SUMMARY:

• Confidential is a security professional with a proven record for stepping up to new challenges and getting the job done. With over 15 years of hands - on technical and security experience, always ensured projects of high complexity and visibility achieve their objectives and forecasts. Her calling is to ensure all milestones are accomplished under budget throughout a project’s system development life cycle (SDLC) while still meeting and exceeding the expectations.
• Developed and implemented SOP for ACAS/Nessus and SCAP installation, configuration, scanning and analysis, and for Certification Accreditations (C&A) / System Authorization process and procedures. Developed tracking system for C&A project and Retina/ACAS and SCAP validation scan.
• Hands-on security experience with the following FISMA C&A processes: System Security Authorization Agreement (SSAA) development, Concept of Operations (CONOPS), System Rules of Behavior development, Security Test and Evaluation (ST&E) from both a documentation (i.e., Security Requirements Traceability Matrix (SRTM) and overall risk assessment plan construction) and a technical (vulnerability scanning and analysis) standpoint, Incident Response planning, SDLC planning, DIACAP transition planning, Contingency, Disaster Recovery, and Continuity of Operations (CP/DRP/COOP) planning, Project of Action and Milestones (POA&M) development and execution as well as conducting Privacy Impact Assessments.
• Familiar the following security-centric products: McAfee and Norton Anti-virus, Retina, Host-Based Security System (HBSS), Defense Information Systems Agency (DISA) Field Security Operations (FSO) Gold Disk and Security Readiness Scripts (SRRs).
• Information Assurance (IA) DOD expertise, with emphasis on Federal Information Security Management Act (FISMA) processes to include, but not limited to: DoD Information Technology Security Certification and Accreditation Process (DITSCAP - 8500 series) DoD Information Assurance Certification and Accreditation Process (DIACAP - 8510.01) and National Institute for Standards and Technology (NIST) 800-series special publications.
• Strong education skills in system security in Mobile device security management, Managing secure biometric systems, intrusion detections systems, vulnerability scanning tools, identity management solutions, incident response and handling.
• Strong education skills in Trust, controls, security education, training, and awareness from a human performance technology point of view. Project Management, Planned, directed, and managed designated projects.
• Demonstrated leadership qualities in a career path exemplified by increasing responsibilities, with a propensity to manage multiple projects, both team-based and individually, and exceedingly capable in a fast-paced and chaotic environment.

PROFESSIONAL EXPERIENCE:

Confidential

Sr. Information System Security Engineer

Responsibilities:

• Identifies, tracks, and remediates vulnerabilities identified by Information Assurance Vulnerability Alerts (IAVA), A&S teams, or by scanning with automated security tools.
• Monitoring program by spearheading Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide (STIG) engineering and analysis activities
• Provide technical leadership to the enterprise for the information security program
• Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy
• Managed employees from Information Technology department to build Risk Assessment Team charged with analyzing all critical systems, developing reports to document system vulnerabilities, and recommending appropriate solutions
• Responsible for support of existing security policies and procedures, as well as creation and implementation of new security procedures.

Confidential

Sr. Cyber Security Specialist

Responsibilities:

• Identifies, tracks, and remediates vulnerabilities identified by Information Assurance Vulnerability Alerts (IAVA), A&S teams, or by scanning with automated security tools.
• Monitoring program by spearheading Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide (STIG) engineering and analysis activities
• Manages POA&M for accuracy and currency
• Under board direction, operate and manage all aspects of information (IS), data availability, integrity, authentication, confidentiality, and non-repudiation. Develop and execute government approved security policies, plans, and procedures; design and implement data network security measures; operate Network Intrusion Detection and Forensics; conduct performance analysis of IS security incidents; develop COOP/DR plans and support certification of IS Networks
• Supporting Systems Test and Evaluation (ST&E) efforts and other support to the IT Security Office
• Supervise operation of Electronic Key Management System, other information security duties, and Public Key Infrastructure (PKI). Operate Host Based Security System (HBSS), firewalls, Intrusion Prevention Systems, Intrusion Detection Systems, other point of presence security tools, Virtual Private Networks (VPNs), and related security operations.

Confidential

BAN/LAN NetOps Security Specialist

Responsibilities:

• Conducted analysis of Cisco, Juniper routers, firewalls & switches configurations using Nipper & Cisco Analyzer tools.
• Used and applied knowledge of Security Assessment & Authorization (SA&A) policies, guidelines, and regulations in the assessment of IT systems and the documentation and preparation of related documents
• Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide (STIG) engineering and analysis activities
• Support the remediation actions to correct assessment findings and develop supporting plan of action and milestone (POA&M) reports and update System Security Plan.
• Ensuring that appropriate steps are taken to implement information security requirements for IT throughout their life cycle, from the requirement definition phase through disposal
• Identifies, tracks, and remediates vulnerabilities identified by Information Assurance Vulnerability Alerts (IAVA), A&S teams, or by scanning with automated security tools. Tracking ticket in Remedy for ITA as well as in USMC.
• Project coordination - Planning and managing multiple tasks simultaneously with the customer POC and ITA representative.

Confidential

Information Assurance Manager / Network Security

Responsibilities:

• Developed and implemented SOP for ACAS/Nessus and SCAP installation, configuration, scanning and analysis, and for Certification Accreditations (C&A) / System Authorization process and procedures. Developed tracking system for C&A project and Retina/ACAS and SCAP validation scan.
• Function as a liaison for the program managers, system administrators, user representatives and developers to complete an entire C&A package in a timely, professional and organized manner. This includes, but is not limited to: Gathering and organizing technical information about an organization’s mission goals and needs, existing security products, and on-going programs in the security arena.
• Develops, updates, and completes systems security plans based on the National Institute of Standards and Technology (NIST) Special Publications and conducts an annual self-assessment
• Defining and analyzing security requirements. Designing, developing, engineering and implementing security solutions to achieve business objectives. Performing risk analysis to include, identifying and periodically evaluating information security controls and countermeasures to mitigate risk to acceptable levels as well as reporting significant changes in information risk to appropriate levels of management for acceptance on both a periodic and event-driven basis.
• Develop and update DADMS/DITPR Department of the Navy Application Database Management System Contingency plan.
• Monitor to ensure new hardware that was placed on the RDT&E network was thoroughly scanned for vulnerabilities.
• Implemented new intrusion detection systems and rules in order to mitigate future risks to the RDT&E network.
• Apply enterprise level IA best practices and regulation to a wide variety of Defense Information Systems Agency (DISA) Mission Assurance and Network Operations projects. These projects include, but are not limited to: McAfee Host Based Security System (HBSS), Tenable Assurance Compliance Assessment Solution (ACAS), Microsoft Windows Server Update (WSUS), and Eye Digital Security Retina. Updating and modifying Plan of Action and Milestone (POA&M) package.

Confidential

Network Security / Information Assurance

Responsibilities:

• Milestone: First to have a successful DIACAP / BTI Albany package approved for and ATO.
• Developed and implemented SOP for ACAS/Nessus and SCAP installation, configuration, scanning and analysis, and for Certification Accreditations (C&A) / System Authorization process and procedures. Developed tracking system for C&A project and Retina/ACAS and SCAP validation scan.
• Confidential in Albany, GA (BTI-T) On-site support for BTI Network mapping, Retina Scanning, and Equipment inspections let to an effective completion process with minimal delays.
• Update and develop (C&A) Certification and Accreditation efforts which include scanning, analyzing the data, incident response and handling, remediation, recommendation for resolution.
• Remote support for BTI all allowed me to manage and successfully secure, and employ fault-tolerant of telecommunication-systems for data access and identity management for dozens of servers, computers and special hardware.
• Assisted with the implementation and cyber-security of the marine BTI in Albany, GA. Efforts led to the completion and wrap-up of the Department of Defense Information Assurance Certification and Accreditation Process.
• Protected vulnerable network following detail risk assessments, validation, acceptance testing and implementation of secure, networked communications across remote sites.
• Generate accurate and effective reports to assist in vulnerability patching and/or Plan of Action Milestone (POAM).
• Conduct DISA Security Technical Implementation Guidelines (STIG for various systems.

Confidential

System Engineer

Responsibilities:

• Stationed at the Confidential supporting a General Dynamics Government Contract. Perform, Deploy and support Active Directory environments, Win2003, 2008 Server and Vista. Provide Blackberry installation at the enterprise-level; Install and upgrade network hardware, software components, Install, configure network printing, rights, security, workstation imaging.
• Ensure equipment meets clients’ requirements in regards to their access to resources on the network. Expert at conducting root cause analysis and determining when to escalate certain issues, maintaining a high level of client satisfaction.
• Deploy and implement hardware and software workstation and serve related Hardware and software. Also deploy workstations into the active directory. Troubleshoot the Network issues and provided solutions to the senate offices.

Confidential

Network Engineer

Responsibilities:

• Designed Installed and implemented Windows 2003 and 2008 Servers, Active Directory including create, manage and test Group Policy objects for security implementation as well as troubleshooting AD replication issues
• Perform AD Backup /restore using Backup exec configure, installed and scheduled
• Procurement, configuration, and installation of new Dell Netware 6.5 servers and Cisco Layer 3 switches, in addition to LAN room/MDF design, including physical security requirements, coordination of data/voice cabling, and circuits ordered based on projected bandwidth requirements, for both new borders construction projects as well as existing POE's.
• Engaged in Congressionally mandated projects such as WHTI and 10-Print and instrumental in facilitating communication between all interested parties also implementation of large-scale infrastructure upgrades at major 24x7 commercial and passenger ports with zero tolerance for downtime and extremely limited windows of opportunity
• Scripting installation packages and auto-installs effectively reducing the time spent configuring new desktop’s, producing a more consistent product across differing types of sites, and ensuring conformity to CBP security standards
• Creating new application specific images based on the CBP automated Windows XP install and configuring the Ghost deployment of hundreds of new pc’s through automatic hardware detection, scripted installs, and attaching to Active Directory programmatically; in effect designing master images that require little to no user intervention once deployed

Confidential, Washington, DC

Network Administrator

Responsibilities:

• Created, managed and administered group system back-ups, imaging, user accounts emails setups, upgrades, technical support, profiles, and files on main WinNT 4.0 Servers, maintained UNIX systems (Linux, Solaris).
• Designed Installed and implemented NT 4 to Active Directory upgrade project, which involve an upgrade to Win2000 server. Upgraded and configured network equipment (hubs, switches and hardware)
• In charge of upgrading drivers and applications software and Maintained updated service packs and patches. Installation of memory, hard drives, modems, NIC’s, printers etc. Installs, configures and supports Riverside Hospital’s local area network (LAN), wide area network (WAN), and Internet system or a s segment of a network system.