SUMMARY:

Results - driven, competent and innovative IT professional offering extensive years in leading technology initiatives combined with in-depth knowledge of network security systems, frameworks, applications, policy, procedures, and techniques. Strong qualifications developed over comprehensive experience with focus on information assurance management, governance compliance risk management, IT support services, and network administration.

WORK EXPERIENCE:

Cyber Security Information System Security Manager

Confidential, Fort Belvoir, VA

Responsibilities:

• As the Cyber security Information System Security Officer (ISSO) and direct liaison for Program Terrestrial Sensors (PM-TS) currently directing and consulting the five (5) Project Manager (PdM) commands that report to PM-TS in achieving the ARMY's enterprise compliance for Risk Management Framework (RMF) for all associated systems.
• Advise appropriate senior executives, stakeholders and leadership of changes affecting the security posture of the organization and its programs, making sure all were aware of any possible compliance issues.
• Define and/or implement policies, standards and procedures to ensure protection of critical infrastructure (as appropriate).
• Prepare, distribute, and maintain strategy plans, polices, standards, procedures, guidance, and standard operating procedures (SOP) concerning the security of network system(s) operations.
• Evaluate cost benefit analysis, economics, and risk assessment analysis in decision making process
• Ensure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organization's mission and goals.
• Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with the organizations threat level.
• Evaluate and approve development efforts to ensure that baseline security safeguards area ppropriately installed.
• Using multiple frameworks i.e.; FISMA, NIST, RMF with references aligned with Confidential 27001.
• Participant in the Steering Committee in the review of security risk assessments, and the development or modifications of the computer enterprise while maintaining business objectives of the security program.
• Confirm plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, security inspections, ensure that all requirements are integrated into the continuity planning for at risk systems and/or organization(s).
• Identify security requirements specific to an IT system, software and security measures in all phases of the System Development Life Cycle (SDLC).
• Recommend resource allocations required to securely operate and maintain an organization.
• Instrumental in promotion of security awareness to the organization through various security training lectures, power point presentations, and security inspections, accomplishing Confidential more security aware culture mindful of their role in security.
• Appreciative in the accomplishment of being able to direct and guide PM-TS in their need and requirement to meet Confidential compliance, from my inception approximately 18% of the PM-TS systems had Confidential certified approval to operate, within 2.5 years that number has grown to 88% of the systems meeting required compliance, governance, and risk management thresholds.

Information Assurance Support Administrator

Confidential, Fort Meade, MD

Responsibilities:

• Maintaining system compliance through prioritizing mitigation strategies to ensure the effectiveness of the system's security posture.
• Having direct responsibilities responding to the government PMO for and about all concerns involving
• Information assurance issues and or complaints. My charge is to ensure all parties are fully aware of the scope to which the government requires compliance and how we are to address document mitigate and informed the PMO of our continuous security posture.
• Support the onsite program support personnel in the day to day support of deployed secure wireless systems maintain operational and practical situational awareness of all associated and applicable system vulnerabilities and requirements
• Maintain and keep current the Vulnerability Management System (VMS) interface with appropriate personnel (ISSM, FSO) on an as needed basis to discern applicable vulnerabilities, OPORDS and all information assurance notices
• Authored and edited new standards and policies for the program which will be the standard for their guidance and success.
• Coordinate with Tier II support to convey IAVA issues and applicability proactive in resolving all IA policies for IAVM and STIG's compliance matters
• Ensure management is fully invested in the IA process and keeping all management informed with regards to systems continuous security posture requirements, provide reports on results of the same

Information Systems Security Officer

Confidential, Arlington, VA

Responsibilities:

• Duties include evaluation of Certification Test Procedures ( Confidential ) to determine accuracy; Confidential security review of Confidential - Confidential operating systems, databases, hardware architecture, network devices, and applications for compliance with certification regulation requirements.
• Review and interpret system scan results to determine security vulnerabilities; execute and review joint Confidential /Cryptologic Confidential Information Systems Security Standards (JDCSISSS) check list to determine system compliance; development of vulnerability findings reports for all assigned mitigation tasking. Communicate findings to senior US Army and Confidential leaders and provide well-defined deadlines and accountability of assignments to include updated policy and procedures ensure consistency regarding the delivery of security services.
• Knowledgeable in Information Assurance regulations for the Department of Defense and the IC to include the ICD 503, DCID 6/3, JDCSISSS, Confidential 8500.2, AR 25-2, and ICD/ICS instructions development and follow planned guidance for annual, risk assessments and new system configurations for implementation.
• Experienced in reviewing TS/ Confidential classified systems for Certification and Accreditation ( Confidential & Confidential ),preparing/reviewing system certification packages to include System Security Authorization Agreements (SSAAs), System Security Plans (SPPs), and Security Requirements Traceability Matrixes (SRTMs) and experience running system compliance checklists and automated tools such as the DISA STIGs, Gold Disk, SRRs, and Retina

Information Assurance Engineer/Analyst

Confidential, Falls Church, VA

Responsibilities:

• Serve as an Information Assurance Engineer in support of Military Health System ( Confidential ) centrally managed Clinical, Resources, Logistics, Clinical, and Executive Information and Decision Support, and Theater systems.
• Responsibilities included working as part of an integrated team of systems, security, and operations engineers in support of multiple Confidential systems.
• My duties of the IA Engineer/Analyst include monitoring, management, development, and maintenance of Information Assurance packages in accordance with the Confidential Information Assurance Certification and Accreditation Process ( Confidential ) per Confidential 8510.01; as well as migration to the planned Risk Management Framework (RMF) process for developing, coordinating, obtaining, and maintaining
• Authority to Operate (ATO), Interim Authority to Operate (IATO) approvals.
• Other duties included development, management, monitoring and maintenance of Risk
• Document and to develop security artifacts throughout the product lifecycle.
• Able to independently develop and recommend solutions to support client requirements in solving moderate to highly complex IA documentation tasks
• Able to conduct IA analysis including system/security requirements analysis and system security definition and specification development of INFOSEC policies and procedures utilizing technical and analytical skills
• Familiar with and trained to utilize the Enterprise Mission Assurance Support Service (eMASS)
• Excels at developing and maintaining IA documentation
• Interaction with software development and sustainment vendors to ensure they applications and software operate securely
• Worked closely with assigned System Engineers, who are responsible to test, identify and detect software vulnerabilities using established software scanning tools (e.g. Web Inspect, Retina, and Fortify)

Information Assurance Officer

Confidential, Chantilly, VA

Responsibilities:

• Performed in the role of the Information Assurance Officer ( Confidential ) in support of Theater Medical Information Program Air Force ( Confidential ) program and external customers
• Developed and implemented technical solutions to meet regulatory security policies as well as best practices for servers, routers, firewalls and other LAN/WAN equipment.
• Provided network and security engineering expertise and guidance for all aspects of information assurance.
• Maintained the year-round security posture to meet Confidential Defense Information Assurance Certification and Accreditation Process ( Confidential ) and Air Force policies/requirements
• Competent within my abilities to work in Confidential dynamic environment and effectively interact with numerous Confidential, military/civilian personnel and industry partners.
• Adept while working with the other members of the Information Security team to prepare for and successfully pass Certification and Accreditation, Approval to Operate (ATO) and Confidential audit procedures.
• Monitor the security posture of networked information systems and proactively addresses any security vulnerabilities.
• Experience developing and executing proper procedures for handling security incidents required Works with DHIMS/ Confidential PMO staff; writes reports on the status of security safeguards applied to computer systems
• Working knowledge of Information Systems Security Standards, Common Criteria, and System Security Policies as they relate to Confidential & Confidential
• Performs AIS self-inspections, provides security coordination, and review on all system test plans
• Reviews, prepares, and updates Automated Information System (AIS) accreditation packages • Maintains AIS security records and prepares Co-Utilization Agreements for network nodes operating in government facilities
• Ensures AIS and network nodes are operated, maintained, and disposed of in accordance with security policies and practices
• Demonstrated proficiency with Windows servers and workstations (OS), routers, firewalls and general
• Demonstrated proficiency with Windows variants, Unix variants, TCP/IP, LAN networking,configuration of O/S, server installation/configuration, client installation, FTP, Telnet, shell scripting, and web technologies
• Contributes to an atmosphere of cross-functional teamwork within the organizations Agile project lifecycle.
• Review and author SSPs, review, track, and conduct AIS training
• Strong organizational skills and the ability to multitask; can set priorities and follow Confidential timeline
• Strong written and verbal communication skills
• Ability to work in Confidential fast paced, constantly changing environment

Information Assurance Security Engineer

Confidential, Quantico, VA

Responsibilities:

• Drafted ad hoc reports about the compliance of the organizations security posture from Confidential provided intrusion detection test.
• Duties included analyzing, assimilating, and evaluating information relating to computer/network security and information, creating RDT&E network diagrams,
• Provided continuity while evaluating policies, procedures, standards, guidelines, and objectives and applying them for the protection of information and information technology systems.
• The IA Staff provided IA trends and recommendations to Marine leadership addressing risk to integrity, availability and confidentiality during the testing phase through ATO completion. Provided expert consulting assistance to users in the evaluation of hardware, software and peripherals and assists users in the use of commercial software, and in the development of software applications
• Performed senior operator, systems administrator duties and unit level maintenance using protocols, equipment and methods for diagnosing, recovering, adjusting and improving IT systems.