SUMMARY:

• Confidential has over seven (7) years of experience as a Cybersecurity expert supporting Information Assurance in the areas of information systems auditing, security program management, and certification and compliance.
• He has in - depth knowledge of industry-wide best practices, guidelines, and standards for implementing and complying with National Institute of Standards and Technology (NIST) Special Publication 800 series, Federal Information Security Management (FISMA), and Federal Information Processing Standards (FIPS).
• He possesses a high level of analytical ability in IT Security and has had first-hand experience in applying the risk management framework (RMF).
• He has managed multiple Assessment and Authorization (A&A) packages that required the creation and review of: System Security Plan (SSP), Plan of Action and Milestone (POA&M) and Security Assessment Report (SAR). In addition, he has authored RMF packages. Authored artifacts included BIA, PIA, SSP, CP, IRA, COOP, POA&M, and SAR.
• He has experience managing artifacts with Xacta, to continuously monitor and manage DIARMF and RMF artifacts.
• He has implemented security measures to protect information systems and data through documentation of the following policy procedures and guidelines: Critical Infrastructure Protection (CIP), Risk Assessments, and Contingency Plans (including Business Continuity Plans (BCP), Continuity of Operations Plans (COOP), and Disaster Recovery Plans (DRP)).
• Confidential skills also includes the use of scan tools such as Tenable Security Center (TSC) and Nessus, WebInspect Enterprise, Wireshark for Network Security and Monitoring, Metasploit, OpenVAS, Wireshark, and NMAP for Penetration Testing.

TECHNICAL SKILLS:

Operating Systems: Microsoft Windows 2008 and 2012, Vista, UNIX Linux, Red Hat, and Sun Solaris 10

Applications: Tripwire, and Tenable Security Center, Microsoft Office Suite (Project, Visio, Excel, Word, PowerPoint, Outlook)

Web/Database:, Oracle 10s, SQL 2003 and Apache

PROFESSIONAL EXPERIENCE:

Confidential

Information System Security Officer

• Work closely with System Owner (SO) and Technical POC for assigned systems to develop and/or maintain the following Security Assessment & Authorization (SA&A) Artifacts: System Security Plan (SSP), Risk Assessment Report (RAR), Business Impact Analysis (BIA), Privacy Impact Analysis (PIA), Contingency Plan (CP), Contingency Plan Testing to include: CP Test Participant Guide; CP Test Administrator Guide; After Action Report (AAR), FIPS 199 Categorization / Rating, Plan of Action & Milestones (POA&Ms), Completes monthly administrator access reviews, Completes annual non-privilege user account reviews, Completes annual account recertification process, Tests security controls based on ICE defined timeframe.
• Maintain A&A project documentation in XACTA and update the documents on an annual basis as part of the continuous monitoring RMF requirement. Perform independent compliance reviews, tracking, and continuous monitoring of RMF A&A packages. Advise and assist with the Lifecycle Assessment and Authorization (A&A) process and developing a Systems Security Plan (SSP).
• Protects and sustains the information assurance requirements for system and information availability, access control, integrity, confidentiality and non-repudiation for these environments.
• Performs analysis on any special compartments including verification of any special handling requirements, identifying systems processing sensitive but unclassified information requiring additional security controls, and by identifying the type of information processed (Privacy Act, financial, critical operational, proprietary, and administrative).
• Maintains POA&M to include vulnerabilities uncovered during the vulnerability management process. Supports all compliance reporting activities required by the COR. Train other ISSOs on how to understand network diagrams provided by engineers and interpret raw data from vulnerability scan results generated through Nessus.

Confidential

Network Security Engineer

• Confidential supported the Office of the Chief Security Officer at the General Services Administration (GSA) where he worked with Security Operations, Security Engineering, and the Policy and Compliance Divisions to ensure systems were securely implemented and in compliance with FISMA, OMB, and GSA IT policies under ISSO jurisdiction. Major responsibilities included performing vulnerability scanning for agency wide servers and web applications with Tenable Security Center and WebInspect Enterprise, while managing enterprise wide scan credentials to increase the number of authenticated scan. He was also responsible for conducting training for the Information System Security Officers (ISSOs) on interpreting vulnerability scans Web Inspect and Database Compliance scans. In addition, provided support to ISSO by reviewing the IT security architecture, maintaining benchmark and baselines for compliance to maintain compliance and posture of IT security systems at GSA. Confidential utilized available GSA enterprise vulnerability, configuration, and monitoring solutions (including SIEM) to perform log reviews, verify system inventory, ensure systems are configured consistent with agency security benchmarks, patched to current levels, and securely maintained. He also ensured continuous monitoring compliance of assigned information systems and assisted in the transition from static security assessment and authorization processes and security management.

Confidential

Assessment and Authorization Analyst

• Confidential conducted information security and risk management activities, security assessments, risk assessment, security assessment reports (SAR) and plan of action and milestone (POA&M) management at GSA. Worked closely with the Security Engineers and Information System Security Manager to coordinate system assessments and authorization on systems as part of the risk management framework (RMF) requirement. Completed continuous monitoring activities and evaluations to ensure systems were securely hardened, and patched in compliance with regulations and in alignment with GSA’s patch management policy and procedures. He hosted daily touch point meetings to discuss the progress and mitigated potential issues that could derail the assessment. In addition he conducted monthly security meetings with all system owners, which provided a forum to discuss upcoming releases and system integrations planned to enhance the functionality and efficiency of the systems. He managed the POA&Ms for all systems and discussed mitigation strategies with developers, the program team and the GSS ISSM so that all vulnerabilities were remediated within the timeframe assigned. He was responsible for delivering the security updates at quarterly Program Management Reviews (PMR) that included FISMA compliance topics and a high-level technical summary of vulnerability scans that provided a snapshot of the security posture of systems he managed.

Confidential

System Security Officer

• Confidential supported the Department of Health and Human Services effort to protect critical information systems in keeping with the Federal Information Security Management Act (FISMA) security assessment program for the Centers of Medicare and Medicaid Services (CMS). He has assisted in the development of key security standards by performing an in-depth security assessments of CMS’ information systems to maintain FISMA compliance by implementing guidelines and standards identified in the National Institute of Standard and Technology (NIST) 800 series. Upon completion of each assessment, a Composite Report was developed detailing the results of the assessment by location along with deficiencies uncovered that were documented in the plan of action and milestones (POA&M). In addition, Confidential attended weekly meetings with the client and provided status reports on a monthly basis. Upon completion of each assessment phase, Confidential submitted a final comprehensive report using the Business Intelligence (BI) tool to make comparisons in the security program from phase to phase. This information provided CMS Management with an overview and assisted them in making decisions on resources needed to support the continuity of operations and security program so that they could forecast budgetary adjustments needed for the next fiscal year.

Confidential

Cyber Development

• Confidential supported the Department of Business and Economic Development’s effort to increase the states incentive for attracting cybersecurity organizations.
• He has assisted in the development of key standards by performing an in-depth assessment of current organizations and their shortcomings through meetings with their respective leaders.
• Upon completion of each assessment, a report was developed detailing the results of the assessment by location along with deficiencies uncovered. In addition, Confidential attended weekly meetings with the client and provided status reports on a monthly basis.

Confidential

Business Operations

• Confidential supported the organization by managing three (3) major accounts which produced over $5 million in revenue.
• His primary task was to provide Quality Assurance to ensure the three (3) clients were satisfied with the work from the IT members per the Statement of Work (SOW) and contract.
• He also forecasted funding required by the client to achieve their goals on a quarterly basis.
• These efforts was then discussed with upper management as part of the strategy in order increase customer satisfaction and continue the business relationship to next quarter.