SUMMARY:

• Certified Information Technology security professional with over 14 years of experience able to adapt and succeed within hybrid work force environments.
• Draws from prior employment positions (active duty military, private contractor, and public General Schedule) to aid in implementing and managing strategic, technical and operational security plans ensuring alignment with business goals and objectives.
• Maintains exceptional communication skills and posses the ability to quickly grasp and adapt to new concepts, technologies, environments and concurrent project tasks.

TECHNICAL SKILLS:

Tools: Cyber Security Assessment and Management Tool Retina Network Security Scanner Tool RiskVision GRC Hercules Remediation Tool Qualys, Backtrack, Nessus, nCircle, Agiliance Suite Confidential SRR and Gold Disk Confidential Enterprise Mission Assurance Support Service McAfee Host Based Intrusion Prevention System Tenable Network Security - Nessus Vulnerability Scanner McAfee Secure Configuration Compliance Validation Initiative AppDetectivePRO/DbProtect - Database Security Scanner McAfee Secure Configuration Remediation Initiative

: Confidential DIACAP Validator Contracting Officer Representative SANS Security Leadership Essentials Non - Commissioned Officer Leadership Academy McAfee Host Based Intrusion Prevention System Confidential SRR and Gold Disk McAfee Secure Configuration Compliance USAF Supervisory Development McAfee Secure Configuration Remediation Retina Network Security Scanner Hercules Remediation Tool USAF Computer Systems Operations USAF TBMCS Unit Level Administration

Honors, s, and Special s: Global War on Terrorism Service Medal USAF NCO Professional Global War on Terrorism Expeditionary Medal AF Longevity Service Medal National Defense Service Medal Joint Service Medal AF Medal, Oak Leaf Cluster USAF BMT Honor Graduate Ribbon AF Outstanding Unit, Valor/Oak Leaf Cluster Senior Airman Early Promotion Recipient AF Good Conduct Medal

PROFESSIONAL EXPERIENCE:

Confidential

Senior Advisory IT Security Consultant

Responsibilities:

• Provides Consultation to the Assurance Management Unit (AMU) to assist in the deployment of the Agiliance RiskVision C&A Compliance tool by performing requirements gathering, server setup and configuration, deployment and migration to production,, and ongoing support as necessary. RiskVision enables AMU to track the security posture of FBI's IT systems throughout their lifecycles and monitor the progress of each system or subsystem toward achieving C&A via several modules:
• Compliance Manager - Automates manual activities and enables continuous compliance, which reduces the time associated with managing compliance while improving the ability to comply.
• Threat and Vulnerability Manager - Allows for aggregation of critical information on current, new, and emerging threats to determine potential impact on the IT environment for immediate remediation and ongoing security risk measurement.
• Enterprise Risk Manager - Empowers managers to identify and analyze the many risks that can affect the organization. Identifying preventive steps reduces the likelihood and magnitude of adverse impacts.
• Delivers IA support to the FBI’s Security Division’s to include: Independent Verification and Validation (IV&V) of the Agency’s IA program and monitoring the Agency’s IA progress; Audit Support to facilitate the Agency’s compliance with FISMA, Federal Information Systems Control Audit Manual (FISCAM), and DOJ requirements; Supporting the FBI’s IA policy infrastructure, and C&A programs to promote compliance with federal and departmental guidance and requirements; and support of the Bureau’s FISMA compliance activities including system security assessments, C&A activities, annual assessments of security access controls for IT systems, vulnerability assessments, contingency plans and incident response plans, configuration management, and privacy
• Coordinating with the Bureau’s Information Technology division in order to facilitate the remediation of the Bureau’s significant IT deficiencies
• Implement the requirements of OMB Circular A-123 to include the coordination of control scoping, planning, documentation, testing, reporting, and remediation efforts. Areas of scope included the evaluation of access controls, physical and environmental controls, and network security controls
• Support the management of established system workflows, the Security Requirements Traceability Matrix (SRTM), connectors, system upgrades, and hot fixes/patches
• Provide security control updates for the RiskVision application, based on Federal, Office of the Director of National Intelligence (ODNI), Department of Justice (DOJ), and FBI policies and standards

Confidential

Senior Risk and Compliance Engineer

Responsibilities:

• Design and administer procedures in the organization that sustain the security of the organization's data and access to its technology and communications systems
• Assess risk of exposure of proprietary data through weaknesses in platforms, access procedures, and forms of access to the organization's systems and the data contained in them
• Track security violations and identify trends or exposures that could be addressed by additional, technical measures, or use of application tools to enhance security
• Lead or execute simulated attacks or security violations to assess the organization's data security measures
• Conduct platform or operating system vulnerability scans which assess exposure of system to attacks or hacking Respond to questions regarding viral activity, concerns about spam/phishing
• Serve as organization's POC for the third party of security procedures and use of cyber security protections
• Ensure that system's security controls, policies and procedures are examined, measured, and validated against industry standards
• Lead projects as related to technology refresh/evaluation such as the Governance Risk and Compliance (GRC) tool
• Perform security evaluations as part of the Technology Selection Process on products reviewed to be included in the Fannie Mae environment
• Serves as technical lead or project lead in projects involving testing defenses against hacking, denial of service, spam, break-ins, or related attacks
• Provide technical guidance to less senior staff or applications developers/systems administrators
• Develop and maintain effective working relationships with clients and other team members
• Provide security-related support to organization-wide information technology initiatives as needed
• Monitor and stay current with security assessment techniques and tools, as well as emerging threats to web application security
• Provides expert guidance on mitigation strategies and effective/secure system configurations

Confidential

Senior Information Security Engineer

Responsibilities:

• Provides cyber risk and strategic analysis supporting the information assurance activities within the Drug Enforcement Administration Headquarters including geographically dispersed field locations
• Maintains a working knowledge of and authorization, specifically NIST-based policy, configuration management, risk management and controls auditing
• Provides guidance directly to the client Senior Management regarding enterprise wide C&A and security recommendations
• Lead team of security professions, in primary leads absence, to ensure that client goals and objectives were accomplished within budgeting and timeframe parameters
• Conducts weekly/adhoc team project status meetings with client and team to ensure key items were addressed and adequate allocation of resources were distributed as driven by the project
• Ensures implementation of secure configuration baselines for Database Management Systems, Office Suites, Operating Systems, Virtualization Software, Web Browsers, and Enterprise Applications
• Ensures organizational units utilize applicable policies, directives, instructions, and guidance of Office of Management and Budget (OMB), Department of Justice (DOJ), National Institute of Standards and Technology (NIST), the Committee on National Security Systems (CNSS), and the Director of National Intelligence (DNI)
• Responsible for and accreditation package assembly/reviews, including System Security Plans, IT Contingency Plans, Plans of Action & Milestones (POA&Ms), and Risk Assessments
• Leveraged BlackBerry 10 and Device Service Confidential STIG’s covering smartphones and tablets resulting in the formation of the DEA Default IT Policy covering General, Hardware, Logging, Password, Security, and Software to be used throughout the DEA
• Reviews existing and proposed enterprise mobile device implementations, identifying threats and vulnerabilities, and recommending risk mitigation measures to enhance the security posture.
• As lead assessor, performed in-depth architectural and security review for the integration of 3 new initiatives for the Department of Justice: Cross-Domain Solution, Next Generation Network (including mobility services), and Classified PKI.
• Representative of the Department of Justice, DEA attending high-level Continuous Monitoring Working Group briefings
• Acts as a liaison between team and government client, conducts interviews of potential new hires, and various related ad hoc tasks.
• Develops and delivers Standard Operating Procedures (SOP) guidance to DEA-wide components.

Confidential

IT Security Consultant/Enterprise Information Assurance

Responsibilities:

• Advised geographically disbursed Information Assurance Officers (IAO) to ensure organization policies, directives, instructions, and guidance of Office of Management and Budget (OMB), Department of Justice (DOJ), National Institute of Standards and Technology (NIST), the Committee on National Security Systems (CNSS), and the Director of National Intelligence (DNI) were followed
• Ensured IAO implemented and maintained programs aligned with established overarching wing-level information assurance and cyber security guidance including onsite inspections
• Responsible for of over 200 primary and alternate IAO’s located at Andrews AFB, Bolling Joint Base, and the Pentagon
• Oversaw cyber vulnerability detection and assessments to include cyber incident response and investigation analysis
• Reviewed program components, including but not limited to: COMSEC, network and computer security, emission security, IA awareness, information protection operations, network user licensing and the of network user licensing, password management and other areas of interest covered on AF 4160 checklists
• Ensured organizations implemented security measures for classified information systems and assess security design, and testing of state-of-the-art secure operating systems, networks, and applications
• Performed risk assessments providing recommendations for application design, including architectures, firewalls, electronic data traffic, network access, security policy and standard operating procedures covering mitigation strategies
• Conducted vulnerability scans, testing and operation of various software and applications for risk assessments using tools such as eEye Retina, Confidential STIG’s and Gold Disk
• Gathered metrics, developed and prepared critical reports for the security maintenance TCNO (Time Compliance Network Order) team, configuration management, security incidence response team (CND), Network Defense (NetD), disaster recovery team, Vulnerability Management (IAVM) team, Enterprise Patch Management (SMS, WSUS, ITMU and SA) Team, Security Risk Assessment (RA) team, & accreditation (C&A) team and security awareness team
• Participated in the and accreditation (C&A) of the US Air Force Information Technology network within the requirements of the Department of Defense Information Assurance Security and Accreditation Process (DIACAP)
• Lead threat and vulnerability assessments associated with mobile device implementations and recommend mitigation strategies staying abreast of mobile security threats and emerging mobile technologies.
• Reviews system change requests, performing malware/vulnerability analysis resulting in providing recommendations to the Section Chief for implementation

Confidential

IT Specialist

Responsibilities:

• Provided Subject Matter Expert guidance to staff on matters relating to information management issues that involve a wide range of IT management that typically extend and applied to an entire organization or major component of an organization
• Ensured the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools
• Performed Gold Disk testing and development in anticipation of new updates and releases
• Managed staff of security professionals responsible for reporting metrics for Remedy Ticket System; Provided weekly/adhoc briefings to the Division Chief
• Served as a Joint Task Force Transformation Initiative Interagency Working Group team member responsible for revising NIST A documentation. Utilized and the 8500 controls for integration into STIG security documentation
• Developed, prescribed, and/or implemented Information Systems Security policy, standards, and procedures for DoD-wide information processing systems
• Conducted security evaluations and analysis of information systems to identify requirements, logical structures and information flows

Confidential

HBSS Deployment Manager

Responsibilities:

• Managed configuration, field deployment, maintenance, and Operations Procedure documentation for McAfee's Host Base System Security, e-Policy Orchestrator, McAfee's Hercules Enterprise Vulnerability Management Suite, eEye Digital Security's Retina Network Security Scanner and Remote Enterprise Manager
• Provided consultation regarding IA projects involving all phases of information assurance and network operation to include: assess, address, correlate, analyze, and provide IA course of action decision support
• Assessed impact, determined probable damage and suggested methods of damage control utilizing computer forensics, and follow-on analysis to build historical and predictive capabilities
• Developed strategies for information systems providing protection against unauthorized access to or modification of information
• Evaluated planned network management systems to assess security effectiveness, monitor security performance and adequacy, and identify/resolve security problems
• Provided technical advice to the Command staff and regularly represented the command in high level meetings with representatives of the DoD, private industry and other Federal agencies to resolve INFOSEC management policy and operational issues
• Identified future projects/programs resource requirements to include funding, staff participation, engineering, and facility/installation security support requirements
• Developed security project milestones and resource management; delegated responsibility to team members, and assumed responsibility for completion of assigned projects within the scope of command objectives, priorities and resource constraints
• Attended weekly meetings with Project Management Team discussing applicable information pertaining to the sustainment of Confidential projects
• Lead teleconferencing efforts with geographically dispersed sites that required on site installation and of the available products offered by Confidential ; coordinated the deployment of personnel and hardware
• Researched trending vulnerabilities applicable to the DOD resulting in coordination efforts with security software vendors to update DOD audits

Confidential

Vulnerability Assessment Specialist

Responsibilities:

• Utilized Server management System (SMS) to monitor/push security patches
• Implemented, managed and troubleshot the base Public Key Infrastructure (PKI) software supporting the Common Access Card (CAC)
• Administered the Network Security of $51M classified/unclassified networks supporting over 12K users performing malicious logic investigation, reporting and damage assessments
• Served as a Contracting Officer Representative (COR) ensuring proper development of requirements and assisting Contracting Officers in managing contracts
• Employed Internet Security Systems Site Protector (ISS) discovering and eliminating network vulnerabilities. Determined and reported the information protection posture of the base network while maintaining and updating local security patch program
• Ensured adherence to Air Force Network Operations and Security Center (AFNOSC) advisories and Time Compliance Technical Orders (TCNOS)
• Maintained applicable anti-virus software updates/upgrades on a weekly basis
• Implemented and maintained base network security policies and base information assurance programs