Summary of Qualifications

More than fifteen years IT consulting experience including Certification and Accreditation C A , Information Security, Systems Engineering, Network Administration and Desktop Support. Over seven years experience in Information Assurance IA , Certification and Accreditation C A of Federal Government and Department of Defense systems, applications, servers, workstations, database systems and network devices. Excellent organizational, communication and managerial skills developed as a result of many years of experience working on different projects and platforms with different clients requirements.

EXPERIENCE

Confidential

Senior Information System Security Engineer

• Conduct kick off meetings with system stakeholders in preparation for systems security test, evaluation and assessment
• Develop systems Certification Testing and Evaluation CT E Plan
• Use different automated security tools, manual techniques and scripts to assess systems for threats and vulnerabilities
• Evaluate and analyze the systems security assessment results to verify and validate compliance of the systems Information Assurance IA controls with DoD 8500.2 standards , DISA Security Technical Implementation Guides STIGS and DOJ/FBI guidelines
• Develop Certification Test Report CTR
• Provide recommendations to Designated Accrediting Authority DAA on systems threats and vulnerabilities that require immediate remediation, that could be remediated with Plan of Action and Milestones POAM , that require waivers / exceptions and threats and vulnerabilities that DAA could accept
• Conduct out brief meetings with system stakeholders to discuss concerns, comments or questions based on the systems Certification Test Report CTR

Confidential

Senior IT Auditor

• Evaluated, assessed and reviewed US Securities Exchange Commission processes/programs in mitigating information systems threats and vulnerabilities
• Developed Security Requirement Traceability Matrix worksheet based on NIST 800-53 Revision 3 and FISCAM standards and guidelines
• Coordinated with the system administrators/engineers/database administrators and scanned the network devices, applications, operating systems and database systems for threats and vulnerabilities
• Evaluated and analyzed the systems security assessment results to verify and validate compliance of the systems Information Assurance IA controls with NIST 800-53 Rev 3 and FISCAM standards and guidelines
• Performed manual reviews on the system devices to ensure that the systems configurations comply with the system applicable baseline configuration guide
• Interviewed the system administrators, engineers, database administrators, etc and documented their responses
• Mapped each system threats and vulnerabilities from the vulnerability scan results, manual reviews and interview questions to their corresponding NIST 800-53 Rev 3 and FISCAM IA controls
• Developed Security Assessment Report SAR
• Provided recommendations to Designated Accrediting Authority DAA on systems threats and vulnerabilities that require immediate remediation, that could be remediated with Plan of Action and Milestones POAM , that require waivers / exceptions, threats and vulnerabilities that DAA could accept
• Conducted out brief meetings with system stakeholders to discuss concerns, comments or questions on the systems Security Assessment Report SAR

Confidential

Senior IT Auditor

• Evaluated, assessed and reviewed the agency's processes, programs and procedures in handling classified information.
• Performed EPA internal audit and assessments pursuant to Office of Management and Budget Memorandum OMB M-11-08 , WikiLeaks-Mishandling of classified information, November 28, 2010
• Assessed and evaluated what EPA has done or plans to do to address any perceived vulnerabilities, weaknesses, or gaps on automated systems in the post- WikiLeaks environment
• Assessed and evaluated the agency's plans for changes and upgrades to current classified networks, systems, applications, databases, websites, and online collaboration environments as well as for all new classified networks, systems, applications, databases, websites, or online collaboration environments that are in the planning, implementation, or testing phases.
• Assessed and evaluated weaknesses or gaps with respect to OMB M-11-08 self inspection/ assessment checklist
• Conducted systems audit to ensure that the agency protects classified national security information in compliance with the following policies: EO 12968, Access to Classified Information , EO 13526, Classified National Security Information , 32 CFR 2001, Implementing Directive for EO 13526 , Federal Information Security Management Act of 2002, Committee on National security Systems policy 26, National Policy on Reducing the Risk of Removable Media , Committee on National Security Systems CNSS policies, directives, instructions, and advisory memorandums, National Institute of Standards and Technology NIST SP 800-59, Guide for Identification of Information Systems as National Security Systems , EPA Delegation 1-6-A, National Security Information Hand book Chapter 10 , EPA Information Resources Management IRM Policy Manual
• Developed Security Test and Evaluation ST E plan
• Conduct kick off meeting with the systems stakeholders
• Interviewed system owners, ISSOs, System administrators and all personnel that protect and safe guide the classified systems
• Scanned systems for vulnerabilities. Analyzed the vulnerability scan results
• Reviewed EPA classified systems documentation, handbooks and Standard of Operations SOPs
• Documented all findings, interview responses, and recommendations on vulnerabilities mitigations on OMB M-11-08 self inspection/ assessment checklist worksheet
• Developed Security Assessment Report SAR
• Conducted out brief meetings with system stakeholders to discuss concerns, comments or questions on the systems Security Assessment Report SAR , OMB M-11-08 self inspection/ assessment checklist worksheet

Confidential

Senior Information Systems Security Engineer

• Developed Security Test and Evaluation ST E plan for the Joint Chiefs of Staff J8 systems
• Performed Security Test and Evaluation ST E on the Joint Chiefs of Staff J8 applications, Windows /Unix Servers, web servers, workstations, and Database systems
• Used different automated security tools, manual techniques and scripts to assess systems for threats and vulnerabilities
• Evaluated and analyzed the systems security assessment results to verify and validate compliance of the systems Information Assurance IA controls with DoD 8500.2 standards and DISA Security Technical Implementation Guides STIGS .
• Worked with systems and database administrators to remediate vulnerabilities
• Developed Plan of Action and Milestones POAM on systems threats and vulnerabilities
• Tracked the status of the POAM items until resolved
• Prepared systems DIACAP Package for Authority to Operate ATO approval by the system Designated Approving Authority DAA
• Prepared weekly and monthly systems status report for the senior project manager
• Performed other duties assigned to me by the senior project manager

Confidential

Senior Information Systems Security Engineer

• Developed Security Test and Evaluation ST E plan for DHS HQ systems
• Conducted kick off meetings with the systems stakeholders in preparation for systems certification and accreditation C A process
• Developed system Security Requirements Traceability Matrix SRTM documentation of systems in compliance with the system FIPPS 199, NIST 800-53 and DHS 4300 policy
• Used different automated security tools, manual techniques and scripts to scan and assess systems for threats and vulnerabilities. Verify and validate that the systems security controls comply with DHS Secure Baseline Configuration Guide, FISMA, OMB and NIST standards and guidelines
• Interviewed System Administrators, Network Engineers, Information System Security Officers ISSO and other personnel that have roles and responsibilities to maintain and secure the system that is been tested and evaluated
• Reviewed Systems Security Plan SSP , Risk Assessment RA , Contingency Plan CP , Contingency Plan Test CPT and other security documentation to ensure accuracy and completeness in compliance with NIST and DHS policy
• Developed Security Assessment Reports SAR
• Provided recommendations to the system Designated Approving Authority DAA on systems threats and vulnerabilities that require immediate remediation, that could be remediated with Plan of Action and Milestones POAM , that require waivers / exceptions, threats and vulnerabilities that DAA could accept
• Conducted out brief meetings with system stakeholders to discuss concerns, comments or questions on the system's Security Assessment Report SAR and Security Requirements Traceability Matrix SRTM
• Assisted Network Engineers and Administrators to remediate vulnerabilities
• Assisted the system Information System Security Officers ISSOs to develop POAM items
• Tracked the status of the POAM items until resolved
• Provided weekly status report that outline project success, schedule, issues, and risks to the systems stakeholders.
• Attended systems key stakeholders meetings whenever my project manager is not available
• Performed other duties assigned to me by my project manager

Confidential

Senior IT Security Specialist

• Developed security test and evaluation plans on US Citizenship and Immigration Services USCIS systems
• Conducted kick off meetings with the system stakeholders in preparation for the systems certification and accreditation C A process
• Developed system Security Requirements Traceability Matrix SRTM documentation of systems in compliance with the system FIPPS 199, NIST and DHS 4300 policy
• Used different automated security tools, manual techniques and scripts to scan and assess systems for threats and vulnerabilities. Verify and validate that the systems security controls comply with DHS Secure Baseline Configuration Guide, FISMA, OMB and NIST standards and guidelines
• Interviewed System Administrators, Network Engineers, Information System Security Officers ISSO and other personnel that have roles and responsibilities to maintain and secure the system that is been tested and evaluated
• Reviewed Systems Security Plan SSP , Risk Assessment RA , Contingency Plan CP , Contingency Plan Test CPT and other security documentation to ensure accuracy and completeness in compliance with NIST and DHS policy
• Evaluated and assessed the systems security controls as per the systems Security Requirements Traceability Matrix RTM
• Developed Security Assessment Reports SAR
• Provided recommendations to Designated Approving Authority DAA on systems threats and vulnerabilities that require immediate remediation, that could be remediated with Plan of Action and Milestones POAM , that require waivers / exceptions and threats and vulnerabilities that DAA could accept
• Conducted out brief meetings with system stakeholders to discuss concerns, comments or questions on the system's Security Assessment Report SAR and Security Requirements Traceability Matrix RTM

Confidential

Senior Information Assurance Engineer

• Developed security test and evaluation plans on Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance C4II systems
• Conducted kick off meetings with the stakeholders in preparation for the systems certification and accreditation C A process
• Developed system Security Requirements Traceability Matrix SRTM documentation of systems in compliance with the DoD 8500.2 standards and DISA STIGS
• Performed vulnerability scans and assessments on systems using eEye Retina Network Security Scanner and DISA Gold Disks. Analyzed the systems scan results for threats and vulnerabilities.
• Interviewed System Administrators, Network Engineers, Information System Security Officers ISSO and other personnel that have roles and responsibilities to maintain and secure the system that is been tested and evaluated
• Reviewed and assessed the systems security assessment results to verify and validate compliance of the systems Information Assurance IA controls with DoD 8500.2 standards and DISA STIGs Security Technical Implementation Guides .
• Developed Security Assessment Reports SAR
• Provided recommendations to Designated Approving Authority DAA on systems threats and vulnerabilities that require immediate remediation, that could be remediated with Plan of Action and Milestones POAM , that require waivers / exceptions and threats and vulnerabilities that DAA could accept
• Conducted out brief meetings with system stakeholders to discuss concerns, comments or questions on the systems Security Assessment Report SAR and Security Requirements Traceability Matrix RTM
• Supported the Information Assurance Manager in all matters relating to certification and accreditation of systems.

Confidential

Senior Information Assurance Engineer

• Prepared the following SSAA documentations: System Concept of Operations CONOPS , Information System Security policy SSP , Rules of Behavior, Incidence Response Plan, Contingency Plans, Interconnection Agreements, Security Education, Training, and Awareness Plan, Personnel Controls and Technical Security Controls, Applicable System Development Artifacts.
• Prepared System Security Authorization Agreement SSAA documentations for systems and networks in compliance with DITSCAP / DIACAP standards and regulations.
• Monitored the status of systems and networks to determine when certification and accreditation process is required.
• Created architecture drawings of systems and networks.
• Conducted interviews with system owners, ISSOs and Network Administrators to review current hardware and software inventories, network diagrams, continuity of operations, and emergency action plans.
• Tracked and provided progress reports on systems status throughout the certification and accreditation process. Notified management of issues, backlogs, and problems.
• Submitted and tracked SSAA packages to Naval Surface Warfare Center, Carderock Division.
• Provided monthly metrics and post-accreditation support to systems and networks.
• Supported the Information Assurance Manager in all matters relating to certification and accreditation of systems.

Confidential

IT Security Specialist

• Developed security test and evaluation plans on U.S Dept of Treasury systems
• Performed security test and evaluation ST E on Dept. of Treasury major applications, Windows / UNIX servers, web servers, workstations, database systems, mainframe systems, firewalls, routers and switches.
• Reviewed and assessed the systems security test results to verify and validate compliance of the systems security controls with Department of Treasury Secure Baseline Configuration Guide, FISMA, OMB and NIST standards and regulations.
• Developed Security Assessment Reports SAR
• Provided recommendations to Designated Approving Authority DAA on systems threats and vulnerabilities that require remediation with Plan of Action and Milestones POAM , that require waivers / exceptions, threats and vulnerabilities that DAA could accept.

Confidential

Network Engineer

• Traveled to different Regional and District Bankruptcy Court offices in USA to install and configure Cisco switches and routers, Cisco works 2000, Windows 2000 servers, Network Services DHCP, WINS, eTrust Antivirus, update Expert etc , Network management devices NetIQ, Microsoft SQL etc .
• Migrated Exchange 5.5 to 2000 in Regional and District Bankruptcy Court offices.
• Migrated data from old servers to new servers. Setup the old servers to mirror critical data from the new servers including all exchange data, users' home directories, databases for the purpose of a disaster recovery in the event of a server crash.
• Installed and configured Veritas Backup Exec on windows 2000 servers at Regional and District Bankruptcy offices. Prepared Standard Operating Procedure on methods and strategies of data backup and restoration in compliance with the Department of Justice / Bankruptcy Court's business continuity and disaster recovery plan.

Confidential

Network Security Support

• Maintained and responded to Intrusion Detection Systems IDS signatures and alerts on sensors running over Solaris platform.
• Created custom intrusion detection signatures to detect specific network traffic anomalies.
• Reviewed daily log gathered from various resources such as sensors alert logs, firewall logs and content filtering logs.
• Identified possible intrusion attempts or other anomalies.
• Filtered non- threatening network traffic to enhance accurate report.
• Updated intrusion detection system signatures.
• Managed and resolved network threat issues and determined the operational impact a particular threat has on systems.
• Escalated threat issues that could not be resolved to higher level Network Security Engineering Team.

Confidential

Network Administrator

• Performed User Account Management. Created and managed network accounts for users.
• Performed server backups and restorations using VERITAS Backup Exec.
• User Group Management. Added, deleted and changed groups and group permissions.
• Setup and configure UNIX and windows servers. Administer servers running Oracles, SQL, Norton Antivirus Corporate Software, and various proprietary agency applications.
• User Account Administration on Exchange 5.5 Server. Added, changed, deleted user IDS accounts, distribution lists and public folders.
• Deployed patches to servers and workstations

Confidential

Desktop Support Engineer

• Provided level 2 and 3 support on software applications, hardware devices and network.
• Troubleshoot and fixed problems on workstations and laptops.
• User Account Management. Created and managed network accounts for users in Windows / Novell NetWare platforms.
• Performed daily System backups. Restored data as per user request.
• Setup and configured network printers.
• Provided end user support on GroupWise application / Novell Netware.
• Performed Rollout of Windows NT workstations and Laptops at various departments of the Hospital center.
• Installed security patches on workstations, laptops and servers.
• Troubleshoot and fixed network connectivity and TCP/IP issues on workstations and laptops.
• User Account Administration on Microsoft Exchange Server. Added, changed, deleted user accounts, distribution lists and public folders.
• Re-Imaged workstations with software applications using Ghost software.

Confidential

Helpdesk Support Specialist

• Provided level 1 and 2 supports on software applications, hardware devices and network.
• Troubleshoot and fix network connectivity and TCP/IP issues on workstations and laptops
• Setup workstations and configure software applications / hardware to meet individual user's needs
• Provide end user support on Microsoft Office applications and customer custom made applications
• Map users to network printers
• Provided end user support on GroupWise application / Novell Netware.
• Installed security patches on workstations and laptops.
• Replaced hard drives, memories, video cards and other PC hardware on workstations and laptops
• Performed other duties assigned to me by my supervisor