SUMMARY:

• Results - driven Cyber Security Manager with 25+ years of experience in area such as Information Assurance (IA), Security Governance, IT Compliance, facilities, Information Security, Personnel Security, IT Auditing, 3 rd Party Annual and Semi-annual Security Risk Assessments, Military, Nuclear Surety and Government Special Access Programs (SAP).
• Known for professional integrity, Leadership, Staff Mentorship and high ethical standards.
• Known for keen ability to interact with Vendors, Contractors, Technical and Non-Technical Staff as well as Executive Management.
• Demonstrated expertise in attention to detail, written and verbal communication and managing security resources to include performance management .
• Superb working knowledge of Cyber Security in a wide range of computer related disciplines, with concentration in, FISMA, FEDRAMP, NIST, DIACAP, DOD 8510, DCID 6/3, SOX, PCI-DSS, HIPAA, based Information Technology (IT) Accreditation, Network Security enforcement, and Government IA Policy.
• Program Budget Management.

SKILL SUMMARY:

• Security Control Assessments
• NIST r4
• NIST-SP r4
• FISMA
• FEDRAMP
• HP Fortify SCA
• Checkmarx
• Windows Operating Systems
• Microsoft Office Suite; MS Word, MS Excel, MS PowerPoint, MS Outlook
• Hardware/Software Installation

EXPERIENCE:

Confidential

Sr. Cyber Security Program Manager

Relevant Skills: Application Security Control Assessments (SCA); NIST r4; NIST-SP r4; FIPS-199; SOX, PCI-DSS, HIPAA, FEDRAMP; FISMA; SAST; DSAT.

Responsibilities:

• Resource allocation and utilization;
• Implementing cyber security solutions in multiple government agencies to include HHS/CMS, SBA and FSA.
• Leads weekly Cyber Security Framework scorecard reviews with senior management as well as technical staff.
• Leads incident response stakeholders meeting to remediate enterprise threats and vulnerabilities with senior management as well as technical staff.
• Conducting technical, management, operational and privacy reviews;
• Application penetration testing;
• Conducting and Leading Fast execution of tasks with timeliness and quality of deliverables;
• Provides leadership, performance management, and coaching of staff;
• Program Management supporting multiple Cyber Security programs within Blue Canopy JACOBS;
• Serves as security principal liaison collaborating with other commercial and government technology support organizations.
• Leads sessions to effectively resolve program related issues.

Confidential

Sr. System Security Manager

Relevant Skills: Provided ISSO/Security Compliance support to CMS Affordable Healthcare Migration. Reviews and prepares requirements and design documents, system security plans (SSPs), information security risk assessments (ISRAs), and contingency plans (CPs) prior to SCA Security Testing. AWS and Microsoft Azure Infrastructure Assessments. NIST r4; NIST-SP r4; FIPS-199; SOX, PCI-DSS, HIPAA, FEDRAMP; FISMA; SAST; DSAT. Databases, MySql, Mongo, AWS RDS, Nessus, MS Active Directory

Responsibilities:

• Lead Key contributor during 3rd party Application Security Control Assessments to ensure all documentation, applications, processes, and controls are current and compliant to meet FISMA and Client Data Protection requirements in order to maintain the system Authorization to Operate (ATO). Maintained the integrity of the IT system security controls by conducting periodic security assessments, and ensuring security compliance of the system.
• Managed the vulnerability scanning and remediation process. Compiled monthly dashboard reports to management and lead remediation efforts. Collaborated with Network, Security, Windows, and Database teams to ensure the required security controls were implemented in accordance with NIST requirements. Coordinated the remediation of any security controls found to be deficient during scans, assessments, or internal security reviews.
• Lead various compliance activities including the compliance documentation process to ensure the real time accuracy of documents such as the System Security Plan and Risk Assessment. Lead the Security Impact Analysis process for deployments and changes to the system. Lead Contingency Plan (CP) related processes such as documentation updates, coordination with the disaster recovery site, and the Tabletop Tests.
• Provides leadership, performance management, coaching of staff and Program Management supporting multiple Cyber Security programs.

Confidential

Sr. Security Lead

Relevant Skills: Security policy establishment and Continuous Monitoring; HP Fortify; SCA; AWS and Microsoft Azure Infrastructure Assessments preparation support. NIST r3/4; NIST-SP r3/4; FIPS-199; SOX, PCI-DSS, HIPAA, FEDRAMP; FISMA; SAST; DSAT. Oracle Database, HP Fortify and Checkmarx App Scan Tools.

Responsibilities:

• Used HP Fortify Source Code Analyzer for Software Change Request on the application code baseline updated for deployment in Production environments.
• Mitigated HP Fortify code report generated by the source code analyzer.
• Provided Information Assurance Engineering expertise by reviewing CNCS systems for 3rd party risk assessments; annual IT Audits of security controls, evaluating systems against findings from continuous monitoring, Independent Verification and Validation (IV&V) prior to production, and verification of system configurations and data after once in production.
• Provided oversight to onsite security team.
• Reviewed software releases and documentation for both functionality and consistency to verify security controls are addressed.
• Provided Guidance to management and security personnel for Control Reviews and ATO renewal requirements.
• Researched and supported the implemented the Open Web Application Security Project (OWASP) as new Security Standard.
• Provides leadership, performance management, coaching of staff and Program Management supporting multiple Cyber Security programs.

Confidential

Sr. Security Manager - Deputy IA Lead

Relevant Skills: Provided General and Privileged system users in an Army cloud environment. Served as the Deputy IA Lead. NIST r3; SOX, PCI-DSS, HIPAA, FEDRAMP; FISMA; SAST; DSAT. Apache and JBoss Webserver.

Responsibilities:

• Provided Information Assurance Engineering expertise by creating Test Procedures (CTP) to solve complex issues involving software and hardware engineering practices
• Led and provided IA standardization as well as industry best practices for and Accreditation
• Reviewed software releases and documentation for both functionality and consistency to verify security controls are addressed
• Provided test cases to verify features are available and that new releases correct issues identified during functional testing
• Reviewed and analyzed software code using HP Fortify Security Scans
• Oversaw the installation of operating system security tools, perform scans and provide mitigation strategies for cloud architecture hardware and software components, to include but not limited to: Apache (Cloudera) Hadoop, Accumulo, Java, JavaScript, JBOSS, Tomcat, Ozone Widget Framework and Geo Spatial.
• Provides leadership, performance management, coaching of staff and Program Management supporting multiple Cyber Security programs.

Confidential

Sr. Security Manager / Subject Matter Expert

Relevant Skills: HP Fortify; ISSO; SCA, NIST ; SOX, PCI-DSS, HIPAA, FEDRAMP; FISMA; SAST; DSAT.

Responsibilities:

• Planning and executing the Systems Development Life Cycle (SELC)
• Provided security expertise to system development teams
• Applied the appropriate NIST security controls
• Mitigated HP Fortify code report generated by the source code analyzer
• Implemented continuous system monitoring during Operation and Maintenance Phase, to include:
• Maintenance of a current ATO
• Monitoring System compliance
• Conducted Annual Assessments

Confidential, Ft Belvoir, VA

Information Systems Security Officer

Relevant Skills: Security Compliance Support

Responsibilities:

• Assisted with computer security engineering for classified networks. Supported the government in preparation of C&A documentation; planning and implementation by reviewing and developing program documentation; ran RETINA scans, DISA STIG and SRR compliance.
• Develop and schedule submissions of all C&A deliverables including System Security Authorization Agreement SSAA, Risk Management Matrix (RMM), Test Plan (CTP), System Requirement Traceability Matrix (SRTM), Plan of Action and Milestone (POA&M), and Test Report (CTR).
• Provide guidance to less experienced systems personnel. Specific requirements include project level coordination of DCID6/3, DoD 8500.2 AR-25 C&A tasks; scheduling and identification of resources for upcoming tasks and creation and review of C&A packages
• Develop Security Concept of Operations which describes basic security philosophy, ´game plan, as well as a Plan of Action & Milestones (POAM) ´get-well-plan.
• Lead C&A projects and provide expert level knowledge to IT systems security and related areas, such as IT systems vulnerability assessments, system security policies and procedures.
• Documented, analyzed, registered reviews and submitted C&A packages in accordance with relevant C&A processes described in the DoDIIS, and DITSCAP guides.

Confidential, Dahlgren, VA

Information Systems Security Officer

Relevant Skills: Security Compliance ISSO Support

Responsibilities:

• Implemented a password crack program which was responsible for reducing the password cracks from 19% to less than 1% for an organization of 5,000+ employees.
• Designed and implemented an effective IA program consisting of user guides, bulletins, tapes, and PowerPoint presentations used by staff and management.
• Managed several Computer Network Vulnerability Assessment (CNVA) inspections, which were graded well above MDA’s average.
• Improved the systems security from 45% to 98% and operations security from 75% to 95% by developing methodologies and metrics to perform risk assessment and security assurance.

Confidential, Quantico, VA

Information Systems Security Officer

Relevant Skills: Security Compliance Support

Responsibilities:

• Responsible for validating system security packages assigned before they are turned over to the Accreditation Unit for determination on the level of accreditation approval for the system.
• Support the ISSM in creating, certifying and accrediting major Federal Applications; security policies and System Security Plans (SSP) for the FBI’s and Accreditation (C&A) security program; utilizing guidance provided by the National Institute of Standards and Technology (NIST) Special Publication (SP) Security Self- Assessment Guide for Information Technology Systems, and NIST SP A, Guide for Assessing the Security Controls in Federal Information Systems.
• Develop the Security Requirements Traceability Matrix (SRTM) and the Risk assessment document called the Risk Management Matrix (RMM).
• Work with the tester to determine the best security control countermeasures to mitigate discovered vulnerabilities.
• Developed a Risk Management Matrix (RMM) program which was responsible for the Information System Security Unit during a critical restructuring period.
• Perform assessments and administrative guidance on the FBI’s Disaster and Recovery Plan during the C&A process.