SUMMARY

• Information Assurance Professional
• Extensive experience in Project Management techniques and Information Systems
• Master’s Degree in Information Systems Security
• CompTIA Security+ Certification (ce)
• Information Technology Infrastructure Library (ITIL) V3 Intermediate Certification (Operational Support and Analysis)
• Resourceful manager and leader
• Hold a wide range of analytical and process improvement skills

PROFESSIONAL EXPERIENCE

Sr. Information Assurance Specialist

Confidential

Responsibilities:

• Provided security policy interpretation, research, and development; information systems security; information technology research and analysis in support of the U.S. Drug Enforcement Administration (DEA)
• Directed cyber security planning, implementation and industrial security best pratices
• Engaged in information technology policy/guidelines development; and information security requirements
• Stayed at the forefront of assessing and validating RMF controls and trained junior level analyst on the Steps 1 - 3 of the Risk Management Framework
• Created ATO packages including the Security Assessment Reports
• Fully engaged in ensuring that continuous monitoring and Security Impact Analysis was completed

Sr. Cyber Security Analyst

Confidential

Responsibilities:

• Examined system documentation to determine if System Security Plans and equivalent documentation is accurate and updated
• Confirmed security category, identify threats, and ensure security controls are adequately described
• Created Gap Analysis between IA controls as they relate to DISA STIGs
• Conducted risk assessments to ensure security controls and countermeasures are identified to compensate for weaknesses to reduce risk to agency operations, assets, or individuals
• Assembled documentation and supporting material required for assessments while considering previous findings and audit results
• Facilitated kick-off meetings with system owners, senior decision makers, and management to review Assessments and Authorization schedules for the upcoming year
• Addressed new requirements, policy changes, or other modifications affecting the information technology program office and systems
• Performed Security Assessment Program to include technical and non-technical Independent Verification and Validation (IV&V) assessments for all supported customers security mission, program, plans, and security requirements affecting confidentiality, integrity, availability, non-repudiation and accountability of an effective and hardened security posture
• Performe various automated testing, examination, scanning, interviewing and discoveries to identify, validate and assess vulnerabilities
• Ensured Vulnerability Report objectives are met IAW FISMA, DODI

Senior Information Assurance Engineer

Confidential

Responsibilities:

• Remediated and mitigated findings from FISMA, Trusted Internet Connection (TIC), A&A and Blue/Red Team assessments
• Acted as a liaison for security related issues and collect required data points in order to accomplish organizational objectives
• Provided the Enterprise Network Management (ENM) Director a weekly snapshot of the remediation process and system security posture by tracking non-compliance via the use of dashboards
• STIG review and remediation based on findings as they relate to the POA&M
• Defined an organizational approach to address IT security remediation
• Identified data sources; display structured dashboard accessible to ENM leadership in order to make informed decisions
• Documented program risks, to include internal and external influences
• Developed dedicated SharePoint portal for IT Security & Compliance team to maintain documents for ENM organization
• Chaired Information Assurance (IA) Compliance Team meetings in support of Department of State (DOS)
• Performed a Trend Analysis which focused on an 8 months period of POA&M closures
• Received acclaim from the DCIO Team through Branch Chief, regarding the level of work that had been accomplished regarding POA&M closures
• Performed Data Analysis between Plan of Actions and Milestones and provide results to the DCIO Team

Senior Information Assurance Analyst

Confidential

Responsibilities:

• Developed C&A packages using Enterprise Mission Assurance Support Service (eMASS); manage C&A packages for collaboration and approval by the Designated Approval Authority (DAA)
• Wrote the Plan of Actions and Milestones (POA&M) and posted mitigation strategies for 9 C&A packages which later resulting in a confirmation of a three year Authority to Operate (ATO)
• Created Gap Analysis between DIACAP IA controls as they relate to DISA STIGs
• Developed Ports Protocol and Services Registrations for Navy Criminal Investigations Agency (NCIS) to be approved by SPAWAR
• Maintained responsible for coordinating the artifacts for Interim Authority to Test (IATT) when operational environment is required to complete test objectives
• Composed Baseline Approval Procedures in order to capture a NCIS Baseline Approval Process compose
• Chaired all collaboration meetings with DAA, Certification Authority (CA) and Information Assurance Manager (IAM)
• Lead DoD 8500.2 IA Control Validation Reviews and compile validation results in the DIACAP Scorecard for compliance reporting
• Develop System Identification Profiles (SIP) and DIACAP Implementation Plans (DIP) to support Naval Criminal Investigative Services (NCIS) Law Enforcement Network (LawNet) Classified and Unclassified networks C&A packages
• Performed C&A document analysis with Joint Worldwide Intelligence Communications System (JWICS) artifacts; make recommendation to Information Assurance Officer (IAO) based on Intelligence Community Directive (ICD) 503 guidance
• Designated as the exclusive IA section administer of the DON Application & Database Management System (DADMS); the authoritative data source for DON IT system, application, database, and network inventories
• Developed JWICS Incident Response Procedures Flow Diagrams for the DoD Joint Security Implementation Guide (DJSIG) SSAA for the C&A Package
• Selected as the C&A Lead on the Virtual Desktop Implementation (VDI) at Navy Criminal Investigative Service (NCIS)

Senior Business Analyst

Confidential

Responsibilities:

• Developed technical project plans, proposals, reports, and task order and administrative reporting
• Transformed and stabilize new initiatives: Identified opportunities for organizational improvement within the AGNOSC, ACOIC, ARFORCYBER and scope solutions through written project/action plans that consider Service Strategy, Design, Transition, Operation, and Continual Service Improvement business practices
• In concert with H HQ, external stakeholders, industry and academia; identified process gaps(GAP Analysis) and devises executable solution sets that can be integrated and implemented among A-GNOSC components; conducted capability analysis to implement Standard Enterprise NETOPS tools
• Integral and key collaborator in the creation of the A-GNOSC ITSM CONOPS, ITSM Tactics Techniques and Procedures (TTP); assisted in developing NETOPS Service Catalog, Continuous Service Improvement Plan, Process Maturity Assessments, SLA OLAs, and Underpinning contracts
• Synthesized organizational priorities, requirements, unit background data, best business practices and documentation on matters pertaining to complex regulatory and public policy issues across a multitude of functional areas
• Reviewed and evaluated regulation implementation; provides ISO 20000 and ITIL knowledge and promotes Operation and ITIL-based processes
• Strategic and Service Improvement: Independently planned, coordinated and implemented through completion all actions necessary to accomplish transformational milestones: designed analysis plans, execute work products, develop recommendations, and coordinated internally and externally with other staff elements and functions
• Analyzed data to identify trends, relationships, and problems by ensuring policy compliance; identified areas requiring study and those which can serve as benchmarks to measure resource use and efficiency
• Mapped higher headquarters campaign milestones to A-GNOSC process environment to identify A-GNOSC strengths and weaknesses (SWOT Analysis) and recommend corrective action
• Formed, facilitated and participated in meetings and work groups, provide written charters to guide effort
• Ensured quality assurance of on-time project deliverables