SUMMARY:

• A senior level Cybersecurity professional with over 20 years of experience applying IA security controls, information assurance best practices, cyber and security systems engineering coupled with risk identification, assessment, reporting, and mitigation strategies & solutions to reduce overall risk and increase business continuity.
• Well - rounded technically, with an understanding of the software lifecycle (requirements, design, implementation, integration, testing, deployment, operation and sustainment).
• Familiar with standards, polices and frameworks: HIPPA, NIST, FedRAMP, RMF, Confidential, DoD, ICD 503, CNSSI, SAP JAFAN 6/3, Executive Orders (EO), Confidential, SCRM, and Confidential /DOJ FISA regulations.
• Architecture design of integrated security solutions, processes and procedures to facilitate a cost-effective delivery of services.
• Well-rounded individual expertise expands into the following key areas/roles: Cyber Security - System Security Engineering - Computer Network Defense - Enterprise Architecture Integrated Systems and Security tools- System Testing - Systems Administration & Maintenance (O&M) - Configuration Management - Network Administration - Policy - Information Assurance - Certification & Accreditation/A&A/RMF.

TECHNICAL SKILLS:

Software: MS Windows OS, MS-DOS, MS Office Suite, Windows Server, Red Hat Linux, Solaris, Unix, Active Directory, Citrix, Outlook, Remote Admin tools, Cisco VPN, C++ programming, eMASS, eRetina, Xacta, ACAS, Confidential VMS (Vulnerability Mgmt. System), Websense, Bluecoat, McAfee SIEM, ArcSight SIEM and logger or connector software

Hardware: IBM PCs and compatibles and servers, Cisco routers & switches, Cisco IDS/IPS, ASA Firewall, ArcSight SIEM and appliances

PROFESSIONAL EXPERIENCE:

Confidential

Task Order Lead and Sr. Analyst

Responsibilities:

• Supported the Confidential as the Task Order Lead - Support the execution of supply chain risk assessment program: meet contract deliverables, brief IPR slide to government leadership on the status of the program, complete deliverables and capture metrics, achieving results to key business objectives/initiatives
• SCRM/Cybersecurity Risk Mitigation Analysis- Conduct SCRM research and analysis of threats and vulnerabilities for legacy/current and cutting-edge technology acquisitions, identify supply chain risks, develop risk reduction strategies or alternative solutions, and evaluate SCRM impacts on cybersecurity.
• Documenting findings in reports distributed to CIO leadership for action. Knowledge of DoD SCRM policies and standards: DoDI 5200.44, ICS 731, Section 86/886.
• Process improvement: Capture metrics, create process flow documents and SOPs for internal business processes.

Confidential

Sr. Principal Cyber Security Advisor

Responsibilities:

• Provide current state/gap analysis, technical and cybersecurity expert advice across multi-functional teams,
• Network and Systems Engineer Divisions): IA/RMF, Cybersecurity Operations, review of architecture-assuring security measures is in place, validating security measures are met with patch management or configuration changes to systems/change review board-assist with system integrations of security tools, review network and system configurations/engineering, update internal O&M processes and participate in security audits.
• Provided system requirements for new initiatives on multiple projects.

Confidential

Sr. Principal Analyst, Information Security

Responsibilities:

• Provide guidance and support on the Cyber Security Policy & Governance division team in Cybersecurity, Policy and IA.
• Draft security policies, Confidential Directives and Instructions policy guidance (i.e. authored Confidential IC RMF Directive and Instruction)
• Authored several Interconnection Security Agreements - agreement to allow other agencies to connect to DIAs Enterprise network.
• Familiar with Confidential, IC, DoD, NIST, Confidential and CNSSI regulations, policies, instructions, and standards as well as federal policy guidance (Executive Orders (E.O.) and U.S. Code). Responding to ISRMF taskers with quick turnarounds/deadlines.

Confidential

Cybersecurity Engineer

Responsibilities:

• Complete RMF Accreditation of TS systems using DOJ/ Confidential policy, IC RMF, NIST, Confidential, CNSSI, E.O. Federal policy guidance to reduce risk
• Configure TACLANEs and deploy across enterprise
• Run Nessus & App Detective scans--remediate findings reducing risk

Confidential

Information Systems Security Officer (ISSO)

Responsibilities:

• Support SAPCO program providing Cybersecurity, IA, Security Engineering, Policy and RMF/A&A guidance toward an accreditation of information systems in accordance with JSIG, NIST & IC guidance
• Assess system vulnerabilities in ACAS and make recommendations for action, working with system owners to mitigate risk
• Author annual training briefs and create policy guidance for internal processes/SOPs
• Assess cybersecurity tools for internal incident response team/SOC development, integrate and configure cyber tools

Confidential

Sr. Principal Analyst Information Security

Responsibilities:

• Manage and lead efforts in the review, draft, application, and maintenance of IA and Cybersecurity policies and C&A/A&A procedures for the Program Acquisition office to obtain an accreditation of information systems and industrial aircraft system components providing mitigation strategies to reduce risk.
• Research DoD/ Confidential policy to ensure the platform interconnected systems are compliant throughout the systems lifecycle (i.e.
• Confidential, Data at Rest, password complexity, Clinger-Cohen, Acquisition lifecycle, etc.)
• In-depth knowledge of Confidential ’s IA program and processes, System Engineering Technical Review process for all levels of the acquisition program
• Hands-on DIACAP (RMF for new acquisitions) accreditation efforts utilizing the following tools/databases of record: VRAM ( Confidential IAVAs DB), DADMS-DITPR-DON ( Confidential repository for software), SETR (compiles system engineering steps within acquisition process), RISK Manager (risk assessment tool), STIGs, ACAS, SCAP, and SRR (Security checklists and security readiness review scripts) compiling system documentation in eMASS system of record for ATO system accreditation.

Confidential

Sr. Cybersecurity Engineer

Responsibilities:

• Fast paced, highly visible changing environment, completion of ad-hoc tasks and deliverables from executive management with short suspense dates.
• Security Engineering (tool) Integration Incident Response Project: A million-dollar project to evaluate security tools and update tools for JSOC security operations center.
• Other tasks included, creation of SIEM content for analysts to automate the incident response time, conducted proof of concepts and security evaluations of security tools such as Splunk, Raytheon Clear View Security Solutions, McAfee ESM, Tripwire, and Tanium. Created course of action ( Confidential ’s) and white paper for executive leadership with product recommendations, as well as gather preliminary costs from the vendor, created technical slide decks to brief stakeholders, created project scope requirements document.
• Identify Security Gaps (current state) and Improved Overall Security Posture Project: Review JS policies and procedures, IA controls, configuration management processes, patch management, the Incident Response team capabilities and system configurations--enhancing internal JS processes, procedures and controls in place coupled with recommendations to enhance the Incident Response team capabilities, tools and solutions ( Confidential, Confidential, Confidential ), providing recommendations and best practices to optimize security operations reducing overall security risks.
• Perform vulnerability analysis of scans from eRetina, ACAS and Confidential . Review Cyber Com Task Orders and new cyber threats--providing guidance of security controls and best practices to implement to mitigate and reduce risk to Joint Staff enterprise network environment.

Confidential

Principal Information Security Engineer

Responsibilities:

• On-site DC Linux team lead- manage and track multiple O&M support projects.
• Supporting DHS US-CERT providing technical consultation on current and proposed systems.
• Assist in the development, testing, implementation and documentation of these systems; encompassing best practices of the systems life cycle to meet business needs and to enhance system performance and stability of security products (Splunk, ArcSight ESM/SIEM, Loggers, and Connector Appliances on Linux/Oracle platforms).
• Perform and assist in evaluation of procurement costs and licensing; making recommendations for vendor software/hardware systems to ensure cost-effective and efficient operations. Provide O&M support, system sustainment, patch management and upgrades.

Confidential

Sr. Information Assurance Specialist

Responsibilities:

• Provided Cybersecurity and IA C&A support acquiring accreditation for the Confidential ’s Backbone
• CAP office & Confidential standards. Created IA Readiness Reviews reports briefing to executive leadership, reviewed scanning reports, created vulnerability risk management analysis reports providing mitigation strategies, created standard operating procedures (SOP’s) and identified security gaps developing swim lanes across teams within the organization.
• Provided C&A efforts for SAP SCI programs implementing and assessing controls and artifacts from JAFAN 6/3, ICD 503 standards.

Confidential

Principal Information Security Engineer-Capability Lead

Responsibilities:

• Provided IA, C&A, CND SME reach back support, a functional task lead and business development (proposal efforts).
• Led a 25-million-dollar program to re-design the Confidential ’s security infrastructure, a total of 15 sites which included defining system requirements of security tools coupled with a refresh of infrastructure servers, acquisition of hardware and software working with key stakeholders and a team of SME’s.
• Supported civil and defense markets in Information Assurance, CND and Cyber Security. Led the CND capabilities effort, building and leading a team (conducting interviews, providing training, reach back support, developing career paths & yearly assessments) and supporting proposal efforts.
• Manage IRS program to include compiling and reporting the monthly financials and Project status (quad charts) to executive leadership.
• Confidential contract as the IAO, providing C&A support toward IA accreditation of program systems.
• DLA contract as the IAM providing IA/C&A oversight & support for the program
• Served as ArcSight SME Functional Lead to DLA and IRS agencies.