­­­­­­

SUMMARY:

• Analytical, critical thinker and thought leader with combined operational and consulting experience in Information Assurance.
• Proven capability in advising in information governance, risk and compliance to help direct enterprise information security objectives based on business drivers and compliance requirements. Plan, architect and implement information security solutions to enable enterprise defense - in-depth.
• Help develop Cyber Security and Privacy programs to achieve greater capability maturity to ensure process and practices are measurable, repeatable and testable with effective controls and metrics that can be integrated into strategic and operational plans.
• Adept in cultivating solid relations with internal and external business and technology stakeholders by understanding their requirements and communicating their needs to cross-functional teams for achieving organizational goals.

PROFESSIONAL EXPERIENCE:

Confidential, Olney, MD

Responsibilities:

• Professional services have been performed for the following customers in a contract capacity:

Confidential, Germantown, MD

Cybersecurity Lead

Responsibilities:

• Strategize security tool integration to ensure most effective architectural approach.
• This involves integrating an Confidential tool with a SIEM to pull already ingested data consisting of specific system logs and security scan data.
• The approach reduces integration points from many to one for the Confidential tool, which reduces time to integrate and reduces post-implementation support.

Confidential, Woodlawn, MD

Senior Cybersecurity Consultant

Responsibilities:

• Security lead for cloud Big Data platform to ensure system is secured and compliant from incubation to production by engaging cross-functional teams to implement correct configuration. Project-manage security assessment process and recommend technical approaches to maintain integrity of security controls in accordance with Confidential 800-53, Security and Privacy Controls for Federal Information Systems and Organizations . The resulting third-party assessment produced no reportable risks.
• Recommend best-practices for developing a cloud vulnerability management program to ensure accuracy and completeness of compliance and vulnerability scans for continuous monitoring activities.
• Advise on strategic and tactical cloud security program approaches to reach a higher capability maturity using Confidential Cybersecurity Framework (CSF) .

Confidential, Silver Spring, MD

Senior Cybersecurity Consultant

Responsibilities:

• Develop Concept of Operations ( Confidential ) of the enterprise cybersecurity program to provide overview of architecture, components and functions to help roadmap priorities and objectives.
• Provide direction on the type of metrics to capture for performance measurement to facilitate the progress of the agency’s cybersecurity posture using Confidential 800-55, Performance Measurement Guide for Information Security .

Confidential, Rockville, MD

Information Security Risk Manager

Responsibilities:

• Project managing, architecting and technically implementing industry leading market-mature Commercial Off-The-Shelf ( Confidential ) Information Technology Governance, Risk and Compliance ( Confidential ) solution to replace legacy toolset. Developed a comprehensive business case for build-versus-buy which persuaded the customer to move forward with a more feasible, scalable and robust Confidential solution for long term enterprise sustainability. Additionally, the solution positions the organization to leverage automation for performance advantage and to achieve a higher point on the capability maturity curve in Information Security and Privacy.
• Contribute toward and participate in Chief Information Security Officer ( Confidential ) governance meetings for reporting of application and infrastructure risks which provides executive leadership visibility into the organization's security posture to help plan strategic and tactical information risk management efforts.
• Liaise with internal stakeholders and third-party assessors to project manage annual penetration testing of Internet-facing applications that include Personally Identifiable Information (PII) and Payment Card Industry (PCI) data, which has been successfully delivered on-time and under-budget.

Confidential, Washington, DC

Senior Information Security Consultant

Responsibilities:

• As key customer interface, effectively manage multiple customer relationships; provide recommendations to system owners, technical Subject Matter Experts (SMEs) and service providers to forge understanding of federal mandates and Agency security requirements to facilitate risk-based decision making.
• For Confidential ’s core Confidential system, was able to reduce identified risks by over fifty percent.
• Assisted Prime contractor with forecasting, scope, cost and scheduling of ATC system security assessments which enabled timely delivery of services.

Senior Information Security Architect

Confidential

Responsibilities:

• Participated in Confidential ’s on-going efforts to transition from as-is security architecture and evaluated most feasible secure solutions for to-be security architecture with a focus on preventing vendor lock-in, promoting future-proofing and determining feasible solutions.

Confidential, Sterling, VA

Senior Information Security Architect

Responsibilities:

• Improved and facilitated the reporting requirements which helped streamline and enhance customer Cyber Security processes for FedRamp readiness.

Confidential, McLean, VA

Senior Information Security Consultant

Responsibilities:

• Performed security risk assessments of Confidential and internally developed applications as part of the Software Development Life Cycle (SDLC) process, as well as conducting infrastructure security assessments prior to deployment.