OBJECTIVE:

To secure a position in which my skills and experience as an Cyber Security Compliance Officer will be effectively utilized in a challenging environment that promotes development and employee growth.

SUMMARY:

• I am a CISSP with over 20 years of Information Technology and Security experience.
• My comprehensive knowledge of IT Security “best practices” coupled with a genuine command of Federal Information and Technology Assurance regulatory requirements has directly assisted in strengthening the federal government’s IT Security posture and ensuring compliance with OMB, NIST, FISMA, DHS, FEMA guidance and policy.
• A natural leader, I have spearheaded the federal government’s FISMA implementation plan in multiple department and agencies.
• I have performed extensive research and analysis of federal regulations, compliance activities and industry best practices in developing policies and procedures such as analysis reporting and system assessments in support of federal information security programs.
• Further, I have managed the security initiative for Computer Security Awareness and Training for management, staff and contractors.
• My practical approach to the application of IT Security has been instrumental in the development of strategic and tactical remediation response to security issues, incidents and vulnerabilities.
• I have performed reviews of system audits to determine mitigation and resolution of negative findings as well updating Risk Assessments, Security Policies, Authority to Operate (ATO) and security controls to ensure regulatory compliance, the implementation of NIST best practices, and the continuity of business operations.
• My IT Security experience and insight are further highlighted by my development and facilitation of Tabletop Exercises, Security Control Assessments (SCA), After Actions Reports and plans in support of Federal Disaster Recovery program and Contingency Plan Development.

PROFESSIONAL EXPERIENCE:

Confidential

Information Assurance SME

Responsibilities:

• Provide cyber security subject matter expertise to corporate and federal executives as it pertains to proposal development and security program development.
• Develop and maintain strategic and tactical infrastructure security plans
• Develop and maintain plans, policies, and guidelines for the security architecture
• Perform a wide range of IT security support activities including:
• Security architecture, audit, and assessment
• Policy review and development
• Implementation, oversight, and enforcement of all security documentation, Plan of Action and Milestones (POA&Ms) and their timely closure, and artifacts in Cyber Security Assessment and Management (CSAM)
• IT security awareness and training, monitor and enforce compliance.

Confidential

Information Security Compliance Officer

Responsibilities:

• Provided management of Cyber Security reporting of data calls to Confidential CIO
• Managed and performed Policy analysis, development, and planning
• Performed compliance review of Risk Assessment, Security Assessment Reports, Pen Test
• Managed and performed update, review and audit of departmental Core Security documentation
• Provide Risk Management Framework compliance reviews for all Confidential OCIO managed systems
• Provided Management of Confidential OCIO Compliance Reviews for all bureau level systems Core Security documentation Security Authorization Documentation
• Provided Management review of Security Authorization and Assessment for all Confidential OCIO managed systems seeking ATO sign off
• Managed development, dissemination, and implementation of Confidential OCIO security policies and procedures
• Developed and facilitated the Security training of Confidential employees when called upon

Confidential

Cyber Security Compliance Officer

Responsibilities:

• Managed internal organizational Assessment and Accreditation (A&A)in accordance with Confidential and Confidential requirements
• Managed the organization’s execution and reporting of the quarterly FISMA continuous monitoring reporting
• Managed the remediation of POA&Ms as part of the Assessment and Accreditation for each mission system
• Managed compliance reviews of system security plans and core security documentation based on the NIST, Confidential CITR and Confidential Risk Management Framework
• Audited Reviewed, Updated and provided guidance of security program that includes Governance (A&A, Continuous Monitoring, FISMA, NIST, Confidential, Confidential, and Confidential policies and procedures).
• Applied Risk Management Framework techniques in accordance with Confidential CITR 19 Confidential, and NIST SP800 - 37 Revision 1
• Provided management of vulnerability scans/ review and vulnerability analysis reports for compliance with Confidential and Confidential requirements.
• Managed A&A artifact acquisition in accordance with NIST SP-800-53A, Confidential CITR 019 and Confidential Risk Management Framework Process
• Reviewed Tripwire Reports to detect anomalies and changes that deviate from “Known Good” baselines and provided feedback to determine corrective action for insecure or weak system configurations

Confidential

Cyber Security Compliance Officer

Responsibilities:

• Providing information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of systems maintained on behalf of Confidential
• Ensuring compliance with the security requirements of Confidential and Confidential policies, procedures, standards, and guidelines.
• Ensuring that information security management processes are integrated with Confidential strategic and operational planning processes.
• Provide optimal service in support of Confidential IT Security Continuous Monitoring effort by contributing significantly to the implementation of safeguards and processes designed to protect the confidentiality, integrity, and availability of Confidential ’s IT environment. Supported the Confidential OCIO Risk
• Reviewed and Assessed the implementation of Arcsight SIEM tool to ensure the configuration satisfied Confidential and federal security control requirements
• Manager by providing processes and procedures aimed at preparing Confidential to achieve more secure information systems and ensured compliance with federal information security standards by:
• Enabling more consistent, comparable, and repeatable assessments of security controls;
• Promoting a better understanding of Confidential -related mission risks resulting from the operation of information systems;
• Creating more complete, reliable, and trustworthy information for the Confidential OCIO - to facilitate more informed security authorization decisions and the issuance of ATO.
• Initiated development of an Confidential Information Assurance Program which defined processes geared at satisfying NIST requirements; work in concert with the existing compliant Confidential security policies, and provide mitigation strategy and support for designated Corrective Action Plans and POA&M tasks. Program tasks completed:
• Provided Management of Confidential OCIO Compliance Reviews for all Confidential systems Core Security documentation Security Authorization Documentation
• Provided Management of Confidential OCIO Security Authorization and Assessment for all Confidential systems seeking ATO sign off
• Managed development, dissemination, and implementation of Confidential OCIO security policies and procedures
• Developed and facilitated the Security training of Confidential employees when called upon
• Provided management of Cyber Security reporting of data calls to Department
• Managed and performed Policy analysis, development, and planning
• Managed and performed compliance review of Risk Assessment, Security Assessment Reports, Pen Test and SCAs
• Managed and performed update, review and revision of System Security Plan, Contingency Plans and Core Security documentation
• Provide Risk Management Framework compliance reviews for all Confidential systems

Confidential

Senior Information Security Consultant

Responsibilities:

• Providing information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of systems maintained on behalf of Confidential
• Ensuring compliance with the security requirements of Confidential, Confidential and Confidential policies, procedures, standards, and guidelines.
• Ensuring that information security management processes are integrated with Confidential strategic and operational planning processes.
• Enabling more consistent, comparable, and repeatable assessments of security controls;
• Promoting a better understanding of Confidential -related mission risks resulting from the operation of information systems; and
• Creating more complete, reliable, and trustworthy information for Confidential - to facilitate more informed security accreditation decisions and the issuance of ATO.
• Provided C&A Documentation review and remediation
• Developed, disseminating and implementing security policies and procedures
• Developed and facilitated the Security training of ESA employees
• Provided security reporting of data calls
• Policy analysis, development, and planning
• Review of Risk Assessment
• Review and planned revision of System Security Plan
• Review, update and revision of Contingency Plans

Confidential

Senior Information Security Consultant

Responsibilities:

• Supported Agency Information Security Officer in the role of Compliance Officer providing FISMA, NIST, OMB A130, and FIPS 200 policy/procedural resource information and compliance road map data.
• Spearheaded agency 800-53 Implementation Plan in support of departments FISMA compliance mandate
• Perform research and analysis of federal regulations, compliance activities and industry best practices in development of agency Cyber Security processes
• Perform policies development, Analysis Reporting, and system assessments in support of Information Security Program development.
• Performed review of system audits to determine mitigation and resolution of negative findings
• Instrumental in development of strategic and tactical remediation response to security issues, incidents and vulnerabilities.
• Reviewed and updated Risk Assessments, Security Policies, ATO and Security Controls to bring client into compliance with OMB, NIST, FISMA, PDD 67 FPC-65, etc.

Confidential, Reston, Virginia

Senior Information Security Consultant

Responsibilities:

• Perform research and analysis of federal regulations, compliance activities and industry best practices for Business Continuity and Disaster Recovery processes.
• Perform policies development, Analysis Reporting, and system assessments in support of Information Security Program development.
• Performed and documented Gap Analysis and closure reports.
• Developed Disaster Recovery and Contingency plans in accordance with NIST SP 800-34 as mandated by OMB A-130 section III and FISMA.
• Performed system assessments, technical analysis, and operational analysis in support of business impact analysis development.
• Researched IT organizational shortfalls and develop Plans of Actions and Milestones to assist in the mitigation and corrections of discrepancies.
• Facilitated Tabletop Exercises in support of disaster recovery program and COOP development.
• Developed Requirement matrix and checklist for Emergency Relocation Facility design and selection.
• Instrumental in developing road maps for implementing strategic and tactical system availability solutions.

Confidential

IT Security Specialist/Business Continuity Coordinator

Responsibilities:

• Develop and manage Contingency Planning and Disaster Recovery Programs.
• Perform business impact analysis to determine system criticality in development stages of Business Continuity Planning.
• Development and testing of alternate relocation facilities.
• Develop presentations and road maps to address the remediation of critical vulnerabilities and mitigation of risk.
• Brief Management, staff and other clientele of the importance of security in the System Development Life Cycle Development process.
• Provide security education and awareness training to Management, staff and contractors.
• Performed system audits to acquire operational specifications to assist in design of alternate relocation facilities.

Confidential, Ft. Belvoir, VA

Network Administrator/Security Analyst

Responsibilities:

• Evaluated corporate clients’ needs, current systems and equipment and made recommendations and proposals for future enhancements to ensure security is incorporated in the SDLC.
• Assisted in upgrading existing network configurations; supported implementation of new infrastructure to serve all applications.
• Managed 14 subnets for IP Distribution to over 1300 workstations and associated network devices providing secure communications in the DOA MEDCOM.
• Provided technical support and supervision for five System Administrators and their assigned applications to ensure compliance with Security Policy.
• Installed, configured and managed backup solution and disaster recovery options.
• Managed 23 servers (WINS, DHCP, DNS, FILE, PRINT, BDC, DBSS and SHARE) including 4 remote locations.
• Researched and implemented vulnerability remediation for entire LAN.
• Analyzed LAN and operating systems to identify and resolve security issues, ensuring excellent customer satisfaction and solid client retention.
• Access Control Management: Administered WinNT/2000 domains, groups, rights, permissions and shared resources for 1500+ users throughout the LAN.
• Provided configuration management support for WinNT/2000 Network including building, configuring, upgrading and troubleshooting all software and hardware.
• Assisted in upgrade and company-wide implementation of WinNT and testing all units and network for complete functionality.
• Responsible for workstation configuration, LAN repair and system maintenance.
• Performed all levels of troubleshooting such as desktop support, hardware repair, software installation, software testing and Server repair.
• Assisted the Lead Engineer with installation and configuration of hardware (Hubs, Switches and Routers) that enhance the overall performance of the network.
• Provided network printer installation and configuration; provided implementation and assignment of TCP/ IP configurations and network interface.
• Maintained 100% uptime for over 100 workstations in a fast paced, medical office environment contributing to the optimum performance status of the ADA.
• Analyzed Server, PC and application issues, resolving quickly and completely ensuring maximum productivity and peak performance.

Confidential

Tactical System Specialist

Responsibilities:

• Provided micro miniature electronic repair for airborne speech security systems and onboard computer systems.
• Provided intermediate and organizational level testing and calibration for avionics and communication/ navigation systems.
• Managed Maintenance Instructional Publications as assigned by Quality Assurance and Compliance office in setting threshold for IMD RFI Standards.
• Provided I/O technical support to Confidential fighter and photographic squadrons.
• Supervised Tactical Air Reconnaissance Pod I-level team.
• Provided tactical and mission capable system resolution for TACAN, Doppler, APQ-76, Radar Altimeter, IFF and Airborne Fire Control Systems.