SUMMARY:

• Resourceful, adaptable and self - motivated Information Technology Professional with over 16 years of experience providing hardware, software, network, Information Security and Systems Engineering support to large corporations and organizations.
• Proven ability to manage projects throughout the Software Development Lifecycle (SDLC), including determining project priorities and driving adherence to deadlines.
• Exceptional communication skills as demonstrated by experience providing training and creating documentation for Keane Federal Systems, Northrop Grumman and Confidential .
• Proven effective oversight of Incident/Event Management and continuous monitoring processes of systems which includes metrics gathering and reporting in adherence to Service Level Agreements’ and overall system security.
• Proven effective management/oversight of Decision Support System (DSS) comprised of a Data Warehouse which provided reporting and modeling of critical data.
• Certifications/Training include Oracle8I Database Administration (George Washington University - Oracle University curriculum), Red Hat Linux Essentials (RH033) and Red Hat Linux System Administration (RH131) and Sun Enterprise and Workgroup Servers.
• Learning Tree Certificate/Training in Windows Server 2008 R2, Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP).

TECHNICAL SKILLS:

Software: Oracle 8i,9i,10g,11g, MS Access, SAP, Lotus Notes, Great Plains Accounting Software, Larson, Active DirectoryHummingbird DOCS Open, Novell Zen for Desktops, Metastorm eWorkePower, Microsoft Virtual Server, Hyper-V, SharePoint, VMware, Crystal Reports, IBM Cognos, BPM. Version Manager, BMC Remedy, CA Wily Introscope (APM), ESM (DISA Monitoring tool), AlertBot, SourceSafe, PVCS Tracker, MS Visio, MS Access, MS Project, Splunk, Nessus (Tenable Security Center), McAfee Vulnerability Manager, FortiWeb, XACTA, CSAM, EMASS

Operating Systems: Unix, Windows 7/8, 2003/2008/2012 Server, Linux, Macintosh

Programming Languages: Ability to read and understand the following languages Java, JavaScript, Perl/CGI, C++, HTML, Visual Basic, MSQ1

PROFESSIONAL EXPERIENCE:

Confidential, Silver Spring, MD

Senior Information System Security Officer

• Advises the CIO, CISO, System Owners, Business Owners, and government stakeholders on governance, policies, and mitigation efforts to manage risk within the enterprise and strengthen the security within the organization
• Assigns and manages system assignments to the team of ISSOs; provides leadership and guidance to a team of 5 ISSOs
• Audits security implementations of cloud service providers (CSPs); works with cloud services such as Amazon AWS, Microsoft Azure, Microsoft 365, and other application specific software as a service (SaaS) cloud providers
• Audits security policy, processes, and procedures for compliance with OMB & NIST guidelines
• Briefs CIO, CISO, system owners, business (information) owners, senior management and all applicable stakeholders on security posture of assigned systems
• Creates and assembles security packages and briefings for systems undergoing ATO activities
• Creates reports detailing risk, security posture, and POA&M status of all systems in the department
• Creates, develops, reviews & updates security plans: SSP, CMP, ISCMP, DR, BCP, ISP, and others
• Defines, implements, and maintains policies, procedures and processes to meet regulatory and security requirements
• Enforces and manages security programs to ensure compliance with information security requirements
• Enforces cloud service providers (CSPs) and 3rd party vendor’s compliance with the department’s security requirements
• Ensures compliance with all assessment & authorization (A&A) requirements to include system implementation, security control implementation, and operation/maintenance of financial, general support, and cloud systems/solutions
• Ensures information and information systems are protected, used, maintained and disposed of IAW applicable governing policies and procedures
• Ensures security impact assessments (SIAs) are completed for support of configuration management processes/procedures for all changes to systems’ environments
• Ensures the overall risk level is at an acceptable level according to the threat appetite of the agency
• Establishes goals and priorities for the ISSO team for improving the efficiency and effectiveness of the department’s cybersecurity program objectives and requirements
• Facilitates yearly requirement for contingency, disaster recovery, and incident response plan testing
• Investigates, documents, and reports security incidents and provide protective & corrective measures to such incidents
• Liaisons with system owners and business owners to ensure system security compliance IAW all laws, executive orders, directives, and regulatory requirements
• Manages all the IA/Cyber aspects and activities of over 40 complex and interconnected information systems; to include cloud systems
• Manages the development and implementation of enterprise information security strategies, policies, standards, and procedures to ensure ongoing continuous monitoring of the information security program
• Monitors vulnerabilities and threats to the enterprise to ensure effective tracking, remediation, and closure of POA&Ms
• Oversees the preparation and maintenance of plans and procedures to provide continuity of operations for information systems to include IRP, CP, CMP, DR, and other related plans
• Participates in the strategic planning of the development of technologies, transition to cloud services, and enhancements to all security programs for the agency
• Prioritizes security tasks and allocate resources to complete the tasks on time
• Protects the confidentiality, integrity, and availability of all agency’s information
• Reviews and approves all security reporting, policy, procedures, and security-related documentation drafted by the team
• Serves as the principle liaison for external stakeholders to achieve integration for all cybersecurity requirements and compliance
• Serves on the hiring team for potential candidates for the ISSO team

Confidential, Washington DC

Senior Cyber Security Specialists (Lead)

• Serves as the Security Team Lead responsible for strategically and tactically leading the overall planning, organizing, and execution of all Information Technology Security functions for Technical Division of T bureau directed by the ISSO and Department of States information technology and security policies. Provides guidance in regards to federal security regulations, policies, procedures, standards and guidelines in support of Risk Management Framework (RMF) preparation and compliance.
• Drafts and Maintains Security Policies, Plans and Procedures.
• Provides Security Program oversight ensuring NIST and FISMA compliance.
• Conducts quarterly Security Assessments in accordance to Security Assessment Plans.
• Advised and assist associated organization POCs in their efforts to prepare and submit ATO and ATC packages to their respective approval authorities.
• Participates in interchange meetings and working groups with diverse program partners to gather data and execute preparation of validation assessment activities as required.
• Performs in-depth security assessment scans (MacAfee Vulnerability Management, SCAP, Nessus, Tenable Security Center - ACAS) and activities on various information systems identifying risks and remediation strategies of security issues based on reports from vulnerability assessment scanners, STIG reviews, patch management tools, and emerging threat information.
• Manages efforts to improve network/system security posture by the implementation of effective cyber defense solutions/tools.
• Participates and provides guidance in relation to Continuity of Operations planning and testing initiatives.
• Ensures that all required and applicable information security controls (NIST SP 800-53) have been properly identified, implemented and maintained as intended.
• Reviews work instructions and operational procedures for compliance with security requirements and policy.
• Trackes changes to system components, environment, and location. Ensures all system components and changes go through the required reviews and approval process.
• Works with Operations and Engineering team in regards to the planning and implementation of ACIS. Ensuring all security standards and best practices are integrated in design in order to prepare for the planned A&A.
• Initiates, coordinates and tracks the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM). Regular reviews and evaluation of the Plan of Action and Milestones (POAMS) to closure.
• Prepares and manages Information Assurance/Security documentation and security operational activities to ensure regulatory requirements are met.
• Creates reviews and edits TD A&A documentation. Provides support/guidance in all areas of information system security , including physical security , administrative security, personnel security , computer security , operations security .

Confidential, Arlington VA

Senior Cyber Security Specialists (Lead)

• Served as the Security Team Lead responsible for strategically and tactically leading the overall planning, organizing, and execution of all Information Technology Security functions for Technical Division of T bureau directed by the ISSO and Department of States information technology and security policies. Provides guidance in regards to federal security regulations, policies, procedures, standards and guidelines in support of Risk Management Framework (RMF) preparation and compliance.
• Drafted and Maintains Security Policies, Plans and Procedures.
• Provided Security Program oversight ensuring NIST and FISMA compliance.
• Conducted quarterly Security Assessments in accordance to Security Assessment Plans.
• Advised and assist associated organization POCs in their efforts to prepare and submit ATO and ATC packages to their respective approval authorities.
• Participated in interchange meetings and working groups with diverse program partners to gather data and execute preparation of validation assessment activities as required.
• Performed in-depth security assessment scans (MacAfee Vulnerability Management, SCAP, Nessus, Tenable Security Center - ACAS) and activities on various information systems identifying risks and remediation strategies of security issues based on reports from vulnerability assessment scanners, STIG reviews, patch management tools, and emerging threat information.
• Managed efforts to improve network/system security posture by the implementation of effective cyber defense solutions/tools.
• Participated and provide guidance in relation to Continuity of Operations planning and testing initiatives.
• Ensured that all required and applicable information security controls (NIST SP 800-53) have been properly identified, implemented and maintained as intended.
• Reviewed work instructions and operational procedures for compliance with security requirements and policy.
• Tracked changes to system components, environment, and location. Ensures all system components and changes go through the required reviews and approval process.
• Worked with Operations and Engineering team in regards to the planning and implementation of ACIS. Ensuring all security standards and best practices are integrated in design in order to prepare for the planned A&A.
• Initiated, coordinated and tracked the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM). Regular reviews and evaluation of the Plan of Action and Milestones (POAMS) to closure.
• Prepared and manages Information Assurance/Security documentation and security operational activities to ensure regulatory requirements are met.
• Created reviews and edits TD A&A documentation. Provides support/guidance in all areas of information system security , including physical security , administrative security, personnel security , computer security , operations security .

Information Systems Security Officer (ISSO)

Confidential

• Provided Cyber Security ISSO support the Air Force NCR - AFDW (844th Communications Group)
• Provided Certification and Accreditation support in order to ensure and maintain the system's security and accreditation status, which requires regular interaction with System Administrators and reviews of system maintenance and plan documentation. Perform in the Assessment & Authorization (A&A) role to ensure networks have the proper Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. Utilized EMASS as the system of record to process and track all A&A activities.
• Advised and assisted associated organization POCs in their efforts to prepare and submit ATO and ATC packages to their respective approval authorities.
• Regular reviews and evaluation of the Plan of Action and Milestones (POAMS) to closure.
• Advised and assist associated organization POCs in their efforts to prepare and submit ATO and ATC packages to their respective approval authorities.
• Monitored, evaluated systems and procedures to protect and mitigate unauthorized access. Identified potential threats and responded to reported security violations. Worked with team member in determining causes of security breaches in order to recommend, and implement changes to procedures in order to maintain and ensure overall improvements to security posture.
• Conducted risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
• Led the account management team and enforces best practices for granting final ISSO/IAO approvals for account requests and controls users’ access.
• Conducted regular reviews and testing of system and program security and engineering processes.
• Ensured implementation of these security measures by conducting annual security reviews and system tests: Regular evaluation of security controls to ensure FISMA compliance.
• Tracked changes to system components, environment, and location. Ensures all system components and changes gone through the required reviews and approval process.
• Serves as a resource to users for security questions concerning systems.
• Managed and Tracked incidents and task via BMC Remedy. Develops on going reports as required.

Senior Systems Engineer - Lead Technical Architect

Confidential

• Provided systems engineering/technical Analysis support to the World Banks: International Bank for Reconstruction and Developments Value Reporting Project.
• Provided general expertise in the evaluation of the current value reporting system.
• Worked with the team in drafting the current state reporting diagram which depicted both Business workflows and technical components of the system.
• Prepared all technical inquiries as part of the Discovery Phase of the project. Identified key technical personnel as part of the interview process.
• Evaluated current system capabilities and requirements for future system capabilities based on current and future Business requirements.

Lead Senior Systems Engineer

Confidential

• Provided systems engineering and management support to the Total Force Structure Management System (TFSMS’s) and Defense Readiness Reporting System Marine Corp (DRRS-MC) Program Management Office (PMO).
• Provided general expertise in the evaluation of technical solutions being provided to the government (primarily Oracle Database Management System (DBMS), Oracle e.Business Suite (EBS), Google Search Appliance and Cognos based solutions).
• Provided Management/oversight of Decision Support System (Data Warehouse) in order to ensure data confidentiality, integrity and availability. System provides the critical reporting and modeling of Table of Organizations - T/Os and Tables of Equipment - T/Es to TFSMS users.
• Monitored daily ETL processes and ensured engineering team members addressed issues as presented.
• Reviewed the System Integrator’s Contractor Data Requirements Lists (CDRLs) or deliverables (e.g., design documentation and system maintenance plans, system administration manuals)
• Managed technical assets and provides program logistics support.
• Supported the Configuration/Change Management process and management of the systems baseline.
• Led the execution of Physical Configuration Audits (PCAs).
• Facilitated and supported the Systems Engineering Technical Review (SETR) process
• Led and executed the Failure Reporting, Analysis and Corrective Action System (FRACAS) initiative to the program, which included Weekly/Bi-Weekly Reviews as needed.
• Gathered and conducted reviews of system metrics (Performance, Systems Resource Utilization and Incident/Event management). Established Resource utilization thresholds and periodic reviews of annual growth rates for capacity planning. Included the use of CA Wily Introscope - APM, Perfmon, VMware vCenter, Oracle Event Based and F5 alerts, Oracle iSupport and Teleservice.
• Developed reports in ESM (DISA Monitoring tool).
• Conducted reviews of user surveys in order to enhance the users experience through continuous system optimization.
• Worked with product vendors and entities other Marine Corps entities to coordinate hardware, software, warranty, and license procurement and extension requirements
• Performed technical evaluation of systems, sub-systems, and components
• Conducted monthly reviews of all (Technical and Functional) Engineering Change Proposals (ECP’s) scheduled for deployment. Additionally, Plans and Led/Facilitated design reviews as necessary.
• Facilitated/Coordinated TFSMS interface activities.
• Tracked and Managed/oversight for Secure File Gateway (SFG) relays.
• Coordinated/Planned and Facilitates Production / Systems Engineering Working Group’s and Technical Interchange Meetings.
• Ensured engineering decisions, product specifications, and identified solutions fully consider logistics support and total ownership cost requirements.
• Ensured that engineering decisions are aligned with the project’s Information Assurance (IA) requirements.
• Planned for hardware/software upgrades, technology refresh initiative, and system life-cycle sustainment.
• Investigated potential courses of action to reduce Operations and Maintenance program support costs. Additionally researched and recommended engineering solutions.

Confidential , CHANTILLY, VA

Systems Engineer Sr.

• Participated in strategic planning for capacity/capability improvements. Recommends software and hardware specifications to optimize overall environment improvements.
• Responsible for building and maintaining Virtual PC environment for software demo environments.
• Responsible for the management of active directory environment. Managing domain accounts/servers.
• Updated online ePower test drive environment with current versions.
• Provide online ePower patch releases for customer access.
• Assisted with troubleshooting of advanced systems/network issues.
• Built and maintain windows 2003 and 2008 server in both physical and vitual environments.
• Built and maintain multiple database environments. This includes Microsoft SQL Server 2000, 2005, 2008 and Oracle 9i, 10g and 11g databases. Monitor and troubleshoot database performance.
• Perfomed database imports and exports to setup both customer and maintenance environments.
• Built and maintained Virtual host servers both running windows 2003 and 2008 with Microsoft Vitual Server and HyperV. Monitor and troubleshoot any issues. Allocate required resources for virtual machines.
• Provided requested pre-sales support for new e.POWER opportunities.
• Provided, built, and supported lab servers for NG customers by means of Virtualization technology; Windows Servers, Database server, and Client systems.
• Performed weekly backups of VM’s which include database and application servers.
• Perfromed server recovery as needed.
• Worked with product development, QA, BPS and other NG entities to analyze and replicate
• Participated in Beta program which required testing of product installations and upgrades.
• Performed independent software verification and validation testing on system components as released from development team.
• Responsible for identifying failed hardware and addressing system problems;
• Performed software upgrades and security patch installation.
• Performed hardware, and software installations in maintenance environment.
• Retained active customers under maintenance by assisting in the upgrade to currently supported versions of e.POWER code
• Worked with development to resolve customer software issues.
• Worked with QA team in testing new versions of ePower on multiple OS and database platforms.

Confidential, Vienna, VA

Systems Engineer Sr.

• Part of a 4-6 person team on an electronic document workflow web-based application. Massive software upgrade deployment was for the Defense Contract Management Agency (DCMA) electronic document workflow system.
• Provided software installation, integration, and configuration and troubleshooting support as required. Developed software installations which required following complex instructions, as well as keeping track of the installation progress of multiple sites. 62 sites worldwide.
• Performed work independently and as part of a team.
• Installed Oracle software (both client and server) in a Windows 2003 Server. Synchronized user accounts between Microsoft’s Active Directory (AD), e.POWER and hummingbird.
• Deployed software in virtual environment. Managed Virtual servers using VMware.
• Built and deployed applications to remote sites around the world using remote access tools.
• Resolved complex deployment issues within application and database.
• Collaborated with group of customers, developers, program management and users.

Confidential, Washington, DC

Network/Systems Engineer / QA Release Manager

• Analyzed and approved application and infrastructure installations to ensure alignment with corporate standards, policies, and deployment strategies and to make certain that change control procedures and appropriate documentation are in place.
• Provided network, server and application support for enterprise environments containing a diversity of custom and off-the-shelf (COTS) applications, server operating systems and dedicated infrastructure components.
• Design, develop, deploy, troubleshoot and maintain client/server application and database installations to support Independent Verification and Validation (IV&V) and developer testing.
• Performed configuration, implementation, testing and maintenance of LAN and WAN environments.
• Maintained and Configured Event Management capabilities within the system with the use of system alerts and continuous monitoring tools.
• Managed various software installations throughout the Software Development Lifecycle (SDLC). Managed Product/software Releases from testing through Implementation.
• Monitored testing efforts to ensure scheduling and resources meet prescribed standards and evaluate test results to identify application and system deficiencies and provide recommendations regarding certification and acceptance.
• Mentored technical staff on quality assurance issues.
• Coordinated implementation plans among various engineering teams.
• Performed environmental and software troubleshooting to resolve issues.
• Managed customer expectations to ensure an exceptional customer experience.
• Built and maintained virtual environments (VMWARE) that housed servers and workstation environments.
• Built and deployed installation packages for over 700 user client and scan machines locally and off site locations. Prepared installation documentation for local administrators.

Application and System Support Engineer

Confidential

• Assisted the Pension Benefit Guarantee Corporation (PBGC) with key projects that focused on streamlining business processes and technologies to facilitate fast and efficient responses to extremely high volumes of Electronic Freedom of Information Act (EFOIA) requests.
• Supported a variety of hardware and software platforms including Windows NT Workstation and Server, Oracle 8I, Metastorm BPM, Hummingbird DOCS Open, FileNet document management system, and Pentium-class imaging-enabled workstations.
• Participated in customization and maintenance of EFOIA-related systems that are based on Oracle, Hummingbird DOCS Open and FileNet technologies.
• Provided end user training and developed and maintained training manuals.
• Provided system administration support for Windows 2000 and Metastorm eWork Web servers in production and development environments.