Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

STEPHEN KWAKU DUAH

Cybersecurity Analyst
NewYork

Summary

Information Security Specialist with passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for cloud-based software. Versed in robust network defense strategies. Trusted Cyber Security Engineer with 3+ years protecting companies against both internal and external threats. Talented at preemptively detecting unidentified threat vectors and applying preventive measures to mitigate security flaws. Employs technological solutions and personnel training to harden both people and machines against malicious actors.

Overview

4
4
years of professional experience
2
2
years of post-secondary education
5
5
Certifications

Work History

Cybersecurity Analyst

CSAA - Aaa Insurer Company
06.2020 - Current
  • Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
  • Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
  • Directed in-house cyber security auditing program to detect flaws and weaknesses in Software.
  • Created cybersecurity best practice communications to educate staff against known threats and potential vectors of attack.
  • Assisted in conducting cloud system assessments.
  • Worked in a SOC environment, where | assisted in documenting and reporting vulnerabilities (Tier1).
  • Helped in updating IT security policies, procedures, standards and guidelines according to department and federal requirements.
  • Used Splunk to monitor systems in a real-time to capture, index, analyze, investigate, generate reports, enhance application management, and enforce compliance on corporate security policies.
  • Support Cyber Security analyst in conducting Vulnerability Management, Security Engineering, Certification and Accreditation, and Computer Network Defense.
  • Used SIEM for real time system monitoring, analysis, evaluation, forensic investigation, and for enforcing enterprise's security policies compliance.
  • Used EnCase software tool in conducting computer forensic investigations to recover evidence or data from seized hard drives. Recovered evidences are used for further forensic analysis.
  • Used FTK (Forensic Toolkit) to perform a thorough cyber forensic investigation or examination. Gathered evidences are analyzed and are used to create a report for further actions
  • Used ProDiscover security tool to locate data, protect evidences, and document and create report.
  • Perform risk assessments, update and review System Security Plans (SSP) using NIST 800-18 (Guide for Developing Security Plans for federal information systems) Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration
  • Responsible for conducting analysis of security incidents. Perform investigations of unauthorized disclosure of Pll. Responsible for reporting findings and provide status to senior leadership. Perform escalations to Regional Computer Emergency Response Team (RCERT) when required.
  • Perform vulnerabilities scan and monitor continuously using NIST 800-137 as a guide with the aid of Nessus

Cybersecurity Analyst

Fannie Mae
02.2019 - 05.2020
  • Developed, reviewed and updated Information Security System Policies, established security baselines in accordance with NIST, FISMA, FIPS, and industry best security practices.
  • Performed vulnerability scanning with the support of Nessus scanning tool to detect potential risks on a single or multiple asset across the enterprise network.
  • Updated IT security policies, procedures, standards, and guidelines per the respective department and federal requirements.
  • Performed risk assessments, help review and update, Plans of Action and Milestones (POA&M), Security Control Assessments, Configuration Management Plans (CMP), Contingency Plans (CP), Incident Response Plans (IRP), and other tasks and specific security documentation. (SA&A) Security Assessment and Authorization using NIST SP 800-53 rev4/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls).
  • Participated in creation of device hardening techniques and protocols.
  • Monitored computer virus reports to determine when to update virus protection systems.
  • Performed risk analyses to identify appropriate security countermeasures.

Education

Bachelor of Arts - ACCOUNTANCY

POLYTECHNIC UNIVERSITY, SUNYANI- GHANA
05.2005 - 06.2007

Skills

Qualys Cloud Platform

undefined

Certification

CYSA+

Timeline

Cybersecurity Analyst

CSAA - Aaa Insurer Company
06.2020 - Current

Cybersecurity Analyst

Fannie Mae
02.2019 - 05.2020

Bachelor of Arts - ACCOUNTANCY

POLYTECHNIC UNIVERSITY, SUNYANI- GHANA
05.2005 - 06.2007

Similar Profiles

  • ALANA BARTON

    ALANA BARTONALANA BARTON

    Sr. Service Agent-Remote at CSAA Insurance Group, a AAA InsurerSr. Service Agent-Remote at CSAA Insurance Group, a AAA Insurer

    View Profile
  • Ashmaa Kretz

    Ashmaa KretzAshmaa Kretz

    Adjuster at Csaa a AAA InsurerAdjuster at Csaa a AAA Insurer

    View Profile
  • Suresh Kannan Duraisamy

    Suresh Kannan DuraisamySuresh Kannan Duraisamy

    IT Senior Manager -Enterprise Performance Testing & QA Automation at CSAA Insurance Group, a AAA InsurerIT Senior Manager -Enterprise Performance Testing & QA Automation at CSAA Insurance Group, a AAA Insurer

    View Profile
STEPHEN KWAKU DUAHCybersecurity Analyst