SUMMARY:

• Certified CISSP (16 years)
• IT Customer Service (30 years)
• Possesses in - depth knowledge of NIST 800-53, DITSCAP/DIACAP, DoD 8500.2 (15 years)
• Experience with multiple versions of Windows (20 years), Unix (20 years), and MacOS (5 years)
• Experience and education with multiple firewalls, routers, LAN/WAN topologies and web services.
• Experience with ST&E, vulnerability assessments, and penetration testing (15 years)
• Experience writing material to satisfy FISMA requirements for non-DOD Federal agencies.
• Experience with IT security products, technologies, protocols, and best practices including e-Eye Retina and Nessus.
• Experience performing project evaluation, project management, and meeting facilitation
• Experience with malware detection mechanisms built into Encase, Blue Coat, Iron Port, Bit 9, Kasperky, and Symantec (5 years).
• Experience in understanding cyber threats, potential security experience with closing threats, attack perspective on how to exploit threats (e.g. red team / blue team) while working with organizations from Naval Research Lab (Collaborated with NCIS), Army Materiel Command, F.B.I., Department of Treasury, and other agencies (12 years).
• Experienced using TCP Wrapper and Tripwire to detect adversaries while working with NCIS at Naval Research Lab which led to International arrest.
• Experience with working with Army Research Lab to detect malware through Intrusion Detection (1 year).
• Experience with Intrusion Detection (Malware detection/spillage) while working with local agency red team at Department of Treasury (3 years).
• Experience working with US CERT for two years while at Treasury detecting and understanding adversary cyber exploits.
• In-depth knowledge of Federal IT Security laws, directives, and orders
• Programming language experience includes Perl, C, Fortran, Cobol, and others.
• Demonstrates understanding of security requirements in a non-classified, collegial environment
• Excellent oral and written communication skills

PROFESSIONAL EXPERIENCE

DCCA

Sr. Information System Security Engineer

• Consulting with local agency to protect U.S. systems against national and world threats.
• Worked to complete special projects within SDL and helped update SSPs for RMF.
• Consults with customer, vendors, managers, and team members to secure systems expeditiously.
• Attends critical project meetings and gives inputs and recommendations on complex issues.

Confidential, Hanover, MD

Principal Information Security Engineer

• Consulting with local agency to protect U.S. systems against national and world threats.
• Worked on DoD Portfolio management project to identify project duplication, project risks, threats, and vulnerabilities.
• Created work breakdown structure for updated security requirements (H/S project).
• Installed and configured systems (Windows 7 &8) for the corporation and added them to necessary domain.
• Worked on configuration management project to automate the Certification and Accreditation process in the area of the SCAP/OCIL (Security Content Automation Protocol/Open Checklist Interactive Language).
• Created work breakdown structure for updated security requirements.
• Used and interpreted Gold Standards for specified lifecycle increments for local agency (3 years).
• Used, interpreted, and modified system engineering lifecycle when rolling out critical security systems for US CERT (1 year- DHS).

Consultant

Confidential, Arlington, VA

• Worked special projects for completion of Certification of Pentagon system with Force Protection.
• Followed DoD 8500.2 in preparation for Certification process.
• Worked with senior staff to complete certifications and accreditations (regular meetings, reviews of equipment, and reviews with vendor software and hardware).
• Reviewed IAVA alerts, used DISA STIGS, and scanning tools to help lower risks for new systems to be certified and accredited.

Sr. Security System Analyst

Confidential, VA

• As Manager for system security at the Department of Treasury, made recommendations for secure systems.
• Applied accepted/mandated set of disciplines for the planning, analysis, design and implementation of the most complex secure information systems on an organization-wide basis or across a major sector of the organization.
• Developed analytical and computational techniques and methodologies for the definition of security solutions and presented technical findings and theories to other support groups.
• Performed organization-wide strategic security planning and analysis. Performed risk analysis and risk assessments.
• Assisted with technical proposal efforts and projects using Hercules/Citadel, Senforce, Remote Access, Active Directory, Skybox, Ecora, and Spyware Doctor.
• Assisted with Certification & Accreditation process for Treasury Departmental Office (DO) and Intrust Auditing software. Also worked with demo software such as Blink (E-eye Retina), Web Root (spyware software), and Microsoft’s spyware software.
• Wrote scripts to push logs and back up Linux data (3 years).
• Wrote scripts to automatically push data to server for reporting security issues.
• Worked on hardening systems using security scripts for windows. Also assisted in writing documentations for those systems (4 years).
• Also used DISA, CSI, NSA utilities to harden systems (4 years).
• Helped implement constant monitoring for servers, networked equipment, web sites, and e-mail.
• Created work breakdown structure for updated security requirements.
• Updated Departmental Office System Security Plan (SSP) (3years).
• Used best practices for configuration of systems and forensics (3 years)
• Created new policies and processes for software use (I.e.: Bluecoat, IronPort, multiple mail program, remote access(DORA), thumb drives, DVDs, compact disc, configuration management tools (Hercules and ECORA) (4 years)

Confidential, VA

Senior INFOSEC Consultant / Project Manager

• FServed as Project Manager for BAE Systems members of a team of INFOSEC Engineers and Analysts conducting network and application security assessments for the Bureau.
• Met with the system owners (e.g., Program Manager, Computer System Security Office, System Administrator, and User Representative) to determine system testing requirements. Upon determining the level of importance for a particular system, a Certification Test Plan (CTP) was written based on the SRTM and the Systems Security Plan (SSP) (shorter version of the SSAA).
• Tested against the Bureau’s requirements. Testing tools used were products from ISS (i.e., Database Scanner, Internet Scanner), the Security Readiness Review (SRR) scripts, Harris’ STAT, NeWT Scanner, and manual tests developed by Bureau personnel.
• Analyzed test results and removed false positives. Developed Certification Test Report based on the vulnerabilities and placed in the formal documentation in the appendices of the SSP.
• Helped develop the Security Requirement Traceability Matrix (SRTM) by giving specific input which came from the DoJ, FBI manuals, DCID 6/3, NIST 800-26, and NIST 800-53.
• Also assisted Certification leads with risk assessments for numerous systems.
• Created processes and guidelines for security scanning procedures (4 years)

Confidential

Sr. INFOSEC Engineer

• As a Certifying Team member, directly contributed to numerous assignments. Specialized in system management, network analysis and design, communications software development, network security, technology and product assessment, and acquisition.
• Performed ST&Es using tools such as ISS and Cybercop.
• Led a PKI project for GSA and developed a Trusted Facility Manual and other documentation for the Pentagon Renovation Program.
• Utilized skills in the C&A process as well as knowledge of TCP/IP, IPsec, Windows NT/2000, and UNIX. Demonstrated experience in network monitoring and analysis and proficiency with LAN/WAN topologies.

Confidential, Washington, DC

Sr. Network Security Analyst

• Supported the Information System Security Program. Performed vulnerability assessments on the Information Systems connected to the NRL Integrated Communications Environment Network (NICENET). Tools used included Ice-Pic, Ballista (Cybercop), and ISS.
• Also responsible for follow up activities such as informing users of vulnerabilities, suggesting fixes for vulnerabilities, and developing reports for senior managers.
• Participated in investigations of computer security breaches and developed/presented reports on the findings to the proper authorities. Collaborated to resolve security violations with NCIS.