SUMMARY:

• Detail oriented, self - starting IT professional with extensive knowledge of cyber security strategies, standards, and network intrusion detection and encryption technologies
• Experienced in information systems Cyber Security operations and management for enterprise wide initiatives
• Exhibits superior communication skills for the effective management of project timelines, resources and client expectation.
• Proven leadership capabilities in cost management, providing workable strategies and risk mitigation.
• Penetration Testing- Fuzz Testing, Replay attacks and Red-Team & Blue-Team
• Authorities & Web of Trust Models
• Advanced Persistent Threat (APT)
• OWASP
• Cryptography& Public Key Infrastructure (PKI)
• Vendor Security Assessments
• 2 Factor Authentication
• Defense In Depth
• Hardware Security Module’s (HSM)
• Cryptographic Module Validation Program (CMVP)
• Enterprise Identity Management
• Firewalls, Routers & Switches
• Intrusion Detection/Intrusion Prevention (IDS/IPS)
• Systems Security Engineering
• Strong Written & Oral Communication Skills
• NIST 171
• IP Networking IPsec, SSL, TLS, DNS & Proxy Services
• Strong Diagnostic & Problem Solving Skills

PROFESSIONAL EXPERIENCE:

Confidential, Baltimore, MD

Security Engineer

Responsibilities:

• Conduct security assessments of vendors working with T. Rowe Price to assess security controls, vulnerabilities and risk levels and provide a vulnerability assessment report identifying vulnerabilities and a remediation plan.
• Responsibility for building and maintaining the entire Microsoft Services internal PKI infrastructure for T. Rowe Price, to include; building and maintain intermediate Authorities in the Production, Development and Quality Assurance environments.
• Maintained root keying material for all three offline root Authorities.
• Maintained and updated the Revocation List CRL for all three intermediate Authorities.
• Configured and administered Safenet Luna Hardware Security Module HSM in a High Availability HA, environment.
• Engineered, tested and deployed Keyon Registration Authority RA, as part of T. Rowe Price’s enterprise wide PKI infrastructure upgrade. The Keyon Registration Authority was the first step in improving PKI practices by improving tracking, renewal and issuance.

Senior Consulting Security Engineer

Confidential, Baltimore, MD

Responsibilities:

• Developed and documented the Confidential Lifecycle Management Governance Program that outlines the organization, responsibilties and operations of the Governance Compliance Team.
• Analyzed Confidential Public Key Infrastructure (PKI) management documentation and provided detailed documented industry best practice process improvements.
• Supported Confidential Line of Business Public Key Infrastructure administration efforts on Venafi Encryption Director (VED).
• Provided PKI consulting to Confidential CIO/CTO technology teams using Venafi to include; on Confidential rding,, troubleshooting and technical support.
• Developed and documented procedural documents for Governance that outline the processes and procedures for executing the Governance Program.

Senior Information Security Engineer

Confidential, Hanover MD

Responsibilities:

• Developed the Cryptographic Module (CMVP) & Cryptographic Algorithm (CAVP) programs for the U.S. labs by leading the program successfully through the NVLAP laboratory accreditation process.
• Use network traffic tools Wireshark & Wireplay to perform penetration testing such as generating SSL keys and capturing them to perform replay attacks on network appliances.
• Perform validation testing of cryptographic systems to validate conformance claims to FIPS 140-2 standards and generate testing reports for National Institute of Standards and Technology NIST validators.
• Perform extensive penetration testing of hardware and software environments to harden the final product through the use of Fuzz Testing techniques and automated tools.
• Configured, Deployed and performed security validation testing on complex layer 2 & 3 VLANs and network appliances
• Provide hands on team management, oversight and to junior security engineers in network security engineering, cryptographic algorithm evaluation and validation and penetration testing methodologies.
• Use strong communication skills to interface directly with vendors and clients through all stages of security and kept projects on budget and time with weekly status calls and constant communications of projects needs.
• Create reports for management, vendors and NIST validators on project status and technical test findings.

Sr. Information System Security Officer

Confidential, Washington, D. Confidential

Responsibilities:

• Team management of all Cyber Security tasks for the Confidential Office of Professional Responsibility, across two enterprise information systems providing effective management of project timelines, resources and client expectation and cost management.
• Used CCURE 9000 to provide IDAM identity and access management to Confidential assets through two factor authentication utilizing a PKI (Public-Key Infrastructure) authority and PIV (Personal Identification Verification) cards.
• Deployed Juniper Netscreen Firewalls to create end to end VPN and VLAN to segregate and protect mission critical information such as physical access control d Confidential bases & surveillance video used in the protection of Immigration & Customs Enforcement assets and personnel. The Juniper Netscreens functioned as both firewalls and Intrusion prevention systems by blocking all traffic not originating from a Juniper Netscreen by utilizing point to pointAES 256 encryption.
• Performed security operations on a point to point firewall Virtual Private Network VPN configured to provide increased security and confidentiality for an agency wide IDAM.
• Utilized Tivoli/BigFix endpoint manager to remotely schedule patches and server restarts, as well as to diagnose system performance and perform security audits of system settings.
• Provided Cyber Security consulting to executive level management for all other security documents, for example, security incident reports, security product recommendations, operating instructions, technical vulnerability reports, and contingency plans.
• Lead yearly table top for contingency testing to insure all key stakeholders in Disaster Recovery roles are identified and trained to perform the needed COOP actions in the event of a system interruption.

Cyber Security Analyst

Confidential, Washington, D. Confidential

Responsibilities:

• Analyzed and developed baseline security requirements for FAA Internet Access Points(IAPs) based on FAA security policies written to comply with FISMA regulations and NIST standards
• Review FAA Security Authorization packages, to determine baseline security requirements for existing systems and prepare for compliance interviews with security personnel on site
• Review security policy documents to evaluate current program guidelines and procedures
• Conduct independent, on-site system information assurance reviews of the management, operational, and technical security controls, in accordance with mandatory regulation
• Generate reports on degree of system compliance to information assurance Federal FISMA Regulations, NIST Special Publication, and FAA Security Orders
• Brief Information System Security Managers (ISSMs) & CISO on observations and recommendations to enhance their information systems assurance program
• Work with ISSMs on the remediation efforts of vulnerabilities discovered during the information assurance review of the security program and systems