PROFESSIONAL SUMMARY:

Information Assurance SME, focusing on vulnerability assessments, and Certification and Accreditation documentation and assistance including DIACAP and NIST Risk Management Framework. Prior experience includes network engineering and system administration tasks. Recent work assignments include compliance support and documentation for Federal and DoD agencies, and accreditation support for the US Army Medical Command. This includes vulnerability scans, policy guidance, vulnerability management and monitoring, and regulation expertise for IA personnel in support of DIACAP efforts.

PROFESSIONAL EXPERIENCE:

Security Assessment Analyst contract

Confidential

Provided security-related assessment support to the National Weather Service Information Assurance Branch. Assessment duties included review of system documentation, NIST 800-53 rev3 security control compliance based, and interaction with Approving Official and Security Officers. Responsibilities included obtaining system documentation from the Information Assurance Branch Compliance Team, CSAM 3, Tenable Security Center, and the Information System Security Officers ISSO . This position required over 25 travel to locations around the United States, both CONUS and OCONUS.

Senior Security Engineer contract

Confidential

Provided baseline support to begin the development of a security program for Aviation Communication Systems owned by Rockwell Collins ARINC. Duties included developing the Risk Assessment of the system, updating documentation for system design and continuity, and interfacing with personnel in various divisions of the company to determine how best to design and implement security for the first time in the system. Temporary position primarily to assist the GLOBALink Engineering department with initial documentation and requirements.

Senior Information Assurance Engineer

Confidential

Supported system and software testing of Defense Information Systems Agency DISA and Department of Defense DoD Enterprise level applications. Test functions included Performance Testing with HP LoadRunner, Interoperability Testing, Functional Testing, and Information Assurance Compliance review using such tools as Retina and Nessus. Additional responsibilities include presenting test results to DISA government personnel, participating in test planning sessions, and writing test plans and reports for systems tested. Successfully completed Operational Assessment OA testing on the Enterprise Email Security Gateway EEMSG Phase 2 Outbound Message Scanner Cisco IronPort and the Zero-Day Network Defense ZND Email Malware Protection System FireEye Pilot. Provided through reporting on strengths and potential weaknesses, along with ongoing testing support.

Deputy Information Assurance Manager Information Assurance Engineer

Confidential

Worked as a Deputy Information Assurance Manager for the Walter Reed Army Institute of Research WRAIR . WRAIR responsibilities include running security compliance scans with Retina, SCAP Tool, and Gold Disk to ensure security and IAVM compliance new user in-processing ensuring current IA training processing security-related support tickets and supporting Certification of Networthiness requests. Completed new Foreign Nationals Information System Use Policy, and rewrote Acceptable Use Policy and Remote Access VPN Policy to meet compliance with current regulations. Additional responsibilities include support of triennial DIACAP assessment and package creation.

IM/IT Security Engineer

Confidential

Supported DIACAP Certification and Accreditation, Certification of Networthiness, and other security requirements for Medical Systems and Devices within the U.S. Army Medical Command. Consulted on various medical projects for information assurance compliance, interfacing with vendors to assist with security posture improvement, and contract review to ensure inclusion of security requirements.

Sr. IA/IT Security Engineer

Confidential

Assessed and conducted Certification and Accreditation efforts for the United States Department of Transportation USDOT Pipeline and Hazardous Materials Safety Administration PHMSA , including security scans, test evaluation, interviews, and site assessments. Developed new and updated policies regarding security for both PHMSA and US DOT. Documentation review and creation, security assessment, SME for security protocols, and guidance to system developers to aid in secure development strategies. Built a virtualized Nessus scanner server for use in security testing, allowing for portability to scan remote hosted systems as well as scanning local servers.

Associate, Certification Accreditation Team

Confidential

Provided Certification Accreditation support to the DoD Civilian Personnel Management Service CPMS . Supported the OCIO at NIST, including writing and reviewing Security Plans, performing and evaluating security tests, and interfacing with various component agencies and divisions. Developed a Security Metrics Scorecard, designed to add weights to specific security objectives and generation a report card to quickly assess the security posture of a system or component, and helped develop and update Secure Configuration Guidance documents. Ran vulnerability scans during assessments using Tenable Security Center Enterprise.

Senior Information Security Consultant

Confidential

Performed documentation and policy support for USAMRMC and USAMMA, DIACAP support, regulation guidance, and template creation. Drafted operational and security policies, IA policies, follow through with assignees on specific security-related tasking, and accreditation testing preparation support. Preliminary compliance testing using Retina, Gold Disk, DISA and STIG SRRs, along with vulnerability resolution through policy and security settings Group Policy, Retina scanning, and Behavioral guidance . Documentation of SOP, Memoranda, and assistance with COOP and CCB. Briefings to OIC and Command staff on test results, test preparation, and overall DIACAP progress. Network and system security compliance analysis for DoD and other agencies, primarily to DISA and DIACAP standards.

Network Security Engineer

Confidential

Completed network security and vulnerability assessment for clients, including vulnerability scans with Gold Disk, STIG scripts, Nessus and NMap. Provided development assistance on FIPS 201 compliant Card Management System, company internal network security enhancement, and Vulnerability Assessment at Cryptek Corporation, and Amtrak. Performed vulnerability assessments based upon DITSCAP/DIACAP, NIST 800-53, SANS Best Practices, and Sarbanes Oxley security regulations. Functioned as the Network Systems Administrator and IT Team Lead at Cryptek Corporation.

AD Enterprise Support Engineer

Confidential

Provided support to the US Navy Medicine Information Management Center NMIMC Active Directory Deployment Team for current and future installations of Active Directory to Navy Medicine posts. Work included third-tier support to local administrators, and various projects and enterprise administration tasks such as monitoring of system backups and Symantec Anti-virus. Successfully completed creation of a new child domain within the Active Directory forest with compliments from the NOC Chief, and configured to DITSCAP and Gold Disk security standards.

Network Administration and Support Engineer

Confidential

Performed network management and server administration at the Federal Bureau of Investigation FBI Strategic Information Operations Center SIOC , including management of servers used in information gathering and processing, along with two internal web servers and some additional infrastructure. Successfully migrated local Windows NT 4.0 domain to Active Directory 2000. Provided user support as-needed to supplement the primary SIOC support staff, including network wiring, setups for both secure and non-secure presentations, and assistance to the team responsible for collecting publically-submitted intelligence data TIPS .

Systems Engineer

Confidential

Worked on the US Department of State USDoS Diplomatic Security Service DSS Global IT Modernization Program GITM , including server upgrades and transition to Active Directory infrastructure from Windows NT. Received training on Windows 2000 Server, Active Directory, and Exchange 2000. Pre-staged servers, programmed Cisco Networks switches, and rack cabling.

Network Information Systems Engineer

Confidential

Completed fit out of a new US Senate-operated Enterprise Operations Center under the guidance of the US Senate Sergeant at Arms SAA Office, to include building servers and installing related systems. Tasks included hardware integration and rack installation of HP/Compaq ProLiant DL360 and DL380 Servers, rack-mount KVM monitors and switches, and cable management design for both power and LAN cabling.

Supported the US Army Information Systems Engineering Command ISEC Installation Information Infrastructure Modernization Program I3MP . Tasks included design of network upgrades in accordance with set military networking guidelines including DITSCAP standards, planned location and layout of Communications Centers, individual building Network Wiring Closets, and network equipment types to be used. Drawings were done using AutoCAD 2000LT and 2002LT. Interfaced with various team members and site network coordinators to formulate project plans. Assisted with local Computer/Network Support and Administrative tasks as needed. Completed full data circuit survey of sensitive facilities in preparation for upgrades. Surveyed floor plans to determine actual circuit paths to user desktop.