SUMMARY:

• Over sixteen years of experience in IT as a systems engineer / consultant and security analyst for private and government sectors.
• Diverse background including design, security risk assessments, System Assessments an Authorizations (SA&A), using guidelines such as FISCAM, SSAE 16, DITSCAP, NIACAP, FISMA, ISO 27001 and NIST; tools such Nessus, Risk Vision, BTK and ISS scan to determine vulnerabilities, implementation and management of networks and e - mail systems.
• Over 9 years of experience conducting IT training and formal presentations.
• Strong hardware and software experience in troubleshooting, maintenance, and optimization.
• Wide range of experience through handling multiple projects, managing budgets, delegating responsibilities, and network design implementations.
• Extensive formal training in business applications, hardware (ranging from PCs to Multi-processor servers), and operating systems.
• Hard working, results-oriented with a record of getting things done while emphasizing quality.
• Possess great interpersonal and communication skills with an aptitude for making complex concepts easy to understand and apply to real world.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Information Security Risk Analyst

Responsibilities:

• Part of the Governance, Risk and Compliance team in Confidential ’s IT Division, duties include:
• Implement and maintain a continuous process improvement work environment
• Execute security risk assessments in accordance with industry standards and best practices.
• Communicate and facilitate security risk assessments requirements for both proprietary and third-party applications within the Confidential Infrastructure.
• Identify and communicate application control deficiencies and the associated risks.
• Develop action plans and/or recommend alternate solutions to resolve exceptions to standard operating procedures.
• Manage and develop information security policies and standards based on industry frameworks (ISO, NIST and COBIT)
• Provide security consulting and advisory services to business units and project teams.

Confidential

Lead Cyber Policy Analyst

Responsibilities:

• Worked in support of the operational execution of the cyber security program
• Developed and updated cyber strategy and policy documents to apply Federal legislation, Office of Management and Budget (OMB) regulations, National Institute of Standards and Technology (NIST) standards, and United States Computer Emergency Readiness Team (US-CERT) guidelines in the context of the agency’s environment
• Developed, implement and communicate Information Technology (IT) security policy, standards, best practices, guidance and procedures
• Developed IT security related policy briefings, presentations and white papers for distribution to diverse user community and for use by the managers
• Identified gaps and conflicts in cybersecurity policy and governance guidance and make recommendations to address these areas

Confidential

Sr. Information Security Analyst

Responsibilities:

• Worked on site at the Confidential supporting the development and management of Information Systems security using NIST guidelines, including disaster recovery, database protection and software development
• Served as the Interconnection Security Agreement (ISA) Working Group project lead
• Analyzed information security systems and applications and recommended and developed security measures to protect information against unauthorized modification or loss
• Assisted with POA&M management, compliance and oversight
• Supported technical architecture and assessments
• Managed the continuous monitoring process
• Conducted independent Security Assessments and Authorizations (SA&A) on the systems and developed required reports and documentation

Confidential

Sr. Information Assurance Analyst

Responsibilities:

• Served as a senior certification agent for the Confidential, responsibilities included writing security guidelines and policies, conducting information systems security audits; reviewing and analyzing information security controls using NIST guidelines, and other audits such as FISCAM, SSAE 16 and FISMA. Performed security reviews/vulnerability risk assessments of network environments using both manual procedures and automated analysis tools. Documented findings; made recommendations for remediation; wrote security reports and generated POA&M.

Confidential

Security Analyst

Responsibilities:

• Used NIST guidelines such as 800-18, 53 and 60, FIPS 199, FISMA, and OMB to perform systems security planning, integration, verification, and risk analysis of information systems.
• Conducted network security and vulnerability assessments, Security Test and Evaluation (ST&E), and security validation procedures
• Analyzed system configurations to determine security posture.
• Recommended secure risk-mitigation solutions and provided security engineering solutions to developers and integrators
• Drafted security test procedures, risk assessments, and documentation reviews as part of the ongoing security certification process.
• Provided information assurance subject matter expertise throughout the system development cycle

Confidential

Computer Security Analyst

Responsibilities:

• Worked with relevant Federal Certification Accreditation (C&A) standards including NIST guidelines, FISMA, FIPS 199, and OMB for testing and analysis of federal information systems.
• Defined security impacts of design implementations and production systems; Windows-based systems and SQL and Oracle database systems; determined vulnerabilities, reviewed and wrote SSPs, risk assessments, contingency plans and ST&E plans; Performed tests using automated tools and checklists to determine vulnerabilities; Made recommendations for mitigating security issues
• Wrote reports of certification results and made accreditation recommendations
• Conducted training on PKI in domestic and international locations

Confidential

MIS Consultant

Responsibilities:

• Served as Project lead and MIS consultant for a CPA firm; responsible for designing and implementing a migration to Windows 2000 and Exchange 2000.
• Responsible for recommending and implementing document management and workflow solutions.
• Developed intranet and extranet solutions

Confidential

Systems Engineer

Responsibilities:

• Served as Project lead and Windows 2000 and Exchange 2000 consultant.
• Responsible for designing and implementation an electronic mail solutions for the SIPRNET to be used as a means of communication in support of the war in Iraq.

Confidential

Systems Engineer

Responsibilities:

• Served as a Windows 2000 Systems Engineer for Confidential .
• Part of a team working on various projects, ranging from security assessments, software development, documenting the system life cycle process, to business process reengineering, configuration management and analysis of metrics.
• Designed MS Exchange 2000 architecture and migrated from MS Exchange 5.5 to Exchange 2000.

Confidential

Senior Consultant

Responsibilities:

• Served as a Senior Systems Engineer for ARIS specializing in Microsoft BackOffice consulting.
• Fulfilled consulting engagements at ARIS facilities and client/partner sites located throughout the US.
• Provided pre-sales technical support, design, implementation and documentation of Microsoft BackOffice infrastructure solutions such as designing Exchange 2K architecture for migration 5.5.
• Designed and implemented a multi-site E-mail migration from cc: Mail to MS Exchange 5.5. and 2000
• Developed and implemented disaster recovery procedures for the Microsoft BackOffice.
• Participated in the modification of a large-scale electronic mail infrastructure to accommodate implementation of firewall and other security mechanisms.
• Created scripts for unattended installation of Windows NT server using Compaq Hardware.
• Created standard operating procedures for the administration of Exchange servers.

Confidential

Network Engineer

Responsibilities:

• Project/team leader responsible for in-house team of systems engineers.
• Technical lead for network infrastructure upgrades including Firewall, Cisco routers.
• Responsible for installation and configuration of Microsoft BackOffice components, including Microsoft Windows NT Server, Microsoft Exchange Server, Microsoft SQL Servers.
• Maintained in-house database using custom and system scripts for SQL Server.
• Designed name resolution and network routing solutions using Microsoft DHCP, WINS, and DNS.
• Wrote project plans, documentation of network upgrades, and project status reports to management