Work Experience

Confidential

• Conduct Personally Identifiable Information PII investigations while supporting the US Patent Trade Office USPTO , utilizing Encase, Fire Eye, HP Web Inspect.
• Alerted by USPTO intelligence communities of potential PII incidents, investigating evidence of any unauthorized user accessed PII which are applicants' names, Social Security numbers SSN , and date of birth DOB may have been accessible within the USPTO network.
• Reviewed information on various computer related evidence obtained from various DOD computer and networks believed to contain evidence of criminal activity.
• Perform data recovery, including both file and email recovery, on electronic media to be analyzed during the course of a computer forensic investigation.
• Acquire and preserve computer media in either a lab setting or through onsite data capture or seizure.
• Developed correlation logic rules to identify certain combinations of events as 'Incidents' indicating attacker activity, generating alerts for enterprise Incident Management and Response teams from within a Security Information Management SIM solution.

Confidential

System Validation Staff Engineer

• Supporting Marine Corps Systems Command Enterprise Engineering Verification Environment EEVE , while utilizing NetApp, VMware 5.1, Symantec Net Backup, DISA ACAS Version 4.6.
• Conducted validation testing and reporting activities for Marine Corps NGEN/NMCI solution changes, upgrades and updates.
• Senior Validator on the EEVE team. Tasked with reviewing all validations and ensuring the validations and validation reports are in accordance with Marine Corps requirements.
• Validate system IT security control implementation and conduct security testing in accordance with DODI 8500.2 using SCAP Compliance Checker, DISASTIG Manual checklists, and 8500.2 validation procedures. Complete the Validation Report, POAM, and Certification Determination for the applicable solutions.
• Maintain the EEVE lab environment hardware and software with the latest approved patches, updates, and configurations.
• Responsible for the following solution validation and accreditation, and support of Directory Services, Group Policy Object GPO Services, Windows Core Services, Global Address List Interoperability, SAN Storage Management, Server Virtualization Routing, Switching, Voice and Video Over Internet Protocol VVOIP , Circuit, Network Protection, and Host Protection.
• Server Virtualization - Enterprise Services -Solution validation and accreditation, and support of OS virtualization technologies and strategies.

Confidential

Cyber Incident Response Analyst

• Monitoring NGA systems and networks to identify malicious activities and events while utilizing Tripwire, CEH, CHFI, CNDA.
• Specializing in network security assessments, perimeter defenses, log analysis, information security monitoring, and risk analysis. Performed on-site and remote internal, external, wireless, and web application penetration tests. Developed security information management SIEM system device integration modules for intrusion detection.
• Recommend configuration changes to improve the performance, usability, and value of cyber analysis tools. Publish incidents, alerts, advisories, and bulletins as required.
• Collaborate with the Advanced Threat and IR Analyst to develop and implement innovative strategies for monitoring and preventing attackers.
• Perform in-depth analysis in support of network monitoring and incident response operations
• Determine impact of potential intrusions on the network and infrastructure.

Confidential

Requirements Manager

• Coordinates and/or Conducts initial triage, incident handling, and systematic analysis of potential computer intrusions with the ACERT Incident Handler IH section and RCERTs while utilizing, LPT, ECSA, WIDS War Driving, CNDA, CHFI, CEH.
• Experience with researching and fielding new and innovative technologies while performing Incident Identification and Escalation in a 24x7 Security Operations Center SOC environment. Monitored correlated security device log data for several hundred organizations through use of Security Information Management SIM platform and tools.
• Performed triage on correlated security events responsible for identifying, escalating, and validating security incidents in accordance with customer-specific Incident Management procedures.
• Provided customers with best practice guidelines and practical suggestions to protect against or mitigate threats provided remediation recommendations as needed coordinated with Engineers on customer device changes to enhance security posture in response to potential threats and realized incidents.
• Developed, tested, and maintained 'event collectors' to read and parse data from various security product logs into standardized schemas, with appropriate security values. Installed, configured, tested, and analyzed output from multiple point products to generate sample integration data, using both commonly available and customized host and network attack tools.
• Conducted quality review of event collectors developed by remote team.
• Developed correlation logic rules to identify certain combinations of events as 'Incidents' indicating attacker activity, generating alerts for enterprise Incident Management and Response teams from within a Security Information Management SIM solution.

Confidential

Sr. IA/CND Analyst / CND-SP Incident Responder

• Conducting open searches for malicious activity and in depth forensics analyses of cyber-attacks, while utilizing Wire Shark, Nexus, Snort, Arcsight, Security , Retina.
• Monitoring and incident response for NIPR/SIPR/JWICS DIA network and systems. Conduct Network Monitoring and Intrusion Detection Analysis using various Computer Network Defense CND tools, such as Intrusion Detection/Prevention Systems IDS/IPS , Arc Sight, Encase, FTK, Web- Sense, Niksun.
• Performed malware analysis using various tools e.g. Encase, HBGary FireEye, NetWitness, IDA Pro . Conducted analysis on captured user, computer, and network security events, in a near-real time environment, to determine security vulnerabilities, policy violations, and malicious behavior.
• Performed penetration testing vulnerability assessment for compliancy assessment.
• Performed network scans in search of vulnerability across DIA networks. Conducted physical security inspections of classified area. Monitored IDS for potential threats and vulnerabilities.
• Collected forensic evidence from compromised machines, network logs and more. Responsible for researching and identifying security vulnerabilities on the networks and systems. Also responsible for patching security holes.

Confidential

Security IT Forensic Investigator

• Investigated fraud, data spills, network penetration, and eradicate computer viruses and malicious code, while utilizing Encase- Forensic Guidance Tool .
• Planned, conducted and managed investigations centered on digital evidence.
• Counseled and advised on matters involving complex computer security, digital evidence and critical infrastructure.
• Reviewed and approved all computer forensic procedures
• Maintained custody and control of all computer equipment analyzed as part of an official investigation.
• Collected, searched, recovered, sorted, and organized electronic information in all phases of an investigation and litigation matter.
• Followed proper protocols in preserving electronic evidence.
• Ensure information assurance by transmitting secure data between classified systems perform ethical hacking, malware reverse engineering, penetration testing, and Certification and Accreditation C A within Security Operations Center SOC environment.
• Restored damaged and erased computer hard drives to attempt to collect evidence and information.
• Compiled reports including chain of evidence forms, evidence logs and entered data into various computer programs for access by investigating officers.
• Prepared for court appearances and testified in court when necessary.
• Substantial understanding of information security, network architecture, general database concepts, hardware and software troubleshooting, and electronic mail systems.
• Proficient in the use of computer forensic tools: EnCase and FTK.
• Provided evaluations of programs and system vulnerabilities as they relate to security and develop programmatic or procedural countermeasures necessary to protect program operation.

Confidential

Supervisor of OS's/System Administrator

• Managed and supervised operating systems and system administration support for assigned computer systems used throughout Bagram and serviced activities, while utilizing Retina Vulnerability Scanning Tool, Patch Management, Information Assurance Vulnerability Alerts IAVA's .
• Handled complex software/hardware system activities which involved difficult techniques, rapidly evolving technology and critical demands for reliability and efficiency.
• Analyzed and traced system program failures involving the inter-relationships of software sub-systems, applications programs and hardware.
• Advised users on programming techniques to optimize interaction between applications programs and platform performance.
• Evaluated a broad range of software/hardware systems and developed implementation techniques for integration into the existing environment.
• Performed research and evaluation in the areas of advanced computer platforms, operating systems, and network connectivity techniques, software systems design concepts, and logic and software/hardware inter-active control plans.
• Maintained existing servers and minicomputer systems at optimum efficiency levels, continually evaluating systems effectiveness in local operating environment, revising innovative improvements as solutions to problems and consulting with operating officials.

Confidential

• Detect/resolve positive, false positive and false negative intrusion attempts, while utilizing Wire Shark, Nexus, Snort, Arcsight, Security , Retina Vulnerability Scanning, Patch Management, Information Assurance Vulnerability Alerts IAVA's .
• Experience in laboratory management and operations by monitoring, analyzing, and resolving network intrusion detection sensors alerts/vulnerabilities using Arc Sight reporting websites by leading a team of 25 government contractors.
• Assisted the team lead of the IAVM team through aggressive testing cycle of newly released IAVA patches against all workstation and server images, created non-Microsoft patches where needed and delivered results
• Detect/resolve positive, false positive and false negative intrusion attempts. Coordinate with the Help Desk, Server Support, Network, and Telecommunication teams to disseminate and escalate outages/incidents.
• Block suspicious websites and spam email through Barracuda Web filter and Barracuda spam/virus firewall.
• Monitor the status of various network nodes with Solar Winds. Track and resolve network security related trouble tickets through HEAT trouble ticket database. UNIX server OS level hardening, applying security patches, Logging, Monitoring multiple services. Plan, implement, and maintain several dozen networks with varying topology and infrastructure models
• Perform security assessment and penetration testing for outside clients while utilizing Web Sense, Arcsight, Nexus, and Wire Shark.
• Responsible for ensuring Systems Network Security, maintaining performance high availability of Servers, Network, Databases applications and ensured the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
• Monitor security logs to uncover possible security violations, unauthorized activity .
• Creates reports showing security violations.

Confidential

• Reported security incidents and technical vulnerabilities to the Regional Army Computer Emergency Response Team RCERT in FT. Huachuca, AZ, while utilizing CISSP Boot Camp, Blue Coat Web Content Engineer, Barracuda Web Proxy Server Administrator, Retina, Patch Management, Information Assurance Vulnerability Alerts IAVA's , Personally Identifiable Information PII Reporting.
• Reported and monitored security logs to uncover possible security violations, unauthorized activity .
• Creates reports showing security violations, provides consultation to management on access control rules.
• Researched and implements upgrades to security software and devices. Supports and promotes security processes and standards and the other Army agencies as required and implement protection measures.
• Created and implemented the Ft. Belvoir incident response plan and the classified spillage check list for Department of Information Management DOIM .
• Provided administrative assistance on the Secure Network Sever as well as Firewalls as the Blue Coat Web filtering Administrator blocking and allowing access to websites that were potential threats protecting our users and networks from Internet threats and abuse, including spyware, phishing attacks, P2P traffic, IM and streaming traffic, adult content, and many others.
• Configure products for Intrusion detection sensor, analysis of security risks, vulnerabilities.
• Provided assistance to Reports all levels of Information Systems Security vulnerabilities in the manner appropriate to the risk involved.
• Prepared documentation of Information vulnerabilities for the Deputy Directorate of Information Management.

Confidential

• Monitored computer systems and associated peripheral devices to ensure they are highly maintained, and ready to support: real-world crisis.
• Performed duties as a System Analyst/Administrator for the U.S. State Department and Perform user administration, to include, adding, deleting, and modifying accounts on Microsoft utilizing active directory Windows based workstations and Microsoft Exchange systems.
• Identified and resolved problems arising in the operation of PC systems hardware, systems software and application programs.
• Operation of first level hardware tests and diagnostic routines, analysis of results, and implementation of repair solutions where applicable.
• Performs system analyses in existing workloads, databases, operational functions, etc.
• Developed, wrote, and maintained programs for enhancements to the database management system unique to the Agency.
• Supported customer needs by identifying problems/needs and planning, coordinating, modifying, implementing, and troubleshooting systems capabilities to ensure IT systems satisfy customer and mission requirements.

Confidential

Provided technical support, network support and help desk support

• Oversaw contract development of hardware, software and communications installation plans, considered the latest techniques and interface/compatibility TCP/ICP requirements to existing equipment which encompass multi-vendor interconnections.
• Installed and oversees installations automation equipment, software, writes batch files, sets up menus, made minor modifications as necessary, and tested systems to ensure optimum operation to fill user requirements.
• Maintained compatibility of all organization information systems and applications.
• Managed systems, troubleshoots, diagnoses, corrected errors and malfunctions and resolved hardware level, systems level, communications interfacing, and applications level compatibility problems on both networked and stand-alone equipment.

Confidential

• Carrying out the security analyses and risk evaluations as well as conducting security tests and evaluations of Army networks.
• Successfully obtained Certification and Accreditation C A system and application Authorities to Operate ATO , through DITSCAP-8500 series, on Army networks
• Extensive background in developing, implementing and managing strategic, technical and operational security plans that are aligned with business goals and objectives, diverse security architectures e.g., people, processes, technology .
• Systematic and structured risk management strategies, as well as properly aligning security programs that met not only the demands of the entire organization, but were perfectly postured to withstand even the most rigorous of rule, regulation or guideline inspections i.e., ISO, Command Post Inspection CPI , Enhanced Compliance Validation ECV , Inspector General, etc. .
• Hands-on security experience with the following System Security Authorization Agreement SSAA development, Concept of Operations CONOPS development, System Rules of Behavior development, Security Test and Evaluation ST E from both a documentation i.e., Security Requirements Traceability Matrix SRTM and overall risk assessment plan construction and a technical vulnerability scanning and analysis standpoint, Incident Response planning, SDLC planning, Disaster Recovery, and Continuity of Operations CP/DRP/COOP planning, Project of Action and Milestones POA M development and execution as well as conducting Privacy Impact Assessments.
• Planning and supporting security engineering as well as gaining and managing security certification and accreditation of Army Information Systems AIS networks, and sites.
• Coordinating accreditation and certification activity for project teams as well as working collaboratively with information assurance groups and planning teams
• Developing the security violations training programs for team members and guiding them for the better result.
• Evaluating the security programs by testing the programs and reviewing and maintaining information assurance policies.
• Carrying out the risk assessments and performing security configuration reviews Comprehending system test, evaluation and system categorization as well as participating in client interviews as part of the risk assessments process.
• Developing the security system plans, Memorandums of understanding as well as analyzing the reports of the project work.
• Reviewing existing C A Packages for totality and compliance as well as organizing the meeting programs for team members.