SUMMARY

• To obtain a challenging but progressive assignment in South Florida (Palm Beach County down to Miami - Dade County) or via telecommuting, which will enable me to utilize my vast experience and expertise to foster ongoing mission support to the client and promote company growth with new business because of a job well done
• I have over ten year’s progressive experience in the Information Technology field. Also, I have excellent diagnostic and communication skills; orally as well as written, and I’m knowledgeable of LANs, Operating Systems, applications, and various regulations, guidance, as well as industry best practices.
• I’m self-motivated and experienced in instituting and conducting procedures and projects for maximum efficiency. I have the ability to work in a group or independently. I can multi-task and I adapt well to changing environments.

PROFESSIONAL EXPERIENCE

Sr. Security Manager

Confidential, Coral Springs, FL

Responsibilities:

• I was responsible for scoping, confirming, executing and presenting the HIPAA Security Rule assessment and the reports. I was also the lead HIPAA Security Rule Assessor for a multi-year contract for a teaching University in Fort Lauderdale.
• The scope included 8 Medical Colleges and 16 satellite clinics. Also served as lead HIPAA Security Rule Assessor for a nationwide emergency room staffing provider and has provided Security Risk Assessment services to various local small to mid-size medical practices. As part of my duties and
• I develop policy and procedures, perform document reviews, produce findings reports, perform gap analysis, develop remediation roadmap and administer HIPAA Security and Privacy training.
• Performing Payment Card Industry Data Security Standard (PCI DSS) compliance. The PCI services were; assist the client in defining the scope of their cardholder environment; assess the organization's compliance by evaluating the cardholder environments against the standards. This included completing the self-assessment questionnaires, reviewed reports on compliance, performing PCI related work papers to support the testing and validation documentation, conducted field interviews, prepared applicable deliverables (standards and policies). This project also included advising the client on best practices.
• Additional duties and responsibilities included: participating in Cybersecurity efforts (identify, protect, detect, respond and recover), identifying appropriate controls to comply with security policies and regulations, producing threat and compliance reports for a wide variety of audiences (technical and non-technical), support of the Incident Response Process, Risk Assessments, helped implement and maintain all components of information security requirements for Disaster Recovery and Business Continuity, reviewed vulnerability assessments using various security tools to assess applications and infrastructure, identify key security and privacy issues, risks, exposures and vulnerabilities that could affect the security of the information systems. This role required an understanding of network discovery, vulnerability scanning and a working knowledge of major security solutions, such as Metasploit, BackTrack (Kali-Linux) and web application exploitations such as the OWASP Top Ten list and the SANS 20

Systems Engineer

Confidential, Boca Raton, FL

Responsibilities:

• I provided information security and certification and accreditation (C&A) as well as other support for US Southern Command (USSOUTHCOM), SCJ6 IA classified and unclassified.
• I ensured that acquisition of all IA/IA enabled products had been vetted through DoD approved evaluation and validation programs such as the Federal Information Processing Standards (FIPS) or the Common Criteria of the National Information Assurance Partnership (NIAP).

IT Security Engineer

Confidential

Responsibilities:

• I provided system security management support for ongoing and recurring IT security audits of system, corrective action planning, remediation, Federal Information Security Management Act (FISMA) compliance and support
• U.S. Census Bureau teams for their IT security, C&A documentation, planning, and POAMS. I also ran scans using IBM Rational AppsScan ver 7.8, and WebInspect to ensure compliance.

Security Analyst

Confidential

Responsibilities:

• As a full-time employee of Confidential . and as a subcontractor I provided technical support for system and software security efforts for the US Dept. of Navy CNIC, MWR/FFR program.
• This task required my expertise in the Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP), using the Cap-IT tool, DISA Gold Disk (Platinum), Belarc, Win-Audit against workstations, servers and terminals, and NMap and eRetina (network & wireless).

Security Analyst

Confidential

Responsibilities:

• I was assigned to Ft. Belvoir, the Defense Logistics Agency. I was involved with the Information Assurance (IA) Department specializing in Policy, and Independent Verification and Validation (IV&V) and Certification & Accreditation.

Sr. Security Consultant

Confidential

Responsibilities:

• For the Financial Student Aid (FSA)/confidential, I performed certification and accreditation (C&A) of the private contracted facilities housing and handling DOE data, based on the NIST SP 800 series (37, 53, etc).

Sr. Security Consultant

Confidential

Responsibilities:

• For the US Citizenship and Immigration USCIS, Department of confidential, I was the liaison for the ISSM. I provided project management oversight in the Certification and Accreditation (C&A) process on behalf of the IT Security Program.
• Duties included Federal Information Security Management Act (FISMA) compliance, guidance, review, and acceptance of artifacts from companies and ISSOs that have been tasked to perform C&As on the organization's major applications and general support systems which included the E-Authentication report
• Privacy Threshold Assessment (PTA), Privacy Impact Assessments (PIA), Federal Information Processing Standards (FIPS) -199, system security plans (SSP), risk assessments (RA), contingency plans, system test and evaluations (ST&E), security assessment reports (SAR), POAMs, and accreditation letters. This was based upon NIST 800 series Guidelines (800-37, 53, etc.)
• Additional security-related duties included; managing and monitoring the privacy artifacts and POAMs, reviewing and accepting interconnection security agreements and MOU/As, representing the ISSM in SDLC and CCB meetings and any additional tasks to assist in the implementation of the program's daily objectives and overall goals.

Security Analyst

Confidential

Responsibilities:

• For the Veterans Affairs (VA), I performed certification and accreditation (C&A) and Security Control Assessment (SCA) of the Veterans Affairs networks nationwide based on the NIST SP 800-53 series. My support duties were to act as an independent agent to verify that the security controls that the VA expected to be in place were in place and provide a report with the observations of the proof of pass or failure, recommendations for remediation and the final steps required to obtain an Authority to Operate (ATO).
• This task required extensive travel up to 75% per month, to VA sites throughout the continental United States, typically being on-site for 4-5 days.
• The Security Control Assessment (SCA) Process basically consisted of me performing hardware tests (MS Windows workstations and PBX boxes), personnel interviews and physical security assessments (PSA) of the facility, and collecting and storing results in a proprietary database. I reviewed Systems Security Plans (SSP), Contingency Plans, Incident Response Plans, Continuity of Operations Plans (COOP) and various plans, procedures and policies. I tested all Management
• Operational, and Technical Controls per FIPS 200 and used guidance from NIST SP 800-53. I prepared a report of the results of the test execution; all ‘hands-on’ tests were conducted by VA personnel while I instructed and observed the process and results.
• Also, as Team Lead, I coordinated travel, rules of engagement, assignment of tasks and skill sets. I gave an in-brief, identified the results of the tests by platform and control, provided a summary for each control family, provided an overall summary of the process and current status, gave an out-brief, addressed any and all failures if any were identified and remediation actions to be provided.

Senior Information Assurance Policy Analyst

Confidential

Responsibilities:

• For one of DISA’s counter-intelligence components, I ensured that policies addressed IA and IA-enabled software, hardware, and firmware for compliance with appropriate security configuration guidelines, as well as Computer Network Defense (CND) support.

Sr. Security Analyst

Confidential

Responsibilities:

• As the designated Information System Security Officer (ISSO) for the Department of confidential, Transportation Security Administration’s (TSA), Secure Flight (SF) system, I was responsible for coordinating multiple actions to ensure that the operational security posture for the system was maintained.
• I ensured that IT security regulations and requirements as described in the DHS 4300A and TSA 1400.3.V4 security directives were met. This also included the NIST 800 series Guidelines (800-37, 53), and FIPS.
• This included support of all applicable agency and federal security policies, directives, mandates, and laws. I ensured that security requirements for the major application or general support system were being met. Ensured requests for certification and accreditation of computer systems were completed in accordance with the TSA and DHS procedures.
• Coordinated the development of a Contingency Plan and ensured that the plan were regularly tested and maintained. Ensured risk analyses were completed to determine if cost-effective and essential security controls were in place, and placed into the RMS (risk management system).
• Provided oversight for Plan of Action and Milestone (POA&M) issues for unclassified networks and systems and documented the process through the TAF (Trusted Agent FISMA).

Sr. Security Analyst

Confidential

Responsibilities:

• For the Nuclear Regulatory Commission (NRC), I provided support for the C&A process implementation and information assurance services for the Chief Financial Officer (CFO’s) office, as well as the Office of Information Support (OIS). I ensured the three security objectives of confidentiality, integrity and availability (CIA) and their impact levels were addressed using the FIPS 199 Standards for Security Categorization of Federal Information and Information Systems.
• For Veterans Affairs, I performed C&A and Security Control Assessment (SCA) of the Veterans Affairs VISN networks nationwide based on the NIST SP 800-37 & 53. These efforts also addressed existing Health Insurance Portability and Accountability Act (HIPAA) requirements for the security and privacy of health data and the use and disclosure of Protected Health Information (PHI), DoD Instructions 5200.40 and OMB Circular A-130 (Appendix III). My support duties included, but were not limited to the following: I reviewed, for accuracy and clarity, the technical content of documents that had been submitted by field analyst. I entered this information into a vulnerability matrix. I provided the customer with a severity of impact corrective action.

Information System Security Officer

Confidential

Responsibilities:

• As a Sr. Consultant, at the Department of confidential Information Analysis Infrastructure Protection (IAIP), I acted as an Information Systems Security Officer (ISSO), supporting DHS in their IA security efforts.
• I functioned as the technical lead and ISSO on small projects and portions of larger projects supporting the Defense Information Systems Agency (DISA), Military Health Systems (MHS), Tricare Management Activity (TMA). I primarily performed DITSCAP and Physical Security Review (PSR) efforts nationwide. These efforts also addressed the existing Privacy Act of 1974 and Health Insurance Portability and Accountability Act (HIPAA) requirements for the security and privacy of health data and the use and disclosure of Protected Health Information (PHI).
• Various other positions, duties, job functions, responsibilities and locations dating back to 1982, are available upon request.