EXPERIENCE SUMMARY:

• Information Systems Security Engineer
• Security Compliance Audit
• Research new technologies
• Business Continuity Planning
• Hands - on security testing
• Network Design
• Perform Risk Analysis

TECHNICAL SKILLS:

Communications: Routers, Switches, Firewalls, DNS, Video Conferencing

Protocols: TCP/IP, SNMP, DSL, ISDN, OSI, X.400, ATM, SS7, DOCSIS, VoIP

Information Security Frameworks: NIST SP 800-53 (RMF), FISMA, DoD 8500.2 (DIACAP), HIPAA, Sarbanes-Oxley (SOX) 404, PCI-DSS, NISPOM, ITIL

Information Security Tools: NESSUS, STIGs, Retina, SRRs, eMASS, Firewalk

PROFESSIONAL EXPERIENCE:

Confidential, Lexington, MA

Lead Security Systems Engineer

Responsibilities:

• I review all new Confidential Security Technical Information Guides (STIGs) and write step-by-step procedures for Time Compliant Technical Orders (TCTOs) implementing upgrades to installed, security accredited Confidential network infrastructure systems.
• This includes testing with lab systems representing the fielded Confidential infrastructure. risk and integration analysis when new software or hardware is released.
• Planning DIACAP to RMF. Received BAE Impact Award.

Confidential, Lexington, MA

Senior Consultant

Responsibilities:

• Also led the C&A effort for Firewall upgrade to NGFW Palo Alto PA-5000.
• Performed hands-on security tests Built C&A package in eMASS; authored Information Systems Security Plan (ISSP) and Ports Protocols and Services Matrix (PPSM).
• Performed hands-on DNS and Firewall security tests.
• Achieved Confidential DNS System Accreditation (ATO) and Firewall IATO in record time. Awarded Certificate of Achievement by NCI.

Confidential, Lexington, MA

Senior Consultant

Responsibilities:

• Managed compliance audit and risk assessment of Windows and Linux based networks
• Managed hands-on system certification tests, and compiled results
• Built Plans of Action and Milestones (POA&Ms) to direct resolution of test findings
• Built Certification Packages in eMASS using 106 DoDI 8500.2 DIACAP IA controls
• Authored Information System Security Plans (ISSPs)
• Led EMC SMARTS, Remedy, and Sidewinder Firewall Certifications
• Drafted network system and information flow diagrams with MS Visio
• Compiled Ports/Protocols/Services Matrices (PPSMs) and Risk Assessments
• Achieved 2 Confidential system version accreditations (ATOs)

Confidential

Project Manager / Information Assurance Engineer

Responsibilities:

• Managed system certification tests, compiled results and directed vendor corrections.
• Built Certification Packages in EITDR w FISMA and DoDI 8500.2 DIACAP controls.
• Wrote Security sections of RFPs and evaluated vendor proposals
• Compiled Ports/Protocols/Services matrices (PPSMs)
• System Security Plans (SSPs) and Service Level Agreements (SLAs)
• Continuity of Operations Plans and Incident Response Plans

Confidential

Information Assurance Specialist

Responsibilities:

• Achieved site accreditation of four Air Operations Centers (AOCs).
• Achieved DCID 6/3 accreditation of two ISR Audio-Visual Systems.
• Planned AOC security accreditation projects
• Researched impact of proposed Confidential and Joint Service ECRs to the AOC baseline
• Coordinated accreditation for more than 100 Command and Control and ISR systems
• Wrote security-related planning and operational compliance sections of AOC program documents, including Acquisition Strategy, Configuration Management Plan.

Confidential

Information Assurance Systems Principal

Responsibilities:

• Performed information Security Test and Evaluation for standard Confidential base networks.
• Conducted tests of new versions of networks, and wrote System Security Authorization Agreements (SSAAs) and other documents for four AOCs.
• Wrote System Requirements Traceability Matrix which tied all security criteria to program requirements.

Confidential, Andover, MA

Senior Systems Engineer

Responsibilities:

• Planned and implemented the Confidential XML database for Confidential acquisition requirements.
• Wrote Confidential proposals in response to Customer RFPs.
• Provided computer and network support to Confidential end users.
• Worked on DSS NISPOM authorization.

Confidential, Andover, MA

Test Engineer

Responsibilities:

• Planned and conducted tests of cable modems against DOCSIS Confidential Cable Modem Termination Systems.
• Wrote test scripts and performed compliance testing.
• Managed computer and communications networks including Windows platforms, routers, and switches.

Confidential, Andover, MA

Staff Systems Analyst

Responsibilities:

• Planned, designed, implemented and maintained networks with Routers, Switches, LANs, WAN links, Servers, and Clients.
• Implemented upgrade of the 6,000-node Confidential network to an ATM backbone and switched Ethernet. Troubleshot network problems.
• Led 6-member Strategic Planning Team
• Implemented and managed ISDN BRI/PRI and DSL networking.
• Implemented and supported 60 Video Teleconferencing (VTC) Systems, along with the VTC Bridge.
• Developed and delivered VTC training which resulted in 20% greater VTC productivity and 60% fewer problems.
• Integrated ten Confidential -wide client/server applications onto the Hanscom network, ensuring interoperability and adherence to all Configuration Management requirements and Confidential standards, including network interoperability and Security Certification
• Led 15-member team on a Y2K Compliance Test emulating the HAFB network, ensuring a seamless Y2K transition.
• Won four project commendations, including one from ESC Commanding General