PROFESSIONAL OBJECTIVE:

Provide leadership of people, processes and technology; align security program strategy with business objectives by implementing sound management and engineering techniques that will add value to an organization.

PROFESSIONAL SUMMARY:

A proven leader with years of information technology experience and twenty years of direct information cybersecurity engagements to achieve efficient and effective business solutions. Background is complimented with a Master of Science in Information Assurance (MSIA) degree and numerous industry certifications.

PROFESSIONAL EXPERIENCE:

Confidential, Richardson, TX

Principal Cybersecurity Consultant/Deputy CISO/Senior Cybersecurity Manager

Responsibilities:

• Principal Cybersecurity Consultant leading engagements in cybersecurity engineering, architecture, operations, building security programs, and participating in audit and compliance efforts; everything from “soup to nuts.”
• Served in various leadership roles for client’s diverse business needs: Sr. Cybersecurity Manager for a Top 15 Mid - Atlantic CPA firm building cybersecurity program strategy to enhance existing tax and audit business lines; Deputy CISO leading security program reviews, compliance audits, and working with SOC1/SOC2 auditors.
• Lead security program audit and reviews with myriad clients: State of North Carolina, Commonwealth of Virginia, City, municipal government agencies, and clients in the Finance and Healthcare industries.
• Deliver project quality control and oversight management of client engagements from start to finish, including adequate planning, execution, and direction while managing to budget.
• Maintaining a strong client focus by understanding the client’s business needs while developing productive working relationships with client personnel in order to accomplish audit objectives.
• Conducted cybersecurity services in areas such as Risk Assessments, Readiness Assessments, Vulnerability Assessments, Attack & Penetration Studies and Governance Risk & Compliance.
• Support the review and revision of core security process and policy documents to ensure that such documents remain compliant with appropriate regulations and that stakeholder feedback is considered.

Confidential, Washington DC

Enterprise Security Solutions Director - IT Security Specialist

Responsibilities:

• System Owner of the Web Application Vulnerability Scanning System (WAVSS). Provide program and technical oversight of scanning more than 700 web-applications across the Department while reducing production vulnerabilities by 96% (FY12-FY14) and increasing pre-production scanning by over 300%
• Program Manager of the Web Security Gateway program consisting of more than one-hundred Websense V10000K security appliances, software blades and operations activities, which included establishing broader baseline configurations, standardizing SSL solutions across the Department, and working with Mission Critical Support to fulfill agency needs such as IPV6, SSL Decryption and DLP.
• Project Manager for the Department’s Checkpoint Endpoint Protection System ( Confidential ); managed the acquisition, distribution, oversight and technical implementation of 85,000 endpoint clients and 47 managers.
• Contracting Officer Technical Representative (COTR) with performance oversight of more than 14 million dollars in obligated funds annually. Developed purchase requests and provided technical oversight.
• Championed the Cybersecurity Program’s Enterprise Program Life Cycle (EPLC) process by working with IT and business stakeholders during Stage Gate Reviews, IT Acquisitions through the Critical Partner Review process and Technical Evaluation Groups.
• Develop policies and maintained strategic plans critical to Cybersecurity Workforce Planning & Development, Continuous Diagnostics and Mitigation (CDM) pilot between Confidential and DHS, and the organization’s overarching Policy for Information Systems Security and Privacy.
• System Authorization activities for multiple systems including Authority to Operate (ATO) of Amazon Web Services. Worked with the cloud service provider and auditor to addresses that FedRAMP security control requirements were aligned to the Confidential 800-53, Rev. 4 security control baseline for moderate impact levels.

Confidential, Silver Spring MD

Principle IA Architect/C&A Engineer/ISSO Program Manager

Responsibilities:

• Developed and implemented security engineering processes and documentation outlining system operating environments to include the overall mission, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks, and associated responsibilities; developed and implemented enterprise C&A processing using SecureInfo RMS.
• Security engineer and architect responsible for discovering users’ information protection needs and the designing and making information systems, with economy and elegance, so they can be safely resist the forces to which they may be subjected in both classified and unclassified operating environments.
• Developed System Authorization (i.e., C&A) processes and customized required tools; delivered artifacts including Systems Security Plans (SSP), Risk Management Plans, security operations procedures and guidelines, Security Test and Evaluation (ST/E) plans (pre-operational and operational), Continuity of Operations Plans (COOP), and plans of action and milestones (POAM) using DIACAP and other risk management frameworks.
• Conducted systems and network vulnerability assessments in conjunction with managing enterprise validation; configuration in accordance with DISA STIG/SRR, ensuring appropriate system patching and IA controls are implemented, importing/exporting scan engine results using eEye Retina and DISA Gold Disk
• Principal point of contact for all Information Assurance activities at the enterprise and local system level.

Confidential, Herndon VA

Cyber Security Associate/Subject Matter Expert

Responsibilities:

• Provided security operations subject matter expertise related to Information Assurance and Computer Network Defense ( Confidential ), red team and blue team activities and enterprise-wide attack/defense exercises.
• Analysis and guidance on enterprise security governance, policies, procedures and techniques of cyber-security activities supporting Headquarters Marine Corps C4 Information Assurance Division, Chief Information Officer (CIO) and Designated Approving Authority ( Confidential ). Enterprise implementation of Confidential IAM and eMASS.
• Served as the IT security subject matter expert for the organization; provided recommendations to the CIO/ Confidential on all matters pertaining to the IA Program; routinely provided training to command level ISSMs and ISSOs.
• Performed forecasting and analysis through effective research of business issues to develop and implement strategic plans, objectives, project plans, policies, procedures, and schedules in support of requirements.
• Performed IT system security scanning, evaluation and analysis; verify systems adhere to DoD mandated security configurations; interpret and apply government information security policies; prepare system security evaluation reports; recommended and implemented support program for IA technical and support teams.
• Directed information security engineering efforts within purview to plan, implement, document, and mitigate security fixes; test, evaluate and continually optimize systems to ensure peak performance.

Confidential, Reston, Virginia and Garland, TX

PM/Principle Information Systems Security Engineer

Responsibilities:

• Engineering lead responsible for meeting customer commitments by adhering to integrated master schedule to achieve Schedule Performance Index (SPI) program performance of 100% and award fee evaluation of 100%.
• Maintained relationships with customers to grow trust and technical credibility critical to information systems security engineering performance; developed security program metrics and status reports.
• Development of the IA engineering workforce to support the strategic business plan; accepted rotational assignments by providing security engineering and business acumen to both internal and external customer funded Research & Development (R&D) projects to increase Cross-Domain Solution (CDS) capabilities.
• Developed, trained, and managed 24 Information Assurance (IA) analysts and engineers in support of a newly constructed Security Operations Center; responsible for the operational security of over 84,000 seats.
• Stakeholder of the DHS Homeland Security Data Network ( Confidential ) SOC proving oversight of IA security monitoring, reporting and incident response activities performed by analysts and engineers: Monitor protection and detection systems; firewalls, VPNs, IDS (host/network), antivirus, and security policy compliance ( Confidential ).
• Evaluate IT systems, programs, metrics and assignments through observation, meetings, interviews and effective research adjusting programs and scheduling to meet goals and objectives. Modify existing systems or develop new methods, procedures and IT programs to meet mission objectives.
• Develop security policy, architectures, procedures, incident response teams and disaster recovery programs. Responsible for the effective design, implementation and testing of security systems including firewalls and various security appliances; direct teams and delegated tasks in the development and implementation of log management and monitoring systems; developed security program with guidance from Confidential 800 series publications, COBIT, industry best practices and standards such as FIPS and Common Criteria.

Confidential, Severn MD

Information Systems Security Officer/IA Security Engineer/Team Lead

Responsibilities:

• Managed the Information Security ( Confidential ) Program for a global organization consisting of 54 command elements, located in 37 geographical locations, consisting of approximately 1500 users.
• Performed Risk Assessment & Security Test and Evaluation; developed and maintained network and application Systems Security Authorization Agreements ( Confidential ) in accordance with DoD and Confidential instructions.
• Implemented organizational C&A processes using the Confidential Information System Certification and Accreditation Process ( Confidential ) and validation of technical and non-technical IA security controls.
• Developed and presented Confidential user awareness training and trained Systems and Network Security Officers
• Performed network and system security audits to ensure Department of Confidential and pre- Confidential compliance.
• Managed the Information Assurance Vulnerability Alert ( Confidential ) Program in accordance with Confidential policy.
• Developed, deployed, managed and maintained an Intrusion Detection System (IDS) based on ISS Real Secure and Internet Scanner products; monitored and analyzed network traffic patterns; identified intelligence-gathering scans; detected attacks in progress and reduced the organization’s adverse incidents by more than 80%.
• Drafted security policies: (File Blocking Policy, Firewall Policy, Password Policy, Web-Site Security Policy).
• Managed and maintained enterprise Checkpoint firewall servers and policies; coordinate all issues pertaining to remote network access and security engineering issues with appropriate internal and external personnel.
• Planned, developed, deployed and maintained small, medium, and large Windows and UNIX networks.
• Maintained documentation in order to discharge the necessary security duties and responsibilities to support internal and external customers (directives, regulations, policies, procedures and guidelines).