SUMMARY

• Provide consultation and technical services and support for network and system security projects.
• Provide Certification and Accreditation (C&A) services.
• Provide IA consultation and guidance to comply with confidential and, Federal guidelines (e.g. confidential etc.).
• Develop, review, endorse and maintain Risk Assessment Reports, C&A documentation, and senior level briefings on a time driven schedule while providing security advice on numerous projects throughout the enterprise.
• Provide leadership and managerial services in a highly diverse spectrum of assignments, including mentoring Jr. IA Analysts, strategic planning, budgeting and analytical problem solving skills.

TECHNICAL SKILLS

Operating: Windows 2K8/Win7, Citrix MetaFrame, Sun Solaris, Red Hat Linux, JunOS

Systems: Cisco IOS. Shell scripting with vi Editor.

Programming Languages: C Programming, DHTML, Visual Basic, Unix/Linux.

Hardware: Nortel IP routers and Communication Servers, Cisco Remote access servers, Cisco routers, Cisco FWSMs, Cisco Catalyst, Nexus and Marconi switches LightStream 1010 ATM backbone switch, PIX and ASA firewallsBarracuda and Bluecoat SG web filters, Juniper Netscreen 5400, blade and rack servers Adtran CSU’s, Saturn B Inmarsat B satellite communications equipment. General Dynamics KG Crypto devices and KIV - 7 crypto systems.

Software: Checkpoint Firewall, Cisco PIX, Juniper, IPFilter, Bluecoat, Microsoft Office, ProjectOutlook, Visio, Sharepoint, Active Directory, McAfee ePo Orchestrator, Veritas Backup Exec, Vinca Cluster, Sharepoint,,STIGViewer, eRetina,.ISS RealSecure IDS, SNORT (IDS/IPS), Nessus Security Scanner(ACAS), eMASS.

Monitoring Tools: Nessus, HP System Insight Manager, CiscoWorks, General Dynamics Encryption Manager, WhatsUp Gold, Service on Data for Marconi switches, McAfee Intrushield IPSSidewinder Admin Console and McAfee Host Based Security System (HBSS), AirPCAP for wireless detection and analysis, Flying Squirrel and Yellowjacket Wifi detection tools.

IA Management Tools: eMASS, DITPR-DON, DADMS, DoD PPS CAL,VRAM,OCRS(IAVM) and DISA STIGS/Checklists and SRRs.

PROFESSIONAL EXPERIENCE

Sr. Information Assurance Analyst

Confidential, Norfolk, VA

Performs Certification and Accreditation recommendations to confidential according to DoDI 8570.01-M and NIST 800-37 C&A certification and qualification requirements including confidential to Risk Management Framework transition. Provide dedicated support to the Navy Certifying Authority.

Information Assurance Manager

Confidential, Newport News, VA

Position required establishing network information requirements in the development of enterprise-wide networking infrastructure. Ensured network systems were compatible and in compliance with the IA standards for open systems architectures. Specific duties included detailing incidents and handling classified spillages to report to confidential including preparing confidential Checklist. Organized commands for IA-compliance inspections, assisted in development of IA artifacts to upload to confidential for confidential validation/annual FISMA reporting. Also provided recommendations to commands for overall IA improvements in enterprise processes. Submitted Certificate of Networthiness (CoN) tickets to NETCOM for software approvals. Daily supervision and direction to IA staff was also provided.

Information Assurance Manager

Confidential, Norfolk, VA

Tasked as Subject Matter Expert in Certification and Accreditation (C&A) of the proprietary Circuit Information Management Tool Set (CIMTS) applications (both NIPRnet and SIPRnet) for Naval Circuit Management Office. Activities included updating artifacts for C&A DIACAP packages, validating IA Controls through eMASS, IAVM tracking through VMS, analyzing raw data to determine security posture changes made to systems, participation in Change Control Board meetings to define security risks encountered from data analysis as Category I,II,III findings and briefing Sr. management of critical findings. Also responsible for setting up collaboration meetings with Certification Authority and Navy ODAA to recommend ATO, IATO, DATO status. These determinations required analysis of Retina scans, Gold Disk analysis, SRRs, STIG checklists and VMS updates to develop DIACAP scorecard and POA&M to obtain Approval to Operate from Navy accrediting authority.

Network Security Project Lead

Confidential, Norfolk, VA

Tasked with technical and managerial support services to ensure Information Assurance Life Cycle Management activity of operating systems, networks, and applications within Command, Control, Computer, Communication and Information Systems (C4S) onboard confidential Support Command ships. Utilization of automated and manual tools and methods to assess prescribed technical, management, and operational security controls employed within and inherited by MSFSC Afloat systems. Performed Gold Disk assessments, eRetina scans and SRRs on Unix-based systems, databases and web servers. STIG and Security checklist compliance also checked where automated tools cannot provide proper assessments. As Project Lead, required to manage both C&A Team to develop comprehensive C&A packages and manage Remediation Team to track remediation/mitigation efforts for testing and coordinating/scheduling ship visits to implement remediation. Also ensured implementation of IAVM Program and applicable Government-directed patches. Responsibilities as Project Lead entailed tracking tasks from both work-streams and resources with a detailed Plan of Action and Milestone (POA&M) that was provided to the customer in a Monthly Status Report that documented each team’s progress, status, quality assurance and cost reporting.

Sr. Principal Security Analyst

Confidential, Fort Eustis, VA

Confidential 93rd Signal Brigade IA Team Lead for confidential. Job entailed leading teams on IT Security audits of Installation Campus Area networks (ICANs) for both confidential to validate Army ICANs for DoD IA and AR-25 compliance. Position involved analysis of in-depth penetration testing of boundary network devices including firewalls, IDS/IPS, router/switch configurations, VPNs, proxy servers, web filters, wireless networks, servers and desktops for vulnerability assessments as outlined in FISMA, FIPS, NIST and DIACAP. Position required presenting oral and written government in/out briefs upon completion of IA Audits by assessment teams.

Sr. Network Security Consultant

Confidential, Suffolk, VA

Contracted to United States Joint Forces Command to lead IA staff in developing IA technical solutions for maintaining accreditation of DISN circuits through DISA’s DIACAP C&A process. Position involved recommendations for mitigating IA Controls that were Category I and Category II to a minimal risk level after reviewing results of ST&E.

Information Assurance Security Consultant

Confidential, Norfolk, VA

Contracted to confidential division to provide IA expertise on IT networks. Typical duties involved providing vulnerability analysis and assessments of systems and network devices using eRetina vulnerability scanner, DoD Gold Disk and Security Readiness Review (SRR) scripts. Yellowjacket and Flying Squirrel Wi-fi testing also performed to detect rogue networks. Prepared documentation and artifacts for security plans to obtain ATO under DIACAP to submit to confidential. Ensured operating systems, applications and network devices were validated using security configurations in accordance with DoD STIGs and checklists. Position also required interacting and engaging in discussions with system stakeholders, Program Managers and System Engineers with respect to IA and providing recommendations for enhancing network security posture.

Information Assurance Security Engineer

Confidential, Virginia Beach, VA

Provided support on all C&A issues for confidential Command. Responsibilities included preparing and reviewing DIACAP documentation for production, experimental, exercise and confidential networks in order to provide an informed accreditation recommendation to the Designated Approval Authority (DAA). Utilized risk management process to identify vulnerabilities, weaknesses, and potential shortfalls when engineering security solutions to determine the impact on current or planned networking and communication systems and projects. Ensured authorized IA tools were used to perform vulnerability testing and analysis of networks and systems to ensure DoD compliance. Performed analysis on access, security level, transmission mode and security test and evaluations (ST&E) to ensure the certification and accreditation throughout the life cycle of all networks are in accordance with DoD Directives, Instructions and other national level policy documents. Developed reporting procedures that ensured security violations and incidents are properly reported and monitored the implementation of security guidance and actions to remedy security deficiencies.

Network Management Operations Manager

Confidential, Norfolk, VA

Project Lead for Verizon Confidential .’s Network Security Division to manage Off-shore Security Team and function as security subject matter expert for all Layer 3/IP - routing related issues. Position required ensuring all Verizon outsourced call centers were compliant with Verizon, state, federal, international, privacy, export compliance and security laws and policies. Job tasks also included developing security policy and procedures under NIST Guidelines for all outsourced call centers and ensuring security guidelines were followed and accepted through Verizon’s Governance council for approval. Position also required my review and approval/disapproval of all router, switch, firewall configuration changes for remote sites before implementation.

Network Security Analyst

Confidential, Norfolk, VA

Position involved providing policy development, management and technical support to confidential’s Office of the DAA (ODAA) in fulfilling its Information Assurance (IA) responsibilities. Provided C&A support to ODAA for networks, systems and applications for DITSCAP/DIACAP process and recommended to the DAA a system’s suitability to receive an Approval to Operate.