Professional Overview

IT security professional with over 10 years in the IT field providing oversight to ensure systems are Federal Information Security Management Act FISMA compliant. As part of FISMA compliance quarterly and annual reporting requirement Risk Management Framework RMF tasks assigned included performing vulnerability assessments.

Significant Accomplishments

• Supported risk assessments using NIST-guidance 800-37,800-18,800-30,800-53 rev 4,800-53a rev4 in compliance with the RMF.
• Developed Information assurance documentation to include security categorization, risk impact levels, plans of action and milestones POA Ms , System Security Plans SSP , Security Assessment Reports SARs ,and contingency plans.
• Adopted the RMF standards from NIST, FISMA and OMB Article 130 to strengthen the security standards and procedures. Applied various NIST series in different projects, namely FIPS-199 Categorization, NIST SP 800-60, FIPS 200, SP 800-53 rev 4, SP 800-30, SP 800-18, SP 800-70, SP 800-53A, and SP 800-37.
• Provided IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans.
• RSA Secured Token Recertification Project Veteran Administration Project Mercury Project Lead Outlook rollout 90 help desk realization WAN First Response Troubleshooter Assurance Quality Tester
• Directed backups and customer restores via Veritas, NetBackup and BackupExec for several large corporate infrastructures, which included 12 exchanges servers and several Oracle and SQL servers.
• Operating Systems Windows NT, Windows 2008, Solaris/Linux Platforms, Cisco IOS
• Hardware Cisco 4006 switches, PIX Firewalls , multimedia products, modems,
• polycom video, autoloaders, desktop and laptop personal computers
• Scanning Tools Nessus, WebInspect and Snort
• Software Exchange, Windows XP/2008, Active Directory, SGL Server, Apache, ArcServeIT, Nessus, Snort, Entrust Intelligence, Visio, TCP/IP, Vmware ESX 5,
• Entrust CA/MRTD, Dell Powervault iscsi , SAN, MS SQL 2008
• Network Management Micromuse, Netcool, HP Openview, Lucent QIP, Concord eHealth, Blackberry Enterprise Server BES , Checkpoint Firewall, Symantec EndPoint Protection, Bluecoat

Experience

Confidential

• Currently providing IA support to FHFA, performing security assessments to ensure system compliance with NIST 800-53 guidance.
• Primary duties include assisting in the development of security policies and procedures to ensure compliance with all applicable regulations and requirements assists in the development of the continuous monitoring process, and providing Sr. level guidance on the FHFA security architecture.
• Performing annual assessments on a number system to insure FISMA compliance.

Confidential

• Security Authorization. Led 3-year accreditations, annual assessments, re-accreditation following significant system changes, internal and external audits.
• Developed, wrote and maintained detailed C A documentation and artifacts. Coordinated submissions through, ISSM, CISO, and DHS approval. Facilitated timely accreditations ensured compliance with NIST SP 800-53 and DHS 4300A guidance.
• Conducted C A activities for three FEMA information systems including mission, GSS, applications. HSPD 12, C A Primary C A responsibility for FEMA Continuous Monitoring. Assess and monitor system security through interview, test, and review activities. Participate in scans, interpret results, identify and document vulnerabilities, develop Security Requirements Traceability Matrix SRTM , wrote Plan of Action and Milestones POA M , track validation suspense's.
• Maintained current, accurate C A reporting, documentation, and artifacts, using Trusted Agent FISMA TAF and Crystal Reports. Track and report key milestones and delivery dates. Monitor FISMA scorecard . FISMA compliance directly impacts the FEMA FISMA Scorecard, which has consistently achieved an A rating during my tenure on the contract.
• Revised and updated Security Awareness role based training slides for System Owner, Authorizing Official, Information System Security Manager and Information System Security Officer

Confidential

• Worked as an integral part of the Plans of Action and Milestones POA M team
• Charged with providing Cyber Security Support for U.S. Citizenship and Immigration Services USCIS General Service System and Major Applications. Meet challenges of extreme compressed schedules for USCIS applications receiving an Authority to Operate ATO . Hard work and dedication will result in successful remediation of vulnerabilities to ensure security compliance with DHS policies.
• Reviewed system documentation to include Certification and Accreditation C A artifacts, recent audit findings, and recent incident reports to insure FISMA and DHS compliance
• Developed POA M tables and monitor IT weaknesses through the process of USCIS applications receiving an ATO
• Provided POA M oversight and management of USCIS information systems
• Assisted in the identification of remediation for open POA M and the development of waivers, exceptions and accepted risk
• Collaborated with key points of contacts to remediate system vulnerabilities to ensure security compliance with DHS policies
• Attended weekly C A status meetings, bi-weekly system status meetings with Information System Security Officer ISSO and monthly system status meeting with System Owners
• Created weaknesses and milestones in the Trusted Agent Federal Information Security Management Act TAF system

Confidential

• Assisted in the development and maintenance of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance.
• Participated in the development or revision of System-specific security safeguards and local operating procedures.
• Provide expertise in classified and unclassified ratings to customers.
• Worked closely with Certifiers to navigate the ICE Certification Accreditation process and produce all appropriate accreditation documentation.
• Attended ISSO training course as required.
• Performed interpretations of monthly vulnerability scan results of assigned systems.

Confidential

• Conducted gap analysis between SOP-90-47 and NIST SP 800-53 to insure NIST and FISMA adherence
• Conducted gap analysis between SBA system security plan, Template and NIST SP 800-53
• Created a fast C A approach using data call questionnaire for undiscovered systems to bring in FISMA compliance.
• Created several high level handbooks for SBA, Small Business Administration
• Developed vulnerability assessment matrix template per DHS system
• Wrote ISA's Interconnected Security Agreements .

Confidential

• Supported a PBGC user community of over 3500 at 10 different Field Benefit Administration FBA sites that includes 3 separate domains CDE, ITC and Production Administration Active Directory
• Provided service desk, security incident and problem management services for desktops, terminal servers PBGC's corporate infrastructure support
• Vigilantly assembled and notified target listing of RSA secured managers of 600 tokens approaching useful safeguarding data exchange for company employees and contractors working remotely
• Participated in a Continuity of Operations COOP exercise to provide system administration duties during this vital disaster recovery activity
• Manage Active Directory and Corporate Infrastructure support end-users, provide file access, possess domain control over file directory
• Primary contact for Exchange Outlook and standard Windows desktop/directory application matters

Confidential

Operations Lead

• ISSC Shift Supervisor staff of 4 responsible for 24/7 troubleshooting/monitoring Cisco routers, switches, resource servers, and application deployment reducing hardware/software end-users issues
• Originating Engineer, instrumental in creation, development and implementation of Booz Allen Hamilton's Information Services Support Center NOC
• Monitored network security by using various tools such as Nessus and Snort
• Continuously manage response to remediate Tier 1 2 issues, managed staff to restore connections to external customers, enhancing network reliability
• Coordinate infrastructure outage repairs serving as primary contact POC for stakeholders to manage shift communications handled IT infrastructure outages through designation of appropriate impact support teams and external customers
• Routine resource for on-site job training and senior management IT strategic consultations
• Efficiently servicing 30 Vantive software trouble tickets per shift software for customer network troubleshooting, outage detection supporting 3 satellite offices and 400 customer
• Proficiently maintained DNS, DHCP and WIN servers in distributing latest software packages and upgrades to company personnel thereby preserving Booz Allen competitive edge and brand
• Readily anticipated office network demands determining technology response for optimal results