SUMMARY OF EXPERIENCE:

Majority of career has been with the Department of Defense ( Confidential ) Intelligence Community, to include Cyber Security, ArcSight SIEM engineering and content development, Splunk content, SOC support, intrusion detection analysis, Information Assurance (IA), and Information Security (INFOSEC). System engineering, software engineering, Red Hat Linux, Solaris, Ubuntu, Confidential STIGs/Red Hat hardening, Perl/CGI programming, Apache, Red Hat and Solaris scripting, Motif, C programming. Satellite collection, processing and reporting. Signals analysis.

TECHNICAL SKILLS:

HARDWARE PLATFORMS/OS USED: Red Hat Linux, Red Hat Enterprise Linux, Red Hat Advanced Server, Ubuntu, SunFire X4600, Sun Enterprise 220R, 450 Solaris 2.6 - 2.8 Sun SunFire 280R, SPARC1,2,5,10,20,1000, Sun Server 690MP, Ultra5,10,20, Cisco Blade Servers, Dell PowerEdge 1300, 1400, 1750, 1850, 2650, 2850, 6650, Dell EMC2 CX200/CX300 SANs, HP 385, HP Blade servers, HP DL series, HP-9000 (HP9.05/9.07), numerous makes of PCs., SEL/GOULD mainframes 85/86, 32/77, 32/87 (RTM and Real-Time MPX), DEC MicroVAXII (VMS), Data General (DG-UX), MASSCOMP 6650 (System V Real-Time UNIX 5.0/6.0) for DSP

SOFTWARE LANGUAGES/ Scripting / GUI BUILDER’S: PERL/CGI/HTML, C, Python, JavaScript, C-shell, Bourne shell, Korn shell, csh, bash, C/UNIX X11 OSF/Motif 1.1, 1.2 Developments (BX 3.5, UIM/X 2.5, XDesigner 1.0), C/UNIX X11 XView Conversion/Development (DevGuide), C/UNIX SunView/Suntools Development, Visual Basic 3.0 Two Computer Based Training courses and GUI Design, FORTRAN IV/77 Dev. /Maint, Turbo Pascal School, GW-BASIC, HP-Rocky Mountain Basic

OPERATING SYSTEMS: , Red Hat Linux 4.0 - 7.0, Red Hat Advanced Server, CentOS, Ubuntu, Sun OS, Solaris 1-10, HP9.05/9.07, MS-Windows, RTM and Real-Time MPX, System V Real Time UNIX Version 5.0/6.0.

Linux / UNIX SOFTWARE/PROTOCOLS: ArcSight, Splunk, Tcpdump, Tshark, Wireshark, Winscp, SSL/TLS, TCP/IP, SecureCRT, Techtia, CITRIX, Apache web server, Oracle 9/10/11, SQL, Secure Shell (SSH), OpenSSH, OpenSSL, ssh-agent, Keychain, Stunnel, Secure Stronghold, telnet, ftps, Sendmail, Procmail, JDISS DII/COE, TED, Motif Window Manager, Samba, Top, Pico, Vi, Chrome, Mozilla Firefox, Mosaic, X11R4/R5, SVR4/5,Common Desktop Environment (CDE), OPENLOOK, dbxtool, FrameMaker 5.0, Pckermit, PC/TCP, PC-NFS, IBM TSO/204, Multimap, BBN/Slate, AutoCAD R12, SunPC, CADleaf 4.0, ForReview, Myriad, Image Tool 3.4.

PC SOFTWARE/MISC: Libre Office suite. Ghost 8.2, Netscape, Mozilla Firefox, Chrome, MIE 7.0, Microsoft Office Suite of Products, XonNet3.11 (X-Windows on PCs), OnNet 2.0, Colorado Backup 2.01, MS-TCP/IP-32, Visio, ABC Snap Graphics, Smartcom LE 1.0, SmartcomFax 1.01, SoftSolutions 3.0, HiJaak PRO 2.0, IADS 1.3, AutoCAD LT., Forview 2.0, CADleaf 4.4.1.

PROFESSIONAL EXPERIENCE:

SIEM/ArcSight SME

Confidential, Ft. Meade, MD

Responsibilities:

• Serving as one of the SIEM/ArcSight SMEs to National Cyber Security customers in support of Defense Information Systems Agency contract work. Performing ArcSight 6.9 and Splunk 7.05 content development on Red Hat 7 ESM to support customer requirements to include creating ArcSight Filters, Dashboards/Data Monitors, Rules, Active Lists, Queries, Trends, Variable Rules, and Reports for operation centers and cyber analysts.
• Converting ArcSight content to Splunk.
• Performing analysis and investigation of network events to aide in content creation to provide high level or detailed monitoring of system data as a whole and for specific drill - down monitoring and evaluation.
• Conduct searches, analysis, and reporting to local and national customer groups to alert on special identified activity.
• Support customer ad-hoc requests and answers to questions.
• Also conduct detailed analysis, investigation, and evaluation of network data to find commonality of reportable items that allows creating more high confidence Rules for automating notifications to internal analysts or to cognizant authority security response teams.
• Supporting Confidential objectives in support of the Confidential /CND Tools contract, which includes supporting new SIM builds, ArcSight and Splunk, evaluations, moving user content, and backing up site content.
• Participates in Program Manager and SME weekly conference calls, SIEM Sync meetings, SIEM Engineering, and SIEM Sustainment meetings.

Senior ArcSight Engineer

Confidential, Chantilly, VA

Responsibilities:

• Supported a national CSOC with ArcSight operations and maintenance, script development, and ArcSight content development for enterprise ArcSight production systems consisting of multiple Managers, Loggers, Connector Appliances, and vast amounts of connectors and numerous syslog servers on various networks.
• All operating systems were Red Hat or CentOS Linux.
• Created Visio diagrams of connector data flows, high-level architectural diagrams of connector monitoring processes, and other enterprise process monitoring flows.
• Created numerous spreadsheets depicting detailed connector information for following connector flow from bottom tier networks to top tier networks.
• Devised a concept for automating the creation of the spreadsheet data in the future and automating the creation of connector data flow diagrams using Perl/HTML and Canvas or Confidential for displaying in web pages.
• Converted a Python script to Perl and added a functionality to send a notification message to a syslog server for monitoring improper analyst user activity.
• Suggested a recommendation to the customer upon hearing the customer discuss a vast monitoring problem in which they implemented.
• While at home, researched and created CentOS 6.5 Virtual Machines on Ubuntu via command line and using Virtual Machine Manager.

ArcSight Architect/Engineer

Confidential, Plano, TX

Responsibilities:

• Worked from home while serving on the HPE Managed Security Services ArcSight Team and provided high quality technical service and support of ArcSight technology and infrastructure.
• This role supported the Managed Security Services (MSS) Security Operations Center (SOC) and multiple clients to help successfully deliver the HPE MSS service offering.
• Worked with the customer and project manager to design and deliver appropriate technical solutions as requested.
• Engaged with other operational centers and assisting technically where appropriate.
• Acted as a Technical escalation point and helped implement and maintain ArcSight Infrastructure using ArcSight 6.5 and 6.8 on Red Hat 6.5 systems.
• Used VMWare to build a test Red Hat 6.5 system.
• Helped maintain documentation of the customer's managed infrastructure.
• Performed ArcSight Connector tuning, fix modifications, and created billing report jobs on SIEM.
• Also created Visio diagrams of client ArcSight architecture from the lowest level Connector to the top level SIEM.
• Captured server statistics in a spreadsheet, pointed out discrepancies, and made recommendations.
• Recommendations were made on how to monitor ArcSight Connectors that were not directly connected to the ArcSight SIEM.
• Also worked on SIEM content team.

Senior Consultant / ArcSight SME

Confidential, Charlottesville, VA

Responsibilities:

• Served as a Senior Consultant/ArcSight SIEM SME to National Cyber Security customers in support of Ground Intelligence Support Activity (GISA) and the National Ground Intelligence Center (NGIC).
• Created ArcSight 5.2 content to support customer requirements to include creating ArcSight Filters, Dashboards/Data Monitors, Rules, Active Lists, Queries, Trends, Variable Rules, and Reports for national Insider Threat analysts.
• Performed ESM system evaluation and made Red Hat 5.5 kernel and Oracle 11g tuning configuration changes to enhance system performance.
• Identified many ESM system non-optimal configurations and corrected.
• Also providing primary SME support to build a secondary ArcSight ESM system from scratch using Red Hat 6 on Cisco Blade servers and Oracle 11g.
• Also provided primary support for an enterprise tech refresh of ArcSight ESM servers, Loggers, and Connector Appliances and upgrading to ArcSight 6.8.
• Supported customer ad-hoc requests, provided answers to questions, performed event searches, and ran reports to aid analysts.
• Participated in Program Manager weekly video conference calls.
• Cyber analysts complimented support given to them.

Security / ArcSight SME

Confidential, Ft. Meade, MD

Responsibilities:

• Served as one of the Security/ArcSight SMEs to National Cyber Security customers in support of Defense Information Systems Agency contract work.
• Performed ArcSight 5.2 content development on Red Hat 5.5 ESM to support customer requirements to include creating ArcSight Filters, Dashboards/Data Monitors, Rules, Active Lists, Queries, Trends, Variable Rules, and Reports for operation centers and analysts.
• Performed analysis and investigation of network events to aide in content creation to provide high level or detailed monitoring of system data as a whole and for specific drill-down monitoring and evaluation.
• Conducted searches, analysis, and reporting to local and national customer groups to alert on special identified activity.
• Support customer ad-hoc requests and answers to questions.
• In support of a customer requirement, devised and created a Visio design diagram for automating alerts and reporting from one network to another and keeping customer’s report branded format in sending out notifications.
• Also conduct detailed analysis, investigation, and evaluation of network data to find commonality of reportable items that allows creating more high confidence Rules for automating notifications to internal analysts or to cognizant authority security response teams.
• Also worked in test lab to install, test, and verify new requirements to include ArcSight Identity View (Insider Threat), cases and work flow and new feed requirements to other organizations. Provide ArcSight 5.2 support in the lab for Red Hat 5.5 and Oracle instances.
• Devised and created a solution method to achieve capabilities beyond the limitation of ArcSight by creating Trends and running reports and storing CSV files on the Red Hat Linux server for further custom script processing and reporting.
• Supported Confidential objectives in support of the Confidential /ArcSight contract as a whole, which includes supporting new SIM builds, evaluations, moving user content, and backing up site content.
• Provided customer ArcSight Console and Logger training classes when required.
• Participated in Program Manager and SME weekly conference calls. Traveled to OCONUS field site and provided tech refresh support.

Information Security Architect Principal Lead

Confidential, Lanham, MD

Responsibilities:

• Provided ArcSight and engineering support for the Confidential / Confidential ’s Data Loss Prevention (DLP) project.
• Provided design support in the enterprise security infrastructure and architectural topology including recommending hardware, operating systems software and information security requirements.
• This was to ensure the confidentiality, integrity, availability, and privacy of information systems along with consistency and integration with existing infrastructure.
• Other duties include Security Specialty Engineering in support of the Confidential EIP/EAUTH/DLP projects.
• Reviewed project documentation, made security recommendations, wrote test cases, and advised how to verify if security requirements were met for compliance.
• Researched security risks involved in virtualization and created a nutshell document highlighting hardware requirements and security concerns using Red Hat Enterprise Server 6.0 and KVM.
• Also researched Confidential, NIST 800-53, and FIPS 140 security requirements for applying to projects.
• Successfully completed debugging, fixing, and improving scripts for the Security and Privacy office where problems existed for some time.
• Position required customer facing and interaction, vendor interaction, status reporting, and design presentations.
• Clear Case was used for CM/storing documentation and Visio design diagrams were created using Visio.

Principle Systems Engineer / ArcSight SME

Confidential, Needham, MA

Responsibilities:

• Served as ArcSight SME for GDIT’s Air Force Engineering and Integration Department.
• Successfully provided ArcSight 4.0 engineering support of migrating 7 existing Air Force ArcSight install sites and 9 new ArcSight install sites from Microsoft Windows to Red Hat 4.7 64 bit Linux.
• Engineering support consisted of creating detailed Visio design documents for briefings to the Project Management Office (PMO), ArcSight engineering installs on Red Hat servers, testing, detailed install instructions (Field Change Order) and performing remote installs to CONUS and OCONUS production sites.
• Worked closely with other contractor elements at a CONUS site to ensure migration details were done to their expectations.
• These people noted my name as part of a successful migration. Also wrote Linux scripts to automate and consistently install the first part of the ArcSight Manager, Syslog Connector, Super-Agent, and Blue Coat Connector installs. Closely worked with Linux and Oracle SMEs.
• Created additional detailed documentation to propose to the PMO what the ArcSight version upgrade and Way-Ahead options were for the project to include architecture design changes and virtual recommendations.

Senior Systems Engineer / Senior ArcSight Security Engineer

Confidential, Ft. Belvoir, VA

Responsibilities:

• Provided ArcSight 4.0 hands-on engineering, admin, and security analyst duties in support of a Confidential project.
• Experience included design and implementation of ArcSight 4.0 ESM including Connector Appliance for managing connector agents and Logger Appliance for receiving connector agent data. Performed Sun Solaris 10 on X4600 with Red Hat 4.0 system administration and Oracle 10.2 support performed as needed.
• Experience included writing ArcSight Console Rules, Filters, Active Channels, Dashboards/Data Monitors, Reports, Notifications and security analysis of event data for notifying cognizant authority security response teams.
• Performed Confidential STIG hardening/securing of Red Hat 4.0 and Oracle to meet Confidential stringent compliancy standards.
• Created Visio system architectural diagrams that included Connector event flows.

Senior Systems Engineer / ArcSight Project Lead

Confidential, Hagerstown, MD

Responsibilities:

• Served as contractor ArcSight Project Lead and Senior Information Assurance (IA) Engineer for the ArcSight Enterprise Security Management (ESM) Analyst Workstation (AW) project for Defense Information Systems Agency Field Security Operations ( Confidential FSO).
• Worked closely with the ArcSight AW government Program Manager to maintain a secure STIG compliant baseline and fielded Confidential /ArcSight critical security management systems and software.
• This was used to detect and respond to cyber threats and attacks for two CONUS Computer Emergency Response Teams (CERTS) and two OCONUS CERTS deployments that served the needs of the President, Joint Chiefs, and Department of Defense. Responsible for detailed site surveys conducted on-site, via email, and phone.
• Secured Red Hat Advanced Server systems to include Oracle Database server, ArcSight Manager Server and Red Hat syslog servers for initial deployment and multiple major rebuild/upgrades site visits.
• Responsible for Information Assurance testing and Security Readiness Reviews (SRRs), IAVA security compliancy and engineering new solution requirements for 25 Red Hat servers and 5 Dell EMC SANS.
• Helped to create System Security Authorization Agreement (SSAA) documentation.
• Perform certification and accreditation (DITSCAP) remediation services. Responsible for upgrading patches and new ArcSight software versions with the vendor at all field sites.
• Closely worked with CONUS and OCONUS field site customers to inform them and verify site scheduled visits and maintain system configuration consistency to meet stringent system security standards for compliancy at all times.
• Also while working on an Audit server project, took own initiative to devise and develop Perl/CGI web page Solaris UNIX system monitoring scripts to include Audit Server process monitoring using Solaris 7/8 and Apache web server. All servers and software met Confidential STIG (System Technical Implementation Guide) requirements for all Confidential FSO projects.
• Also fielded Audit Server systems consisting of a Manager/Guard system, Oracle database servers using Solaris, DAS. In addition, CD/DVD Juke Boxes at CONUS/OCONUS field sites.
• Created comprehensive detailed documentation for upgrades by field sites to prevent extra field site trips.
• Prepared quarterly IPR slides, by weekly and monthly status reports. Both projects used Oracle and SQL.

Red Hat System / Network Manager

Confidential, Harrisburg, PA

Responsibilities:

• Assumed Red Hat and Solaris System / Network Manager Position for a startup Internet advertising company and was responsible for 30 on-line Solaris 2.6-2.8. / Red Hat Linux 6.2-7.1 web servers’ system management and network infrastructure using Cisco 7206 router and 1900/2900 switches.
• Responsible for two Solaris BIND 8 and one Red Hat Linux Bind 9 DNS servers and Solaris Sendmail/Procmail administration for 80 email accounts.
• Wrote Red Hat / Solaris scripts to automate system installation/configuration functions for production web servers.
• Responsible for system and software upgrades to include Apache 1.3.20, Secure Stronghold, Secure Shell, Stunnel, Perl, Mod Perl, gcc, Pine, OpenSSL, and many others.
• Also was responsible for network security and intrusion detection and sending reports to offenders and authorities.
• Wrote Bourne, Korn shell, and Perl scripts to automate repetitive tasks.
• Wrote system and network monitoring scripts in Perl that sent emails and pager alerts when processes or web sites were down.
• Monitored Red Hat / Solaris logs for intruder probes and reported offenders to ISPs for account removal.
• Responsible for researching, designing, purchasing, and implementing network infrastructure and backup solution for 30 Solaris 2.6-2.8, Red Hat Linux 6.2/7.1, and NT 4.0 computers to a Qualstar tape library.
• Also recommended, researched and procured computer room flooring, a/c, and other components to facilitate and establish a computer and network room.
• Company President said he could not have done it without me. Company later sold for 147M.