SUMMARY

• Talented and accomplished Information Technology (IT) security professional, with extensive background in IT security program management.
• Proven ability to direct IT security programs.
• Experienced in developing a common - sense approach to IT Security.
• Adept at interpreting government mandates and creating methodologies to achieve compliance with the mandates.
• Information Security Program Management and Leadership
• Information Technology Contingency Planning/Disaster Recovery
• Knowledge of information security industry and regulatory obligations (ISO 27001/27002 , SOX, PCI, FISMA, HIPPA, PII, and PHI
• Knowledgeable of DOD and Federal IT requirements to include DIACAP, NIST Special Publications such as Special Publication (SP), SP, SP A, and FIPS
• Possess a solid knowledge in Information Assurance and Common Criteria
• Experience in regulations, policies, standards, or procedures governing DOD and Non DOD systems
• Developing and implementing enterprise and application-level risk mitigation strategies
• Experience in DISA test and evaluation tools (e.g. Fortify, SCAP, STIGS, Gold Disks, Retina Scan) Used multiple scanning tools such as Fortify, Retina, Gold Disk, Nessus and Burp and other SCAP compliant tools
• In depth knowledge of STIGS, and vulnerabilities management
• Experienced in developing and presenting IA security training
• Experience working with Enterprise Mission Assurance Support Services (eMASS)

TECHNICAL SKILLS

System: 2000, XP, Windows 7, Windows 8

Servers: 2000, 2003, 2008, 2008 R2, Active Directory, Virtual Environments, Office products, Visio, Adobe

Other Technologies: Active Directory, Virtual Environments, Office products, Visio, Adobe

Networking: TCP/IP, DHCP, LAN/Wan, Wireless, Ethernet

Hardware: Servers, Laptops, PC's, Hubs

PROFESSIONAL EXPERIENCE

Confidential

Senior Security Analyst Staff

Responsibilities:

• Development of information security policies, procedures, and system authorization (compliance) packages for the National Science Foundation’s (NSF) United States Antarctica Program (USAP) operations
• Monitoring and maintaining Information Systems (IS) security systems at 11 different locations, including Antarctica, CONUS, South America, New Zealand
• Developed requirements for implementing security into a system Lifecycle
• Supporting Security Compliance Assessments (SCA) and Office of the Inspector General (OIG) inspections
• Performed Risk Assessments
• Provided analysis for all current and coming requirements that need to be developed and implemented within the design and architecture of a system
• Provide security program reports to the National Science Foundation Staff about the current state of the security program
• Perform risk analysis on programs
• Perform scanning on infrastructure and work with IT staff to mitigate critical vulnerabilities
• Perform Vulnerability analysis and the impact to the network and infrastructure
• Develop System Security Authorization Packages that included researching, writing, and implementing System Security Plans
• Develop IT Contingency Plans, Privacy Impact Assessments, Security Compliance Assessment Reports, and Plans of Action and Milestones (POA&Ms) on the USAP’s three authorization boundaries and 19 major applications
• Develop information system security studies and reports that addressed areas of information security concerns
• Coordinate and perform Security Control Assessments to ensure that all USAP systems are in compliance with Federal guidance
• Security Compliance reviews and tests at USAP locations world-wide including remote locations in the Antarctic

Confidential

System Security Engineering

Responsibilities:

• Provided analysis for all current and coming requirements that need to be developed and implemented within the design and architecture of a system
• Developed requirements for implementing security into a system Lifecycle
• Leading and developing the Risk Management Framework transition for the entire SENSOR contract
• Guide the SENSOR program to develop and implement security best practices and process across all Weapon Systems
• Implement Best practices for developing security practices with Service Oriented Architecture in mind

Confidential

Cybersecurity Strategy and Planning

Responsibilities:

• Deputy to Cybersecurity Director for MDA security assessments
• Asses with DAA strategy for cybersecurity testing
• Conduct and Plan assessment and test for all necessary assets
• Plan testing events for penetration testing
• Lead working groups for planning and strategy for Cybersecurity
• Work with Information Assurance Teams to coordinate across assets and Commands for security

Confidential

Information Assurance Manager

Responsibilities:

• Developed and maintained an Information Assurance program to identify IA requirements, policy, procedures, personnel, IA objectives and architecture. This included interviewing, hiring, managing, coordination IA events and personnel
• Re- designed security divisions for requirements objectives and training
• Managed an IA staff in charge of research and guidance for software development and ensured compliance for annual IA reviews and code reviews. All employees were trained and certified in accordance with DoD policy
• Directed all Certification and Accreditation Activities, including DIACAP, NIST, and DCID.
• Lead efforts in accreditation for cross domain solutions and information sharing for multi classification networks
• Developed security notification measures, issues, testing, evaluation, verification and system reviews
• Developed, reviewed and maintained the Certification and Accreditation documentation for numerous DIACAP submissions and software certifications
• Prepared all DIACAP, DODIIS and EAPL documentation for submission and maintained all artifacts including advanced features guides, System Security Authorization Guides, Service Level Agreement's, SSP’s, Memorandum of Understanding, architecture drawings, security policies and CONOP
• Lead efforts in accreditation for cross domain solutions and information sharing for multi classification networks
• Assisted in proposal efforts including budget work for business development and company growth
• Provided weekly and monthly reports of relevant IA status to all appropriate staff members and government personnel
• Interfaced and coordination with all levels of the project for a speedy resolution on any issues
• Completed testing and evaluation to complete all IA requirements in accordance with Federal, DoD and Air Force regulations
• Ensured STIG and IA control testing, IAVA testing and compliance
• Employed software security tools such as Fortify Scanning, eEye Retina, and Gold Disk
• Ensured compliance with all DoD requirements were met and fulfilled including IA training and certifications
• Managed network infrastructure and Information Assurance requirements for a DREN approved network
• Served as Project Deployment Manager for Network upgrades, deployments and infrastructure
• Performed Risk Analysis for network Infrastructure to locate vulnerabilities
• Oversaw the entire network and all network equipment and personnel involved with adding, maintaining, upgrading and managing the network assets
• Developed and performed independent audits of backups and disaster recovery processes and procedures
• Executed independent and random disaster recovery tests and documented all findings including all critical production and development servers and workstations
• Validated that all critical backups are complete, maintained and protected in accordance with DoD regulations
• Developed and maintained the Contingency of Operations plans and testing
• Ensured that all vulnerabilities to the development network were correctly mitigated, documented and reported to the appropriate staff members
• Developed and implemented configuration management policies and processes
• Acted as the CCB chair, lead and manager
• Enforced auditing of all systems and log files

Confidential

Responsibilities:

• System Administrator for one of the largest hubs in the complex UPS network
• This included hundreds of Servers and workstations across a multi-state region
• Project Manager for major technological deployments including planning, implementation and training
• Project Manager for a region wide disaster recovery plan and implementation process
• Project Manager for end user training in a multi-state region, responsible for maintaining 99.9% uptime for a multicenter building
• Coordinating administrative functions associated with managing a complex LAN, including configuration, training, installation, maintenance, support and documentation
• Troubleshooting PC/LAN problems via telephone, in-person and on an on-call basis for over thirty five centers in addition to hundreds of customer locations
• Coordinated hardware and software changes, as well as problem resolution and upgrades to servers, network equipment and workstations
• Performed extensive network analysis
• Supported end-users’ laptops and desktops