EXECUTIVE PROFILE:

• Innovative and results - driven executive with more than 20 years of experience in project management, strategic planning and implementation.
• Responsible for managing multiple software projects simultaneously.
• Well-versed in all aspects of the SDLC.
• Possess technical and academic experience in business management, configuring, testing and securing IT networks, web applications and endpoints.
• Extensive experience in building, mentoring, and managing technical and training teams, subject matter experts, and operational staff. Dedicated team player with strong interpersonal and communication skills.
• Defines and delivers software that drives high customer satisfaction, revenue targets and business results.
• Develops strategies to collect and integrate customer feedback into product plans as well as identifying market trends.
• Sr. Cyber Security/Threat Analyst proficient in recommending, implementing, and assessing security controls (e.g., NIST 800-53, and Center for Internet Security (CIC) 20 Critical Security Controls) and developing systems-specific security documentation and reports.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Security Consultant/Business Systems Analyst

Responsibilities:

• As a senior consultant, participate in pre - sales meetings to understand client s business objectives and discuss related services offerings and capabilities.
• Assist companies developing proprietary software in all aspects of the SDLC from gathering requirements, instilling security early-on in the development phase, through testing, and deployment. Utilize issue-tracking and project management systems for defect-tracking, project management and reporting.
• Support institutions in meeting regulatory and privacy compliance managementgoals: identify the laws, rules, codes and standards applicable to their operating environment, operationalize compliance obligations into daily processes and procedures, monitor compliance controls, compliance reporting internally and externally.
• Help companies to understand what regulations, policies and obligations are applicable to them globally or at the site level, and enables to manage changes to applicable environmental, health and safety regulations, helping eliminate compliance deviations and non-compliance risks.
• Utilize theNIST Cybersecurity Framework(NIST CSF) especially NIST Special Publications (NIST SP 800 - 53 and 800 53A for the selection, implementation and assessment of managerial, technical and physical security controls, NIST SP 800-61 for the review of Incident Response plans and policies of private sector clients based on experience with government agencies .
• Supports developers in the areas of secure coding practices, vulnerability assessments, and remediation once vulnerabilities are found. Once vulnerabilities were discovered, administered and advanced trouble shooting of web access control solutions.
• These were implemented per Confidential s suggestions based on best practices and research from the well-established security community vulnerability/cyber defense organizations (e.g., OWASP, CERT, SANS, etc.).
• These solutions have entailed better monitoring (e.g., purchasing a SIEM product, better patching and network maintenance (e.g., to disable non-necessary ports, hosts on the network, or unused accounts (e.g., guest or employees who have left the organization no matter what the reason, utilizing the principal of least privilege, changing default passwords, etc.)
• For ongoing engagements, maintain a record of progress, including managing the schedule of technical deliverables, budgets and deliverable schedule. Document findings in interim and final reports for subsequent discussion with senior management.
• Review and utilize proprietary and opensource ERP software such as Postbooks, SAP and Delteck.
• Working knowledge of Active Directory and basic AD administration.
• Troubleshoot hardware and software issues in person, remotely and via the phone.
• On completion of a project, develop project post-mortems to inform process improvements which mitigate future risks and promote best practices.

Confidential, Fairfax, VA

Business Consultant

Responsibilities:

• Applied knowledge of FISMA Compliance and NIST guidelines including Risk Management Framework, SP 800 - 53, and SP-800-53A.

Confidential, Fulton, MD

Information Security/IT Auditing Professional

Responsibilities:

• led the architecture, design, implementation, support and evaluation of security - focused tools for the Department of Veterans Affairs.
• Assisted in a new initiative to enable veterans to easily access their health benefits and profile information.

Confidential, VA

Senior Information System Security Analyst

Responsibilities:

• Supported the Confidential Carrier Safety Administration (FMCSA) in maintaining and improving their IT Security Program.
• Conducted IT Audit of DOT FMCSA systems, assessing the controls in NIST SP 800 - 53 using the suggested testing methods in NIST SP 800-53A.
• Presented recommendations to Senior Management in non-technical terms so that the employees could make informed decisions on how to optimally allocate resources.

Confidential, VA

Sr. Security Analyst

Responsibilities:

• Provided executive level program management and consulting services under the Census Bureau Security Program and explained solutions to Senior Management in clear and concise terms to enable them to make informed decisions on resource allocation.
• Ensured that Census Bureau applications and general support systems remained on-line during an extremely critical timeframe and allowed the Bureau to have confidence in the high availability, integrity, and confidentiality of its data.

Confidential, MD

Senior Security Analyst

Responsibilities:

• Responsibility for project oversight and new business development in the areas of systems development and training, help desk management, IT security policy development, and green energy initiatives.
• Mentoring and project management of multi-disciplinary teams and development of business plans and new business initiatives.
• Hiring and management of junior staff and team leaders for nation-wide training projects.
• Evaluation of business progress against targets and reporting to Senior Management. Review of technical deliverables for quality and accuracy.
• Assistance in proposal-writing efforts to obtain additional work in the areas of EnergyStar implementation, EPA systems analysis and design, big data aggregation, training, testing and documentation of EPA systems.
• Coordination of new business efforts by developing strategies based on customer research, creating marketing materials, drafting technical components of proposals, and working with other technical experts to craft technical proposal responses.

Senior Systems Security Analyst/IT Auditing/Requirements Analyst

Confidential

Responsibilities:

• Led the assessment of the Confidential Forest Service financially significant General Support Systems and Major Applications in preparation for an IT Audit.
• Responsible for evaluating the design and documentation of updates necessary to enhance that Department procedures corresponded to mandatory controls.
• Held leadership role in the EPA’s IT security program which led to an appointment as Systems Security Officer for EPA’s Information system, ACRES, in support of the Brownfields program.

Work Assignment Manager/Senior IT Trainer & Requirements Analyst

Confidential

Responsibilities:

• Set up support of EPA Applications and provided technical support as well as management of the team.
• Traveled to five EPA regions to train a total of approximately 75 users on the EPA Change Management policy and system usage during 4/99 and 5/99.
• Work Assignment Manager in charge of converting EPA personnel to the use of Lotus Notes Version 5.0 for e-mail and calendar scheduling.
• Analyzed EPA information systems (e.g., gathered user requirements, conducted data modeling efforts, developed test plans and conducted testing, developed user and system administration documentation).
• Utilized issue-tracking and reporting software such as IBM Rational Clear Quest and Crystal Reports.
• Worked with teams of software and database developers to review requirements, timelines, and create test plans.
• Assisted with logistics for technical teams, including making travel arrangements.