QUALIFICATION SUMMARY:

• Over 25 years’ experience in information technology and security
• Dedicated, results driven and detail - oriented information systems security professional with proven IT/IS leadership success in managing, developing, implementing and providing technical solutions to government clients
• Seasoned professional with excellent administrative, analytical and proven problem-solving skills used instructing, directing, coordinating, motivating and mentoring junior and middle level Information Assurance Professionals

PROFESSIONAL EX PERIENCE:

Confidential

Principle Security Engineer

Responsibilities:

• Developing, updating and maintaining security documentation for each system in accordance with established Federal Agency requirements including but not limited to System Security Plans (SSPs), Security Concept of Operations (CONOPS), Standard Operating Procedures (SOP) and other pertinent system security documentation for all supported systems
• Lending Confidential and experience in supporting other agency assessments and authorizations
• Lending experience working with automation tools such as but not limited to EXACTA, eMASS, Risk-Vision and CSAM
• Ensuring assigned information systems are operated, maintained and disposed of in accordance with approved security policies and best practices
• Ensuring system security requirements are addressed during all phases of the IS lifecycle
• Conducting reviews and updating security documentation for all assigned systems as changes are identified and approved by the Technical Review Board (TRB) and Configuration Management Board (CMB)
• Authored or co-authored the development of other required system security documentation such as but not limited to: Configuration Management Plan (CMP), Contingency Plans (CP), Continuity of Operations (COOP), Disaster Recovery Plans (DRP) and Incident Response Plans (IRP)
• Supported continuous monitoring, risk assessment and evaluation activities throughout the system's lifecycle and participated in early discussions regarding moving future systems into the cloud
• Prepared and briefed system owners and stakeholders regarding vulnerabilities identified from selected auditing events and abnormalities
• Identified, reported and monitored security findings until such findings were mitigated
• Initiated, updated and reported Plan of Actions & Milestones (POA&M) status to system owner on a weekly basis
• Supported and ensured compliance with annual FISMA reporting requirements
• Attended and particpated in weekly Technical Review Board (TRB) Meetings regarding Request for Changes (RFC) that could affect the systems security posture and possibly resulting in a Security Impact Assessment (SIA) being created to address vulnerabilities
• Acknowledged vulnerability alerts, monitored status, tracked patch compliance windows and reported compliance shortcomings to system owner and administrators
• Performed Security engineering analysis, assessed risks and vulnerabilities, monitored and analyzed security functional tests
• Mentored to junior and middle level Information System Security Officers (ISSO) regarding information security on a daily basis

Senior Information Systems Security Officer

Confidential

Responsibilities:

• Maintaining system security accreditation information in the Risk Vision repository
• Developing and enforcing Information Assurance policies and procedures
• Ensuring systems are operated in a secure manner
• Developing and implementing information security awareness training
• Managing user accounts and access control database
• Initiating system decommissioning and disposal efforts in accordance with agency security policies and procedures
• Conducting Information Technology Contingency Plan (ITCP) and Incident Response (IR) exercises
• Preparing, investigating and reporting information security incidents in accordance with the Enterprise Security Operations Center (ESOC) Incident Response Plan
• Conducting by-weekly Confidential indoctrination briefings for new employees
• Conducting Rules of Behavior ( Confidential ) Briefings for Sensitive Compartment Information (SCI) u sers
• Conducting standalone media scans and Nessus network vulnerability scans
• Conducting Data Transferring operations of unclassified and classified information for management and staff limited to small number of privileged users

Confidential

Information System Security Officer

Responsibilities:

• Maintaining system security accreditation information in the Risk Vision repository
• Developing and enforcing Information Assurance policies and procedures
• Maintaining user account and access control database
• Coordinating and conducting annual Information Technology Contingency Plan (ITCP) and Incident Response (IR) Training
• Preparing and reporting information security incidents in accordance with agency Enterprise Security Operations Center (ESOC) Incident Response Plans
• Conducting Information Security ( Confidential ) indoctrination briefings for new employees
• Conducting Rules of Behavior ( Confidential ) Briefings for Sensitive Compartment Information Users
• Coordinating and conducting media and vulnerability scans
• Coordinating and conducting Data Transferring operations for management and staff

Senior Information Systems Security Officer/Advisor

Confidential

Responsibilities:

• Identifying and documenting known weaknesses
• Identifying and developing a list of proven process solutions for known weakness based on best practices and lessons learned from information security professionals in the field
• Building a repository of proven process solutions and best practices using a single automated management tool to simplify and streamline searches for customer base
• Testing, interviewing and documenting responses from customer base and incorporating results into an updated lesson learned
• Developing a user’s manual to help customers use and maintain repository

Senior Information System Security Officer

Confidential

Responsibilities:

• Oversight of information system security operations and providing information system security support for 13 law-enforcement and medical information systems
• Providing continuous monitors activities for five unique information tracking systems
• Assisting team members with the requirements to operate and enter the on -going authorization (OA) process
• Creating internal security processes and procedures for the team including coordinating and evaluating privacy requirements with the organizations privacy officer as they relate to information security
• Conducting weekly status meetings, facilitating delivery of information, monitoring assigned tasks and overseeing and reporting status of systems to stakeholders
• Planning, coordinating and analyzing vulnerability scans and monitoring remediation results
• Working with administrators in mitigating findings, creating Plan of Actions and Milestones (POA&M) for findings that cannot be resolved by compliance date, reporting open POA&Ms to system owner and tracking the finding status until compliance is met
• Updating and maintaining the Risk Management System (RMS) and Trusted Agent (TA) repository for FISMA compliance
• Transition system information from the discontinued RMS and Trusted Agent repository to the new EXACTA database
• Developing and counseling team members and evaluating performance