PROFESSIONAL SUMMARY:

• Continuous monitoring and daily analysis of security events via review of top security websites, state - of-the-art tools to include SIEMs, web application firewalls, Host Based Intrusion Detection systems, Host Based Intrusion Prevention systems, vulnerability and compliance management software and various monitoring infrastructures,
• Information Assurance (IA) Analyst proficient in recommending, implementing, and assessing security controls and developing systems-specific security documentation and reports.
• IT Security Audit Specialist - Provide professional IT services knowledge and expertise to support the objectives of the annual independent FISMA evaluation, OMB A-123 requirements, and the IT audit aspect of the financial statement audit
• Proven ability to work effectively in a team management environment or independently and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
• Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with IT security.

PROFESSIONAL EXPERIENCE:

Confidential, Arlington, Virginia

Sr. Information Security Consultant

Responsibilities:

• Confidential conducts penetration testing services for private sector clients, including law firms (e.g., Kellogg, Huber, Hansen, Todd, Evans & Figel) and the provider of a video group chat service called Paltalk, a video chat client called Camfrog, and a virtual phone number generating service called Vumber.
• Utilizes Penetration Testing Linux distributions such as Kali Linux and Penetration testing Frameworks such as Metasploit and Burp Suite to perform automated reconnaissance gathering, vulnerability scanning, exploit testing, analysis and reporting.
• Performs white box/black box testing as directed by the client when performing authorized penetration tests.
• Conducts Penetration tests utilizing both open source tools as well as professional tools such as Burp Suite Pro, Nmap, ZAP, Ettercap, Nessus, as well as many others contained within Kali Linux.
• Researches OWASP and the National Vulnerabilities Database (NVD) for Common Vulnerabilities and Exposures (CVEs) - including those related to SQL, Java, JavaScript, J2EE, and XML.
• Employs XML as an output type for conversion of scan data produced by penetration testing tools nto HTML, or so it can be easily parsed by other penetration testing tools (i.e., Nmap, SqlMap), graphical user interfaces, or imported into databases (e.g., MySQL, Excel).
• Proficient in HTTP/HTTPS protocols as well as an understanding of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, DNS, LTM, GTM).
• Knowledge of authentication mechanisms like SAML, OAuth.
• Experience with Application Security Firewalls (such as CISCO) and Host Intrusion Prevention systems (e.g., McAfee ePO).
• Experience with application security code review practices / static analysis and methods, such as OWASP Top Ten.
• Analyzes compliance with regulatory issues such as HIPAA, FISMA, SOX and PCI DSS as well as experience in the implementation of controls to mitigate these issues
• Analyzes SIEM products (e.g., Dell SecureWorks)

Confidential, Falls Church, Virginia

Consultant

Responsibilities:

• Confidential supported Mr. Shelton a Registered Representative of Confidential, in various IT aspects of the sale of life insurance and annuity products.
• Provided antivirus updates, patches, and e-mail security; operates financial applications containing PII (e.g., SSN, investment account, savings account, detailed contact information, etc.) on a regular basis.
• Developed reports in Excel to support client management.
• Set up WebEx support and file delivery to clients and business support personnel.

Confidential, Fairfax, Virginia

Information Technology Security Officer

Responsibilities:

• Confidential maintained the Security Policy for the National Oceanic and Atmospheric Administration (NOAA) National Marine Fisheries Service (NMFS) Office for Law Enforcement (OLE) Wide Area Network (WAN).
• Responsibilities:
• Reviewed the Final Risk Assessment Report and Security Plan to ensure they were complete, current and effective, in accordance with NIST SP 800-18 and integrated into all stages of the system life cycle in preparation for annual IT Audit;
• Provided subject matter expertise in Information security as it related to networking, Cisco Firewalls, IDS/IPS, server hardware and operating systems, and end-user access devices (PC's, tablets, etc.)
• Monitored and updated Plans of Action and Milestones (POA&Ms) for accuracy and completion according to schedule

Confidential, Fulton, MD

Information Security Professional

Responsibilities:

• Led the development and interpretation of security policies and procedures and contributed to the development of enterprise-wide security strategy;
• Evaluated and recommended existing or new and emerging security products and technologies (such as Cisco Firewalls, and Metasploit and Nessus for vulnerability scanning) ;
• Participated with application and infrastructure architects to provide security overlays for development and deployment patterns.

Confidential, VA

Senior Information System Security Analyst

Responsibilities:

• Streamlined the Account Management/Access Control Procedures and reviewing and updating the official Account Management/Access Control Policies.
• Ensured all requirements derived from interviews conducted with FMCA staff responsible for account management/access control are incorporated into the policy and procedures.
• Conducted IT Audit of DOT FMCSA systems. Reviewed existing C&A package documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and POA&Ms, as well as Risk Assessments, Contingency Plans (CPs) and Privacy Impact Assessments (PIAs), etc., in preparation for annual documentation updates and the Security Authorization Process (the new term for C&A).
• Attended Contingency Plan Tests (via conference calls) for FMCSA systems and prepared Contingency Plan Test Questions for future CP tests to be conducted on several of the FMCSA systems.
• Assessed the current Retina Scan processes and reports to help determine a more efficient and effective way to remediate valid vulnerabilities and weed out false positives from the reports to upper management.

Confidential, VA

Senior Security Analyst

Responsibilities:

• Security program development, policy development and maintenance; program-wide development of procedures; analysis of gaps in agency security programs, identification of solutions and corrective action plans.
• Participation in Personally Identifiable Information (PII) Reduction Working Group sessions to assisting in the efforts FAA made towards its 2011 goals.

Confidential, VA

Sr. Security Analyst

Responsibilities:

• Conducted IT Audits on Census Bureau Decennial information systems in a leadership role with multiple junior level security analysts on staff.
• Assessed both application and general support system security configurations and implementation to determine their compliance with both Technical and Management and Operational controls. Interviewed federal employees (including Administrators, Branch Chiefs, other IT Staff), and other contractors and consultants as required, to obtain evidence for developing the security assessment report.
• Responsible for the presentation of the vulnerability findings to the client.

Confidential, MD

Senior Security Analyst

Responsibilities:

• Conducted IT Audit of WHD systems.
• Ensured compliance with all security-related FISMA reporting including: Quarterly Control Reviews, Annual FISMA reports, (PII) reports, FIPS 199 Security Categorization reports and worksheets, MOUs, Security Self Assessments (SSAs), SSPs, Risk Assessments (RA), CPs, POA&Ms.
• Coordinated, documented, and reported on internal investigations of security violations which included monthly incident questionnaires and final incident reports.

Confidential, Arlington, VA

Senior Systems Security Analyst/Requirements Analyst (SRA)

Responsibilities:

• Responsible for evaluating the design and updating the SecureCAP procedures that corresponded to the controls evaluated for A-123 Testing.
• Systems Security Officer for EPA’s Information system, ACRES, in support of the Brownfields program. Developed and maintained the Systems Security Plan and all required security documentation.
• Work Assignment Manager/Sr. IT Trainer & Requirements Analyst (MNG)
• Work Assignment Manager in charge of converting EPA personnel to the use of Lotus Notes Version 5.0 for e-mail and calendar scheduling from the use of Groupwise, cc:MAIL and other electronic tools.
• Sr. IT Trainer - Played a large role in the national effort to deploy the EPA web-based application WasteLAN, to regional EPA personnel. Over 450 users were trained between January 1998 and October 1998 - nation-wide.
• Work Assignment manager in the implementation of CERCLIS 3; over 880 users were trained between February 1997 and January 1998.
• Analyzed EPA information systems (e.g., conducted data modeling efforts, developed test plans and conducted testing, developed user and system administration documentation)

Confidential, Springfield, VA

Senior IT Systems Analyst/Requirements Analyst

Responsibilities:

• Supported NFRC in the redesign of the NFRC database and application used by NFRC headquarters and simulation and testing laboratories to track window and door manufacturer information

Confidential, Herndon, VA

Consultant

Responsibilities:

• Consultant to the DoD testing and documenting the tri-service medical systems, MEPRS, and MEQS III.
• Developed system and acceptance test plans, performed system and acceptance testing, and provided test documentation and test summaries for these PC-based applications.

Confidential, Arlington, VA

Financial Analyst

Responsibilities:

• Supported the Standard Missile project, researching Federal Acquisition Regulations, missile part locations, and financial expenditures for DOD.