effectiveness of the control.
• Conducted IT controls risk assessments that included reviewing organizational polices, standards and procedures and provided advice on their adequacy, accuracy and compliance with FISMA Standard.

Houston, TX
• Implemented new processes for development to assist with consistency of quality and delivery through Scrum.
• Defined the Development process and ensured JIRA would be used for development of tracking issues and enhancements.
• Protected development team from outside distractions, impediments or team conflicts, and maintained focus on Sprint Backlog and project timeline.
• Collaborated with Product Owners (PO), Subject Matter Experts (SMEs) and developers to understand customer needs and translate the information from the product backlog to user stories.
• Instituted process improvements and documentation on the wiki to improve interdepartmental interactions as well as team interactions.
• Ensured the development teams were practicing the core agile principles of collaboration, prioritization, team accountability, and visibility.
• Facilitated Sprint Pre/Planning Meetings.
• Conducted daily Stand-ups and Sprint Retrospectives for multiple sprint teams.
• Introduced Agile user stories and User Acceptance testing to client base.
• Mastered backlog training burn down metrics, velocity and task definition for all projects.
• Facilitated Scrum events and activities as necessary and ensured the team realized the value from the events respectively.
• Experienced liaison between developers and stakeholders to ensure smooth and concise delivery of useable increments.