SUMMARY

• Over 8 years experience in Cyber Security and Enterprise Information Technology
• Experience includes Risk Management, Cyber Security, FISMA and NIST SP 800 series analysis and implementations, Information Security for the Department of Defense, including, but not limited to:
• Validating hardware and software inventory, backup, and data restoration processes and procedures for customer systems and networks.
• Updating controls and procedures to Risk Management Framework (RMF) standards.
• Reviewing progress reports and reported security capabilities.
• Mapping controls to automated processes, performing gap analysis and creating policies;
• Managing timelines, oversight, inspection, review, and accreditation of Information Systems.
• Maintaining and updating Certification and Accreditation (C&A) checklists;
• Implementing Risk Management Framework (RMF) Assessment and Authorization (A&A) and DoD Information Assurance Certification and Accreditation Process (DIACAP);
• Implementing checklists for system security controls validation
• Establishing Information Technology (IT) security standards for according to current Department of Defense (DoD) policies
• Developing Information Assurance (IA) processes and procedures across to streamline Authorizing Official (AO) approvals
• Developing comprehensive technical white papers, Concept of Operations (CONOPS), and presentations for key project stakeholders and senior officials;
• Coordinating with Authorization and Assessment (A&A) Information Security System Manager (ISSM) staff
• Conducting Risk Assessments for customer sites and review of response to incidents, events, actions, and requirements.
• Assessing management and maintenance of security documentation including program baselines, Plan of Action and Milestones (POA&M) metrics, and reports of customer service activities
• Applying Intelligence Community Directive (lCD) 503 controls, Classified System Overlays, and Enterprise Mission Assurance Support Service (eMASS) tools and applications;
• Analyzing Risk Assessment Reports (RAR) and compliance with Federal Information Security Management Act (FISMA) and the Risk Management Framework (RMF).

PROFESSIONAL EXPERIENCE

Confidential

Cyber Security/Risk Management

Responsibilities:

• Applying Enterprise Mission Assurance Support Service (eMASS) tools, PIA, and SORN;
• Assisting in conducting security awareness training, and security requirements and specifications for multiple vendors Security Testing and Evaluations (ST&E) and interpreting results
• Consulting with equipment manufacturers and other DoD agencies to help produce sound engineering solutions to enhance the security posture of the medical device systems being deployed for testing as it relates to DIACAP reaccreditations;
• Developing multiple - vendor RMF and DIACAP artifacts and security policies, procedures, plans, requirements, and specifications in support of verification and validation in support of verification and validation;
• Ensuring that operating systems and database components are compliant with DoD Policy;
• Providing technical and managerial support services for security policies and procedures, security plans, oversight in the performance of any random security audit testing of installed systems, and guidance to various medical working groups regarding Network Security and Information Security for Information Assurance Vulnerability Management (IAVM) Notice and patch management processes/systems, network security, Information Assurance (IA), and Cyber Security;
• Tracking ongoing medical device installations as part of a project management team managing multiple sites per year;
• Updating security documentation and managing testing related to DIACAP and the transition to the RMF.

Confidential

IT Specialist

Responsibilities:

• Analyzed requirements for PKI, mapping and leak detection; conducted inventories of unclassified and classified materials; coordinated security training; developed continuity/disaster recovery plans and procedures for maintaining information assurance of classified materials, including protection profiles, and an SSP;
• Performed weekly and other scheduled audits on complex UNIX and Windows systems and tested trusted computing systems.

Cyber Security Specialist

Responsibilities:

• Led a vulnerability and risk management team of professionals in steering and supporting the following: CNDSP C&A and inspections, cyber security tool sets, compliance incident, and CERT tools & databases, including, but not limited to: boundary protection and perimeter defense toolsets, quality, metrics, VMS, DCC processes and procedures, TTPs, SOPs, CONOPS, and CNDSP instructions and directives.
• Developed countermeasure efforts against threats; identified possible gaps that could be detrimental to national cyber security, analyzed communication logs and submitted records to investigative agencies, damage control and mitigation strategies and procedures to minimize the impact of attacks, including measures to limit the extent of damage and allow the resumption of operations with limited loss and system down time that included business continuity and reconstitution planning. As a cyber security countermeasures watch stander, analyzed trends of emerging threats, network attacks, including malicious intrusions, including computer viruses, worms, Trojan horses, spyware, and key loggers.

Systems Engineer

Responsibilities:

• Analyzed requirements and coordinated IPT efforts for DHS and attended design reviews. Coordinated security training. Created disaster recovery plans and procedures for maintaining information assurance of classified materials, including but not limited to protection profiles and an SSP.
• Developed test plans, strategies, and cases. Directed multiple types of tests for a DHS CBP ACE S&T system, including ad hoc, stress, boundary, acceptance, and regression using various automated test tools.
• Evaluated impacts on testing for rapidly developed tasks.
• Generated test data. Implemented inventories of unclassified and classified materials, and tested trusted computing systems.
• Performed weekly and other scheduled audits on complex UNIX and Windows systems. Prepared test scenarios for applications on Windows and UNIX, platforms, and client-server and web environments.
• Provided information on prospective technical, end-to- end solutions for protecting the federal cyber domain and an integrated system of hardware and software that provides the capability to perform the DHS mission of defending, protecting, and reducing the vulnerability of networks. Reviewed requirements and verified that the product met requirements. Tracked and assured the quality of forensic cases and evidence packages.

Confidential

Quality Systems Engineer

Responsibilities:

• Analyzed impacts on testing extremely rapidly developed tasks and test data and conducted design reviews.
• Assured the quality of products and services produced on the project. Collaborated with biologists, scientists, software developers, and management to implement quality and configuration processes and procedures. Implemented the Configuration Management program.
• Developed test plans, test strategies, and test cases. Managed a CM and QA Team. Performed oversight on the quality of products and services produced on complex Biotechnology systems, including Internet portals.
• Reviewed requirements and verified that the products met the functional requirements. Tested extremely complex scientific similarity algorithms and genome viewers that simultaneously displayed Mouse, Rat, and Human Genomes, including but not limited to DNA, Genes, Coding and Regulatory Regions for comparison and analysis.