SUMMARY

• Over 21 years of IT experience, Cyber/information assurance/Validator specialist with focus on Architecting, designing, implementation, testing, continuous monitoring, secure enterprise network, application Assessment and Authorization in Federal and commercial environments and in direct support of business objectives. He has effectively developed, supported solutions founded on best practices and operational successes.
• Subject Matter Expert in Cyber Security/Information Assurance & security testing, and vulnerability assessments; cyber security baseline assessments, security controls, implementation of information security best practices.
• Past cybersecurity expert for NAVAIR, DoD, DISA, USAF, DHS, FEMA, JIATF - S, Veteran’s Administration
• Working knowledge of National Institute of Science and Technology (NIST) 800-Series, NIST Risk Management Framework (RMF), Control Objectives for Information and Related Technologies (COBIT), Health Insurance Portability and Accountability Act (HIPAA), Federal Information Processing Standards (FIPS), Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), Infrastructure Library definitions and solutions (ITIL), International Organization for Standardization (ISO) and the International Electro technical Commission (IEC) (ISO/IEC) 27000 series

TECHNICAL SKILLS

Work Environments: Department of Defense, Army, Air force, Navy, Marine, Coast Guard Security IT Resiliency, Information Assurance Vulnerability Management (IAVM), Network assessments, Computer Network Defense and Forensics & Vulnerability Assessment, Assessment Authorization, Auditing, eMASS, STIGS, VRAM, ACAS, MS OFFICE SUITE, SCAP

SYSTEMS SOFTWARE: Proficient with MS Word, MS Excel, MS Project, NESSUS, Tenable Security Center, Nmap, Kali Linux, APPDETECTIVE, Appscan, Web Inspect, Fortify, Telos Xacta/IACS, Continuum, RiskVision, Nexpose, Nipper Studio, Compliance Checker, DISA Security Technical Implementation Guide (STIGs), VMware ESXi

PROFESSIONAL EXPERIENCE

Confidential, Washington DC

Cloud/IA Cyber SME

Responsibilities:

• As a senior-level SME, I was responsible for creating complex security structures - and ensure they work.
• Designed, built and oversaw the implementation of network and computer security for the organization.
• Provided expertise and support to architecture, design, engineer, implementation, testing, accreditation/assessment and authorization of financial management business transition using NIST publication, VA 6500 series, FIPS, Review, develop and update documentation in accordance with DoD and AF policies and IA guidance.
• Established and obtained certifications in relation to Information Assurance (Authority to Operate/Assessment and Authorization, Clinger Cohen, etc.) DoD 8500-2, DoDI 8580.1, Information Assurance (IA) in the Acquisition System.
• Supported program execution per established strategies and plans, support all program milestones, and provide support for briefings and meetings as required.
• Provided schedule analysis of overarching programs’ Integrated Master Schedule (IMS) with knowledge of OEM-specific scheduling tools, or other tools mandated by the Program Office and integration techniques.
• Developed technical security documentation including items needed to develop a complete SSP, AAR, COOP, CMP, and SRTM etc. and ultimately for full operation.
• Worked with other SME and ISSE's to perform analysis of user and system requirements and constraints.
• Provided expertise to determine if systems comply with policies and constraints. Provide technical support to system integration efforts in the lab and during field installations.
• Knowledge of DISA STIGs, Security Checklists, SRRs, RiskVison, eMASS/Xacta

Confidential, OHIO

Cloud/IA Cyber SME

Responsibilities:

• Conducted cybersecurity risk assessments for USAF KC-46 information systems, platform IT, IT services and/or IT products.
• Provided expertise in vulnerability analysis, testing, risk mitigation, remediation, secure coding, trusted systems and networks, secure architectures, and penetration testing/response team tools and techniques.
• Established and obtain certifications in relation to Information Assurance (Interim Authority to Test, Interim Authority to Operate, Authority to Operate, Clinger Cohen, etc.) DoD 8500-2, DoDI 8580.1, Information Assurance (IA) in the Defense Acquisition System.
• Supported teams with the design, development, maintenance, and improvements to system software and applications for various systems. Developed technical security documentation including items needed to develop a complete SSP, AAR, COOP, CMP, and SRTM etc.
• Supported developing of systems that comply with the most recent system security policies to support successful achievement of interim and full authorities to operate systems for testing and ultimately for full operation. Worked with other SME and ISSE's with the analysis of user and system requirements and constraints.
• Provided expertise to determine if systems comply with policies and constraints. Provided technical support to system integration efforts in the lab and during field installations. Knowledge of DISA STIGs, Security Checklists, SRRs, eMASS/Xacta.

Confidential

IA Cyber Security Engineer

Responsibilities:

• Provided expert knowledge in Resiliency Operational Support regarding information security and data privacy safeguards.
• Assisted in the review of systems, programs, projects, and initiatives that collect, use, maintain, retrieve, and disseminate personal identifiable information (PII) to identify privacy risks and areas of non-compliance.
• Developed, document and brief recommendation of mitigation strategies, and NIST framework implementation of mitigation strategies on privacy risks and areas of non-compliance.
• Performed selection and specification of security controls for an information system is accomplished as part of an organization-wide information security program that involves the management of organizational risk using Risk-Based Approach and NIST Risk Management Framework are paramount to an effective information security program and can be applied to both new and legacy information systems within the context of the system development life cycle and the Federal Enterprise Architecture.
• Performed Assessment and Authorization (A&A) of Infrastructure as a Service, Platform as a Service, and Software as a Service in Cloud delivery models.
• Developed alternative approaches to address issues and evaluate the impact of changes in business needs on
• SME for Certification and Accreditation (C&A) team and develop certification reports and reviews of C&A and IA requirements to ensure alignment with current DoD and Civilian Federal policies.
• Utilized vulnerability assessment security tools such as Nmap, and Wireshark Nessus, Splunk, Appdetective, Web inspect, core impact, retina, and tenable Information Assurance Manager.
• Worked with auditors and regulators to define and maintain new and existing compliance and documentation around major certifications.
• Developed Private Impact Analysis (PIA) Developed certification and accreditation package. Developed and performed ST&E. Performed baseline testing using SQL, Oracle data base Linux, Windows and VMware operating systems.

Confidential

IA Cyber Security Engineer

Responsibilities:

• Implemented and maintained compliance controls with Federal and Industry security standards, including Fed Ramp, DIACAP, HIPAA/HITECH, ISO27001 and PCI.
• Conducted Certification and Authorization (C&A) for sites, systems, networks, mission systems, platform IT, Infrastructure as a Service, Platform as a Service, and Software as a Service in Cloud delivery models.
• Performed requirements analysis and develop/review all Phases artifacts and policy (RA, SSP, Contingency Plan, development of ST&E Plan, Conduct Assessments of applicable Security Controls, Document Results. Developing and maintaining documentation, working with regulators and auditors and implementing requirements into the Enterprise Software solutions.
• Extensive knowledge of NIST Special Publication 800-37 (C&A Process); 800-18 (System Security Plans); 800-30 (Risk Assessment); 800-53-(A) (Security Requirements). Pen testing 800-115, DoDI 8510.01 (DIACAP).
• Knowledge of DISA STIGs, Security Checklists, SRRs, Gold Disks. Knowledge of Windows, Solaris, and Linux security measures and policies. Knowledge of eMASS, Xacta Information Assurance Manager.
• Managed and perform Security Authorization Support, Penetration Testing, and event Continuous Monitoring and Compliance consulting support services.
• Initiating Assessments with FedRAMP when conducting risk assessments, security authorizations, support POAM, and achieving ATO for cloud services. Implement Ongoing Assessment and Authorization (Continuous Monitoring) to grant ATO for cloud system to ensure they implement an ongoing assessment and authorization (continuous monitoring) capability to ensure the cloud system maintains an acceptable risk posture.

Confidential

Cyber/Information Assurance Engineer

Responsibilities:

• Provided Information Assurance Computer Network Defense support to DoD customers who require network assurance and defense capability.
• Supported Information Assurance Officers (IAO) and served as an Information Assurance (IA) SME for full life cycle Certification and Accreditation. DoD Certification and Accreditation (C&A) specifically in the processes and regulations such as: DIACAP Process, NIST SP Series, and or DoD Instructions 8510.01, 8500.1 and 8500.2.
• Developed, implemented, maintained and enforced all security policies and procedures for (SIPRNET, NIPRNET, JWICS and Mission Systems). Provide program support for all Certification and Authorization (C&A) Process for different commands.
• Managed IA program support for IAO in several areas from Certification and Accreditation (C&A) to security training and maintenance. Coordinate actions for ATO, IATO, IATT, ATC, and IATC as required for multitude of systems. Complete FISMA compliance documents as required by HQ USSOUTHCOM.
• Worked knowledge of Vulnerability Management Programs and Perform Vulnerability Management System (VMS) Retina, SCAP and Gold Disk, operational implementation performing Vulnerability Assessments, processing Information Assurance Vulnerability Alerts (IAVAs), and or conducting Vulnerability remediation and mitigation.
• Assessed compliance based on DOD, DODIIS, DON and Intelligence security policies, corresponding security tests and evaluation procedures. Create reports for Joint Commands and provide Bi-weekly briefings on status update and recommendations.

Confidential

Information Assurance Specialist

Responsibilities:

• Provided, managed IA policies and compliance efforts for a broad range of Acquisition Security Management support to accomplish solutions to full range of Security tasks, prepared (Acquisition Strategy Plans, Integrated Logistics Support Plans, RFPs, CDRL, SOO, SOW, POAM, Milestones A, B, C) reviewing contractor deliverables and evaluation of program information from an Information Assurance perspective;
• Developed of security documentation (System Security Management Plans, Program Protection Plans, Security Risk Analyses, CMP, TEMP, Contingency plans, Privacy Impact Assessments etc), support security surveys, assessments and studies; prepare/present system security engineering management reports & reviews at Milestones; provide acquisition program security management, evaluate contractor classified deliverables for compliance with appropriate security classification guide, design/establish security procedures and policies. Perform security analysis, and risk/vulnerability assessments along with evaluating IA technologies for the Navy.
• Knowledge of NAVAIR and Navy Platform IT Policy, and System Engineering Technical Review (SETR) processes. Provided IA embedded support to PMA-260 Reconfigurable Transportable Consolidated Automated Support System (RTCASS) CASS and PMA 201 Direct Attack Moving Target (DAMTC), Multi-Purpose Bomb Rack (MPBR) for C&A and continuous monitoring phases, and support the development and implementation of different security architectures to meet new and evolving security requirements.
• Supported CNRNDW ISSM / CIO with RMF package development as technical IAS
• Assembled all required documentation as outlined by the ISSM and CNIC/NAVFAC for the RMF packages
• Assessed and implemented security controls, Security Technical Implementation Guides (STIGs), and Assured Compliance Assessment Solution (ACAS) scans in accordance with governing policies for servers, networking equipment, workstations, etc.
• Assisted system administrators with implementation or application for all applicable Security Technical Implementation Guide (STIG), industry best security and design practices, and implement all applicable Information Assurance Vulnerability Alert (IAVA) security requirements
• Processed, maintained compliance, and verified completion of Nessus, STIG, and SCAP files, report any open findings or vulnerabilities to the program, propose and implement mitigations as required and construct necessary POA&M when required.
• Maintained compliance in Vulnerability Remediation Asset Manager (VRAM) and DoD Information Technology Portfolio Repository-Navy (DITPR-DON)/ DON Application and Database Management System (DADMS)
• Understood NIST, Committee for National Security Systems (CNSS), DoD/DON Communications Task Orders (CTOs, TASKORDS), and Information Assurance Vulnerability Management (IAVMs)
• Created system authorization boundary diagrams and data flow diagrams encompassing traceability back to Hardware, Firmware, Software, Ports, Protocols and Services (PPS) lists, and ACAS while complying with DISA/NAVFAC standards
• Reviewed system PPS list and ensure compliance IAW Department of Defense Instruction (DoDI) 8551.01