PROFESSIONAL SUMMARY:

• Confidential ’s career in Information Technology has spanned 19 years in a steady, upward progression of increased technical skills, leadership roles and evolving responsibilities.
• As a Governance, Risk Assessment and Compliance (GRC) Analyst Confidential Virtustream, he played an instrumental role in the Compliance Team as it successfully obtained an Authority to Operate (ATO) for a first - of-its kind system: a commercially-owned, commercially-operated cloud instance for the Defense Logistics Agency (DLA) of the Department of Defense ( Confidential).
• As an Associate Chief of Security in the Confidential ’s Office of Security Operations, he was involved in Confidential security policy review, the development of a robust Assessment, Compliance and Inspection team, working with all levels of Confidential management to bring internal Confidential systems to their required security and acceptable risk levels, as well as to ensure their compliance with the regulatory requirements of the Intelligence Community.
• One of Confidential ’s core skills is his ability to explain technical and security issues in “plain English” to executive staff and team members with lower levels of expertise.
• 13 Years performing Information Security (InfoSec) work in a professional setting, including governance, risk management, compliance, accreditation-authorization support and policy creation; 19 years overall in the Information Technology realm
• Recognized twice as the Confidential Office of Security Operations (OSO) Employee of the Quarter (2012. 2014) and honorable mention as the Confidential OSO Employee of the Year in 2016
• Team Lead for the Office of Security Operations (OSO) IT/IS Development, supervising and directing development efforts to obtain system Authority to Operate (ATO) status while adhering to the Systems Development Lifecycle (SDLC) and continuous monitoring methodologies; provided system metrics and milestones to memorialize team progress and achievements
• Worked with a wide variety of customers with a priority of, and commitment to, providing the highest level of customer service. Customers included the Director’s Office, Office of Public Affairs, Weapons of Mass Destruction Directorate, Insider Threat Center, and the Office of the Private Sector
• Spearheaded cooperation with widely diverse organizations (including the System/Data owners, System Support and Administrators, Confidential SIOC and, Security Division) to remediate (or mitigate, when necessary) security vulnerabilities and open POA&M items
• Extensive experience with the standard Confidential assessment tools such as Nessus, WebInspect and AppDetective and reviewing and analyzing the results of the scans
• Extensive knowledge and experience with Information Assurance, including NIST 800-series, Federal Information Security Management Act (FISMA), Federal Information System Controls Audit Manual (FISCAM), System Security Plans (SSPs), Contingency Plans (CPs), Configuration Management Plans (CMPs), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA) and all other documentation required to obtain an Authority to Operate and maintain FISMA compliance
• Prior to the above, Confidential was the Team Lead for the OSO Risk Assessment Team, supervising and directing annual internal OMB A-123 control assessments and on-demand security control assessments of Confidential systems as directed by the Chief Security Officer. Risk Assessment Team duties included:
• Conducting information system security controls assessments (SCAs) utilizing standard auditing techniques
• Ensuring that the proper interpretation of the control requirements is used
• Determining if the artifacts provided are sufficient, and
• Recommending remedial actions to the customer to ensure compliance
• Closely working with the Department of Justice Internal Review and Evaluation Office (IREO) team to ensure assessment goals were met in a timely manner with the best quality
• Primary Development Team ISSO lead for pursuing ATOs for Cloud-Based systems and applications
• Extensive experience with RiskVision, CSAM and CSAM-S
• Extensive System Administrator and System Integrator experience with:
• InfoSec engineering, design concepts and principles
• Server/network security and
• The DIACAP/DISCAP C&A process, including Gold Disk and Retina scans, STIG lockdowns, the DISA Vulnerability Management System (VMS), POA&M maintenance and remediation, IATS usage and tracking, along with file, web and database server hardening

EXTENSIVE KNOWLEDGE OF AND TECHNICAL EXPERTISE IN:

• Windows Server 2008
• Windows Server 2003
• Windows 2000 Server
• Windows 8/8.1
• Windows 7
• Windows Vista
• Windows XP
• Symantec Anti-Virus
• Cyber Security Assessment and Management (CSAM) Certification and Accreditation (C&A) Web solution
• DISA Gold Disk
• DIACAP Compliance Tools: STIG’s, SRR’s, Checklists eEye Retina Vulnerability Scanner
• Microsoft Baseline Security Analyzer (MBSA)
• Windows NT 4.0
• Windows 95
• Windows 3.1
• OS/2 (Warp) 3.x,
• Exchange 5.5/2000/2003
• Microsoft Office 2010/2007/2003/2000/97
• DOS
• Lotus
• Paradox, Alpha 5, WordPerfect and others
• Extensive experience with Cisco firewalls, Radware load balancers and other relevant networking hardware, software and protocols
• Working knowledge of Windows Vista and Exchange Server 2007
• Microsoft Certified Professional (MCP) for Windows 2000
• Microsoft Certified Systems Engineer (MCSE) for Windows NT 4.0

WORK EXPERIENCE:

Confidential, McLean, VA

Risk Management and Compliance (GRC) Analyst

Responsibilities:

• The development and implementation of strategic plans and the creation and editing of written material that used for the DLA / Confidential accreditation
• Analysis and interpretation of current documentation to determine gaps and develop corrective plans
• Providing support in compliance-related documentation creation and updates
• Ensuring compliance with DISA and NIST data-security policies and relevant legal and regulatory requirements in accordance with Confidential directives and applicable Confidential requirements.
• Identifying, researching, developing and amending documents in order to support and comply with legislative requirements, client requests, and/or industry practices
• Ensuring compliance with protection requirements, control procedures, incident management reporting, remote access requirements, and system management for all systems as well as use of encryption for protecting Controlled Unclassified Information (CUI) including Personally Identifiable Information (PII) and classified information
• Communicating with internal and external clients and providing education and information about existing and new compliance requirements
• Ensuring accreditation success through delivery of required artifacts

Confidential, Washington, DC

Team Lead

Responsibilities:

• Oversee the system development process including initial system documentation, system control assessment and documentation
• Conduct system control assessment, including drafting of control implementation statements, artifact-request lists, request POA&M entry creation and the documentation of the results in RiskVision system of record
• Post assessment duties including advising technical Confidential 's to ensure that the best course of remediation is followed

Confidential, Washington, DC

Team Lead

Responsibilities:

• Conduct A-123 control assessments for FY 2012, create and maintain POA&M list, work with technical Confidential 's to determine best course of remediation
• Review vulnerability-scan reports and update the C&A documentation to reflect the current security posture of assigned systems
• Assisting in the remediation of the legacy A-123 findings from previous control assessments, creating risk-based decision documentation for controls that cannot be expeditiously remediated
• Conducting investigations Confidential the request of the Chief Security Officer (CSO) by researching and addressing security issues and serving as an authority on the subject
• Sanitizing and mitigating security incidents for four divisions served by the OSO

Confidential, Washington, DC

Information System Security Officer

Responsibilities:

• Creating the C&A documentation materials (System Security Plan, Contingency Plan, Configuration Management Plan, Risk Assessment, etc.) to support the ATO renewal of five General Support Systems
• Working with the system owner(s) to ensure that controls are properly implemented or remediated, as well as with the technical leads to conduct annual self-assessments as required

Confidential, Vienna, VA

Senior Systems Analyst

Responsibilities:

• Administering the DADMS test and production environments, including backups, disk mirroring, configuration, testing and maintenance
• Maintaining and configuring Cisco PIX 506/506E routers
• Installing, configuring and using Vice Versa mirroring and ServersAlive monitoring software
• Basic configuration and troubleshooting of Oracle 9i and Macromedia Coldfusion MX 7.0
• Configuration and testing of Radware load-balancing device
• General troubleshooting of connectivity and configuration issues
• Experience with Remote Server Administration (RSA) cards and serveRAID Manager

Confidential, McLean, VA

Senior Network Administrator

Responsibilities:

• Responsibility for the Emerging Technologies Laboratory network overseeing approximately 100 Windows servers and 300 workstations.
• Primary senior network administrator responsible for network hardware, connectivity and operating system support
• Administer Lab domain's Active Directory, using multiple forests/multiple domain topology
• Maintain and configure Windows NT 4.0, Windows 2000, Windows XP and Windows 2003 servers and workstations, Nortel switches and a variety of networking equipment
• Installation, configuration and use of Altiris Notification and Deployment servers
• Experience with EMC Connectix and Celera SAN solutions
• Configuration and installation of IIS web servers.
• Administration of Microsoft Exchange 5.5 and Exchange 2000 mail servers
• Troubleshooting user connectivity, OS and networking issues

Network Administrator

Confidential

Responsibilities:

• Responsible for maintaining the corporate network, including approximately 40 web and web-development servers
• Supervised two junior support staff members, including performance reviews
• Maintained Corporate Information Systems budget and created annual forecast of future hardware, software and networking needs
• Primary network administrator of a wide-area network consisting of the Confidential headquarters and four satellite offices in Maryland, Washington, DC, Denver and Pasco, Washington
• Primary user support staff for approximately 100 in-house users, plus 20 remote users who accessed network via VPN
• Implemented and trouble-shot company's Internet connection and web presence
• Maintained and configured WatchGuard and Checkpoint firewall solutions and VPN connections for remote access into the network
• Maintained frame relay and VPN connections between corporate offices to ensure maximum uptime and access to network resources.
• Ordered, installed, configured and maintained corporate servers, workstations and laptops

Confidential

Tour Manager and Coordinator

Responsibilities:

• Nearly yearly leadership of Smithsonian tour group tours to Russia
• On-site coordination of all events, including theater performances, special visits (VIP access to events, artists’ studios, backstage presentations), and transportation
• Troubleshooting issues as they arise, including but not limited to hotel booking issues, transportation (or lack thereof), chartered boat conflicts, tour member compatibility issues, payments and invoicing,
• Acting as Tour Manager for large, complex tour programs such as the Smithsonian Russian River Cruise, among others

Confidential, Washington, DC

Director

Responsibilities:

• Direct supervision of 15 Travel Program Designers and Operations Officers; leadership of weekly departmental meetings, and Monthly company-wide meetings to review policies, procedures and finances
• P&L responsibilities over department staffing, programs and annual budgets; tour programming and pricing; monthly tour financial reports
• Project development and management of large and high-end travel programs
• Evaluation and recommendation of staff training; supervision of in-house training program; personal training of Program Designers
• Trouble-shooting and crisis management
• Evaluation of employee performance on an annual basis
• Writing of proposals, brochure copy, information and training manuals
• Creation and oversight of the Tour Staff database
• More than 40 business trips to the Soviet Union for Research & Development or for managing groups, plus trips to Mongolia, Egypt, Confidential and Iceland

Assistant Director

Confidential

Responsibilities:

• Directing staff of 6 Operations Officers; assisting the Director of the Program Department in supervising staff of 9 Program Designers
• Prioritizing staff deadlines and reducing work overload among team members

Program Designer

Confidential

Responsibilities:

• Financial management of programs and operation of programs through international overseas contacts