We provide IT Staff Augmentation Services!

Security Consultant Resume Profile

  • Offeringautomatedandmanualpenetrationtestingandvulnerabilityassessmentskillstoincludea
  • uniquemixtureofcomputernetworkoperations CNO ,defense CND ,networksecurity,auditing,
  • systemsengineering,networkanalysis,informationassurance IA ,certificationandaccreditation
  • C A ,IR,andgovernmentconsultingskills,experienceandknowledge.Experienceconsistsof20
  • yearsinexposuretocomputersandnetworksexperiencesupportingtheDepartmentofDefense
  • DoD andFederalAgencies.SubjectMatterExpert SME inPenetrationTesting/Vulnerability
  • Assessments,EthicalHacking, IR,OpenSource Research and IntelligenceGathering,SocialNetwork
  • Analysis, Malware, Social Engineering, Wireless Security Assessment, CNO, CND,NOC - SOC - NSOC,
  • Blue Teams, and Independent Verification and Validation IV V .


  • Top Secret TS , Single Scope Background Investigation SSBI , 6/24/2010
  • TS, Sensitive Compartmented Information SCI ,8/16/2011
  • Law Enforcement LE / Intelligence Community IC Counterintelligence CI Polygraph, 2011
  • W2, 1099, or C2C


  • TRAINING Department of Defense DoD 8570.01-M IA Technical Level IAT II Security and III CISA GCIH , IA Management Level IAM III CISM , Computer Network Defense CND Auditor CISA CEH , CND Analyst GCIH CEH , CND Infrastructure Support CEH , CND Incident Reporter GCIH , CND-Service Provider Manager CISM Certified
  • Information Systems Audit and Control Association ISACA , Certified in the Governance of Enterprise Information Technology CGEIT , Certified Information Systems Auditor CISA , Certified Information Systems Manager CISM
  • Electronic Commerce-Council ECC Licensed Penetration Tester LPT , ECC Certified
  • Security Analyst ECSA , ECC Certified Hacking Forensics Investigator CHFI , ECC Certified Network Defense Architect CNDA , ECC Certified Ethical Hacker CEH
  • SysAdmin Audit Network Security SANS Institute Global Information Assurance Certification GIAC Certified Incident Handler GCIH Certification
  • Federal IT Security Institute FITSI Security Professional FITSP Auditor FITSP-A Certification SANS Intrusion Detection In-Depth SEC 503 , Log Management In-Depth: Compliance, Security,
  • Forensics, and Troubleshooting SEC 434 , Reverse-Engineering Malware Analysis Tools and Techniques SEC 610 , Wireless Ethical Hacking SEC 617 , Virtualization Security Fundamentals SEC 577 , Network PT and Ethical Hacking SEC 560 , Auditing Networks Perimeters and Systems AUD 507 , Hacker Techniques Exploits and Incident Handling SANS 504 , Computer Forensics Investigation and Response FOR / SEC508 , Payment Credit Card Industry PCI Data Security Standard DSS 1.2 AUD 521 , Metasploit Kung Fu for PT
  • SEC 553 580 , Web Application PT and Ethical Hacking SEC542 , Reverse Engineering Malware: The Essentials of Malware Analysis SEC 601
  • Microsoft System Center Configuration Center SCCM 2012 Training
  • Tenable Security Center 4.x and Nessus Professional Feed 5.x
  • BackTrack BT 3 4 R2 / Offensive Security Certified Professional OSCP Automated and Manual Training
  • Immunity CANVAS Penetration Testing PT and Vulnerability Assessment VA Tool VAT Training
  • Core Impact Certified Professional CICP PT Tool SAINT VA and PT Training and Certification
  • ArcSight Certified Security Analyst ACSA version 4.5 Training and Certification EnCase Computer Forensics Tool Training
  • DoD Architecture Framework DoDAF 1.5 to 2.0 Training McCabe IQ Static and Dynamic Code Review Training
  • IBM Telelogic System Architect Application Training for Federal Enterprise Architecture EA Framework FEAF and DoDAF 1.5
  • IT Infrastructure Library ITIL
  • WebApplicationsTesting:MetasploitPro,Armitage,BurpSuitePro,HPFortify/WebInspect,IBM
  • version 3 Foundation Certification
  • National Security Agency NSA INFOSEC Assessment Methodology NSA-IAM
  • NSA INFOSEC Evaluation Methodology NSA-IEM
  • CompTIA Security
  • Cisco Certified Network Associate CCNA Training
  • United States U.S. Army Functional Area 24, Information and Telecommunications
  • Systems Engineering, U.S. Army Pentagon Staff Officer's Badge, U.S. Army
  • Command and General Staff College, U.S. Army CAS3


  • AppScan,Kali HTTrack,Maltego,Nmap,FOCA,Webshag,Skipfish,ProxyStrike,Vega,Websploit,
  • Metasploit,Hydra,WebSlayer,JohntheRipper,SSLstrip,SocialEngineeringToolkit SET ,Nessus,
  • Johnny,hascat,oclHashcat,samdump2,Ophcrack,Crunch ,SpiderMonkey,ParosWebsite
  • VulnerabilityScanner,
  • WebScanner,NiktoWebScanner,HTTPrintScanner,OpenWebApplicationSecurityProject
  • OWASP Suite WebScarab,DirBuster,ZedAttackProxy ZAP ,w3afWebAppScanner,Samurai
  • WebTestingFramework WTF ,GNUWgetforHTTP-HTTPS-FTP,SQLMap,BrowserExploitation
  • Framework BeEF ,Andiparos,Fiddler,CAT,Firefox,Firebug,TamperIE,Perl,Python,Curl,Netcat,
  • McCabeIQ,REMnux,CenzicHaistorm,AcunetxWebVulnerabilityScanner,IDAPro,OllyDbg,
  • WinDbg,flare/flasm,
  • Mutillidae, XAMPP, Kali Linux, and Stunnel
  • Wire/WirelessTesting:CoreImpact,SAINT,Nmap,TenableSecurityCenter,TenableNessus
  • ProfessionalFeed,BT,Metasploit,Armitage,KaliLinux,CanvasImmunity,Helix3Pro,Emum,John
  • theRipper,FgdumpforPasswordDumping,Cheops-ng,Windowscommandlineinterface CLI ,
  • Linux CLI, Paros Web Proxy, Firewalk firewall rules, Wireshark / Tshark Textbase , Netcat TCP / UDP
  • NetworkWidget,psexecStanadardInput/Output,OpenVAS,Metasploitable,andGoogleHacking,
  • NetMonWifiCapture,AirMagnetAnalyzer,WiredEquivalentPrivacy wep crack,Aircrack-ng,
  • Aireplay-ng,KarmetasploitWireless,NetStumblerWiFiSniffer,VirtualNetworkComputing VNC ,
  • Maltego Transforms, Kismet, Network Miner, and SANS Wireless Auditing Toolkit SWAT




  • Lead and manage a four 04 person RT / PT in support of a major telecommunications provider
  • Development of PT framework / lifecycle, execution, reporting, and remediation / mitigation of
  • PT plan / tools and supporting methodologies / task list by web application program interface API , hosting hardware, hosting network infrastructure, and operating system
  • Web application Object Oriented System Analysis and Design
  • RT / PT virtual environment and tools planning, design, engineering, and provisioning
  • Planning and execution of static, dynamic, manual, automated, API / SOAP code review, middleware, web static dynamic manual automated analysis, and PT of API platforms
  • IV V of API vulnerabilities and mitigation / remediation plan of actions and milestones
  • Threat modeling and cyber intelligence gathering


ENGINEER, AmVet Technologies

  • Security analyst focused on malware analysis, IR, CND, and CNO
  • Conduct static string / metadata / code review email, email attachments, network netflows, and HTTP and dynamic malware analysis, recommended remediation steps for cyber events and IR, identify and recommend process creation and improvements
  • Threat modeling and intelligence indications and warnings
  • Building Snort and other vendor detection signatures and monitoring for IDSs, IPSs, and SIEM tools
  • Developing guidelines, processes, standard operating procedures SOP , and tactic-techniques-procedures TTP

IS / IT SECURITY CONSULTANT, Network Design Audit and Compliance NDAC


ndependent cyber consulting CMO, CND, IA, C A, and GRCM

Major Federal Agency: Federal Information Security Management Act of 2002 FISMA Continuous Monitoring External Assessor / Auditor / Information Systems Security Officer ISSO

Major Federal LE / IC Agency: Unclassified, Classified, and Standalone onsite network automated and manual pentesting / vulnerability assessments, remediation, mitigation, risk monitoring and management / C A, plan of action and milestones POA M development, monitoring, and reporting Tier 1, 2, and 3 daily intrusion detection IDS , log management and correlation, incident response, reporting, computer and network forensics, and remediation malware reverse engineering, Federal Desktop Core Configuration FDCC / United States Government Configuration Baseline USGCB , Security Test and Evaluations ST E , FISMA compliance, CNO / network monitoring, CND / firewall / routers / IDS / IPS monitoring, end user of cyber Foreign Intelligence Act FISA and Suspicious Activity Reports SAR products, and duties as an Information Systems Security Engineer ISSE / Officer ISSO

United States Army Installation Management Command: DoD IA C A Process DIACAP for 150 systems, NIPR and SIPR CCSD Management, Port Protocol Service Management PPSM , Army Portfolio Management System APMS using ProSight, PCI DSS system audits, onsite Network devices and Web application automated and manual pentesting / vulnerability assessments, audits, IAVM, IRT, and IA Manager IAM

  • Defense Information Systems Agency DISA : Enterprise Architecture and Technical Architecture Design, Strategy, and Implementation DoDAF 1.5



  • Contractor S6 / Signal Officer of an U.S. Army Pentagon Staff Support Agency Rapid Equipping Force, DAMO-OD, HQDA G-3/5/7
  • Performs a variety of duties to include establishing immediate, short and long term IA / Information Operations IO / IT/ IS / Information Management IM vision and architectural framework and roadmap to plan, staff, budget, test, provision, implement, and audits the IA / IO / IT / IS / IM vision
  • Directed and developed strategic IA / IO / IT / IS / IM plans and program that is fully integrated with the agency's strategic, operational, and tactical plans. Coordinates and oversees IA / IO / IT / IS / IM investment strategies
  • Developed and executed a 3.5M budget for internal and external requirements
  • Manage a staff of seven IT contract professionals Project Manager, Web Portal Developer, IR Team IRT , Web Design Developer, Database Architect, IA Analyst, and two help desk technicians
  • Interfaced with the Fort Belvoir Director of Information Management DOIM for common level support

PROJECT MANAGER PM / SENIOR LEAD NETWORK SECURITY ENGINEER, General Dynamics Advance Information Systems, Oakton, Virginia

  • PM of an IA, CNO, CND, and IRT sub-contract for the Department of Defense Advanced Research Project Agency, DoD
  • 500K contract value and responsible for 30 IA, NetOps, and CND individuals responsible for the 24 x 7 NOC and SOC, C A, IA Awareness Training development, IA policy development, and IA training development and delivery
  • PM of an IA, CND, and IRT contract for the IA Division, Force Protection Technology Directorate, Pentagon Force Protection Agency, DoD
  • Management lead and engineer for internal Blue Team Vulnerability Assessment efforts for VAAM and PT
  • 1.7M contract value and 14 individuals responsible for the 12 x 7 IA SOC, C A, IA web portal development and hosting, IA policy development, and IA training development and delivery
  • Oversaw 17 senior IA / IRT analysts and provided strategic management of a 24x7 Watch and Analysis Operations Center for the National Coordination Center Telecommunications Information Sharing and Analysis Center, National Communications System, Department of Homeland Security DHS which performs a variety of complex project tasks applied to specialized technology and telecommunications problems
  • Interfaced with the Joint Task Force for Global Network Operations JTF-GNO
  • MULTIPLE POSITIONS in INFORMATION AND TELECOMMUNCATIONS SYSTEMS ENGINEERING AND MANAGEMENT, MANAGEMENT, OPERATIONS, and LOGISTICS SYSTEMS ENGINEERING, May 1983 to June 2004: Deputy Commander DISA Global Network Operations and Security Center GNOSC and DoD Computer Emergency Response Team DoD CERT , Chief Logistics Branch U.S. Army Special Operations Agency, Team Chief Combat Service Support CSS Observer Controller Trainer, Battalion Bn Executive Officer, Corps Logistics Plans Officer, Bn Logistics Officer and IM Officer IMO , Maintenance Company Co Commander, Regimental Materiel Officer and CSS Automation Management Officer CSSAMO , Bn Support Operations Officer, Co Shop Officer, Co Technical Supply Officer, and Platoon Leader

Hire Now