Summary

Cyber Security Analyst providing Security Assessment Authorization services. Developed and Tested System Security Plans SSP , evaluated NIST 800-53 controls in compliance with FISMA, performed Risk Assessments, Security Categorizations, Privacy Assessments and made recommendations to secure networks and systems. Hardware/Software design engineer experienced at integrating commercial-off-the-shelf telecom hardware into Windows and Linux systems while interfacing with product drivers and using C/C , C and Java to produce finished products that include marketable user interfaces. Integrated databases and web interfaces into products. Managed real-time multithreaded applications. Created mobile applications for penetration testing.

Core Expertise Includes:

• Security Assessment and Authorization
• 800-53 Control Evaluation for FISMA Compliance
• Risk Analysis
• Object Oriented Software design
• Hardware/Software Systems Integration
• Complete Lifecycle Product Development
• Database Management
• Secure Web Interface Design
• Telecom/Internet Protocol Analysis
• Cryptographic Application Design
• Mobile Application Design

Career Snapshot:

Confidential

Cyber Security Engineer/Analyst

• Performed Security Test and Evaluation of information systems for the Department of Energy DOE at the 19901 Germantown Rd, Germantown, MD location.
• Systems I tested included a single sign-on system supporting DOE's identity management system, a cloud based service desk ticketing system, the DOE PKI provisioning system, a federated identity management system, an Oracle virtual directory system, a HSPD-12 provisioning system, a mobile wireless management system, an inventory reporting system and a special common control providing system defined as all of DOE's Windows, Unix, Enterprise Oracle and Mainframe servers minus the applications running on those systems .
• Participated in ST E efforts that required, performing the testing, socializing findings with the system owner, interpreting Nessus, NetSparker, or BurpSuite scan results, evaluating cloud provider's GSA FedRAMP audit results to support the risk analysis and control inheritance, creating and then representing the Authorization Assessment package to management and the Authorizing Official, following through with the System Owner on POA M remediation, and evaluating the significance of changes to the system ongoing.

Cyber Security Analyst supporting Change Management.

Participated in the DOE Change Control Board meetings, evaluating changes to the DOE network and information systems. Delayed changes, which would downgrade the security of the network, and negotiated for secure alternatives.

SA A training

Provided practical training for new ISSOs who supported our ST E team by creating the System Security Plans for DOE information systems.

ST E Lead

Produced practical guidance for new hires, provided process improvement, and scheduled work for the DOE ST E team.

Confidential

Cyber Security Engineer/Analyst

• Performed Phase 1 2 Security Assessment and Authorization of information systems at the Bureau of Engraving and Printing BEP at the 14th C Street facility in N.W. D.C. Created the System Security Plan SSP , evaluated the 800-53 controls and performed Risk Analysis of the following BEP systems: Public Sales, Emergency Telephone, Workflow Configuration Management, Test and Development Configuration Management, Audit and Compliance database, and Mobile Device Infrastructure, System Configuration Management, SharePoint Performance Risk Analysis and PIV two factor authentication.
• The systems I evaluated used IIS or Apache Web Servers and MS SQL or Oracle databases. BEP's implementation of GOOD Technology on IOS smart phones allowed secure access to MS Exchange. BEP's implementation of PIV enabled employee's two-factor authentication on Windows and MAC OS desktop systems using PKI.
• Some new systems I evaluated were specialized and used open source operating systems and customized hardware, including a voice recording system that runs UNIX QNS and its replacement that runs customized versions of Windows and Linux on separate PCI cards which communicated as if on the same LAN using an Ethernet-over-PCI architecture.

QRadar SIEM Analyst

Participated in incident handling at BEP using the QRadar's SIEM. Analyzed incidents that had tripped QRadar's thresholds to determine if true malice was involved. Documented the results and provided them to management.

Telecom Switch Security Recommendations

• Provided security recommendation for the installation of a new Emergency Telephone Management System for the District of Columbia BEP facility. The system selected by BEP interfaces between the 5ESS ISDN telephone switch on the premises of BEP and BEP's LAN/WAN. The Wave provides the resources for emergency operators and an operator manager and records all emergency calls with back up as required by law.
• As part of my employment with Northrop Grumman I received training at Northrop's Cyber Academy and also through EC-Council Certified Ethical Hacker CEH certification . I took advantage of these opportunities by creating my own research network of computers that included, Windows XP, Windows Vista, Windows 7, Linux/Ubuntu, Linux/Fedora and a VM Ware image of UNIX/Open BSD.
• Three wireless access points were added to the network for wireless encryption testing and password cracking experiments. WEP, WPA and WPA2 encryption was implemented at the different access points. Additionally, I created a wireless access point discovery tool using JAVA, on my android phone. This was accomplished two different ways, first using a complier on board the Android AIDE and then also using Eclipse on a desktop computer and downloading to my Android. A nightly vulnerability scan of the systems was added using OpenVas, which is an early open source version of Nessus.
• At BEP I used Nessus and BDNA to aid system research for SA A. For convenience I created a PowerShell script to scan the upper ports of systems like NMAP but less intrusive to verify documented port.

Confidential

Senior Software Engineer

FXO Handheld Test Tool with Embedded ARM Cortex M3 processor

Verified hardware design and created software design and implementation of a FXO field test instrument for AT T. The hardware was implemented rapidly by designing around a CPLD complex programmable logic device that required filling in the blanks of this design while the board layout was implemented. The hardware interactions between the FXO, LCD, ARM Processor, USB, Ethernet Adaptor, microSD Card, Switches and SRAM needed second-look verification and the software needed a complete design.

DCOSS - Digital Central Office Switch Simulator

As part of a 3 person team produced a central office simulator product using a Windows PC and PCI based commercial telecom hardware. Created a scripted local network tool that would allow multiple DCOSS to be controlled from a central script. Created a powerful implementation of SS7 that allowed a further development of the product into a 6-node network implementation that was used by the Army to test network outages such as those experienced during 9/11. The Army used this system to train its employees to create contingency plans that would ensure the integrity and availability of its vital communications in times of catastrophe.

VQuad/Dual UTA Voice quality Testing Application with telecom interface

Using C/C and Cypress driver software produced a Windows API that communicates with a Cypress USB and sends complex commands to the Dual UTA telecom interface. The API provided a real-time stream of voice data between the UTA and any Windows software application. Produced user interface applications to communicate with the API and send voice quality results to a central MS SQL database. Produced a web interface to expose the voice quality results to end-users. Implemented a one-way delay test utilizing GPS on-board the UTA. Along with design and implementation of this system, I created the installations for the parts which included IIS or IE along with step-by-step instructions for the user to setup IIS.

Network Surveyor

Assisted in the design and implementation of an Oracle database tool that collects and analyzes T1 data sent to a central Oracle database from 20 or more network locations. Used by the FBI to collect vast amounts traffic at the lowest protocol level and with the help of this tool, analyze the content and source of the traffic.

TCI/IP and T1/E1 Analysis and testing

Using an in-house Packet analysis tool and T1 Analysis tool, participated in testing and verification of the integrity of network protocol products.

Confidential

Engineer

• CTIC and JIC cryptographic chips
• Created test-bed Hardware and PCB design for military communications cryptographic chips. Produced Windows based software to control the test beds.

ANDVT Simulator

• Using a customized cabling interface and Visual Basic, produced a software tool that could hack into the ANDVT Naval communications device. It would allow a user to monitor the communication at a byte level, save it, insert new data and resend the result simulating one side of the communication.
• Confidential Postal Service Secure, Digitally Signed Postage Indicia
• Created software tool for the US Postal Service that created flexible 2-D barcode indicia to replace ordinary postage for the sake of promoting the integrity of the data. The indicia could include redundancy or a digital signature.

NSA Website

Helped to create and manage a secure database driven website for the NSA. Used Cold Fusion and IIS for implementation.

Confidential

Junior Engineer

• Inductive Setter Artillery shell fuze programmer
• Designed and built a hand held device that programs artillery shell fuzes through an inductive coil. A phase-lock-loop was used for modulation/demodulation.