TECHNICAL SKILLS

Software: CSAM, NESUS, Ethereal, Windows NT Server, Windows 2000/2003 server, UNIX, Windows NT 4.0, MS Office Suite, MS Exchange, Microsoft WINS, Microsoft DHCP Windows 95, 98, NT, 2000, Windows XP, Norton AV, McAfee AV, Cisco Meeting Place, RSA Secure ID, Emergin Wireless Office (J - Page), Microsoft Outlook, Falcon HelpDesk, Archer HelpDesk, Heat Helpdesk, Magic Helpdesk, Norton Ghost Cast Server, Symantec Ghost, Remedy Helpdesk, Checkpoint Firewall, NetScreen Firewall, Blue Coat Proxy, Websense Proxy, Intrusion Detection System (IDS), and Securify Enterprise Manager, PEGA Cloud Platform, JIRA, Microsoft Azure Devops

Hardware: Cisco Router and Switches, Hubs, Nortel Alteon Switch, Network Interface Cards, Hard Drives, HP/Cannon Printers, CD ROM (Readers and writers), Memory, Palm Pilots (various versions), Dell/ Hp and Compaq Servers/workstations and Laptops, Panasonic Laptops, Fiber Optic & CAT 5 Termination kits, RSA Secure ID Tokens, Juniper NetScreen Firewalls/VPN's, Securify Servers, and Various Networking tools

PROFESSIONAL EXPERIENCE

Confidential

Cloud Security Architect / Security Engineer

Responsibilities:

• Assist the Department of Justice (DOJ) Office of Justice Programs (OJP) Justice Grants IT Solution (JGITS) in obtaining and maintaining their Authority to Operate (ATO) for systems which fall under the JGITS initiative.
• Provide security support analysis and work with C-level government officials in recommending solutions and technology for the JGITS innovation and migration initiative.
• Identify and document information system security requirements as part of the system development lifecycle process.
• Act as a security engineering representative for Agile project teams developing JGITS systems and JGITS related systems (PEGA, Acquia, Socrata).
• Assign, develop and input appropriate security-related user stories for JGITS related systems into JIRA and Microsoft Azure DevOps.
• Ensure new information systems are designed and developed with appropriate security controls.
• Validate the effective implementation of NIST/FedRAMP/FISCAM and A-123 security controls.
• Provide security-related subject matter expertise for IaaS, PaaS and SaaS cloud service models.
• Coordinate with outside agency IT security staff for joint level projects that interact with the JGITS initiative.
• Assist in evaluating and assessing viable IT security software to enhance the effectiveness of the JGITS security boundary.
• Provide recommendations for security solutions to implement controls related to NIST/FedRAMP control families.

Confidential

Sr. Cloud Security Architect / Information Security Engineer

Responsibilities:

• Assisted FAA Federal Cloud Services (FCS) in obtaining its Authority to Operate (ATO) for Infrastructure as a Service (IaaS) for the FAA Federal Cloud Services Program.
• Conduct cloud security evaluations/assessments and Plan of Action and Milestone (POA&M) remediation’s for the FAA Federal Cloud Services Security Office utilizing Office of Management and Budget (OMB), The Federal Information Security Management Act (FISMA), The National Institute of Standards and Technology (NIST), and The Federal Risk and Authorization Management Program (FedRAMP) laws, policies, standards and regulations for Amazon Web Services (AWS) Cloud/GovCloud instantiated environments.
• Perform senior advisory duties for cloud security implementation and integration across multiple cloud deployment models.
• Provide AWS best practice and overall strategy guidance recommendations for cloud security approaches tailored to the FCS project.
• Assist the FCS Security Office with the appropriate use of FedRAMP and NIST controls for multiple FCS hosting environments that comprise the FCS multi-tier Cloud Ecosystem.
• Develop documentation addressing risk, threat models, mitigations, security control comparisons, best practice security architectures, security requirements, security metrics delivery evaluations and suggested courses of action.
• Collaborate with FCS enterprise/operations management on security management approaches within the AWS cloud and migration strategy for cloud service offerings.
• Prepare and conduct cloud and security related briefings to the FCS security office.
• Coordinate integration activities, control responsibilities, and cloud lifecycle management requirements with the FCS selected cloud broker (CSRA).
• Provide NIST technical control assistance, recommendations and reviews of Plan of Action and Milestones (POA&M’s) to the FAA’s Security Assessment Group.
• Provide strategic guidance to Confidential regarding division and contract expansion.
• Consult and advise C-Level Executives in regards to governance, business logic, compliance standards and overall risk regarding security and operations in the cloud.

Confidential, Washington, DC

Cloud Security Architect / Subject Matter Expert

Responsibilities:

• Perform security assessments for NASA-Goddard Private Cloud environments.
• Advise and direct NASA-Goddard Cloud Innovations Team on solutions for best security practices and FedRAMP security control requirements.
• Assess multiple vendor security solutions for interjection into Private Cloud Proof of Concepts.
• Assist in drafting Private Cloud innovations to operations roadmap.
• Perform Security Gap Analysis for Cloud Suites under Proof of Concept evaluation such as Eucalyptus, Open Stack, BMC/CLM and VMware vCAC.
• Assist in overall project schedules and timelines for Proof of Concept evaluations.
• Prepare NASA-Goddard’s operational environment for FedRAMP Certification and Accreditation to become the Governments First Agency Cloud Service Provider.
• Integrate NASA’s WorldWind project into a Cloud service offering.
• Assist in establishing organization resources required for PaaS and SaaS offerings.
• Inform and advise senior staff on current security posture for innovations projects concerning cloud solutions and technology.

Confidential

Senior IT Security Engineer and Information System Security Officer

Responsibilities:

• Information System Security Officer for all DHS Headquarters public cloud systems.
• Information System Security Officer for Web Content Management as a Service and Platform as a service.
• Drafted the first Risk Assessment for Infrastructure as a Service for DHS.
• Utilize FedRamp guidance to establish key security controls for Platform as a Service for the DHS Public Cloud offering and a common controls catalog for tenants inheriting Infrastructure as a Service, Platform as a Service, and Web Content Management as Service.
• Drafted the first security authorization package for Web Content Management as a Service/ Platform as a Service for DHS.
• Drafted the first security authorization package for hosted tenants utilizing the DHS Public Cloud for Infrastructure as a Service.
• Defined Key Security Controls for Platform as a Service and Web Content Management as a Service in the DHS Public Cloud utilizing FedRAMP/ National Institute of Standards and Technology (NIST) security controls and guidance.
• Assist in the development of concepts of Risk Acceptance for DHS Cloud hosted systems versus traditional approvals for an Authority to Operate for the Authorizing Official.
• Develop an on boarding process for Web Content Management as a Service tenant.
• Educate and assist tenant organizations in cloud security concepts and formulation of security packages with the intent of risk acceptance.
• Scan, assess and approve Linux hosted Drupal code builds/ module add-ons for hosting into the DHS Public Cloud environment.
• Develop Drupal Module Vetting Process for DHS.
• Determine security requirements of the LAMP Stack by analyzing purposed systems and applications to be used for WCMaaS
• Develop and prepare guidance for security control inheritance and responsibilities for Platform as a Service, Web Content Management as a Service and hosted DHS Public Cloud tenants.
• Generate and deliver C-Level presentations describing the DHS Public Cloud environment addressing multi-tenancy, FedRamp implementation, Infrastructure as a Service, Platform as a Service and Software as a service.
• Ensure all assigned traditional Federal Information Security Management Act (FISMA) systems are accredited based upon NIST SP 800-53 guidance and accredited using NIST SP 800-53A and DHS 4300A criteria.
• Manage different components for FISMA compliance identifying security requirements, risks and milestones while serving as technology advisor.
• Resolve and manage Plan of Action and Milestones (POA&Ms) for each system residing in Trusted Agent FISMA (TAF).
• Support Secure Test and Evaluation (ST&E) and resolution of security findings.
• Continuous monitoring of security controls pursuant to Security Plans (SPs.)
• Implement system patches identified by the DHS Security Operations Center and work with patching team to baseline scans and identify ISVMs.
• Review System Security Plan (SSP), Risk Assessment, Privacy Impact Analysis (PIA) and POA&M for and provided analysis to determine compliance.
• Execute corrective or protective measures for identified security incidents or problems.
• Perform Bi-weekly reviews of Domain Controller Logs, Linux based local logs and audit trails of each system to ensure appropriate use each of system in accordance with DHS policy.
• Work with known system and application vulnerabilities to determine if enhanced safeguards are required for mitigations in the system environment.

Confidential, Columbia, MD

Information Assurance Analyst

Responsibilities:

• Assessed and conducted the annual update of the National Oceanic & Atmospheric Administration (NOAA) Common Security controls per FISMA, NIST, and Department of Commerce (DOC) policy and procedures.
• Managed and coordinated POA&Ms in CSAM database and provide subject matter expert consulting to the Office of Marine & Aviation Operations (OMAO) for the internal IT Security process and procedures to include, POA&M mitigation, IT Security artifact recovery, Certification and Accreditation (C&A) compliance according NIST, vulnerability assessments, and documentation preparation, review, and establishment throughout the organization.
• Participated in C&A and Continuous Monitoring assessments as a document assessor for IT Security control testing according to NIST publication standards.
• Ensured the organization’s officers and contractors were properly aware of CSAM uses and capabilities and trained staff in practical use of the CSAM Database.

Confidential

Information Security Operations Analyst

Responsibilities:

• Managed and maintained content filtering of company policies with regards to internet usage and electronic communication.
• Leveraged Intrusion Detection System and Proxy management through Websense and Bluecoat systems.
• Managed communication and technical aspects of security incidents.
• Conducted Initial security reviews of 3rd party software to evaluate risk of use for firm distribution.
• Investigated usage of unauthorized applications on Firm desktops and laptops according to Morgan Stanley software policies.
• Monitored security alerts for escalation of items such as Sybase failed login attempts and unauthorized password resets.
• Monitored vulnerability alerts through the use of Secunia, Windows, and Cisco reporting devices (to include IDS and Web Proxy) and research known vulnerabilities and exploits to versions of operating system and application software used within Morgan Stanley.
• Assessed security posture penetration and vulnerability testing of internal and external infrastructure.
• Conducted anti-spyware scanning for periodic spyware scans and remediation across the Windows environment.