Dr. M. Fofana PMP CISSP
Al Ghubaiba,UAE
Summary
Results-driven project management professional with extensive expertise in high-value project management, agile methodologies, and the full software development lifecycle. Demonstrates proficiency in tools such as MS Project, Jira, and advanced analytics to optimise workflow and ensure efficient scheduling. Skilled in budgeting control, resource allocation, and risk mitigation, with a strong focus on quality assurance and process improvement implementation. Adept at utilising PMBOK methodology to deliver projects on time and within scope while fostering consensus building and effective communication among stakeholders. Committed to driving productivity improvement through strategic decision-making and innovative business process re-engineering.
Overview
16
16
years of professional experience
1
1
Certification
Work history
Sr. Project Manager
Audley Consulting Group
Rockville, MD
10.2023 - 12.2024
- Company Overview: Health Resources Solutions Administration (HRSA)
- I work as an information technology project manager for Audley Consulting Group on their contract with HRSA within the Department of Health and Human Services
- Developed the HRSA Zero Trust Guideline for Investment Managers and Project Managers
- Supported the Director of Information Technology Governance (DITG) on the implementation of the Zero Trust Program at HRSA which consisted of 22 projects
- Some of the projects are being implemented by the National Institute of Health (NIH), some by a vendors and others by the Division of Infrastructure Security within HRSA
- I worked on the development of the integrated program schedule for 22 projects
- Supported the DITG to ensure compliance with Enterprise Performance Life Cycle (EPLC) for the implementation of IT project using the Waterfall, Agile and other frameworks
- Provided subject matter expertise for the implementation of earned value management (EVM) to monitor and track cost and schedule variance at the different project stage gate reviews
- Facilitated the proof of concept for the implementation of an enterprise records management system (ERMS) for HRSA to comply with OMB 23-07
- Prepared FY2025 HHS cost estimates for the DITG for the implementation of an ERMS for HRSA
- Develop the EPLC Project Baseline Review stage gate deliverables for the metadata extraction tool proof-of-concept project that will ensure compliance with OMB 23-07
- Use analysis of alternatives to select the optimum product for metadata extraction based on weighted objectives
- Developed of the EPLC Managed Services Framework for IaaS, PaaS and SaaS
- Facilitated the closure of 80% of delayed EPLC Jira action items by project managers and investment managers
- Assisted in the development and implementation of EPLC Jira filters, queries and reports to identify delayed action items
- Created the EPLC Jira Backlog in SharePoint Online
- Used the current investment manager information in Folio to update the investment managers information in EPLC Jira
- Supported the creating of user accounts in EPLC Jira for investment managers and project managers
- Facilitated the development of the Standard Operating Procedures (SOP) for HRSA Permanent Paper Records Digitization and for HRSA's Enterprise Records Management System
- Recommended the use of an API to ensure that investment manager and project manager information in EPLC Jira is automatically updated with information from Folio
- Developed and facilitated the adoption of Microsoft Access Relational Database for the tracking of project action items and the risk register
- Health Resources Solutions Administration (HRSA)
Sr. Project Manager
Exelon
Philadelphia, PA
01.2023 - 04.2023
- Company Overview: Brooksource
- I was a Brooksource contractor engaged to work for Exelon Fiber Network Commissioning Project to help the existing project manager get the project back on schedule and to get a key participant engaged
- This was supposed to be a six-month contract, but I got the project back on schedule in 4 months, so my contract was terminated
- To achieve these project objectives, I performed the following tasks and made the following changes to how the project was being executed:
- I used the detail design documents for the different fiber network paths to update the Path Detailed spreadsheet for the Exelon Fiber Network
- I facilitated a change in how the fiber network commissioning was being performed from having multiple visits to intermediary paths for each connection to one visit to and intermediary path at which time all the connections going through that intermediary path are configured, saving Exelon UComm organizational unit time and money (Over $40,000/) by reducing the number of trips to intermediary sites
- It also improved the quality of the detailed design process by ensuring there were sufficient available ports, jumpers and fiber cabling for the fiber connections going through each intermediary path
- I recommended the development of a decision flow chart that includes images to give to the Unions to help them understand the detailed design documents and help them implement the connections thereby eliminating the need for a network engineer to be onsite each time the Union representative had to go onsite to implement a path
- I facilitated the development of the detailed design documents and engineering drawing which were the bottlenecks in the Exelon Fiber Network Commissioning Project, by meeting every Monday morning with the UComm Engineer to remind him of the work that needed to be accomplished and checking in with him on Friday morning to identify what was accomplished and to identify and mitigate any risks that might negatively impact the project
- This increased his engagement with the project and reduced the number of outstanding detailed design documents by over 50%
- I also reviewed, edited and updated the UComm Third Party Risk Assessment requirements document to ensure it is compliant with Exelon's Information Security Policy
- I helped a UComm Sr
- Project Manager develop a project scope document, project assumptions and a Microsoft Project schedule to support the collection of Motorola device (online and offline) information and documentation into the UComm Configuration Management Database and the Information Security Database, to facilitate infrastructure risk monitoring
- Brooksource
Cybersecurity Operations Manager
SAIC
Herndon, VA
06.2019 - 07.2020
- Company Overview: Pension Benefit Guarantee Corporation
- Responsible for managing all operational information security services on the Pension Benefit Guaranteed Corporation Operations and Maintenance contract which includes managing a team of 18 technicians and analysts who provide the following daily information security functions to support the Pension Benefit Guarantee Corporation (PBGC) Information Technology Infrastructure Operations Department (ITIOD) in Washington, DC
- Managed Security Incident Handling / Incident Response, Intrusion Detection and Analysis, Intrusion Protection, Malware Analysis, Security Operations Center, Vulnerability Assessment and Remediation, and other security services
- Utilized Splunk to ingest system logs, index and developed reports of incidents that needed further triage
- Provided security engineering leadership and services to improve the security posture of the agency
- Coordinated and completed the update to the ITIOD Vulnerability Management Standard Operating Procedure
- Reviewed and presented the weekly quad reports to the SAIC Managers and ITIOD Managers
- Reviewed all information security deliverables and providing feedback to the three-information security team leads
- Attended weekly meetings with the Federal Team Leads
- Attended debriefings with the Application/Service Owners
- Helped with the development of the web application vulnerability management requirements for the Vulnerability Management Group
- Ensured the 3 teams are meeting the project monthly SLAs
- Met with the Federal Leads to identify their expectations for the Security Program
- Reviewed and approving hours worked for the team
- Developed and maintained a project schedule for the different ongoing security tasks
- Reported on the status of the difference security tasks to the Authorizing Official and members of ITIOD
- Pension Benefit Guarantee Corporation
Deputy Project Manager
Arch Systems
Baltimore, MD
12.2018 - 04.2019
- Worked for Arch Systems at Centers for Medicaid and Medicare Services (CMS) performing and managing Adaptive Capability Testing (ACT) for the Information Security and Privacy Program utilizing the Scrum methodology
- I manage a team of 24 security assessment assessors and technical writers in performing ACT and the design of the ACT ongoing authorization automated solution that involves integration with the Continuous Device Monitoring (CDM)
- Prepare the CAAT file and the Security Assessment Report (SAR) for the ACT
- Perform interviews and examine artifacts to determine the implementation status of the capabilities
- Perform a technical review of all security assessment reports (SARs) before they are submitted to the CMS customer
- Write security journals and presentations for the CMS community
Principal Information Assurance Project Manager
MKA Cyber
McLean, VA
06.2018 - 09.2018
- Worked for and reported to the MKA Cyber Chief Executive Officer on the following information security and application development projects
- Supported the office of the FAA Chief Information Officer at 800 Independence Avenue and supported several other projects for MKA Cyber
- Performed weekly updates to the FAA Senior Leadership Team Schedule that consisted of over 1,500 tasks distributed within the NIST Cyber Security Framework
- Participated in the monthly FAA CSC Leadership Meetings, documenting team meeting minutes for all issues that were agreed upon at the meeting
- Developed the Draft FY2019 Information Security Project Schedule for the FAA consisting of over 1700 tasks in 2 weeks
- All tasks were identified in their appropriate Cyber Security Framework domain
- Monitor, manage and approved of the hours planned and utilized on the FAA Project
- Provided technical supporting artifacts for contract modifications and updates
- Supervised a team of eight people
- Established monthly SMART goals for the team
- Also reviewed and approved the bi-monthly hours for the team
- Reviewed and updated the standard operating procedures for vulnerability management for the FAA infrastructure
- Managed 2 ArcSight Scenario Development Contractors for the FAA ArcSight implementation that is used to curate and classify different vulnerability and threat vectors identified in the network
- Developed the Georgetown University Vulnerability Management Project schedule that would help implement and maintained a vulnerability management program
- Developed a project schedule for the Georgetown University JIRA application updates for resource tracking and vulnerability management
- Developed a project schedule for the implementation of sensors and scanners in the Georgetown University network infrastructure
- Developed a project schedule for the Georgetown University Anti-virus updates
- Planned and supported the development of scenarios for the Watchtower applications
- Worked with the application development team to collect and prioritize the functional and business requirements for the Watchtower application
- Defined the different strategic version release levels for the application
- Commenced the development of definitions for the different Watchtower application maturity model
Director Information Security
Social & Scientific Systems, Inc.
Silver Spring, MD
11.2014 - 06.2018
- Met with the Executive Team and Group Vice Presidents within Social & Scientific Systems, Inc
- (SSS) to determine their current operational concerns, tactical and strategic goals and discuss the role that the Information Security Program would play to help them meet their operational, tactical, and strategic goals
- Met with the Director of the Information Technology Services (ITS) and Team Leads to plan and develop the information audit and monitoring program for SSS
- Developed the Information Security and Privacy Policies for SSS and established the Information Security Program
- Ensured that the information security and privacy policies are compliant for the four countries (in three continents) where SSS operates
- Developed a collaborative project management plan to help the Information Security and ITS groups meet their information security, privacy, audit monitoring, and IT operational goals
- This ensured that the IT environment was properly secured, monitored controlled and audited
- Ensured that the SSS Information Security and Privacy Policies are compliant with the Federal and State regulations/presidential directives, contractual requirements and information security, privacy and audit industry best practices and National Institute of Science and Technology (NIST) Guidelines
- Provided guidance to the SSS President and Chief Operating Officer (COO) on all information security, privacy, and audit issues for the organization
- Evaluated existing procedures and facilitate the update of procedures to ensure they are consistent with SSS Information Security and Privacy Policies
- Participated in the annual SSS Strategic Board meeting and provide guidance for Information Security Program Strategic goals
- Facilitated and managed the implementation of IBM Security Privileged Identity Management system to thwart insider threats and improve enterprise security
- Developed and managed the annual budget for the Information Security Program
- Classified the NIST SP 800-53 Rev 4 Controls for the organization into common, inherited, hybrid and system specific controls
- Obtained NIST SP 800-53 Rev 4 ATOs for 16 projects and performed annual reviews
- Prepared, developed, and presented an-hour training on 'SSS Project Security.'
- Facilitated the penetration testing of the organizations infrastructure and major applications that are Internet facing using Tenable and IBM AppScan
- Facilitated the successful restore of a deleted virtual drive from the Secure Data Center (SDC)
- Facilitated the successful and timely migration of major applications to the SDC
- Facilitated the security assessment and audit of the general support system and hosted major application and ensure that proper information security and privacy controls are implemented and document in the appropriate System Security Plan
- Developed and maintained a project schedule for all information security tasks and their associated priority
- This ensured the effective utilization of resources for the Information Security Program
- Identified information security program risk and facilitated the implementation of solutions that mitigated risk to acceptable levels for the organization
- Identified security and audit tools that facilitated and enabled the Information Security Program to meet its information security and privacy goals and objectives
- Prepared and delivered the information security quarterly reports for the SSS Audit Committee
- Prepare ad-hoc reports for the President and COO
- Organized monthly brown bag lunch sessions for the Information Security and ITS groups to meet, socialize and discuss information security challenges affecting the industry and its risk potential to the organization
- This also served as an information sharing session for the groups that resulted in overall staff improvement
- Performed quarterly literature review and background research on information security, privacy, and auditing to ensure I remain abreast with industry best practices for securing information and organizational assets
- Write white papers on topics of interest to the Information Security Group
Project Manager
Radius Technology Group, Inc.
Silver Spring, MD
02.2012 - 11.2014
- Company Overview: The Department of Labor (OCIO)
- Project Manager for a $14.4M contract with the Department of Labor (DOL), providing information security services to the OCIO and ensured compliance with FISMA, FedRAMP and HIPAA
- Lead a team of 5 information security auditors
- The project progressively received excellent past performance ratings from OCIO Federal Manager and Contract Technical Representative (COTR)
- Served as the Cyber Security Subject Matter Experts to the OCIO Information Security Officer (ISO) and the OCIO Information System Security Officer (ISSO)
- Guided the interpretation of the DOL Computer Security Handbook (CSH) that is based on the National Institute of Science and Technology (NIST) Special Publication (SP) 800-53 and ensured the requirements are met or a plan of action and milestones (POAM) is developed for 'Other than satisfied' security controls
- Developed and facilitated the execution of corrective action plans for deficiency remediation
- Established and maintained relationships with other service providers that include Lockheed Martin, Office of the Inspector General (OIG), KPMG, and other agencies to ensure timely deliverables
- Ensured timely delivery of security assessment reports (SAR) to the OCIO ISO and OCIO ISSO
- Facilitated the prompt development of POAM for vulnerabilities that cannot be mitigated
- The POAM are documented in the Department of Justice Cyber Security Assessment and Management (CSAM) tool for tracking and monitoring of vulnerabilities until they are mitigated
- Performed quality control review of all project deliverables that included: memorandum of understandings/agreements, SAR and supporting evidence, updated to the DOL CSH, POAMs, audit evidence, impact analysis, incident response reports, configuration change management control requests, standard operating procedures, incident reports, log reports, etc
- Developed and delivered annual two hours Incident Response and Contingency Plan training to DOL agencies
- Reviewed and updated the general support system (GSS) contingency plan
- Prepared and timely delivered contractor's monthly reports and bi-weekly activity reports to the customer
- Reviewed and approved team timesheets
- Ensured the timely delivery of FISMA Quarterly reports
- Ensured the timely completion of all role-based and incident response training for OCIO operations and security teams
- Timely updated and tested the contingency plan with notification drill, tabletop and tape restore
- Performed impact analysis and vulnerability scans on proposed software and hardware prior to installing on the GSS
- Reviewed and made recommendations to the Change Control Board to approve or deny change control requests
- Prepared and utilized a project management methodology to effectively monitor, control and manage project deliverables
- Reviewed and managed team member leave request to ensure that they do not negatively impact the project
- Provided expert advice on information assurance and project management best practices to the OCIO ISOs
- Reviewed RFPs and SOW for third party security assessment engagements
- The Department of Labor (OCIO)
Project Manager/Sr. Security Engineer
TMI Solutions
Lanham, MD
08.2009 - 02.2012
- Company Overview: Centers for Medicaid and Medicare Services
- Project Manager and Security Lead for a 10-year contract with Department of Health and Human Services, Centers for Medicaid and Medicare Services (CMS) and provided security testing and evaluations (STE) of the agency's resources based on FISMA and HIPAA guidelines
- Managed 12 security analysts that perform security assessments and STE for the CMS systems
- Developed and timely delivered the security assessment report
- Established and managed relationships with the stakeholders using the Myer-Briggs Personality Type Indicator
- Utilized a comprehensive suite of business requirements tool to identify and document the explicit and implicit expectations of pertinent stakeholders
- Used intrinsic motivational methods to motivate and engage the project team; and facilitated the use of extrinsic motivational initiatives to recognize exceptional performance within project teams
- Implemented annual motivational team building activities to highlight commonalities among team members and increase project performance
- Catalyzed the development of teams through the forming, storming, norming and performing phases
- Identified stakeholders for the projects then developed a stakeholder management plan, communication plan and rules of engagement
- Established the level of effort needed for the projects in collaboration with the Government Technical Lead and secure a signed copy of the Technical Direction Letter
- Additionally, developed a rough order magnitude estimates for the security assessments
- Developed the interview schedule and security assessment work breakdown structure in collaboration with the ISSO and ensured the availability of pertinent stakeholders for the security assessments
- Developed customized resource skills matrix for the different systems based on the Technical Direction Letters (TDL) and assessed the resource skills
- Developed a project schedule for the tasks, work packages, deliverables, milestones and resources
- Ensured project resource utilization are leveled and do not exceed 100%, thereby mitigating the risk of timely deliverables
- Ensured the timely execution of the security assessment plan that has been vetted and approved by the ISSO
- Managed and controlled project work packages on the critical path to ensure timely delivery of the security assessment reports
- Efficiently utilized EVM and CPM to monitor, manage and control the project costs and schedule thereby ensuring the projects are delivered on schedule and within budget
- Performed risk identification, mitigation, acceptance, transfer and management for all projects
- Implemented a quality control buddy system and quality assurance checklists that ensured deliverables met CMS quality standards
- Performed technical editing for customer deliverables
- Ensured the timely delivery of the following deliverables to the pertinent stakeholders: The draft and final security assessment plans, the customer weekly & monthly reports, the draft and final security assessment reports
- Performed out-briefing and lessons-learned sessions with the customer at the completion of each TDL and task order
- Centers for Medicaid and Medicare Services
Adjunct Professor
Bowie State University
Bowie, MD
08.2008 - 12.2011
- Company Overview: Department of Management Information Systems
- Taught the following graduate-level courses for the Management Information Systems Department:
- Information Systems Project Management (INSS 775)
- Decision Support Systems and Business Intelligence (BUIS462)
- Department of Management Information Systems
Education
Doctor of Philosophy - Civil Engineering specializing in Information Assurance Project Management
The University of Maryland College Park
College Park/Maryland/USA 01/2007 - 12/2010
Master of Science - Systems Engineering specializing in Management of Information Systems
The University of Maryland College Park
College Park/Maryland/USA 06/1999 - 08/2005
Bachelor of Engineering - Mechanical Engineering
The University of Sierra Leone
Freetown/Sierra Leone 06/1987 - 12/1992
Skills
- Knowledge of ms project
- Earned value analysis
- Time management proficiency
- Capable of delegation
- Erp systems familiarity
- Resource allocation expertise
- Jira software proficiency
- Budgeting control
- Communication excellence
- Efficient scheduling
- Stage gate process familiarity
- Advanced analytics
- Waterfall model understanding
- Proficiency in scrum framework
- Project scoping
- Gantt chart creation
- PERT charting
- Microsoft office suite proficiency
- Decision-Making prowess
- PMBOK methodology expertise
- Conflict resolution expertise
- Software Development Lifecycle
- Quality assurance understanding
- Project lifecycle management
- Risk mitigation
- Product lifecycle management
- Business case development
- Budget forecasting
- Effective decision making
- Procurement expertise
- Business process re-engineering
- Attention to Detail
- Schedule management
- Project scheduling
- Process Improvement
- High-value project management
- Contract management
- Budget management
- Jira
- Root Cause Analysis
- Customer relationship management
- Agile project management
- Workflow optimisation
- Deadline-oriented
- Gantt chart development
- Quality Management
- Process improvement implementation
- Project scope defining
- Research and Development
- Microsoft Office Suite expert
- Processes and procedures
- Project planning
- Project deadline management
- Consensus building
- Productivity improvement
- KPI review and management
Languages
English
Native
French
Advanced
Affiliations
- United States of America, Federal Aviation Administration Done Pilot License
- Cycling, motorcycle, camping and kayaking.
Accomplishments
- Radius Technology Group Inc. $500 Spot Award based on the feedback received by the Radius Human Resource Manager – 2013.
- Radius Technology Group Inc. $1,000 Spot Award based on the Federal Manager's Letter of Recommendation – 8/16/2012.
- Lockheed Martin NISC $250 Spot Award for Superior Performance in Support of the National Airspace System Implementation Support Contract – 8/3/2006.
Certification
- Project Management Professional (PMP) earned on 06/10/2009.
- Certified Information System Security Professional (CISSP) earned on 11/01/2008.
- ITIL Foundation Certificate in IT Service Management v4 earned on 7/12/2019.
- AWS Security Administrator - Pursuing.
- AWS Job Roles in the Cloud 11/28/2024.
- Certified Collabspace Specialist 03/04/2024.
- Cloud Basics 10/05/2022.
- Scrum Immersion Course 03/08/2022
- File Systems Forensics 05/15/2020.
References
References available upon request.
Timeline
Sr. Project Manager
Audley Consulting Group
10.2023 - 12.2024
Sr. Project Manager
Exelon
01.2023 - 04.2023
Cybersecurity Operations Manager
SAIC
06.2019 - 07.2020
Deputy Project Manager
Arch Systems
12.2018 - 04.2019
Principal Information Assurance Project Manager
MKA Cyber
06.2018 - 09.2018
Director Information Security
Social & Scientific Systems, Inc.
11.2014 - 06.2018
Project Manager
Radius Technology Group, Inc.
02.2012 - 11.2014
Project Manager/Sr. Security Engineer
TMI Solutions
08.2009 - 02.2012
Adjunct Professor
Bowie State University
08.2008 - 12.2011
Doctor of Philosophy - Civil Engineering specializing in Information Assurance Project Management
The University of Maryland College Park
01/2007 - 12/2010
Master of Science - Systems Engineering specializing in Management of Information Systems
The University of Maryland College Park
06/1999 - 08/2005
Bachelor of Engineering - Mechanical Engineering
The University of Sierra Leone
06/1987 - 12/1992
Similar Profiles
DEMETRA DIXON-LAWRENCEDEMETRA DIXON-LAWRENCE
Paralegal - Loan Officer at Audley Consulting GroupParalegal - Loan Officer at Audley Consulting Group
Abigail YankeyAbigail Yankey
Front of House Staff/ Waitress at North Audley CantineFront of House Staff/ Waitress at North Audley Cantine
Destiny ArmstrongDestiny Armstrong
Barista / Waitress Supervisor at Audley Dance Hall CafeBarista / Waitress Supervisor at Audley Dance Hall Cafe
ANGIELYN BALMESANGIELYN BALMES
Shop Supervisor at Uni Globe General TradingShop Supervisor at Uni Globe General Trading
MOHAMMED MUSTHAFAMOHAMMED MUSTHAFA
public relation officer at BLISS POINT GROUP BUSINESS SETUP DUBAIpublic relation officer at BLISS POINT GROUP BUSINESS SETUP DUBAI