SUMMARY:

• To obtain a dynamic Information Technology Security position that will utilize my years of experience ensuring security assurance, securing network systems and data are secured with confidentiality, integrity and availability. Areas of expertise and interest include: Information Security, Project Management, and Information Technology Support experience.

PROFESSIONAL EXPERIENCE:

Task Lead Cyber Defense Risk Analyst

Confidential

• Responsible for providing leadership supporting collaborative efforts for DoD Joint Staff on updating their cyber policy from DIACAP to (SP 800 - 37) Risk Management Framework. Duties consist of combining scorecard findings and brief senior staff, providing an overview of the vulnerabilities of military networks, weapon systems, and installation using (DCS) Defense Cyber Scope. Also, other duties consist of system portfolio management, reviewing & approval of (SCA) Security Control Assessments, and Certification & Accreditation assessment packages. During assessments I review ACAS/ Nessus scans & DISA STIG findings and create an analyst of the likelihood and impact of each vulnerability. Reviewing remediation plan of systems vulnerabilities so they can gain an "ATO". Experience in reviewing system implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS. Working with a cohesive team in Joint Staff CIO team to develop a common control catalog & cyber manual to help bolster Joint Staff's cyber policy. Also providing (CMRS) Continuous Monitoring with status updates and leveraging the repository tool EMASS.

Lead Technical Project Manager

Confidential, Reston, VA

Leading the FedRAMP+ initiative for several DoD clients on behalf of Akamai. Providing support, technical expertise, cloud products (Fast DNS, Content Delivery, Free Flow, Luna Control Center, Web Firewall, and Accelerated Network Services) for our FedRAMP+ customers. Leading the FedRAMP+ team while providing our federal and commercial customers with system documentation including SSP, CP, IRP, POA&M report, Continuous Monitoring Plan & Monthly Report, and System Categorization etc. I am also responsible for prepping our monthly continuous monitoring report: scanning 20% and running queries for the IPs, researching NVD’s latest CVE’s to see if we have remedy for those vulnerabilities, also updating existing POA&Ms. Our team works diligently with our 3PAO for annual assessments. Also corresponding with our federal client and providing executive summaries to gain the ATO. I provided all our system documentation and reports on Max.gov and eMASS (clients repository).

Security Control Assessor

Confidential, VA

Responsible for providing risk assessment for the Department of Interior Client. I provide Security Authorization Assessments (SA&A), Security Control Assessments (SCA), Privacy Threshold Assessments (PTA), Privacy Impact Assessments (PIA), 1/3 security control assessing, and Compliance of system reviews. Also my experience in this role includes analyzing Security Assessment Reports (SAR), Security Assessment Plan (SAP), reviewing Nessus Database and web application scans, Remediation of findings (POA&M report), guidance of security control inheritance, guiding & training new staff on processes of our assessment procedure, reviewing FedRAMP packages, and conducting meetings with system stakeholders on the current activities or the final assessment findings. Periodically travelling to Denver to assess different systems while keeping a professional rapport with the DOI client.

Lead Cyber Risk Analyst

Confidential

Responsible for providing supporting collaborative efforts for National Guard Bureau on updating there cyber policy from DIACAP to (SP 800-37) Risk Management Framework. Duties consist of combining scorecard findings and brief senior staff, providing an overview of the vulnerabilities of military networks, weapon systems, and installation using (DCS) Defense Cyber Scope. Also other duties consist of system portfolio management, reviewing & approval of (SCA) Security Control Assessments, and Certification & Accreditation assessment packages. During assessments I review ACAS/ Nessus scans & DISA STIG findings and create an analyst of the likelihood and impact of each vulnerability. Reviewing remediation plan of systems vulnerabilities so they can gain an "ATO". Experience in reviewing system implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS. Working with a cohesive team in NGB J6/CIO team to develop a common control catalog & cyber manual to help bolster NGB's cyber policy. Also providing (CMRS) Continuous Monitoring with status updates and leveraging the repository tool EMASS.

Lead Information Assurance Risk Analyst

Confidential, Arlington, VA

Responsible for Information Assurance Governance and Compliance of USAID systems. Measure NIST 800-53, 800-37, 800-30, and 800-60 against USAIDs 545 policy. Provide Risk Management Consulting. Experience in conducting (SA&A) Security Authorization and Assessment (SCA) Security Control Assessment reviews. Provide management support of POA&Ms. Overseeing remediation of vulnerabilities of systems, websites, and databases. Review and approve artifacts from the system ISSO to satisfy assessed controls. Running the following documents: SSP, SAP, SAR, CP, CPT and FIPS 199 through a quality checklist. Analyzing vulnerabilities of Nessus, Cenzic, and nCircle scans. Reviewing and approving FIPS 199. Conduct executive briefing with CIO and AO. Providing Monthly and Quarterly reports to USAID government personnel. Experience in reviewing system implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS. Proving Continues Monitor support with CSAM software tool. CSAM surge migration experience. Provide guidance and assistance writing policy USAID 545 policy. USAID Portfolio consists of: created “Remediation Plan”, “External System Control’s list”, and “SOP of SA&A process”.

Cyber Security Risk Analyst

Confidential, Washington, DC

Measure NIST 800-53 Controls, and DHS 4300 Controls to various DHS systems. Analysis risk (likelihood, and impact) for various ICE systems and policy. Experience in Ongoing Assessments, SCA’s, POA&M remediation, conducting assessments, analysis waivers. Analysis scans: Nessus, DB protect, and Webinspect. Maintaining FISMA guidelines, making sure all systems are up to (ATO) authority to operate by DHS standards, reviewing (CIA) of the contingency plans and security system plans. Quantitative analysis of RMF and all DHS/ICE systems. Security servers, mobile applications, patching, exchange, and remote access. Preparing monthly reports, and quarterly reports. Over seeing ISSO’s artifacts, POA&M status, document review, rev.3 or rev.4 compliant, and creating waivers. Experience in reviewing system implementation of FedRamp policies. I also provided oversite and compliance of Amazon AWS & Microsoft AZURE. While holding a steading repore with the government client.

Network System/Security Administrator

Confidential, Arlington, VA

Responsible for conducting information systems security risk and mitigation assessments and providing outstanding secure network system support services to the DEA Headquarters; which includes the following tasks: Run vulnerability scanners, and use security testing tools; Wireshark, Nessus, Snort. Configuring secure network devices; switches, routers, servers and applying port security. I provide support on Data Recovery, Secure File Transfer Protocol (SFTP), PowerShell scripting. Configure workstations for compliance with DEA security requirements. Server Management - Using a script to reboot and track servers, run maintenance, and (allocating network storage) host network drivers; Monitor network traffic and optimize network performance - Microsoft Server Manager 2008 & 2012; Creating Printer Queues, using DEA security protocol with DHCP/DNS - corresponding all mac addresses, computer names, IP’s, and drop information; VMware Hypervisor (HyperV); Provide connectivity for DEA users; Remote Desktop to conduct Data Scans for workstation vulnerabilities & installing software patches; Applying Bit-locker encryption & Symantec Endpoint Encryption to workstations and tablets; experience with UNIX shadow password encryption. Administering DEA groups and user accounts, including adding, deleting accounts, and setting appropriate permissions; Perform regular scheduled backups. Maintain remote user assistance capabilities secure VDI login - (VPN); and Track all service, and incident request in Microsoft Service Manager.

Enterprise Service/Security Support Yoh Federal Contracting

Confidential, Washington, DC

Provided information technology support services for the Navy & Marines system and network assistance on classified and unclassified networks. Provided experience and sound judgment as well as being able to follow pre-established procedures and instructions to identify issues like 802.1x, port security, secure classified MAC address locked floors, and resolve technical problems including classified mobile devices, and used Kerberos protocol for scan to file. Documented, tracked, and monitored problems to ensure timely resolution of each assigned ticket through the Remedy and HP Service (SM7) ticket systems to ensure timely resolution.

Tier II / Tier III IT Specialist

Confidential, Washington DC

• Configured workstations to meet security requirements, Active Directory & Active Client, Conducting CAC PIV’s, install/remove computer units.
• Reimaged computers using Sympantics /Altiris, prepping hard drives, configure local and network printers, mapping printers, replaced parts in computers and printers.
• Migrated Domains, Operation Systems (Upgrade), Backup data to shared drive,
• Provided Blackberry support.
• Configured Outlook Enterprise Emailing system, VPN SSL Confidential and Juniper set up, using remote system Dameware.
• Conducted EFS provision and re-provisioning of CAC Cards and set up user accounts.
• Handled password resets, activate Microsoft Windows, Warranty Checks, Lifecycle replacements.
• Troubleshot and resolved trouble tickets related to technical difficulties with hardware, software, and the network.
• Resolve network switch and connectivity issues.
• Collaborated with Tier I and Tier IV. Validated issue resolution on the customers’ behalf. Verified, with the customer, that the issue was resolved and updated the ticket system.
• Trained newly hired Tier I, Tier II, and Tier III technicians.