SUMMARY:

Over 18 years of experience in various levels of Information Technology (IT) including tier - 1 Helpdesk, Tier-2 Desk side assistance, Tier-3 System Administrator/engineer, Information Assurance, Cyber Security and IT Management. Confidential has, over the course of his career, demonstrated strong leadership, technical ability, resource management, problem solving and, excellent customer service.

PROFESSIONAL EXPERIENCE:

Information Security Analyst Lead

Confidential

Responsibilities:

• Served as site CAAN IA for the Head Quarters- Resolute Support Forward Operating Base 
• Performed Security review and approval for all new accounts (SIPR, NIPR and CRX)
• Performed Security review and approval for all local and foreign national accounts (NIPR)
• Performed ACAS infrastructure compliance scans
• Develop Plan of Actions & Milestones
• Lead Incident Response Teams and Actions (CDV, NDCI)
• Coordinate follow on IRP activities with USFOR-A
• Perform some forensic analysis
• Developed and provided training for DoD Information Management Officers (IMO)
• Provided advice and guidance on the use of software in theatre
• Review and approve Web Proxy requests
• Review and approve elevated privilege requests
• Perform new software assessments
• STIG Digital senders/all in one printers
• Configure ACAS Scans
• Analyzed ACAS and SCAP scan results and perform follow on mitigation strategies
• Responsible for overall site security posture

Principle Cyber Security Engineer

Confidential

Responsibilities:

• Served as Cybersecurity Lead Engineer across all DVA Community Care IT Projects
• Managed over 21 project teams facilitating System Confidential ’s, Risk Assessments, security engineering, Security timelines (WBS, IMS) and overall security posture maintenance.
• Provide Technical briefs for Government Leads, Project and Corporate Leadership.
• Conducted weekly status meetings with DVA ISO, Project PM’s and Company Portfolio Manager.
• Developed and reviewed all security documentation including Security Risk Assessments, Contingency Plans, Security Tests, System Security Plans, FIPS199 worksheet and Security Control responses.
• Manage system security lifecycle utilizing VA RiskVision GRC Tool.’
• Advised VA ISO on security way forward strategies
• Facilitated Confidential process for Cloud based systems in AWS & MS Azure environments (IAAS & PAAS)
• Facilitated adoption of VIRTTRU Encryption As A Service (EAAS) as agnostic interagency mail encryption solution
• Advised DVA Policy on strategy for 8510 adoption and revamping of Va 6500.x series policy documents
• Served as corporate Cyber Project Manager
• Served as Cyber Deputy to DVA Community Care PM
• Successfully built and executed case for contract extension from 2 FTE’s to 6 FTE’s.

Confidential

Responsibilities:

• Provided Instruction for Department of Veteran’s Affairs cybersecurity staff
• Provide Technical briefs for Government Leads
• Drafted Security related official Memorandums
• Drafted agency wide and program level security policies
• Drafted system Information Assurance Strategies
• Drafted Programs Security Action Plan
• Develop and perform review of security documentation including Security Risk Assessments, Contingency Plans, Security Tests, System Security Plans, Security Controls.
• Provided organization assessment of security related emerging technologies and implementation feasibility.
• Served as Cyber Lead supporting the VA Enterprise Cyber Security Team (ECST) Security Architecture & Engineering Domain (SAED)
• Drafted system decommission policy documents and checklists
• Served as security Lead on various Agency/system vulnerability mitigation tiger teams
• Drafted Requests For Information (RFI’s)
• Assisted in the develop Source Code analysis requirements for emerging tools
• Developed Security focused IMS
• Provided talking points and presentations for congressional hearings Track VistA Ecosystem A&A status
• Provides technical leadership and support for proposal development activities and support for customer technology initiatives.
• Identified, captured intel regarding emerging contract opportunities
• Develop Cyber Capabilities brief
• Served as Lead across multiple programs (DTRA, VA - CSPP, VE - VSR, VE - VEC)

Sr. Manager/ Auditor

Confidential

Responsibilities:

• Served as Sr. Manager in support of DLA OIG SSAE16 Audit
• Audited SSAE26 IT security related controls for 3 DLA Systems (DAAS, iRAPT and DAI)
• Provided Control Assessments
• Drafted Work papers and Audit reports
• Conducted required testing of security controls for all systems
• Assisted Agency in Development of Mitigation strategies
• Provided timely status reports
• Developed control testing WBS

Lead Cyber Security Engineer

Confidential

Responsibilities:

• Served as Cybersecurity lead providing overall guidance at the program level
• Developed process and reviewed tools for Data de-identification in preparation for new EHR testing and interoperability
• Develop strategy for the Alleghany Ballistics Laboratory Approved Labs Authorization for NIPR Connection and .com environments
• Register system in DITPR, DHP-SIRT, eMASS and TAD (DHA VM)
• Provide security guidance to Interface, Data, System Engineering
• Completed ACAS Training requirements
• Completed DISA CAP process
• Created Security related IMS mapped to engineering deliverables
• Provided guidance to Engineering team on security related Network, IaaS, process impacts and improvements
• Develop Guidance and instruction for DHMS-PEO cybersecurity staff in regards to NIST RMF for DoD 6 step process
• Provide Technical briefs for IAM, DAA, SES
• Develop and Perform review of security documentation including Security Risk Assessments, Contingency Plans, Security Tests, System Security Plans, Security Controls.
• Provides technical leadership and support for proposal development activities and support for customer technology initiatives.
• Develop baselines and schedules in preparation for Fixed Facility Government Approved Lab Accreditation/Authorization.

Cyber Security Engineer

Confidential

Responsibilities:

• Serve as Cybersecurity lead
• Develop Threat Matrix/Models
• Develop strategy for the Fixed Facility Government Approved Lab Authorization/Accreditation
• Register system in DITPR, DHP-SIRT, eMASS and TAD
• Proposed strategy/path for EHR accreditation
• Provide security guidance to Interface, Data, System Engineering and GAL working groups
• Complete DISA CAP process
• Conduct Bi-weekly accreditation/authorization working groups
• Advise System Engineering team on security related impacts and improvements
• Brief SES on system/Site status
• Develop Guidance and instruction for DHMS-PEO cybersecurity staff
• Develop and edit acquisition related Cybersecurity documentation (PPP, EMP)
• Provide Technical briefs for IAM, DAA, SES
• Develop and Perform review of security documentation including Security Risk Assessments, Contingency Plans, Security Tests, System Security Plans, Security Controls.
• Provide weekly Cybersecurity related Quad chars for senior leadership.
• Provide Guidance and direction for Site construction/architecture appropriate to MAC/CIA Level
• Provides technical leadership and support for proposal development activities and support for customer technology initiatives.
• Develop baselines and schedules in preparation for FFGAL Site Accreditation/Authorization.

Lead Information System Security Engineer

Confidential

Responsibilities:

• Conduct and Oversee DIACAP/NIST(RMF) technical security assessments for DHSS Information Systems
• Provide Technical briefs for IAM, CISO, CTO, CA, DAA
• Responsible for processing ongoing full life cycle Certification and Accreditation (C&A) support for DHSS Information Syste,.
• Utilize various security assessment tools such as Fortify 360, EyE Retina, HP WebInspect, App-Detective, DBSRR’s, SCAP and DISA Security Technical Implementation Guides (STIGs), ACAS, HBSS.
• Conducted activities to maintain FISMA compliance.
• Develop and Perform review of security documentation including Security Risk Assessments, Contingency Plans, Security Tests, System Security Plans, Security Controls.
• Provide weekly IA dashboards for senior leadership with a detailed summary and current status of all C&A activities.
• Evaluate and review staff prepared C&A IS packages required for Authorization To Operate ( Confidential )/Annual Review (AR)/Risk Assessment (RA) Approval.
• Manage, analyze, and upload ISVMs, scans, and Vulnerability Alerts to notify DHA personnel departments.
• Identifies opportunities for technical innovation in regards to security test mitigations
• Provides technical leadership and support for proposal development activities and support for customer technology initiatives.
• Develop baselines and schedules in preparation for CS initiative.
• Conduct Weekly DISA hosted IAWG’s.

Information System Security Engineer/ Information Assurance Analyst

Confidential

Responsibilities:

• Provided information assurance support to DHSS applications both centrally hosted and deployed to over 100 MTF’s (Military Treatment Facilities) worldwide.
• Employ process-driven procedures to ensure timely completion of Certification and Accreditation (C&A) efforts under DIACAP for all risk assessments and annual reviews.
• Maintain continuous and high level of system security through the Information Assurance Vulnerability Management (IAVM) process and use of the Vulnerability Management System (VMS).
• Supported DHSS Program Offices by participating in Internal Baseline Reviews (IBR), Technical Requirements Reviews (TRR), Preliminary Design Reviews (PDR) and Critical Design Reviews (CDR).
• Conducted full security assessments for DHSS systems (applications) including security scans and appropriate manual checks commensurate with the applications components including custom coded applications and various platforms (window, Unix, Citrix/AVHE).
• Effectively managed 2 teams while establishing project schedules, timelines and deliverables as well as trained new ISSE and IA staff members.
• Prepared and updated documentation to achieve reciprocity as required.
• Responsible for briefing directly CTO and DPM’s on project status as well as C&A activity reports (POA&M status, C&A activity updates and way forward planning to achieve and maintain FISMA compliance).
• The systems under Michaels purview comprised of MS SQL, Oracle 11g, 10g, business intelligence; DB2, Windows 8, mobile, 2K3, Unix RHEL5, MS terminal services, Reflection for SSH and custom applications.

Email & Peripherals Technical Lead

Confidential

Responsibilities:

• Provided oversight and implementation of daily operations, projects encompassing customer support, enhancements/modifications and technical resolution for the E-Mail Infrastructure (including SMTP relays, desktop and remote clients), desktops and peripherals (hand helds/mobile office).
• Served as the assistant to Branch chief as well as Bureau technical lead in the Google Aps for Business migration and VIP liaison (for high ranking officials and political appointees) providing oversight for Main Interior Building and satellite locations reporting directly to the Chief.
• Received multiple certificates of recognition and the coveted “Directors Award” which is the highest obtainable award in the Interior Business Center, OCIO organization.
• Responsible for developing centralized solution for Lotus Domino Migration, support procedures and documentation of the legacy system functionality.
• Successfully deployed a regional resilient email solution in accordance with the DoD mandate as well the applications successful migration to Unix, Z-linux platforms.
• Worked C&A team to resolve vulnerabilities for associated Domino/Desktop/Peripherals systems while maintain security posture as well facilitating stage 5 of the DIACAP life cycle for legacy messaging systems and hardware.
• Responsible for developing and conducting trainings for IT staff and general user community.

Regional Message Administration Team (RMAT) - Lead

Confidential

Responsibilities:

• Served as the technical lead with the strategy of transitioning our team into the national Support teir-3 contract.
• Instrumental in developing policies and procedures governing troubleshooting and trouble ticket management.
• Only member of the RMAT team to serve in a dual capacity as a member of both the Mobile device and Email Administration teams.
• Duties included daily progress briefs for trouble ticketing activities, taking trouble calls, providing VIP support, technical briefs for RCA’s, MDM management and serving as a bridge for the (mobile) telecom office and the customer.