SUMMARY:

• My goal is to use the skills me has attained from my diverse work experiences to provide the best value while increasing an employer’s security posture and continue to strengtan my career in Information Systems Security/Cyber Security.
• me am a team oriented professional constantly seeking opportunities to expand my and experience in the field of DevOps Engineering and Cloud Systems Administration. dis passion extends to my home life, where
• me am always learning new technologies, improving security posture and scripting tools in my virtualized domain infrastructure and development environment hosted on my hypervisor servers.
• Windows Server 2016 Standard v1803, Windows 10 Enterprise v1803 - The quest for the most lean, secure custom Windows Enterprise image
• PowerShell Automation scripting projects-Windows Hardening Deployment Prep tool for setting Local Group Policy on non-domain systems, account hardening, secure firewall rule configurations, VM prep tool for automating VM deployments in Hyper-V, tracking current logins on remote systems, DNS Sinkhole for Malware and Adware Domains, auto ban malicious IP tool.
• Raspberry Pi3 Docker Container hosts that will perform monitoring and automated environment management.
• Raspberry Pi3 building Ansible playbooks for managing Raspberry Pi3 systems via Infrastructure as Code.
• Raspberry Pi3 app development with Visual Studio Code on Raspberry Pi3.

TECHNICAL SKILLS:

Platforms: Windows 7, 10; Windows Server 2008R2, 2012, 2016; RHEL 7; Centos 7; Citrix XenServer 6, 7

Scripting: PowerShell, Bash, Anisble, Puppet, Batch, Python

Cloud: Azure

Containerization: Docker

PROFESSIONAL EXPERIENCE:

Windows System Administrator

Confidential

Responsibilities:

• Tasked as part of an Automation team to perform datacenter migration for Symatec/Norton Online Backup Services, managing 30,000 physical and virtual servers, consisting of Windows Server 2012, Red Hat 7, Centos 7, and Citrix XenServer 6 and 7. Created PowerShell Automation scripts to assist with Datacenter Migration efforts for Citrix Xen Hypervisors, VMs. Created PowerShell Automation scripts to perform automated upgrades for Citrix Xen Hypervisors, VMs during the datacenter migration.
• Created PowerShell Automation scripts to patch a wide variety of systems to mitigate the Meltdown/Spectre and other Critical Vulnerabilities. Tasked as lead for Vulnerability Management for our groups’ assets and tracking patching and remediation efforts for systems in the datacenters. Created PowerShell Automation scripts to update the tracking of asset postures and remediation efforts. Created PowerShell Automation scripts to query server infrastructure for installed applications, server roles
• Symantec specific web apps, user logins(if any), patching postures of each asset; for the purposes of identifying systems that will no longer be needed(shutdown), systems that will be migrated to cloud services, and future system or app scalability needs.
• Created PowerShell Automation scripts to query Symantec’s Azure instances, build a report in Excel, and present to management for the purposes of cost optimization and asset tracking. Created PowerShell Automation scripts to query Symantec’s Datacenter instances, build a report in Excel, and present to management for the purposes of cost optimization and asset tracking.

Windows 10 Security Engineer

Confidential

Responsibilities:

• Created the Windows 10 Minimum Security Baseline policy for S.W.me.F.T. COTS and Baseline Management group. dis involved defining the Windows Group Policy, configuring the advanced security features in Windows 10 and Windows Server 2016, such as Device Guard, LAPS, BitLocker and Virtualization based security, testing configured GPOs in a secure Windows Server 2016 and 2012 Active Directory domain environment hosted on VMWare VCenter, creating and editing the Windows 10 Minimum Security Baseline policy document.
• Created the Windows Server 2016 Minimum Security Baseline policy for S.W.me.F.T. COTS and Baseline Management group. dis involved defining the Windows Group Policy, configuring the advanced security features in Windows 10 and Windows Server 2016, such as
• Device Guard, LAPS, BitLocker and Virtualization based security, testing configured GPOs in a secure Windows Server 2016 and 2012 Active Directory domain environment hosted on VMWare VCenter, creating and editing the Windows Server 2016 Minimum Security Baseline policy document. Updated the Minimum Security Baseline policy for Windows Server 2008 R2, Windows Server 2012 and Windows 7 to radically improve the security posture of systems governed by these policies by incorporating Microsoft advanced security best practices, enhanced protection tools, and secure system architectures.
• Developed a system to convert the custom S.W.me.F.T. GPOs, created from the MSB process, into SCAP benchmarks (XML OVAL) for use with compliance verification scanners such as, McAfee Policy Auditor and CIS CAT tool, and ACAS (Tenable Nessus).
• Deployed McAfee ePolicy Orchestrator (Host Based Security System) V5.3 in a test environment to build a Proof of Concept system for S.W.me.F.T. to deliver new capabilities via Policy Auditor 6.2.2 with CIS benchmarks (XML OVAL) for OS security policy compliance. Assisted in solving challenges with compliance verification of HP UX Linux/Unix, Oracle Sun Solaris Linux/Unix, and RHEL (Red Hat Enterprise Linux) security policies. Created the S.W.me.F.T. Wiki MSB section of pages detailing the Minimum Security Baseline processes, policies, compliance verification, security exceptions, and FAQs for the customer and user base of S.W.me.F.T. Created many tools and scripts with PowerShell to improve security, increase automation, and monitor Windows environments. Examples include: Windows Hardening Deployment Prep tool for setting Local Group Policy on non-domain systems, account hardening, secure firewall rule configurations, VM prep tool for automating VM deployments in Hyper-V, tracking current logins on remote systems, DNS Sinkhole for Malware and Adware Domains, network status tracking tool.

Systems Administrator

Confidential

Responsibilities:

• Lead SA for the PMRF Migration to Secure Host Baseline Windows 10, developed and designed a custom configuration and options for the PRMF organization. Assisted senior leaders and customer with recommendations for hardware refresh options in support of migration to
• Secure Host Baseline Windows 10. Conducted Systems Compliance Scans with ACAS (Tenable Nessus) to discover and validate PMRF systems vulnerabilities as well as scans for rogue USB Devices. Created McAfee HBSS (Host Based Security System)
• HIPS USB Device Whitelist in IAW DISA and USCYBERCOM requirements for RDN, iNet and SIPR PMRF networks. Monitored and maintained file integrity of PMRF network systems with Tripwire. Performed backups of mission critical PMRF systems with Acronis Backup Advanced. Ensured completion of manual Security Technical Implementation Guide (STIG) (XML OVAL) checklists, providing documentation on the status of the system along with technical risk mitigation strategies, patching, remediation and validation of open findings to support DISA CCRI.
• Generated and provided DIACAP/RMF technical documentation as required to support DISA CCRI efforts involving multiple PMRF mission critical networks, to include RDN, iNet, and SIPR. Collaborated with PMRF/IT Department personnel to include but not limited to: Range Networks, Cybersecurity and MIS as related to individual tasks or general project support.

Systems Administrator

Confidential

Responsibilities:

• Ensured completion of manual Security Technical Implementation Guide (STIG) (XML OVAL) checklists, providing documentation on the status of the system along with technical risk mitigation strategies, patching, remediation and validation of open findings to support DISA CCRI.
• Generated and provided DIACAP/RMF technical documentation as required to support DISA CCRI efforts involving multiple PMRF mission critical networks, to include RDN, iNet, and SIPR. Collaborated with PMRF/IT Department personnel to include but not limited to: Range Networks
• Cybersecurity and MIS as related to individual tasks or general project support.

Systems Administrator/ISSO

Confidential

Responsibilities:

• Rebuilt server systems for DSS SIPR accreditation IAW DISA STIGs (XML OVAL) and IA compliance. Conducted McAfee HBSS (Host Based Security System) configuration to all systems and created HBSS ePO (Host Based Security System) policies for all managed systems IAW DISA IA Compliance to ensure proper PA scan rollup to CMRS. Configured and Conducted IA Vulnerability scanning of all systems with Retina and ensured Rollup to DISA VMS. Built server systems for a virtual development environment including 2 DCs, 1 SQL, 1IIS, 1 WSUS with MS Windows Server 2008 R2 Hyper-V. Built custom PowerShell reporting tools for managed McAfee HBSS (Host Based Security System) clients in the development environment. Conducted custom patching to systems in locked down Zone D enclaves.
• Conducted imaging of new workstation systems ensuring configuration IAW DISA STIGs (XML OVAL) and IA Compliance. Conducted OS Patching and COTS install in RHEL (Red Hat Enterprise Linux) 6 systems. Lead on migration of systems hosted on Windows Server 2003 to Windows Server 2008 R2, IAW DISA STIGs (XML OVAL) and IA Compliance. Configured, secured, managed and maintained Cisco Catalyst switches in all enclaves, IAW DISA STIGs (XML OVAL) and IA Compliance. Managed and maintained Juniper SSG firewalls in all enclaves, IAW DISA STIGs (XML OVAL) and IA Compliance.
• Implement DoD IA and Accreditation Process (DIACAP) IA controls and maintain associated and accreditation documentation.
• Manages security features and/or vulnerability of various operating systems as defined by NSA, NIST, DISA (STIGs) (XML OVAL) and USCYBERCOM. Conduct IA vulnerability testing and related network and system tests with Vulnerability scan tools; Retina, ACAS (Tenable Nessus), VMS (Vulnerability Management System), Security Content Automation Protocol (SCAP) (XML OVAL).
• Conduct system rebuilds from bare metal installs of Windows Server 2003 and Windows Server 2008 R2. Configure Domain IP addressing structure for the network. Conduct Updates and Patches to server systems in the domain to ensure security hardening of the OS. Configure an Enterprise Level Antivirus Solution for server systems to mitigate security threats. Configure Group Policy Objects to manage Software Deployment and Software Settings for systems in the Domain.
• Provide support to classified computing environments supporting multiple programs. Coordinate with the ISSM and perform duties with Systems Administrator to ensure compliance with all NISPOM policies. Submit updates in a timely manner and implement any changes required by the customer rapidly and correctly. Ensure all systems are configured and maintained to retain DSS accreditation during classified operations. Verify automated audit functions are performing properly; optimize system operation and resource utilization while maintaining the security posture.
• Performs system security analyses on client networks and systems; performs security audits, and remediates detected vulnerabilities. Conduct security assessments and evaluations of applications and systems processing sensitive or classified information to ensure that security vulnerabilities are identified and remediated.

Computer Specialist

Confidential

Responsibilities:

• Provided Tier 2 Local IT support for FEMA HQ rapidly learning all aspects of FEMA s enterprise infrastructure. Became a subject matter expert in diagnosing and troubleshooting complex problems involving the wide variety of desktop operating systems and configurations currently in use by FEMA, which lead to my placement as a Team Lead for other contractor technicians at FEMA HQ Building in October 2012. Worked with many other FEMA IT employees to assist in creating customer solutions and configuration adjustments to optimize efficiency for the FEMA HQ customer base. Utilized Remedy ticketing software to prioritize work, track progress of existing customer technical support requests, and document resolutions for future use to educate technicians and provide an SOP for specific reoccurring problems. Received a Star Performer 2012 for Superior Customer Service in January 2013 by innovating customer solutions for many high level FEMA VIPs. Tasked with contacting customers, tracking upgrade status, performing data backups, and imaging systems in support of Windows XP to Windows 7 Migration Project for FEMA National Capitol Region by ensuring customers were in compliance with DHS Mandated Upgrade to Windows 7. Daily activities include: Notifying team members of current SOPs and upcoming changes; offering and study materials to team members and FEMA technicians to strengtan FEMA IT s capabilities; adding or removing computer names to Active Directory infrastructure; performing user account unlocks and password resets; managing and maintaining the imaging server; conducting software and hardware installations and upgrades to meet compliance and security standards; Ensured all work was conducted in accordance with existing SOPs, IT Security polices and within the scope of the ACT contract.