SUMMARY:

• Results driven IT professional consultant with 19+ years of Information Assurance experience in hardware, software, systems engineering, and administration. Enthusiastic and adaptive with stellar technical skills, business acumen, and proactive customer service attitude skilled at developing cutting - edge solutions that meet the requirements for various corporate enterprises, federal civilians, and government agencies. I have the ability to work as a lead, team player or independently, while multi-tasking in high-stress, fast-pace environments. experience within the Intelligence and Health Affairs Communities: ensure the confidentiality, integrity and availability of systems, networks, and data through the planning, analysis, development, implementation maintenance, and enhancement of systems, programs, policies, procedures and tools.
• A broad understanding of computer hardware and software, including installation, configuration, management, troubleshooting, and support. Network skills: creating and designing LANs, laying cable, deploying network wide patches, CPU, SVR, laptop, scanner, printer and monitor using various hardware devices and troubleshooting skills. 

TECHNICAL PROFICIENCIES:

• DISA Gold Disk
• Linux/Unix
• MS Office Pro 2007/2010
• My SQL/SQL
• HP WebInspect eEye Retina
• Burp Suite
• JIRA
• SECSCN Solaris/Trusted Solaris WASSP
• Windows XP/Vista/7 STAT Scanner
• Tenable Nessus
• Cenzic Hailstorm
• Lotus Notes
• MS Visio/Power Point/Publisher eMASS
• Xacta
• Cyber Security Assessment & Management (CSAM) version 2&3

EXPERIENCE:

Confidential, Washington, DC

Senior Application Security Analyst

Responsibilities:

• Develop, document, maintain and support the company's information security risk management program in line with the company's information security policy, practices and leading industry standards based upon knowledge of FISMA, OMB, NIST and DITSCAP/DIACAP experience.
• Assist in defining IFC’s information security risks pertinent to its business goals and technology infrastructure and design an enterprise information security risk program to identify, assess and respond to risks.
• Maintain an up-to-date understanding of emerging trends in information security risks; apply new techniques and trends, in-line with overall information security objectives and risk tolerance of the company's, to the company's information security enterprise on appropriate fixes based on reviews and diagnostic tests performed.
• Document risk management policies, practices and procedures utilizing FISMA, OMB and Confidential guidance.
• Assess, evaluate, and recommend appropriate security controls to be integrated into the life cycle of software and IT infrastructure development and enhancement projects via.
• Test for code vulnerabilities and advise developers
• Recommend and devise remediation solutions to ensure application and infrastructure development processes are secure and advise on potential vulnerabilities in the SDLC or of specific code vulnerabilities.
• Assess application and infrastructure projects against secure coding policies and practices.
• Ensure adherence to the Enterprise Security Architecture, Internal Controls over Financial Reporting, and other risk and control requirements as necessary.
• Resolve challenging problems in collaboration with other infrastructure team such as server team, network team, database team, and development teams on installation, troubleshooting, and problem resolution.
• Apply solid technical abilities, analytical, problem solving skills and application knowledge in resolving the production issues.
• Evaluate and provide feedback on future security technologies, new releases and upgrades.
• Assess and provide recommendations on their business relevance and deployment.
• Identify solutions that meet business requirements, align with strategic goals, and improve performance.
• Analyze business and technical requirements.
• Coordinate the design of subsystems and their integration with larger systems.
• Implement integration plans. Interface with testing teams to in corporate plans into the integration testing process.
• Provide strong communication and interpersonal skills to work effectively with geographically distributed technical and business staff.

Confidential, Washington, DC

Senior Information Assurance Engineer

Responsibilities:

• Assisted Confidential Agency IT security personnel in the security certification and accreditation process, on an on-going basis, to ensure mission requirements are satisfied while meeting the security requirements and employing the security controls defined in the system security plan.
• Represented the operational interests of the Confidential, OCIO and serve as C&A subject matter experts with regard to current NIST, FISMA, OMB and Confidential IT security related initiatives, policies, procedures and guidance.
• Verified with agencies if any new systems are being developed or if older systems are planned for retirement.
• Served as personal liaisons for each Confidential agency throughout the system development life cycle of each individual information system for each Agency.
• Maintained status of upcoming systems with expiring ATO’s to ensure timelines are met for Phase 1 and Phase 2 C&A processes.
• Conveyed Confidential -level guidance and assistance in complying with current NIST, FISMA, OMB, and Confidential IT security-related C&A guidance.
• Provided guidance to individual agencies with regard to existing, new or changing Confidential IT Security C&A initiatives.
• Assisted and mentor Agency-level C&A personnel, including Agency ISSPM’s during all phases of the C&A process.
• Served as C&A subject matter experts to agencies.
• Validated Phase 1 and Phase 2 C&A status for each individual system based on the ATO expiration date.
• Kept up-to-date regarding each agency’s mission and purpose, as well as in-depth knowledge of their overall network and system-specific infrastructure for each system, for each agency.
• Reviewed all Cyber Security Assessment Management (CSAM) documentation for each information system listed within the agency to ensure compliance, completeness and validity.
• Trained agency field personnel on NIST 800-53 Revision 3 control conversion as trained by CSAM Administrator.
• Performed as quality control and first contact for all Phase 1 and Phase 2 C&A documentation for each information system, for each agency prior to entrance of Confidential OCIO concurrency review process.
• Reviewed all documentation and work with agencies individually to work through issues prior to concurrency review.
• Provided CSAM Version 3.0 Upgrade training continuously to Agency C&A staff (including contracted personnel).
• Assisted CSAM Administrator with training repository updates.
• Cyber Security Assessment & Management (CSAM) Administrator.
• Assisted Project Manager and Administrator for the largest CSAM application implementation in Civilian Government.
• Managed and administered CSAM for all 29 sub-agencies and 700 systems.
• Instrumental in CSAM 800-53 Rev3 upgrade.
• Participated in DOJ Red Team for CSAM v3.0.
• Developed and delivered custom sub-agency training for all phases of the application.
• Actively participated in future CSAM development activities with DOJ.
• Provided OCIO level reports and system status to senior staff.
• Expert in documenting tasks and issues using SharePoint issue tracking template.
• Participated in developing agency specific CSAM documentation and user guides.
• Assisted in Managing a 600 line CSAM centric project plan.

Confidential, Washington, DC

Senior Information Assurance Analyst

Responsibilities:

• Evaluated the security posture of the Integrated Acquisition System (IAS), and makes recommendations to the System Owner, Certifying Authority and the Approving Authority.
• Provided technical vulnerability assessment of System, for Confidential Office of the Chief Information Officer using FISMA, DIACAP, and other approved processes to include: using both automated vulnerability assessment tools (Gold Disk, eEye Retina, AppDetective, WebInspect) as well as manual testing scripts.
• Uploaded all C&A Phase I documentation into CSAM for both review and concurrency by the Phase II vendor and Cyber Security for PSD IAS MA.
• Evaluated and assessed compliance with established information assurance policies and regulations.
• Performed security assessments, reviewed documentation, and support security analysts in a team of technically diverse personnel.
• Conducted and documented risk and threat assessments.
• Made recommendations for implementing countermeasures, prepared required documentation for and coordinated with senior engineer.
• Conducted engineering analysis and evaluation for security-related hardware, software, and system component evaluations.
• Developed and provided test plans and vulnerability reports to a team of Security Analysts according to, Confidential, Federal, DISA and other Information Assurance (IA) related requirements.
• Kept abreast of emerging security technologies and made appropriate recommendations regarding their implementation.
• Provided direction, technical experience, and work assignments to direct other Consultants; reviewed work products for correctness and adherence to Confidential, NIST, FISMA, and other IA Standards, and tracked progress against work schedules.
• Prepared deliverables and delivered presentations in all areas of expertise to colleagues, subordinates, and end-user representatives.
• Made coordination with the Task Manager to ensure problem resolution and user satisfaction. Interfaced with external customers to provide IA subject matter expertise throughout the system development lifecycle.
• Evaluated and assessed compliance with established IA policies and regulations, and advised management on IA trends and solutions.
• Participated in all phases of the systems lifecycle including systems development, integration, and testing.
• Gathered and organized technical information about an organization's mission goals and needs, existing security products, and ongoing programs in computer security.

Confidential, Springfield, VA

Senior Information Assurance Engineer

Responsibilities:

• Oversight of the daily Information Assurance (IA) activities. Performs schedule, risk, quality, security and administrative duties relative to IA to include supporting additions to current task.
• Provide senior level consulting to the PM Biometrics on IA subjects including program development, best industry practices, and enhancements of the Biometric Automated Toolset - Army (BAT - A).
• Implemented and managed all C&A documentation into eMASS for review by PEO EIS for PM Biometrics.
• Act as primary customer contact for IA activities, leading IA review session with the government to discuss schedule and technical performance.
• Task management - Assign duties to team members - ensuring adequate priorities of the tasks are appropriately staffed for coverage.
• Report all pertinent matters involving the security of programs, mission support systems, application to the Information Assurance Manager (IAM).
• Ensure all staff members receive annual IT Security Awareness Training and Security Responsibility Training.
• Provide management of Certification and Accreditation (C&A) activities serving in an advisory role to ensure all phases of the C&A lifecycle are performed.
• Conduct reviews of security related policies, audits of security programs, major application systems and associated information assets.
• Establish and maintain a remediation program associated with deficiencies in Plan of Action and Milestones (POA&M).

Confidential, Falls Church, VA

Senior Information Assurance Engineer

Responsibilities:

• Provide professional Information Assurance (IA) engineering specific to Certification and Accreditation (C&A), Confidential IA policy & procedures, security threat/vulnerability assessments in support of Defense Information Systems Agency (DISA) at the Program Management Office (PMO) level.
• Knowledge of Federal Regulations such as the Confidential Information Technology Security Certification and Accreditation Process (DITSCAP), Confidential Information Assurance Certification and Accreditation Process ( DIACAP), Office of Management and Budget (OMB) Circular A-130, Confidential Directive 8500.01, Confidential Instruction 8500.02, and Department of Central Intelligence Directive 6/3.
• Independently develop and assess required documentation, such as System Security Authorization Agreements (SSAAs), System Security Plans (SSPs), Security Test Plans (STPs), Security Test and Evaluations (ST&Es) Results, Vulnerability Matrix’s (VMs), Plan of Actions & Milestones (POA&Ms), and Security Design Documents (SDDs).
• Advise the Program Executive Office Information Assurance Network Operations (PEO-IAN) of the C&A development capabilities and the lifecycle impact on current technology infrastructure.
• Implemented and managed all C&A documentation into eMASS for review by PEO-IAN DAA for PMO.
• Plan, manage, and lead the C&A programs for PEO-IAN.
• Change, update or develop C&A packages for Authority to Operate (ATO), Interim Authority to Operate (IATO), and Interim Authority to Test (IATT).
• Coordinate, interface, and provide tasking to Field Security Office (FSO), Configuration Management (CM), Program Management Office (PMO), and the Chief Information Office (CIO) on C&A processes and compliance.
• Present C&A process charts, briefing and training to the division.
• Liaison internal and external user community access to C&A information and identify areas of improvement.
• Collaborate across all lines of responsibilities and communicate at all project and program levels for the government leadership.

Confidential, Falls Church, VA

Lead Information Security Engineer

Responsibilities:

• Provide application and network vulnerability assessment for Health Systems, for Confidential Health Affairs and Services (Army, Navy, and AF) using DITSCAP/DIACAP process to include:
• Certification Testing and Evaluation (CT&E)
• Security Testing and Evaluation (ST&E)
• Using both automated vulnerability assessment tools (Gold Disk, eyeRetina, AppDetective, WebInspect) as well as manual testing scripts
• Evaluate and assesses compliance with established information assurance policies and regulations.
• Conduct technical design reviews on products and designs.
• Perform security assessments, review documentation, and support security analysts in a team of technically diverse personnel.
• Conduct and document risk and threat assessments.
• Make recommendations implementing countermeasures, prepare required documentation for and coordinate with senior management.
• Develop certification evaluation and findings reports.
• Conduct engineering analysis and evaluation for security-related hardware, software, and network component evaluations.
• Evaluate security risk assessments and engineering change proposals.
• Develop and provide test plans and vulnerability reports to a team of Security Analysts according to Air Force, Confidential, Federal, DISA and other Information Assurance (IA) related requirements.
• Keep abreast of emerging security technologies and make appropriate recommendations regarding their implementation.

Confidential, Stafford, VA

Lead Information Assurance Analyst

Responsibilities:

• Function as the technical authority for Information Technology (IT) security management. Areas include: ensuring the confidentiality, integrity and availability of systems, networks, and data through the planning, analysis, development, implementation maintenance, and enhancement of systems, programs, policies, procedures, and tools.
• Provide training, system documentation and troubleshooting guidance for on-site Intelligence personnel.
• Brief PM Intel project officers semiannually on C&A process.
• Implemented and managed all C&A documentation into eMASS for review by PEO EIS for PM Biometrics.
• Manage two certification and accreditation information assurance specialists. Provide mentoring to junior and mid-level engineers regarding IA best practices and solving complex problems.
• Manage Certification Test & Evaluation (CT&E) and Residual Risk Assessment (RRA) and determine technical recommendations for closing open vulnerabilities.
• Perform network vulnerability scans and analysis to produce CT&E and RRA reports.
• Create Federal Information Security Management Act (FISMA) scorecards for 41 programs Program Management Intelligence (PMIntel) to insure federal compliance.
• Managed all C&A documentation via Xacta for briefing for both the Certifying Authority (CA) and the Designated Approving Authority (DAA) for all 41 programs.
• Maintain in-depth familiarity with current exploits and vulnerabilities that are pertinent to the Windows, Solaris and Linux operating systems.
• Evaluate and recommend IA solutions that support the customer’s military based mission while maintaining functionality of the products and services in specific environments.
• Analyze and recommend solutions for IA based problems based on knowledge of IA products, an understanding of their limitations, and a working knowledge of the disciplines of IA (Common Body of Knowledge).
• Apply knowledge of current Confidential Information Assurance (IA) policies (i.e. NIST, DIACAP, DoDI 8500.2, DODIIS and DCID 6/3) from the Confidential top level through the Department of the Navy to the Marine Corps. Analyze how those policies interrelate; report the structural shortcomings; and mitigate or resolve any conflicting issues for the Marine Corps.
• Support local system administrators and network engineers in network monitoring techniques, intrusion detection, PKI solutions, reactive measures and prevention, security assessment methodologies, security vulnerability analysis, and data encryption.

Confidential, Alexandria, VA

Help Desk Support

Responsibilities:

• Computer helpdesk support for Facility Security Officers (FSO) nationwide interfacing with Confidential to process clearances for Confidential contractors. Desktop and laptop configurations, installation of hardware and software, troubleshooting user, printer, and network problems.

Confidential, Fairfax, VA

Systems Engineer

Responsibilities:

• Provide technical analysis in data network planning, engineering, and design.
• Recommends tools and techniques needed to implement efficient solutions to network problems.
• Maintain technical expertise in various areas involving network and computer operation.
• Experience in developing system level requirements, test plans and procedures, concept of operation documents, life cycle cost estimates, and program acquisition schedules within the intelligence community.
• Create documents for operational and engineering tasks, procedures, and configurations.
• Configure and deploy servers and/or workstations for classified networks. Provide multi-tier support for systems to include setup and maintenance of user accounts.
• Perform software installations and upgrades to Windows/UNIX operations systems and layered software packages and maintenance.
• Evaluate, implement and manage appropriate software and hardware solutions for Windows/UNIX.
• Ensure recoverability of data/media by implementing a schedule of system backups and database archive operations. Support media management through internal methods, procedures and offsite storage and retrieval services.
• Conduct routine hardware and software audits of UNIX workstations/servers for compliance with established standards, policies, procedures and configuration guidelines.