SUMMARY:

Mr. Confidential has over 25 years of professional IT work experience, to include network, system and security administration / engineering, vulnerability assessments, intrusion detection, virus management and intelligence analysis. He has taken numerous technical courses in the areas of Unix, networking, system administration, information security, intelligence analysis and telecommunications. Mr. Confidential possesses strong organizational and analytical skills, attention to detail and excellent verbal and written communications skills. He is a Certified Information Systems Security Professional (CISSP) as well as Certified Ethical Hacker (CEH), and OSSTMM Professional Security Tester (OPST). Additionally, he is a certified US Confidential Information Assurance Security Officer (2003) and has been Certified in the NSA INFOSEC Assessment Methodology / INFOSEC Evaluation Methodology (IAM/IEM). He has successfully performed Solaris, Red Hat and Windows system administration and network security tasks to include: disk space management, archiving of data, operating system installation/upgrade/maintenance, jumpstart Sun servers, perform troubleshooting, configure webservers, TCP/IP networking, penetration testing/vulnerability assessments, network monitoring, intrusion detection and virus management. He is experienced in using/operating windows - based, Unix and Linux operating systems. Mr. Confidential is also proficient using virtual machine technologies, VMware and VirtualBox. Also, he has proved himself capable of writing test plans, leading a server deployment team by establishing installation, configuration, and implementation procedures, along with creating the necessary technical documentation. Mr. Confidential has significant experience with system administration and network security issues.

PROFESSIONAL EXPERIENCE:

Confidential (Contract to Hire) then to Confidential ( Confidential ) APR 2019 - Present

Confidential - 5523 Research Park Drive, Suite 115

Catonsville, MD 21228

Confidential - 3150 Fairview Park Drive

Falls Church, VA 22042

While assigned as a Senior Cybersecurity Vulnerability Testing Specialist, Mr. Confidential participates as a member of the Judiciary Systems Security Testing (JSST) Team Confidential the Administrative Office (AO) of the US Courts in Washington DC. Specifically, Mr. Confidential performs security testing activities that include vulnerability discovery, penetration testing, web application testing and risk analysis, which includes recommendations for risk mitigation. Mr Confidential performs this testing with the aid of security tools such as Nessus, Burp Suite, Acunetix and AppDetective, as well as the KALI Linux security tool suite. Additionally, Mr. Confidential conducts kickoff meetings, exit briefings and meets with customers to ensure their needs are being met. Mr. Confidential also actively participates in team meetings and develops cyber security related demonstrations for customers and team members.

Confidential ( Confidential ) AUG 2016 - Present

7055 Samuel Morse Drive, Suite 200

Columbia, MD 21046

While assigned as a Principal Security Consultant with Confidential, Mr. Confidential participates as a member of both the corporate IT security team as well as a commercial cyber security consultant responsible for conducting a variety of security-related tasks ranging from vulnerability assessments, risk assessments, and social engineering phishing campaigns. Mr. Confidential has performed numerous vendor risk assessments using the PRIVVA application. Additionally, he is Responsible for the management, advanced configuration, monitoring, and fine tuning of DLP in both Office 365 and the Cloud Access Security Broker solution, BITGLASS. He performs company-wide NESSUS security scans, delivering reports directly to the CTO, as well as reviewing CISCO Meraki and AMP security logs/dashboards. Mr. Confidential utilizes The Kali Linux security toolset as well as Metasploit Pro and Wombat security tools to launch/perform phishing campaigns/testing. Additionally, Mr. Confidential is responsible for Microsoft Office 365 Security administration. (DLP, Exchange, SharePoint, etc…) To include, using various PowerShell versions to create custom sensitive information types and keyword dictionaries. Finally, Mr. Confidential was responsible for the procurement and deployment of two CASB tools within the corporate environment to help strengthen cloud security of the network. Bitglass and the Microsoft CloudApp Security Tool are currently being utilized within the Confidential environment. He can make changes, as needed, that improve the overall detection and effectiveness of both DLP solutions. He is the resident subject matter expert with Office 365 cloud security and was instrumental in getting Confidential compliant with NIST 800-171 by creating a Controlled Unclassified Information (CUI) custom sensitive information type (DLP) within the security and compliance center of Office 365.

Confidential TechnologiesAUG 2004 - JAN 2016

6605 Business Pkwy, Elkridge, MD 21075

While assigned as a Sr. Security Controls Assessor (SCA) on a Vulnerability Analysis task with Confidential, Mr. Confidential was responsible for the vulnerability/penetration testing of various networks. Mr. Confidential performed vulnerability assessments and penetration testing to aid in the C&A process. To complete assigned tasks and ensure the systems he tested were FISMA and FEDRAMP compliant, he referenced NIST 800-53 to perform his SCA duties. He has employed various security tools to include: NMAP, NESSUS, AppDetective, WebInspect, Core Impact, Metasploit and other to tools contained within the Kali Linux image toolset. Also, Mr. Confidential provided excellent written technical reports through the XACTA application and when necessary, recommends courses of action. (was assigned as an SCA in 2013, the majority of job functions in 2013-2016 were in that capacity)

Confidential NOV 2001 - JUL 2003 & AUG 2005 - JUL 2012

JUL 2012 - JUL 2013 (Part Time), 2711 Technology Dr, Annapolis Junction, MD 20701

While assigned as a Sr. Information Assurance Analyst with Confidential, Mr. Confidential performed network intrusion detection analysis for the NSA/CSS Information Systems Incident Response Team (NISIRT), a 24x7 operations center using various methods in order to identify vulnerabilities, intrusions, fraud, waste and abuse, policy violations, virus, and malicious code. In addition to packet-level analysis, he conducted initial investigative research of photo, audio and video files in order to determine if fraud, waste and abuse incidents had occurred. He analyzed aggregated security events/alerts using ArcSight SIEM, compiled and prepared security incident reports and follow-up data to various Intelligence and Law Enforcement customers.

Confidential & Confidential Government Solutions JUL 2003 - JUL 2004, 7125 Confidential Dr, Columbia, MD 21046

While assigned as an Information Security Test Engineer for Confidential & Confidential Government Solutions his position required a mix of hands on network security engineering skills along with technical writing and documentation. As a lead test engineer, he was responsible for developing test plans, test procedures and performing security testing of various COTS and GOTS products against customer security requirements. In addition, he performed operating system installation and configuration, hardware installation, system / network administration and maintenance. His additional responsibilities included: requirements analysis, enterprise applications, communications architectures, IP services, managed networking, and information security engineering. He was also involved with the development of technical documentation and assisted with the network architecture of the integration lab.

Confidential & Confidential MAY 2001 - JUL 2003, Confidential, Baltimore, MD

While assigned as a Sr. Network Security Analyst/System Administrator for Confidential & Confidential, he successfully performed network intrusion detection analysis on over 30 NIDS for the Confidential Research Labs (ARL), a 24x7 operations center with the following security tools: Joint Intrusion Detector (JID), SNORT and TCPDump. He performed these tasks in order to identify vulnerabilities, intrusions, virus, fraud waste and abuse, and malicious code on the Defense Research and Engineering Network (DREN). In addition, he was entrusted on the DREN to conduct network monitoring and system administration tasks for ARL. He was responsible for ensuring network and sensor availability during his shift. Mr. Confidential conducted routine system maintenance on 2 Sun Servers and 1 Windows NT Server physically located within the office. He coordinated and/or implemented blocks on perimeter routers, firewalls, and switches. He compiled information for preparing computer security incident reports and daily reports on the events and incidents detected during network monitoring. He assisted in documenting incidents for inclusion in incident reports and periodic summary reports. He would report incident information and follow-up data to other CERT and similar entities to ensure optimum service and performance of the CERT. He would assist in investigations when incidents were detected for assigned monitored sites and in response to issues raised by the monitored site. He assisted in the training and mentoring of both government and contractor members of the team. He would investigate new technologies in information security to ensure the client had the most modern effective tools for optimal access to needed information. He conducted independent research and analysis. In the event of a security breach, he would identify issues, formulate options, actively close security loopholes, and provide conclusions and recommendations. He was also entrusted to successfully transition shift changeovers with US Confidential Reservists every Saturday morning.

Confidential & Technology, Inc.AUG 2000 - NOV 2001, Ellicott, City, MD

While assigned as a Data/System Administrator for Confidential & Technology, Inc., he performed Solaris 2.6 and 2.8 system administration (disk space management, archival of data to 8mm tape, install-upgrade OS), performed troubleshooting, and TCP/IP networking. He maintained over 700 user accounts and individually added over 100 users to the system. He built a jumpstart server and console workstation (COW), installed 2 Sun Microsystems server racks, E420R Sun Servers, gigabit Ethernet cards, He connected serial ports and fiber network connections, coordinated the networking and Jumpstart for Sun E420R servers on a classified DOD network. Additionally, he maintained an E5000 Sun Server, 2 E3500 Servers and 2 Dell PowerEdge Domino Servers. He also performed basic maintenance on an F840 Network Appliance. He also routinely interacted with Sun Microsystems and Network Appliance vendors. He installed TCP Wrappers to harden and secure the Solaris OS. He would mirror partitions using Solstice Disksuite in order to assure around the clock data availability. As an NT/Domino System Administrator, he provided training for users, added users, installed SSL certificates, installed/repaired/upgraded OS while he maintained existing Perl data parsers. He provided customer service and helpdesk support for an “In House” software application used by DOD analysts worldwide. He trained users, and resolved application, dataflow and database problems. As a Data Administrator, he was responsible for the accurate and timely availability of incoming high valued intelligence data for worldwide consumers. He coordinated research, analytic and dataflow efforts with US Intelligence and Law Enforcement communities. In addition, he advised supervisors of an existing tool known as the Data Manager. This tool saved numerous man-hours and was used for tracking various data sources worldwide for which he received a cash award and plaque.

United States Confidential AUG 1996 - AUG 2000 Ft. Meade, MD

For the US Confidential, he performed Solaris text processing, data administration and network traffic analysis while using network diagrams created in Arcview. He headed a technical analytic effort for steering collection and intelligence priorities for high-interest targets. Additionally, he employed analytic, organizational, research and writing skills to draft clear and concise tactical and strategic intelligence reports for National-level consumers. He also was responsible for office security (making sure data terminals and classified material were secured). Also, he was responsible for the order, discipline and well-being of 8 soldiers as a squad leader in the 741st MI BN. For his outstanding performance, he received a Certificate of Commendation from a DOD agency in 1998, for producing over 10 top quality Intelligence reports that were of great importance to US Policy makers and US Federal Law Enforcement customers.