SUMMARY

• Senior Information Assurance Analyst and Network and Server Engineer wif over 16 years of enterprise networking/server and Information Assurance experience.
• Currently responsible for review and determination of DISA security controls (IAC) for recommendation to US Confidential Operational DAA for IA worthiness, NIST 800 - 53, ST&E, IV&V, .
• I also teach the Retina and Gold Disk scan procedures. Previous charges were, design and implementation of LANs wif multiple VLANs and WANs, from T 1s to DS3s (Frame Relay, P2P, HDLC, SDLC, and point to point VPNs over Internet wif redundant links and IP subnetting.
• Charged wif Network Security, DISA STIG Compliance and Incident Handling from virus to Intrusion Prevention and Detection and internal threats. Servers maintained are Windows, Solaris and Linux. Installed and configured Proactive Management software.
• All on schedule and on budget. Great Attitude, Self Motivated and Team Oriented.

TECHNICAL SKILLS

Hardware/Software: Cisco Routers (1600, 25xx, 2600, 3640, 7200, etc.), Enterasys Routers (2000 SSR, 600), Cisco Switches(1600, 1900, 2900, 6500,etc.), Other switches (too numerous to list), Cisco PIX Firewalls, WIRELESS ACCESS POINTS; (Netgear, 3Com, Enterasys) CSU DSUs; (Adtran, Paradyne, Cray), Gateways (Lanyon ALC, IBM Sna 802.2), IBM Compatible Platforms (ISA, EISA, SCSI), Microsoft Windows (NT 3.5, 3.51, 4.0, 2000, XP, ME, 98, 95, 3.11), Sun Solaris (v2.5 thru 2.9), Sparc and Intel.

Network Configuration/Network Management: Cisco Works V3, V4, V6, Ipswitch Watsup Gold v5,6,7,8, Pro, SolarWinds EE, MRTG, SNMP, Ethernet (10base t, 100base tx, 1000base tx,sx), Token Ring (16/4), Frame Relay, T 1, ISDN, TCP/IP, Netbeui, ALC, SNA, DLC, 3270, 5250

Network Security: Eye Retina, Disa Gold Disk, DISA STIGs, SRRs and Checklists, Army Gold Disk, Pix Firewalls, Air Fortress, Air Magnet, Air Defense, etc.

PROFESSIONAL EXPERIENCE

Confidential

Responsibilities:

• The Validator is responsible for the validation of applicable IA Controls for an assigned Marine Corps system, including the development of appropriate test procedures, execution test procedures and the accurate documentation of system security posture based on the results of security testing.
• The Validator develops the DIACAP Scorecard and Validation Report for the assigned system(s) and facilitates the coordination of the PM, UR, Certifying Authority Representative and MCEN DAA agreement of the documentation. The Validator's critical function is to examine through demonstration, inspectionand/or analysis the extent to which an IT system meets a set of specified security requirements (as specified by the DAA and governing instructions and directives).
• The requirements focus centers on deploying effective countermeasures that satisfy the IA objectives of sufficient confidentiality, integrity, availability, and accountability.
• The appropriate Certifying Authority approves the evaluation efforts completed by the Validator.
• The Validator provides technical expertise to the Certifying Authority or PM and facilitates interaction between the program office and the Certifying Authority.
• The program office provides the validator wif the DIACAP Implementation Plan (DIP) and basic system information (mission need statement, schedule, performance, system architecture, CONOPS, etc.) to ensure the DIACAP Package is accurate.
• The validator provides independent verification and validation of the system's security controls and safeguards designed through the security engineering process.
• Security engineering is the term given to the various processes used in developing the security controls and safeguards of the IT system.
• These ensure the necessary protection assurance for equipment, data, information, applications, and facilities to meet security policy /requirements.

Confidential, Arlington, VA

Senior Information Assurance Engineer/SME

Responsibilities:

• All aspect review, appraisal and customer assist, of Confidential Information Technology and RDT&E packages from Ech.
• III customers and directly reporting to PDAA (PIT Designated Approval Authority) for the US Navy.
• From PIT designations to RDT&E PIT Risk Assessment letters (PRA) I review each package and give my recommendations to the PDAA and write the PRA letter for the PDAA to sign when the package meets all DISA, NIST, DoD and Confidential requirements.
• I have to be an expert in all of those requirements.

Confidential, Suwanee, GA

Senior Information Assurance Engineer/ Information Assurance Officer

Responsibilities:

• I am the only 8570-2 compliant engineer inside dis office.
• I Show the way forward for MCD, OPDIR, IAVA and Certification and Accreditation of systems and CCSDs.
• Volunteering expertise on incident handling of security issues as they arise and associated security breach affairs.
• Vulnerability Scanning and report generation and interpretation.
• their and many aspects to dis position that truly defy explanation in dis limited space.
• Programs Management Analytics Technologies (PMAT)

Norfolk, VA

Information Assurance Engineer

Responsibilities:

• Provide technical expertise to US Confidential Fleet Forces Command and Military Sealift Command customers to assist their package creation for Certification and Accreditation process wif the Confidential Certificate Authority (CA) and Operational Designated Approval Authority (ODAA).
• Assist in all aspect assistance in all document creation from DITSCAP to DIACAP conversion to Plan of Action and Milestones (POAM) creation or finding appropriate resolutions, Direction and planning for Retina and DISA Gold Disk scanning and the interpretation of scan results and their incorporation into the POAM.
• PPSM and CA Plan, Subject Matter Expert in DIACAP and FISMA. SIPR, NIPR, CENTRIX and ONE-NET trained and experienced.

Confidential

Norfolk, VA

Information Assurance Security Analyst

Responsibilities:

• Assigned to the US Confidential Office of the Operational Designated Approving Authority (ODAA. Responsible for reviewing Confidential packages from worldwide locations and study them for vulnerabilities, Work involves responsibility for oversight of confidentiality, integrity, and availability of systems, networks, and data through the analysis of the Programs documentation of their implementation, maintenance, and overall security of their information systems security programs, policies, procedures, and by closely examining all of their certification and accreditation documentation.
• I am recognized as a technical authority on information security and is responsible for auditing their implementation of all programs.
• Serves as the principal expert on DISA, FISMA, NIST documents, IA Controls and all scanning tools and their reports.
• Organization specific duties of the position include: Plan, develop, coordinate and communicate Confidential DAA information assurance authority for information security programs.
• Review their Implementation of high level security requirements such as from DON CIO, DISA, NIST; JTF/GNO, and AEC etc.
• While engaged at the ODAA’s office I was constantly reviewing RDT&E, PIT and PIT Interface packages, from determination to Risk Assessment afloat and ashore.
• Assist in their development of policies and procedures to ensure information systems reliability and accessibility to prevent and defend against unauthorized access to systems, networks, and data;
• Review their development of long range plans for IT security systems that anticipate, identify, evaluate, mitigate, and minimize risks associated wif IT systems vulnerabilities;
• Approve their systems security contingency plans and disaster recovery procedures; Identify requirements for changes to IA programs and strategies based on new security technology or threats - also their Management of systems security evaluations, audits, and reviews;
• Review their application of information security/information assurance policies, principles, and how they apply them to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data;
• Assess how they conduct and evaluate vulnerability management assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs;
• Review how they conduct systems security evaluations, audits, and reviews;
• Confirm they update the organizations systems security contingency plans and disaster recovery procedures.
• Evaluate and approve how they acquire, implement, and disseminate IA security tools, procedures, and practices;
• Review how they identify and specify information systems security requirements associated wif migration to new environments.
• Review how they plan and implement their migration or countermeasures activities; Confirm the viability of their Configuration Control Board.
• Watch their development of specifications to ensure compliance wif security requirements at the system or network environment level.
• Monitor their Planning and conduct of security accreditation reviews for installed systems and networks.
• Watch how they recommend new or revised security measures based upon the results of security review; administer, monitor, and evaluate the implementation of autantication software or new security autantication
• First hand noledge of, and experience in, applying IT security principles, methods, and tools
• Indepth noledge of the IT security environment
• Indepth experience in evaluation, implementation, and dissemination of IT security tools and procedures Indepth noledge of IT security certification and accreditation requirements
• I have direct noledge of, and expertise in, network operations and protocols
• Indepth noledge of protection of the total infrastructure environment
• Indepth expertise in systems security certification and accreditation
• Indepth noledge of Federal information systems security protocols
• Indepth noledge of firewall technology
• Review beta DISA SRR s and SRG s and provide DAA feedback.

Confidential

Sierra Vista, AZ

Sr. Member of Technical Staff (SrMTS):

Responsibilities:

• Information Assurance Security / Security Test and Evaluation (ST&E) SME.
• Travel to assigned Army Garrisons to provide Guidance, Knowledge and Assistance for passing the new DIACAP Certification and Accreditation Process and acquire an Approval To Operate (ATO).
• dis was done by reviewing their current DITSCAP package and providing insights for its conversion to DIACAP.
• Gold Disk and Retina Scanning to provide reports confirming their current vulnerability status or assisting in the identification of new or old CAT I or CAT II issues that require attention.
• Reviewing their audit logs, Contingency Plans, Backup Procedures, and all aspect review and full post visit report.
• And Assist in creation of Configuration Review Boards, Disaster Recovery Plans and testing for DIACAP and FISMA compliance.

Confidential

Network Engineer/Administrator

Responsibilities:

• Information Assurance/Retina and DISA Gold Disk Scans for firewalls, routers, servers and clients.
• Also responsible for installation, upgrade and maintenance of SIPR and NIPR networking equipment utilizing Cisco routers, switches, firewalls and satellite transmitters.
• SIPR, NIPR and UK Centrix Networks.

Confidential, Norfolk, Virginia

Network Field Engineer

Responsibilities:

• Lead Engineer for assigned projects.
• Charged wif the Design and Implementation of wired and wireless networks and network security, using the latest technology from Cisco.
• For SIPRNet and NIPRnet and other networks belonging to Army Contracts

Confidential

LAN Administrator III / Network Engineer

Responsibilities:

• Responsibilities include design and proactive oversight of Network and Firewall performance and network security for the entire Corporation.
• Security includes network and client vulnerability testing, IDS and monitoring of firewalls, anti virus activities and MS/SUS implementation.
• Design Engineer and Tier III technical support for MIS technical group and technical decision maker.
• Security oversight and configuration improvement analysis for suggestions for SQL server, Cognos/Impromptu report servers to the Server Administrator.
• Oversight of all network documentation.

Confidential

Network Engineer

Responsibilities:

• Management of LAN/WAN, design, security, configuration, development, documentation, standards and diagnosis of all Network and Windows Servers, utilizing Cisco Routers and Switches.
• Wif Microsoft NT, 2000 and Sun Solaris (Sparc and Intel) Servers and Windows clients.
• Engineer and Tier III technical support for MIS support group.
• Lead and coordinate the operational support and implementation activities for LAN, and WAN. Under broad direction assists leadership in determining tactical and strategic direction of the organization as it relates to emerging operational support technologies.
• Reviews distributed computing and network designs to select appropriate operational support strategies and ensure efficient use of resources.
• Conducts system support design and performance evaluation reviews. Identifies, develops, and updates operational support standards and procedures.
• Participates wif corporate strategic planning teams.
• Keeps abreast of emerging operational support technologies and industry trends. Recommends price/performance improvement opportunities.

Confidential

Senior IT Engineer

Responsibilities:

• Train and manage 2 other technicians.
• Lead and plan implementation phase of many projects onsite.
• Determine standard workstation configuration and maintain.
• Write and maintain NT Server logon scripts.
• Diagnosis and administration of 524 PCs and its associated NT Servers, LAN and WAN.
• dis is a three remote mainframe environment.
• AS/400(Chicago), two different S/390s (Atlanta and KCMO) I am thoroughly familiar wif installation and configuration of 3270, 5250, ALC and DEC Pathworks emulations and their associated protocols. (SNA, MSDLC, TCP/IP)
• Highly proficient in Cisco Routers and PC Operating Systems and Software diagnosis and configuration including Win NT Workstation 4.0, Win 95, Win 3.11, DOS, MS Office 4.3, 95, 97.
• Server duties include installation, maintenance and diagnosis of Win NT Advanced Server V4.0 and 3.51, base operating system in compliance wif corporate and Microsoft standards, IIS v4.0, Y2K compliance, normal proactive maintenance duties. Responsible for creation and administration of individual and specialized roaming profiles and setting domain standards for all user profiles under my direct control wif security standards.