- Twenty years of experience in IT and over fourteen years focused on Cyber Security.
- Experience includes Information Security, Security Operation Center (SOC), Information Assurance, Network Engineering, Systems and Network administration, configuring, and troubleshooting issues.
- In addition to experience, certifications in ITIL V3 Foundations, Security +, Certified Ethical Hacker v7 as well as training in CISSP.
Skilled working with the following software tools: Nessus Security Center, AppDetective, DbProtect, WebInspect, Confidential Bigfix Web Reports, CSAM (Cyber Security Assessment Methodology), Encase vers.6 & 7, LogRhythm, ePO 4.6 (HBSS, IDS/IPS, & DLP),Foundstone Scanner, SQL 2005 & 2008, FRED 2.3.1, Websense, NMAP, FTK Imager, Forensic Toolkit, ForeScout NAC, Blue Coat, Arc Sight 5.0, BackTrack 5, Microsoft Baseline Security Analyzer, Microsoft Exchange 5.5, Microsoft Office 2010, Windows 7, Windows 8, Windows 10, LDAP, Norton Antivirus Corporate Edition 8.x,GHOST software, Cisco Works 2000, PS Tools, Wireshark, nCircle, Windows 2008,, Active Directory, Air Magnet, and Flying Squirrel.
PRIMARY WORK AREAS:
- Information System Security Officer (ISSO)
- Assessment and Authorization (A&A)
- OMB Circular A - 123 compliance
- IT audit
- Vulnerability Management
- Security Engineer
Senior Systems Security Analyst
- Ensure that assigned information systems are operated, maintained and disposed of in accordance with approved security policies and practices.
- Ensure that system security requirements are addressed during all phases of the IS lifecycle.
- Develop and maintain Security Authorization (SA) documentation, including SSPs, SAR, ST&E reports and other system security documentation.
- Conduct reviews and update security documentation, i.e. review and update the SSP, at least annually for assigned system.
- Support risk assessment and evaluation activities throughout the system's lifecycle.
- Implement a strategy for continuous monitoring for assigned systems including: Reporting all identified security findings and initiating the periodic review of security controls.
- Conduct required information system vulnerability scans in accordance to establish policy; develop system POA&Ms in response to reported vulnerabilities.
- Ensure compliance with annual FISMA deliverables and reporting.
- Investigate any information technology or system security incidents.
- Assess and mitigate system security threats/risks throughout the program life cycle; determine/analyze and delineate security requirements at a level of detail that can be implemented and tested; review and monitor security designs in hardware, software, data, and procedures; perform system security authorization (SA)/certification and accreditation (C&A) planning and testing and liaison activities; support secure systems operations and maintenance.
- Ensure the information systems Core controls, Incident Response Plan, and Contingency Plan is annually up to date; also provide IRP and CP training, performed the annual exercise.
- Utilize Confidential BigFix to maintain inventory, ensure component systems receive monthly security patches, and verify configuration management compliance.
- Utilize Tenable Nessus to perform scan, review found vulnerabilities, and troubleshoot Nessus and Security Center issues.
Principal System Engineer
- Validate compliance to standard IT configuration baselines for each platform, identify mitigations for non-compliance, and where required perform these mitigations for Computer Security Incident Response Team (CSIRT) technology.
- Create custom Reports; troubleshoot Nessus and Security Center issues.
- Support scanning and testing at the application level prior to production implementation and recurring scans on production systems. Reviewed vulnerability scans and worked with the ISSO to identify false positives, mitigation strategies, and system fixes.
- Maintain STIG’s and security configuration to ensure FISMA compliance within the Consumer Financial Protection Bureau (CFPB) environment.
Senior Cyber Security Engineer
- Accelerated development and delivery of security Assessment and Authorization (A&A) packages for a major Federal client using the Risk Management Framework (RMF) methodology.
- SME on National Institute of Standards and Technology (NIST) Special Publications (SP) and Agency specific guidance supporting the authorization and continuous monitoring of multiple General Support Systems (GSS) and Major Applications (MA).
- Provided direct support for completing technical assessment tasks associated with A&A IA Control assessments and package development.
- Tasks included conducting vulnerability scans using approved automated security tools, capture IS hardware and software inventory, identify and verify hostnames and Internet Protocol address domains, mapping accreditation boundaries, and develop network architecture diagrams.
- Developed the Security Assessment Test Plans and perform reviews of the technical sections of A&A supporting artifacts.
- Reviewed vulnerability scans and worked with the IS administrators to identify false positives, mitigation strategies, and system fixes and develop POA&M
Senior SOC Analyst
- Provided support for F-35 Lightning II Joint Strike Fighter (JSF), monitor current cyber threats in the DoD environment and implements counter measures to protect against such cyber threats.
- Monitor, identify and report malicious behavior on the network using logs from firewalls, Unix and Windows Event Logs, IDS/IPS, Anti-Virus, Web Proxy, Web Server, DNS, DHCP, and other sources.
- Identify root cause of incidents and provide mitigation and response action options.
- Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, and malware analysis tools
- Perform forensic analysis on network intrusions and attribute activity to perpetrators, identify potential data losses to network intrusions and determine if data was exfiltrated, and also track malicious behavior on the network and identify trends.
- Work with Information Assurance division to ensure appropriate procedures, oversight and compliance are known and implemented in the network.
- Escalate incidents to other internal department and external agencies as appropriate.
- Provide incident response capabilities to isolate and mitigate threats to maintain confidentiality, integrity, and availability for JSF data
- Maintain up-to-date knowledge of computer and network vulnerabilities, and exploitation tools and techniques.
- Meet with the CIO on a weekly basis to present/brief on current and ongoing SOC investigations.
- Mentor and train others in Information Security.
Systems Security Analyst
- Provide Certification and Accreditation (C&A) for Alcohol, Tobacco, and Firearms (ATF), in accordance to NIST 800 series, ATF handbook, and policy. This entails understanding and evaluating system architecture and a broad understanding of IT management, operations and technical practices.
- Assist with the Certification and Accreditation for sensitive but unclassified (SBU) systems, by validating that the information system meets a specified set of managerial, operational, and technical controls set forth by OMB FIPS 199 security Categorization.
- Review detailed descriptions of the controls, provide edits and feedback on their actionable quality, and based on the descriptions perform tests to prove the validity of these assertions through interviews, examining of evidence and either overseeing or directly running technical scanning tools against targeted systems.
- Develop and reaccredit System Security Plans (SSP) for major/minor applications and general support systems (GSS) ; and conduct and develop Security Test & Evaluations (ST&E), Risk Assessments (RA), Risk Mitigation (RM) Plans, and Plan of Action & Milestones (POA&M).
- Provide guidance and maintenance throughout the System Development Life Cycle of the systems. Participate in weekly IPT meetings to remain current of all system changes within the security environment.
Senior Security Engineer
- Provided support for Department of Homeland Security (DHS) EMS team,
- Assisted with Requirements and the Architectural design of the Enterprise Management System (EMS)
- Designed, installed, and configured VMware ESX (4.1), ESXi, and vSphere 4 environments with VirtualCenter management.
- Build, configured and deployed 2008 Server VMs for the Production and Development environments
- Ensure compliance with annual FISMA deliverables and reporting.
- Wrote Security Policies and provided assistance with PIA (Privacy Impact Assessment), SAR (Security Assessment Report), and BCP (Business Continuity Plan) documentation.
Senior Security Engineer
- Provided SOC support for US Agency for International Development ( Confidential ); my primary responsibilities involved Vulnerability Assessment, Port Security, Patch Management, and also Anti-Virus Management.
- Incident Response: Respond to computer security incidents, this process involves coordinating responses to computer security incidents and recommending a course of action on each incident.
- Follow the NIST recommended guidelines when handling an incident.
- Vulnerability Manager: Performed application/software vulnerability assessments, analyze vulnerability data and develop effective remediation strategies to mitigate vulnerabilities discovered.
- Establish and maintain contact with system owners and system administrators. ePolicy Orchestrator: Manage and maintain two EPO servers (Washington and Mission), there are a combined total of 7500 workstations and servers.
- Responsible for upgrading, setting policies, creating task, and ensuring all systems have the current data definition and Anti-Spyware installation. Maintained the SQL server, developed scripts to ensure the database
- Run weekly reports to meet SLA’s and complete daily maintenance work on both SQL databases
- Patch Management: Provide and maintain patch management repository. Review, research, and test security patches (software & application) in test lab before they were installed on Production systems. Developed scripts to help automate the patch process.
- Attend Change Control Board meetings to provide recommendation on changes applied to the Confidential network.
- Port Security: Implement and manage ports to prevent and track rogue machines from accessing the Confidential network
- Familiar with NIST Special Publications, OMB, and FISMA compliance.
- Host weekly Security Operation meetings with other Teams to ensure they are informed of the latest threats and vulnerabilities affecting the Confidential network. Also provide the System Managers and Owners information on how to remediate vulnerabilities and reduce threats to an acceptable level,
- Reviewed and updated Plan of Action and Milestones (POA&Ms).
- Assisted with the Certification and Accreditation process.
Network Security Engineer
- Implemented and managed port security to prevent and track rogue machines from accessing the Confidential network.
- Managed Cisco 2500 and 6500 series switches, responsible for identifying, verifying, assigning IP address, and updating the database. Activate / deactivate and cable ports on switches and change VLAN as necessary. Troubleshoot network connection on a switch to pinpoint problems.
- Managed and maintained the Citrix servers, performed weekly maintenance. Installed release packs FR3 and SP4 on the LAB servers for testing guidelines before upgrading on Production servers. Renewed Citrix Web Server ID certificates and setup a certificate on the RSA server. Deployed MSUS on the LAB and PRODUCTION servers to ensure servers would receive important updates. Created/set GPO’s on the LAB & Production servers and upgraded to SP-4 and FR-3.
- Researched, reviewed and mitigated security vulnerabilities from the network scan report. Responsibilities include coordination with system/application owner to address security vulnerability prior to applying Confidential approved security patches. Verified systems to ensure patches are correctly installed by utilizing Microsoft Baseline Security Analyzer and SMS.
- Utilized Remedy Support to perform change requests for add, move, delete, and change user location. Verify and follow- up with the AMS officers to ensure user information submitted is accurate.
- Assisted with the ePO client installation and updates on workstations and servers.
- Provided support for ( Confidential ) Missile Defense Agency, responsible for Systems Management and Administration, including system configuration, troubleshooting, security, resource monitoring, and developing specialized programs. Configure software for deployment through the use of SMS 2.0. Maintain Ghost network for imaging of pc’s for the Desktop.
- Updated SMS Servers security patches (software & application) updated the security settings/patches on the ghost images. Provide a daily status report on task or projects that were being worked.
System Analyst/NT Administrator
- Provided computer support to Directorate of Personnel & Security, troubleshoot hardware and software problems. Installed, configured, tested, and maintained Windows NT workstations.
- Migrated all Windows NT 4.0 workstations to Windows 2000, developed test images for Windows 2000 deployment and was pivotal in troubleshooting configuration problems with “legacy” software
- Configured laptops for RAS connection and trained clients on how to dial-in to the network; also troubleshoot network issues that prevented user’s access.
- Wrote Standard Operating Procedures concerning the installation and configuration of applications
- Answered calls and input helpdesk tickets into Remedy, distributed tickets to the different Teams within the computer support and followed up on open tickets.
- Utilized Microsoft Exchange Administrator to create new email accounts, Mail List, Resource and Services, and department calendars.
- Maintained the network print servers, installed local printers for users, created user accounts in User Manager, and also setup permissions on directories.
- Used SMS to upgrade applications and create batch files.
- Provided a monthly report stating the number of accounts that were added and deleted from the network.