SUMMARY:

Seeking consulting and contracting opportunities for companies, clients, and business partners to help become successful in the Information Assurance and Cyber Security fields which will allow me to effectively utilize my strong managerial, leadership, and technical security skills.

SKILLS:

Networking Applications: VMWare Workstation 7.0, 6.5, 6.0, 4.05, VMWare ESX Server 6, 5, 4, 3.5.5, 3.5.0, 3.02, Virtual Center 2.0.1, GFI LANguard Network Security Scanner 3.3, SMS Network Monitor v. 2.1, Symantec Anti - Virus (Console/Client), Update Expert, Brocade EZ Switch Setup v2.1.0

Network Vulnerability Scanning Tools: Retina Scan, PGD Scan (Production Gold Scan v1 & v2), Nessus 6.5 & 6.6, SecurityCenter 5.3, 5.2, 4.8.2, HP Fortify, WebInspect, GFI LANguard

Backup Application Systems: Brightstor ArcServ, IBM Tivoli Storage Manager, IBM TotalStorage DS4000/FAStT Storage Manager 9, HP Storage Works EVA 4000, Symantec Backup Exec v 11, 12d

Operating Systems: VMWare ESX Server 3.0.2, 3.5, 4.0, 4.1.0, MS Dos, 9x, NT 4.0, Microsoft Windows, 2014, 2012, 10, 7, ZP 2000 Pro, XP (Home & Pro), Server 2003, 2008 x 86 & 64 bit, Rad Hat Enterprise Linux 6 & 7, CentOS 6 & 7

Security Applications: Tripwire 6.0.1, Bigfix-Security Compliance Management, Symantec Endpoint Protection 11, Confidential (ESS), Kibana (Elastic Search), Splunk, Security Compliance Checker (SCC), STIG Viewer 2.3 & 2.4, OpenSCAP

Applications: Microsoft Office Suite, Adobe CS applications, Netscape and Lotus Notes, Microsoft (Outlook) Exchange 2003 & 2007, Norton Ghost (Symantec Ghost), Norton Boot Magic, Norton Boot Partition, Atlassian JIRA, Confluence, FishEye, Crucible, & Greenhopper, Contour, Virtual Consolidated Backup, VMware Server 1.0 & 2.0

Databases: MS SQL 2005 & 2008, Oracle 11g

Multimedia: Overhead projection and VTC equipment

WORK EXPERIENCE:

Confidential, Woodbridge, Virginia

Chief Cyber Security SME

Responsibilities:

• Serve clients with theresponsibility fordeeper managerial Cyber Security elementsand providing thought leadership within the Executive and Senior level of customers and clients executive management levelhierarchysuch as, but at not limited to the following: Cyber Security, Cloud Security, Security Software Development Lifecycle, Vulnerability Management, Business Acquisition StrategyManagement, Project Management, Risk Management, setting up and delivering security awareness programs, and managingBusiness Continuity and Disaster Recovery Planning programs.
• Establishes, presents and governs theinformation security program strategiesdemonstrating practical RiskManagement,Strategic Management Development, Security Compliance Management, Program Governance, Assessment & Authorization, Contingency Management,Incident Management, Securityleadership and other ancillarymanagementskills.
• I provide a myriad of transcendent ISSM, ISSO, & ISSE Cyber Engineering and authorization services for customers. Create cost-benefit analyzes as well as supporting a detailed definition of business and data requirements.
• Responsible for the technological and Cyber Security direction of Confidential and customer base.
• Furthermore, I advise, architect, construct, and implement the framework oftheinformation securitygovernance programs and Cyber Security continuous monitoring solutions Kibana, and provide help for clients at all costs to achieve successes, to verify that several cloud services applications, on & off premise systems, sites and network IATT & ATO authorization requirements are meticulously deliberated, captured and applied with customer stakeholders to meet security compliance standards.
• Proposes budgets for programs and projects, purchases and upgrades equipment, supervises computer specialists and IT workers, and presides over IT-related/Cyber projects. Propose information technology Cyber centric hardware/software solutions to accomplish the company and client business objectives.
• Identify client objectives/ user needs and provide resolutions to problems.
• Construct the framework oftheinformation securitygovernance programs and defines the means of supporting thecompany internally, and externally for clients on a continuous basis.

Confidential, Ft. Belvoir, VA

Information Assurance (Cyber) Engineer Lead/Architect/Project Manager

Responsibilities:

• Managing, leading and effectively planning as a multi-tasking ICD 503 Advisor key stakeholder in INSCOM G7 Directorate (formerly Futures) Confidential IA Engineer Lead/Architect capacity. Duties include being the focal driver for properly advising security teams by integrating, maintaining & facilitating sound information system security architecture.
• Thus, my thought leadership involvement, project management planning skills, technical expertise, security control assessor (SCA)/Authorization Official (AO) negotiating & advisory skills, resource management skills, performing collaboration, professionalism, candid professional SME consultation, detail oriented assessment skills, strategic alignment thinking, personable personality & diverse expertise background, have served well as a SME initiative driver for INSCOM Futures.
• I have implemented an enterprise Wide IA risk management centric Software (Security) Development Lifecycle (SDLC or SEC)processfor
• Boeing HardwareWall (HWW)Cross Domain Solution (CDS), 2)Persistent Surveillance System (PSS), CDS 3) Integration, Assessment and Demonstration Network (IADnet).My introduction, management, and guidance into theINSCOM G7IA centric Software Development Lifecycle(Risk Management Framework, RMF -ICD 503) enabled my customers, to implement an iterativeenterpriserisk management based approachthroughout the entire program.
• Iprovided SDLC guidance emphasis on augmenting systemsecurity posture throughout the Initiation,Acquisition,Implementation, Operation and Maintenance, and decommissioning SDLCphases to ensure information security considerationswere addressed as early as possible into integration activities.
• As a result, I helped deliver the most effective and efficient securemethod for theentireINSCOM G7 organization thatthe program has receivedwithin the last several years.
• I have helped to foster positivity & create effective & efficient outputs by all stakeholders involved. I augmented project deficiencies with managing project task schedules, managing action items to help maintain client situational awareness, proactively identify & mitigate risks, while addressing the technical and administrative security BOE documentation granular detail in developing security test procedures, security plans, other supplementary security documentation & INSCOM Futures organizational security common control measures.
• I have enhanced system security design imperfections for the Boeing Hardware Wall and Persistent Surveillance System (PSS) Cross Domain Solutions.
• Consequently, based on my leadership, coordination, collaboration work, & other ancillary performance which include but were not limited to the following, of: security architecting, procurement, security design analysis skills, security development, and advising implementation processes, within two months of my involvement, INSCOM Futures became the prime beneficiaries of successfully receiving two flawless Certificate to Fields (CTFs) and within ten months the customer received two Interim Authorization to Test (IATTs) from the Defense Intelligence Agency authorization risk management decision to support the pilot INSCOM data agnostic, data Transfer - Cross Domain Solution and Full Motion Video (FMV) Cross Domain Solution.

Confidential, McLean, VA

Quality Assurance Security Engineer Lead/Deputy Senior Security Engineer Lead

Responsibilities:

• Serves as a Lead Senior Security Engineer with the responsibility for supporting the design, implementation, testing, integration, and C&A of cloud computing solutions and ensuring the overall security posture of the solution throughout the system development
• Manage and mentor several security personnel of mixed skills and experience the risk management framework lifecycle.
• Establish tasks and assign accountable actions throughout the ICD 503, Risk Management framework with the supporting IA team and system developmental lifecycle.
• Implement guidance by helping lead a IA Engineer Tiger Team through the ICD 503, DCID 6/3, DCID 6/9, DoDIIS processes ead internal security assessors with the responsibility of providing internal consulting services for coordinating Confidential IA team security control evaluations of the IS and determine quality assurance degree to which controls have met the security requirement with each IA team member.
• I am responsible for ensuring the entire Confidential system information assurance C&A package Body of Evidence (BOE) accreditation submission throughout the program, organization, system and enclave. Work with the system owners and control providers to prepare the assembly, compilation and submission of the Confidential system security authorization artifacts.
• I provide the DAA/AO with essential system information needed to make risk-based decisions in relation to implemented POA&Ms, managing expectations and negotiations of acceptable risk on whether to authorize operation of the Confidential system based on sufficient security state evidence.
• Serves as an integral individual associated with the system development team, to ensure security requirements are effectively implemented throughout the system security architecture, design, and development, configuration, and implementation processes.
• Coordinate security related activities with several disparate supporting Confidential PMs, IA, and system engineering teams.
• Provide architectural security Confidential solutions in support of the Distributed Common Ground System
• Develop effective Information Assurance related business cases for company market advertisement in business development.
• Develop, manage and report applicable tasks for several security personnel. Develop, manage and report schedule and resource manning to project managers. Provide subject matter expertise regarding security policy implementations and strategies. Develop mitigation courses of action for security vulnerabilities.
• Conduct security assessment and independent evaluation and validation (IV&V) of system components and subcomponents.
• Use compliance and vulnerability assessment tools to analyze products for configuration and patch vulnerabilities.
• Support rapid iterative development-test-development cycles.
• Develop and assess system requirements to meet security control requirements.
• Develop and assess system requirements to meet functional security requirements.
• Develop and assess system requirements to meet operational security requirements.
• Develop implementation strategies that address the latest security scenarios, threats, and regulatory compliance issues.
• Research new technologies that can support the customer mission of security compliance and build and implement infrastructure security solutions.
• Design, configure and troubleshoot networking devices, various platforms, databases and Linux and Windows systems.
• Experience working with remote access systems (SSL VPN) appliances, network admission control/end point control services, token based authentication, integration with Active Directory and LDAP).

Confidential, Alexandria, VA

Information Assurance Engineer/Officer

Responsibilities:

• Duties included drafting security certification documentation (SRTM, PUG, SDD, POAMs, Security CONOPS, Installation and Configuration Guides, Configuration Management Guides, SOPs, SSAA, Risk Management assessments, etc.).
• I provided extensive system auditing for business processes and business management risk analysis initiatives throughout the system lifecycle.
• Managed the quality assurance (QA) certification test procedure operation process in providing system assurance and integrity through performed test procedures for security evaluation and government certification review for system IATTs, IATOs, ATOs and system deployments into the O&M infrastructure
• Provided extended risk management upper management IA consultation support in various important security management decision making efforts.
• Conducted COTS and company proprietary product security and environment risk assessments against DCID 6/3 - PL 4/3 security and ICD 503 reciprocity requirements, in mitigating risks for the government in support of developing secure solutions for client/customer mission utilization.

Confidential, Westborough, MA

Lead Systems/Network Engineer, Configuration Manager

Responsibilities:

• Promoted to Information Assurance Manager and I assumed the roles of Information Assurance officer and deputy Facility Security Officer (FSO.
• Activities included: Implementing Network and Server Infrastructure System Engineering best practice recommendations in accordance with JAFAN 6/3, 6/9 Special Access Programs
• . Implementing Server System Role Based Access Control (RBAC)/ Rule Based Access Control policies enforcement throughout the infrastructure.
• Configured and maintained workstation operating system security firewall ports and protocols parameters.
• Configured and maintained Cisco switch ACALS and port security MAC address filtering for servers and workstations.
• Implemented Windows Operating System Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).
• Managed system and software upgrades and schedules network maintenance intervals, installed and configured new server and network equipment, and maintains the configuration management life cycles (e.g. procurement, inventory, auditing, and asset tracking).
• Coordinated vendor software and item agreements and negotiates quotes within the procurement process.
• Engineered, designed, and deployed the software development VMware virtual infrastructure in support of improving team efficiency and increasing business continuity for the software development team.
• Provided extended software development support by executing and deploying the software build for the Quality Assurance and documentation teams.
• Managed physical access control for cleared personnel into the classified facility and request visit requests for un-cleared personnel.

Confidential, Washington, DC

Security Systems Engineer

Responsibilities:

• Team member for the Defense Intelligence Agency (DIA) providing support for the Confidential Server Virtualization/Consolidation Systems Engineering team.
• Activities included: Drafted project scope application certification and accreditation documentation (SSAA, SRTM, SSTP, etc.) for system design; build releases, updates, & configurations.
• Designed, built, and configured client test lab migration environment utilizing PlateSpin application software.
• Engineered application test, integration, and development for the server consolidation team.
• Monitored daily VMware virtual infrastructure client console for virtual machine alert and event activity. Provided troubleshooting best practice recommendations and solutions for complex technical issues for the client.