Information Assurance and Cyber Security Profile

Mr. Green has 20 years of information technology experience. Mr. Green has 14 years of System Administrator/Network Engineer experience and 8 years of Information Assurance IA experience. His IA experience includes developing policies and procedures in preparation for Certification and Accreditation C A activities on major applications. In addition, Mr. Green has experience producing security related documents, including System Security Plans, Risk Assessments, Privacy Impact Assessments, Incident Response Plans, Contingency Plans, and Security Categorizations. He has experience validating that all documentation meet the guidelines and standards defined by the National Institute of Standards and Technology NIST publications, Department of Defense Information Assurance Certification and Accreditation Process DIACAP , Office of Management and Budget OMB Circular A-130, the Federal Information Security Management Act FISMA , AR 25-2, ICD 503/DCID 6/3 and Risk Management Framework RMF .

Professional Experience

Senior C A Analyst IASO

Confidential

• Performs C A in compliance with the Department of Defense Information Systems for Certification and Accreditation DIACAP , AR 25-2 and Risk Management Framework RMF for the Pentagon.
• Validates Risk Assessments, System Security Plans, Contingency Plans and System Test and Evaluations.
• Validates Retina, Gold Disk, STIGs, SRR and SCAP security scans and records information into Enterprise Mission Assurance Support Service eMASS .
• Validates POA Ms, IAVMs and documentation regarding IA Control sets.
• Conduct certification activities to complete systems certification packages that satisfy USA ITA, ARMY and DoD requirements.
• Provide guidance on assessing controls and IA processes.
• Performs security audits on remote/alternate sites.
• Performs DIACAP IA Control assessments at remote sites
• Provide technical support to DOD information system programs for life cycle security support, from inception of the program through initial accreditation.
• Develop a methodology and procedures to be followed by accreditation personnel while providing life cycle security support.
• Participate in formal and ad hoc certification and accreditation working groups where directed.
• Provide technical documentation required for the site certification and accreditation process.
• Conduct technical analysis and documentation of DOD standard systems security to include the requirements for COMPUSEC, and COMSEC.
• Identify and assess security requirements and deficiencies in local and wide area networks LANs and WANs and commercial switching, transmission and signaling networks.
• Monitor the implementation of and compliance with, DIACAP C A standards within USA ITA to ensure uniform application of the standards and consistency in security of accredited DoD information systems.
• Develop risk management guidelines.
• Ensure all packages are updated at least annually.
• Review all applicable documentation with the agency point of contact to ensure accuracy and completeness in identifying all information systems that connect to the network.
• Support Customer efforts to certify and accredit standalone equipment.
• Support and assist in coordination of Agent of the Certification Authority ACA visits.
• Assisting in the plan for the transition from DIACAP to RMF
• Creates Standard Operating Procedures SOP for senior management approval and implementation
• Performs lead responsibilities on many projects

Principal Information Assurance Engineer

Confidential

• Performed ISSO duties
• Performed C A in compliance with the Department of Defense Information Systems for Certification and Accreditation DIACAP for Defense Security Service DSS
• Validated Risk Assessments, System Security Plans, Contingency Plans and System Test and Evaluations.
• Validated Retina, Gold Disk and SRR security scans and records information into Enterprise Mission Assurance Support Service eMASS and XACTA.
• Uses Retina, NMAP, LanSurveyor and Flying Squirrel Wireless Discovery Mapping Application to perform scans on Windows as well as Red Hat servers.
• Provided support for security policies and procedures. Assists system owners and security support staff to develop and implement risk and threat mitigation strategies.
• Performed remote site visits to complete physical and technical checklists. Assisted in planning for COOP operations.
• Created POA Ms, Security Configuration Guides, System Security Plans as well as other C A documentation
• Created Standard Operating Procedures SOP for senior management approval and implementation

Senior Information Assurance Engineer

Confidential

• Performed C A duties applicable to NIST, FISMA and OMB policies and guidelines for Housing and Urban Development HUD .
• Analyzed Major Applications owned by the OCFO for compliance.
• Updated previous C A documents based on 800-53 Rev2 to include the additions and changes applicable for 800-53 Rev3 which included Risk Assessment, Contingency Plan, Configuration Plan, Disaster Recovery Plan, System Test and Evaluations and other documents needed for certification.
• Made recommendations for mitigation of findings to make systems compliant with federal regulations.

Principal Information Assurance Engineer

Confidential

• Performed CA Representative duties and ISSO duties
• Performed Certification and Accreditation applicable to Department of Defense Information Systems for Certification and Accreditation DIACAP for Defense Security Service DSS .
• Validated Retina, Patchlink, Gold Disk and SRR security scans and recorded information into Enterprise Mission Assurance Support Service eMASS . Provided support for security policies and practices.
• Created POA Ms, System Test and Evaluations, System Security Plans as well as other C A documentation
• Configured machines to reset the PIN on CAC cards.

Principal Network Engineer/ Information Assurance Engineer - Team Lead

Confidential

• Managed and lead several projects with a staff of technicians to complete and meet task orders on a TS/SCI network.
• Lead team in building a Network Operations Center NOC . Installed and configured Cisco routers/switches, Juniper IDS as well as BorderGuard and Gauntlet firewalls.
• Assisted in creating plan to upgrade Windows NT network to Windows 2003. Analyzed XP/2003 infrastructure and installation issues to ensure smooth implementation. Added DMZ and improved DNS capabilities. Created baseline images for servers as well as workstations.
• Built cluster servers for Exchange 2003. Installed and configured SQL Server 2005, Windows 2003 and Windows 2008 servers. Provided administration and training for AMHS M3 on a Solaris platform. Installed and configured Spotfire server, Quark, IIS 6.0, Ecora Auditor Basic, Intrust 9.5, Symantec Endpoint Protection 11.0, System Center Configuration Manager 2007 and Tripwire 7.5.
• Created Federal Desktop Core Configuration image for compliance and implemented security policies as well as GPOs for managing workstations, servers and pushing applications.
• Provided administration for network communication through RAS and VPN to several sites.
• Installed VoIP on the network. Installed biometric devices for user login. Set up VTC sessions with various agencies.
• Used Secutor Magnus Release 3 to ensure Federal Desktop Core Configuration FDDC compliance
• Used SNORT, HP Openview, CiscoWorks, Nmap, Wireshark and Fluke to analyze network activity.
• Developed security policies as well as providing assistance for C A using DCID 6/3 and ICD 503 which included, Disaster Recovery Plan, COOP Plan, System Test and Evaluations, Risk Management Plan, Configuration Plan, System Security Plan and other documentation.
• Conducted annual COOP exercises, table top as well as testing full COOP procedures.
• Created Standard Operating Procedures SOP for senior management approval and implementation
• Responded to IAVA's and provided results to senior management for FISMA compliance.
• Installed eEye Retina server and conducted monthly or bi-monthly scans to meet the requirements for the security policy. Used Gold Disk to ensure the security posture of servers.
• Provided Computer Network Defense CND duties related to inappropriate data use or storage, data spills and other breaches in security. Aided in retrieving dating using forensics to support investigations using tools such as FTK.

Information Systems Coordinator Department Head

Confidential

• Served as head of a small information technology department at an assisted living facility. Purchased all IT equipment for use as the facility.
• Upgraded, installed and configured a NT 4.0 and Windows 2000 network. Supported data exchange between Unix and NT. Implemented firewall security as well as remote access for users.
• Set up Internet boxes for internet access on two subnets before upgrading internet access to DSL.
• Provided web page design and maintenance for three of the foundation's web pages using JavaScript and FrontPage.
• Involved and in total network maintenance and administration. Installed and maintained a Microsoft Exchange 5.5 mail server as well as installed and maintained servers and workstations.
• Designed plans for a Windows 2000 migration. Upgraded a NT 4.0 network to Windows 2000 including Exchange Server 2000. Managed 3com routers and switches within the LAN.
• Created procedures for helpdesk operation, security procedures and trained staff on Microsoft products.
• Used ArcServe enterprise backup for all servers and Installed biometric devices for ADP user time keeping program.