PROFESSIONAL SUMMARY:

• I bring a depth of Cyber Security background including as a Senior Security Analyst, Engineer and SME.
• I have been formally educated (MS Cyber Operations) and industry certified analyst with 20+ years of IT experience and government compliance standards.
• Extensive background in Network Defense, Incident Response, Cyber Security Administration/Operations/SOC, and Network Management.
• I have extensive and experience with Cyber Security Tools.
• I have board experience with the Confidential as a Monitoring and Incident Response Manager, and Lead Splunk Engineer.
• I also worked with Veteran Affairs Network and Security Operations Center as Deputy Program Manager/kl Site Lead which included mentoring and directing lower level Forensic Analysts, security alerting, monitoring and escalation processes, and understanding associated tools and capabilities - log aggregation / correlation, and utilizing SIEM tools and regulatory compliance.

TECHNICAL SKILLS:

• Wireless Security
• Cryptology
• Server Security
• Vulnerability Scanning
• Security Guidelines
• Professional Trainer/ Facilitator
• CompTIA SME
• SANS Inst Trained
• DHCP, DNS, WINS, IASCRISP
• Administering Splunk Enterprise Security (ES)
• Experience with Basic shell scripting
• Experience with LAMP Stack (LINUX/Apache
• MySQL/PHP, Perl, and/or Python)

PROFESSIONAL SKILLS:

• Network Security
• Application Security
• Project Management
• IT Security Auditing
• Vulnerability Assessment
• Enterprise Risk Assessment
• Information Assurance
• Enterprise Cyber Defense
• Process Improvement
• Security Policy
• Java & Python
• Enterprise Cyber Security
• Forensic/DDA Exp
• Penetrating Testing
• Systems Harding
• Malware Analysis
• LINUX/UNIX
• Complete/thorough understanding of US Government IS security policies, STIG’s, SRG’s

EXPERIENCE:

Project Systems Security Eng.

Confidential

Responsibilities:

• Performed systems migration and software loading on new workstations and laptops, evaluating legacy machines and replacing operating system and software. Hardware upgrading (DVD drives, network cards). Network integration of client machines, loading of operating systems, troubleshooting and repair of hardware and software malfunctions. Installing of HBSS and server and network admin, help desk and customer service management. Cisco router admin and building and installing servers, laptop repair. Threat analysis and system hardening.
• Network admin, system architect and engineer. Firewall/ IDS . Symantec. TrendMicro, Cisco, and Juniper environments.
• Designing Client installations hardware and software and system migrations and server deployment, VPN implementation.
• Hardware (PC’s, printers, scanners and peripherals) POS systems integrations, repair and maintenance.
• Analyzing system Logs and identifying potential issues with computer systems. Malware eradication and system recovery.
• Introducing and integrating new technologies into existing data center environments.
• Performing routine audits of systems and software.
• Installing and configuring new hardware and software.
• Project management and metrics, project budget, subcontractor oversight, inventory/asset management and employee for small business.

Confidential

Cybersecurity Monitoring /Incident Response Manager

Responsibilities:

• Established the monitoring program for LMP where previously there was none. The four major components to monitoring were ArcSight, the McAfee IDS, and HBSS (McAfee AV/HIDS) and Splunk.
• Created a comprehensive monitoring and intrusion detection program that encompasses all four components and focuses on three key areas of monitoring and alerting: Attacks, Penetration, Compliance and Operational.
• Responsible for the oversight and supervision in the operation, maintenance, and improvement of the LMP monitoring components.
• Created a monitoring and response plan using guidance from the LOS Lead that encompasses the three areas stated above.
• Worked with the other lines of services to obtain operational monitoring needs and provide alerting
• Worked with the Compliance Manager to determine compliance monitoring and alerting needs to support STIG and DOD IA controls compliance
• Supervised the inception of the Network IDS from the Network Team to IA Team control and responsibility
• Planned the migration of HBSS control and responsibility from the Wintel Team to the IA Team
• Provided reports as necessary and as requested by the customer and ALT ESS management.
• Attends and participates in the weekly Architecture Review Board (ARB).
• Reviewed all Design Change Packages (DCP) to ensure security compliance and monitoring needs and assessed the affects to the security posture of LMP and provides feedback to the DCP owner in the form of action items or communication within the DCP tool.
• Provided input and changes to the Information Assurance policy documents which provides guidance and standards to all teams supporting LMP.
• Reviewed and prioritized tickets assigned to the team.
• Documented and assisted the team in documenting the processes we follow to conduct day-to-day activities.
• Lead Architect and Engineer for Splunk DISA to LMP Migration. Created Splunk queries for correlation with Arcsight rules.

Confidential

Program Manager/ SME

Responsibilities:

• Coordinates with the Project Manager and VA Officers to ensure quality of service deliverables and prompt resolution of identified problems or weaknesses to ensure project performance requirements.
• Combined/merged operations and analysis team data into incident summary reports prepared daily activity reports, including incident status updates, trouble ticket metrics and SOC Sitreps
• Delivered research and analysis information to support the creation of team and client briefings
• Created monthly briefings summarizing actions, issues, and resolutions for customer executives and other government stakeholders
• Created and Maintained SOPs and other guidelines, policies, and procedures and materials, as Knowledge Manager.
• Reports to the Project Manager of the task order and the VA FTE’s, for each functional area.
• Supervises, trains, and mentors Information Assurance (IA) Security Engineers and Analysts and other IA support personnel, ensuring that they have the proper to function at a high level.
• Provided personnel management, performance goal identification, and performance review.
• Coordinated with the Project Manager and VA FTE’S to ensure quality of service deliverables and prompt resolution of identified problems or weaknesses to ensure project performance.
• Provided and briefs daily and weekly progress reports to upper management government staff and was the Contracting Officer’s Representative concerning status of initiatives and day to day tasking, staff, and actual performance compared to established quantitative and qualitative standards.
• Tracked and maintained functional area hardware and software (tool) baselines for assets required to support the functional services.
• Responds to ad-hoc calls as directed by the government. Ensures work was accomplished within schedule and budget.
• Continues to evaluate evolving VA and US Government requirements and ensure compliance through the functional areas.
• Collaborates with peers, from inside and outside the enterprise to identify process improvement opportunities and business process alignment to provide the best value to the government.
• Point of Contact (POC) within a team of security and policy analysts and Upper management/ Government Staff.
• Provide security process research and written analysis support to Government staff.
• Engage stakeholders to identify requirements for policies/ processes and SOPS.
• Worked with other departments to enhance communications.
• Manage the day to day activities associated with the development and reporting of security topics and issues by providing: related presentations, briefing materials, pamphlets, directives, policies, handbooks, comments matrix, and ad-hoc reports.
• Developed and executed the project plan; and monitor and control the project throughout the lifecycle with the PM.
• Represent and protected ACET’s current and long-term business by building and maintaining a lasting client relationship.
• Well-versed in industry and government security architecture and controls.
• Principal QA and SOP Trainer.
• Analyzed data breaches; determined cause and extent of data loss; and advise on remediation plan.
• Performing analysis of data loss prevention tools and reports, escalating to appropriate management and legal resource, if appropriate.
• Handled high level in-depth IH investigations. Briefing and providing expert advice to management on breach response and best practices.
• Provided post-incident and security investigations analysis, recommendations and improvement actions.
• Identified and implemented improvements to information security incident response through participation in tabletop scenario exercises.
• Staying abreast of zero day threats and associated mitigating controls; recommending appropriate next steps to protect The VA’s information assets and computing environment against zero day threats.
• Working knowledge of industry leading incident response frameworks.
• Strong written and verbal communication skills - technical, audit, legal and senior management audiences. Ability to work individually and in close collaboration with team members.
• Maintained relationships and work with client and other associated vendors.
• Participated on all incident response efforts within SOC.
• Collaborates with other outside teams and groups (OIG, IM, WAN,) teams.
• Worked with VA on the SOC processes, policies and procedures.
• Responsible for or contributing to developing documentation related to the IH and VANSOC operations.
• Mentored and directed lower level Forensic Analysts, security alerting, monitoring and escalation processes and associated tools and capabilities - log aggregation / correlation, SIEM, SOC, etc.
• Working knowledge of EnCase v7, and understanding of Splunk/Splunk ES in a client-specific IT Security context. Enhanced, improved and verified appropriateness of the implementation of Splunk ES.
• Liaised between IT Security and IT Solutions teams to further the objectives of the IT Security team within the space of specific toolsets. Worked with the IT Security team, prioritizing requested changes and determines the activities necessary to complete.
• Ensured that changes to support IT Security follow established processes.
• Executed hands-on troubleshooting of any issues, including but not limited to Splunk and its underlying infrastructure.
• Mentors Systems Engineer(s) - IT Security; work together to accomplish the above responsibilities.
• Monitors external publications, industry events for best practices in the IT Security space as it relates to specific tools.
• Experience working in a regulated industry (HIPAA, PCI, SOX, GLBA, etc.)
• Responsible for or contributing to developing documentation related to the Forensics Lab and SOC operations.
• Deep Knowledge and experience in IT Network Security. I P Networking.
• Proficient with forensic techniques preferred utilizing EnCase version 7 Enterprise.
• Experience with computer system hardware and software installation and troubleshooting on Unix & Windows platforms.
• Experience with programming languages (e.g. Python) and EnScript .
• Thorough understanding of chain of custody procedures, forensic lab best practices, and evidence handling: Mobile forensic, Internet and intranet services (Active Directory, DHCP, DNS, WINS, IAS, etc.).
• Capability to produce timelines from both memory and HDD images for use during incident response.
• Proficiency with the use of sandboxing tools such as VMware, Virtual Box, Cuckoo Sandbox, etc. ).
• Proficiency with Volatility and Redline for memory forensics during incident response.
• Capability to make use of open source tools to identify IOCs within malware.
• Thorough understanding of event correlation solutions and how to apply them to identify root-cause.
• In-depth knowledge of TCP/IP protocols and their implementations within networked environments.
• Ability to take events from disparate logging sources such as Exchange, SQL, SharePoint and distill them into actionable intelligence to drive continued investigation .
• Aptitude for analytical concepts, oral and written communication skills, customer focus, teamwork abilities, integrity, and relationship-building skill.
• Utilized t ime management skills as well as the ability to be flexible and creative. Demonstrated leadership ability.
• Experience gathering open source intelligence and driving solutions based off of the gathered intelligence.
• Experience collecting/storing litigation/potential litigation evidence/data.
• Experience with Export Control and multinational organizations.
• Experience with developing ClamAV/Snort/YARA custom signatures for use during incident response.
• Familiarity with kill chain methodologies and how to apply them to acquired intelligence.
• An understanding of operating systems internals (APIs, DLLs, imports/exports, etc.) for both x86 and x64 platforms.
• Understanding of current US and UK legislations and acts pertaining to information security.
• Team Manager for, Network and security device monitoring, network and security device administration and management, security event correlation, audit log management, access control, NIPS/HIPS installation and support, and incident response, ticket management, creating queries for the Security Monitoring And Response Team (SMART) and Incident Handling (IH) Teams as well as, providing tuning recommendations, i.e., Intrusion Prevention Systems (IPS), Host Intrusion Protection Systems (HIPS), U.S. CERT analysis, Signature development. Additional duties include managing and maintaining a knowledgebase Along with monitoring configuration changes.
• Ensured ACET staff are providing the following major services, 7x24x365, as required by the Program Work Statement (PWS).
• Network and Security device monitoring, and Network and Security device administration and management.
• Security event correlation, audit log management, and access control.
• NIPS/HIPS installation and support, incident response and reporting.
• Managing and maintaining Standard Operating Procedures (SOPs), the Confidential knowledgebase, along with monitoring and configuration management.
• Responsible for the coordination and quality of information, of the weekly Deliverables Reports and that they are completed and presented and on time to the VA.
• Ensure customer satisfaction by responding to customer enquiries in timely and responsive manner. all employees in line with operational policies and procedures.
• Monitoring all site activities and ensuring compliance with operational procedures and policies.
• Develop and maintain relationship with ACET and Client program managers to resolve customer/employee issues, concerns and grievances.
• Develop ways to retain all employees through motivation and encouragement.
• Manage staff pool by retaining, evaluating performance and counseling employees to improve performance.
• Provide site orientation to employees in terms of company values and culture to affiliate employees as per contract requirements.
• Leading/facilitating ACET staff in the performance and production of Weekly Report deliverables, and special analyses and studies requested by the customer or ACET Management.
• Wrote reports and executive summaries for varying levels of Senior VA and ACET management.
• Ensuring weekly staff timekeeping and time-off practices, performed by ACET employees, are accurate and in accordance with company policies and directives.
• Remedy Ticket Reporting and management.
• Responsibilities also included: network and security device monitoring, network and security device administration and management, security event correlation, audit log management, access control, NIPS/HIPS installation and support, and incident response, ticket management, creating queries for Tier II and TIII Cyber Security Specialists, providing tuning recommendations, i.e., IPS, HIPS, U.S. CERT analysis, signature development.
• Created standard operating procedures for the handling of various incidents. Managed and mentor all Shift Leads/ Analysts and perform as the Lead SME for IH/Cyber Security processes and analysis. Oversaw the HW Monitoring of Hardware devices nationally and Source fire SEU and maintenance.
• Managed and maintained a knowledgebase along with monitoring configuration changes. Including support of VPN technology, intrusion detection, prevention, incident response/recovery, and antivirus support strong support of Windows and IP networking environments. In addition: computer forensics using Splunk and Sourcefire, SNORT, EpO, WireShark, ISS Proventia, Site Protector, SolarWinds NESSUS many other tools.
• Created and reviewed/closed REMEDY Tickets, pertaining to our security mission and forwarding them to US Cert.

Confidential

Information Assurance Analyst Lead

Responsibilities:

• Configuration Management: manage and control changes to the organizational documentation baseline, manage and audit processes and baselines associated with the organization’s software white list, privileged accounts, and service level agreements, provide CM support to the infrastructure as required.
• Conducted implementation of the appropriate security controls, based on Department of State IT Security standards. Developed, implemented, and maintained an IT Security Plan in comply with applicable Federal Laws that include, but are not limited to, 40 U.S.C. 11331, the Federal Information Security Management Act (FISMA) of 2002, and the E-Government Act of 2002 and AR 25-2, PA-15, Foreign Nationals (FN).
• Reviewed applications and scans,and provided maintenance of information assurance policies and created procedures for complying with Department of State and Federal regulations concerning incident response.
• Assisted in enhancing overall network defense in depth, including mandated requirements and local initiatives. Implemented a configuration management and control program, continuously monitored and implemented security controls and provide documentation on all system changes affecting the security of any system, and executed Information Assurance requirements taking into account IA configuration implementation strategies that consider the operational environment, mission, criticality, and application requirements. Monitored Security for the NIPR, SIPR and CXI Government Networks and reviewed Foreign National Accounts on networks.
• Performed mandatory Information System (IS) patching, updating, and scanning based on vulnerabilities and threats or regulatory compliance; maintain the day-to-day security posture and continuous monitoring for all systems.
• Conducted risk assessment testing procedures for verification of & Accreditation (C&A)/A&A/RMF safeguards to meet various regulatory requirements based upon NISPOM, RMF for DoD IT, ICD 503, DJSIG, JSIG & NIST guidelines.
• Evaluated IS threats and vulnerabilities to determine whether additional safeguards are needed for a wide range of IS security related areas including architectures, firewalls, electronic data traffic, and network access.
• Interpreted government security classification guides (SCG) to determine classified system requirements and prepare written instructions to facilitate proper security implementation throughout the system lifecycle.
• Collaborated with customers (internal and external) during the design and development process to employ best practices when implementing security requirements and controls.
• Applied Configuration Management (CM) policies and procedures for authorizing the use of hardware/software on an IS; participate in the Configuration Control Board (CCB) to ensure changes are NOT detrimental to system security.
• Worked as part of the Confidential CYBER SEC TEAM and was the civilian representative of ISAF HQ.
• Was on the Architecture Team for Cyber SEC Systems and their implementation, integration and development, within the ISAF OA.
• Created procedures and implemented technical solutions to protect information from compromise. Such protection where required for data “at rest” on a hard drive or other storage device and for data “in motion” as it is transported between two devices. Reviewed and implemented physical security for NOC.
• Developed and implemented plans to safeguard networks and present strategic ideas and guidelines to management. Utilized open source and commercial products to perform security audits at all levels; develop, report and implement short term solutions and long term strategies developed around metrics for tracking and validating.
• Implemented technical solutions for complying with DoS regulations and industry best practices concerning protection from unauthorized intrusions into the Contractor’s networks and systems.
• Disabled user and computer accounts in Active Directory due to improper activity and creating weekly IAVA reports for upper echelons. Troubleshooting and remediating WSUS/SMS/SCCM client issues and approving/declining updates on the WSUS servers along with creating and maintaining Remedy tickets for the Kabul metro area for all IA incidents while working with users and their system administrators in regards to Information and Data Compromise/Spillages (documentation, follow-ups and closures of Spillages/NDCI Incidents). Rules Process and Development Group for CJ6.
• Worked with HBSS (McAfee clients), installing frame packages on systems and confirming clients are talking to the HBSS EPO server through a web interface. Supported approx. 3,000 systems on the Unclassified/Classified/Centrix networks within ISAF and the Kabul Area. Provided Forensic IT evidence for investigations and was the civilian IA presence on the Confidential Cyber Security Team and Security.
• Was an integral part of the Mobile Unified Combat Communications Platform and traveled throughout the SWA Theater building and supporting it.
• Utilized the Symantec System Console to install and push the latest SAV definitions to all systems. Duties also included: creating and utilizing collections within the SMS/SCCM servers, creating SMS/SCCM packages for various patches (Adobe/Microsoft (XP/Office 2003/Office 2007) /Java) and using GFI Languard and Remote Tools to push out patches that were required on certain systems. Supported approx. 6,000 systems on the Unclassified/Classified/Citrix network.

Confidential, Dahlgren, VA

IT Communications/ SAT Radio Systems Lead TEST Eng.

Responsibilities:

• Completed on Satellite-based communications system that incorporates Iridium technology, software, and commercial GPS and Confidential PLI Software.
• Provisioned and tested over The Horizon (OTH), Beyond Line of Sight (BLOS), and On the Move (OTM) function components.
• Analyzed system Logs and identifying potential issues with computer/SAT Telephone systems.
• Developed and implemented System Security Solutions for radio and IT Systems.
• Integrated Iridium Satellite technologies into existing military theater environments.
• Performed routine audits of systems and software and asset tracking.
• Installing and configuring new hardware and software.
• Configured and installed: TLM, TIFF, GEOTIFF, JOG AIR, RASTER,DTED, and Terrain mapping platforms.

Project Systems Security Eng.

Confidential

Responsibilities:

• Network admin, TCP/IP, CISCO ROUTERS, Novell and Apple environments.
• Client installations software and system migrations and server deployment, VPN implementation.
• Hardware (PC’s, printers, scanners and peripherals) cabling, repair and maintenance.
• Analyzing system Logs and identifying potential issues with computer systems.
• Introducing and integrating new technologies into existing data center environments.
• Performing routine audits of systems and software.
• Installing and configuring new hardware and software.
• Project management and metrics, project budget, subcontractor oversight, inventory/asset management.

Confidential, Rockville, MD

Lead Hardware QA/Implementation and Test Project Eng. / MGR

Responsibilities:

• Responsible for all reports and progress updates.
• Was the main contact on site and worked in close collaboration with the Confidential site engineer and management.
• The team averages 17-30 people at various times during the project cycle.
• This was a very high-profile job that left nothing to chance and provided the type of challenges that permitted me to thrive in dynamic and fluid environment, while remaining pragmatic and focused.
• Had a government security clearance (sfa85) to work at these Confidential /DOT sites.
• Installing and configuring new hardware and software. Built NOC’s from ground up.
• Experienced with datacenter rationalization, consolidation, relocation, or migration.
• Answering technical queries. Responsibility for security: firewalls, network, and physical.
• Responsibility for documenting the configuration of the system.
• Troubleshooting any reported problems. Performed system performance tuning and asset management.
• Security System Installation and Monitoring. Project management and metrics, project budget, subcontractor oversight, inventory/asset management
• Software Integration, UNIX, MS and Lead Test and CERT Eng. UNIX Security Engineer.