SUMMARY

• Extensive knowledge of Information internet protocols such as HTTP(S), DNS, IRC, SSH, FTP, TCP and UDP,
• Expert at rigorous application of information security procedures, practices and policies, and resolving interface and interoperability problems, recoverability challenges and maintaining system integrity through system fixes, technological updates and software/hardware enhancements
• Extensive experience with logging systems (i.e., syslog, Windows Event Log)
• Demonstrate strong problem solving skills
• Technical expertise in the specification, implementation, integration and management of Microsoft Windows operating systems 2000/XP/2008/2010 Professional, hardware capabilities and configuration, system interfaces, performance tuning, and management techniques for critical production systems
• Proficient in Windows XP Professional Remote Desktop Connections, establish and control Remote Assistance connections, Virtual Private Network (VPN) and authentication protocols (PAP, SPAP, CHAP, MSCHAP1, MSCHAPv2) and encryption
• Over 10 years of experience with telecommunications and electronic communications systems, network system installation and maintenance experience and UNIX system administration
• Provided over 10 years of experience providing technical support to various clients (Federal Government and the private sector)
• Demonstrate team building and leadership
• Strong Mentoring and training security team and staff per security awareness per security compliance
• Demonstrate ability to work in a fast - paced environment
• Excellent multi-tasking, communication, and organizational skills
• Strong work ethic - detail oriented, proactive, and enthusiastic

TECHNICAL SKILLS

Security Technologies: SSH, SSL, Digital Certificates, Antivirus tools (Symantec, Sophos, McAfee, CA etc)

Information Security Tools & Software: ArcSight, Tealeaf Technology CX Mobile, Dragon, Malzilla, Site Protector (ISS), Altiris, Encase, SIEM event Management, Nmap, Wireshark, Symantec Vontu DLP (Data Loss Prevention), Mandiant Information Collector, Splunk, Fire Eye, Qradar - SIEM, Juniper Security Firewalls NSM, Netwitness, Sourcefire

Networking Systems/Standards: TCP/IP; IPSEC; ICMP;RDP; DHCP; DNS; LAN/WAN; SMTP; HTTP(s); LDAP; POP3, Firewalls Ethernet

Operating Systems: UNIX; Windows 7/ 98/NT/XP/ ; Windows 2000/ Servers; DOS; Solaris

Software: Microsoft Office (Word, Excel, Access, and PowerPoint); MS Outlook 2008 & 2010; Quest Software; E-Trust; PC Anywhere; Remote Desktop, PSexec

Hardware: Dell Server; IBM-compatible PC’s, ArcSight CS 1000 Connectors

Programming Languages: C++; Visual Basic 6.0; HTML; dBase 1 and 2, Red Hat Linux

PROFESSIONAL EXPERIENCE

Confidential, Alexandria, VA

Sr Security Consultant

Responsibilities:

• Performing security support within a 24/7/365 Network and Security Operations Center (NOC/SOC) environment.
• Maintaining integrity and security of enterprise-wide to assure Cyber systems and networks and support Cyber security initiatives through predictive and reactive analysis,
• Performing ad hoc vulnerability scans as well as rudimentary penetration testing of existing production network components such as WAN,LAN,VLAN, sub-networks, networks devices, systems and software as authorized, requested or required.
• Conducting research on emerging security threats and potential customer impact.
• Articulating recommendations on continuous improvement of the processes architecture supporting overall Cyber Security Operations.
• Performing deep diving forensics via system logs, codes
• Collaborating and analyzing attacks and security threats reviewing traffic and logs via Proxies, Antivirus MacAfee, Fire Eye, Qradar, Firewall etc.
• Ensuring the effective operations of customer IT systems and network defenses, providing effective incident response capabilities, including usable and effective reporting that address overall situational awareness as well as ensuring management approves reports within mandated timelines.
• Using a variety of tools to correlate information and synthesize data into usable and actionable events.
• Mentoring and training client team and new Government/private Security members as needed.
• Critique and modify incident response plans (SOPs) and project plans to improve defense in depth security posture with existing toolset as needed, required or requested.
• Maintaining high customer service levels and coordinating team members
• Supporting various additional endeavors include wring responses to RFPs, RFIs etc.

Confidential, Washington, DC

SME Network Security Incident Response Specialist

Responsibilities:

• Management and critique incident response plans and process (SOPs) to ensure systems are conformed per NIST for auditing
• Developing and implementing information assurance/security standards and procedures
• Coordinating, developing, and evaluating security programs
• Recommending information assurance/security solutions to support customer requirements
• Manage Security team Strategic planning to improve SLA per customer requirement in responding to security incidents
• Serve as a SME (Subject matter expert) in incident response, remediation and proactive services
• Ensure current policies and procedures are maintained regarding federal, and departmental mandates and guidelines
• Create formal process and procedures to mitigate security incidents and vulnerabilities
• Providing direction and guidance per junior analysts, reporting status to customer and leadership per Security incidents
• Management of Splunk implementation and process, according to Confidential standards and guidelines
• Manage threats and incidents impacting the agency’s information resources.
• Develop and maintain reporting metrics and mechanism used to execute and measure SOC activities
• Identifying security risks and gaps, evaluating and recommending appropriate security measures, from a strategic perspective
• Interact with various staff and other IT agency unit services, to cooperatively achieve the successful goal of information security program.
• Educate employees about their information security and privacy protection responsibilities.
• Risk Management planning to identify and avoid or minimize (mitigate) the impact of threats to information and Confidential technology assets

Confidential

Security Startup business Consultant

Responsibilities:

• Successfully oversee the start-up and strategy development, distribution and marketing Managementof a consulting firm
• Interface with partners and large clients to develop and maintain organizational strategies, operational efficiencies, and proposals for increasing technical efficiency and improving profitability.
• Initiating an on-going future business plan per Information Security development, in both institutional and strategic financing during difficult economic conditions.

Confidential, Baltimore, MD

Incident Response Remediation Security Specialist/Tier III

Responsibilities:

• Coordinated incident response activities with level one monitoring group, and responded to alerts as needed
• Reported recent Security Standard activities, failures and trends to management and other affected community members
• Made remediation recommendations for recovery, containment, and prevention to site network administrators Responded to tickets by Security Engineers analysts or analysts
• Ran various malware removal and remediation tools
• Developed a remediation strategies, focusing on the issues identified
• Contained outbreaks as needed
• Performed on- going scans for threats, vulnerabilities, and malware
• Demonstrated strong problem solving skills
• Researched, recommended and implemented changes to procedures and systems to enhance security
• Performed forensic Investigation and analysis of user and device activities, using Encase, Malzilla and other forensic tools.
• Determine if other infrastructure is also infected
• Validating Alerting from a variety of monitoring technologies, to include Intrusion Detection Sensors
• CAPRS (In-House Trouble ticketing System)
• Acted as Security Event Manager
• Developed Antivirus and Anti Malware Reports

Confidential, Columbia, MD

Security Server Log Manager

Responsibilities:

• Demonstrated the development and structure of Sever Log Management team from scratch (Server Microsoft 2003 & 2008)
• Conducted and developed incident response policies and procedures
• Mentored, Trained and lead Server Log Management issues and resolution
• Worked hand & hand with customer and Management to ensure all requests are being met per customer to resolve any Security Log issues
• Implemented cross function teams to address operational, strategic, & security challenges
• Served as a leader for publishing strategic intellectual capital and development of formal frameworks and methodologies
• Demonstrated strong l writing and presentation skills for customer/clients per Cyber Security enhancement and new policies
• Approached customer requirements, leveraging existing intellectual capital and developing new innovative concepts
• Conducted and provided security architecture direction to on-going programs for security logs enhancement per organization
• Created policy per NIST series 800 guidelines via best organization practice on Server security logs
• Developed and enhance documentation for all Server Log Management Team activities to include Work Instructions, training material, procedure process
• Developed Webpage per Security Server Log Management Instructional manual, Training, templates, procedure and process
• Provided remediation implementation per incident, vulnerabilities per security compliance violation or misconfiguration
• Configured ArcSight (SIEM) Connectors CS 1000 for deployment per sector via Red Hat Linux programming
• Worked with ArcSight Engineers to assure server logs/events were generated properly from ISS (Site Protector) into ArcSight
• Managed/developed server logs content development per ArcSight to correlate and capture security logs/events
• Analyzed of policy violation, unauthorized server logons, security policy change, vulnerabilities of 4000+ servers globally
• Monitored security server logs of, mis-configuration, Brute Force attack and anomalous activity per Arcsight

Confidential, Linthicum, MD

Information Systems Security Engineer II

Responsibilities:

• Detected and respond using IDS/IPS to monitor the security of the Confidential network on various operating systems
• Monitored the infrastructure, analysis and resolution of incidents using Arcsight, Site Protector, Sophos, MIC Management etc.
• Monitored and made recommendations per improvements to security policy
• Provided support and monitored per Symantec Vontu Data Loss Prevention (DLP), including analysis and implementation of DLP requirements
• Performed and Reviewed DLP policy violation alerts, per investigation and resolved
• Analyzed threats and vulnerabilities to the Confidential global computing environment
• Detected and respond to all malicious/suspicious activities inbound/outbound traffic
• Identified, analyze, remediate, and report all cyber security incidents
• Web inspect for web scans, appdetect for database & applications, vulnerability scanner for OS using ISS & MacAfee
• Tested Web applications for common security vulnerabilities as defined by OWASP including SQL injection, cross-site scripting, session management
• Managed projects and deliver on time with periodic status reports to management
• Managed and investigate correlation using various incident management systems tools
• Managed & investigate remediation of Viruses, unauthorized software etc. using various incident management system
• Created instruction manuals and training guides of protocols and procedures for the Security Team & train new hire
• Monitored and investigate event logs, firewall logs, proxy logs, intrusion detection, and other security systems using Arcsight, Site Protector, MIC etc
• Investigated any malicious activities internal or external via packages or sessions Confidential global wide
• Reviewed firewalls logs across NG global wide
• Correlated & analyzed security inputs from multiple sources but not limited to IDS/IPS consoles, firewall logs, real-time packet trace, host logs
• Researched and perform risk assessment and recommendation on announced vulnerability assessment
• Performed forensic on suspicious files on various devices during investigation process using Encase and other forensic tools
• Investigated all malicious threats targeting devices global wide via internet or email
• Performed Application and OS vulnerability scans to assure all security compliance are being met per NG security policy
• Provided weekly reports summarizing activity observed and action taken and log incidents as they occur SSIM
• Analyzed incoming and outgoing network traffic to assure security compliance are met
• Investigated machines that has been compromised work with Security Officers for immediate shut downs per policy
• Made determination of shutdowns on compromised machines on suspicious activities per policy verseen a large and complex Cyber Security and Investigate global NG wide
• Provided forensic analysis support and incident response to the 24x7 Security Operations Center
• Used various tools for cyber security experience using various tools and techniques for investigation
• Managed security information and event management products (SIEM) per Symantec and ArcSight to collect,analyze andassess security and risk information
• Provided deep dive analysis and correlation of log data from multiple sources
• Provided vulnerability scans on servers before production going on NG network
• Worked a various operating system environment such as Windows, Linux, Unix etc.

Confidential, Washington, DC

Network Administrator/Lead

Responsibilities:

• Supported of email server migration, file and print, OWA, front-end system administration of Active Directory creating groups, email account, assigned permissions, Group Policy Objects (GPO), remove/disabled accounts, reset passwords
• Provided support for Microsoft Outlook Web Access (OWA) and front-end system administration of Active Directory by creating groups and email accounts; assign permissions and Group Policy Objects (GPO); remove/disable accounts and reset passwords
• Post migration, provide Tier II level support for e-mail, file and print, and other technical systems to the Office of the Secretary of Transportation (OST) and other newly migrated end-users resolving WINS, DNS, internet and intranet issues, utilize Quest utility tool emwprof.exe ensuring exportation of user exchange settings to new mail server e remotely manage an eTrust Antivirus Admin Server; routinely determine those clients running the latest version of the eTrust Antivirus application on the network which is configured to scan the local subnet
• Performed responsibilities and duties as a migration analyst collecting user data such as screen shots of desktop, Outlook 2000/2003 server names, location of .pst, .oab, .ost and .pab files, delegates, rules wizard, network drives and printers, ensure network connectivity
• Collect information regarding the existing Exchange environment
• Perform Migration Analyst duties by collecting user data such as screen shots of desktops, Outlook 2000/2003 server names, the location of .pst, .oab, .ost, and .pab files, delegates, rules, network drives, and printers; also ensure network connectivity
• Provide Tier II level support for e-mail, file and print, and other technical systems to the Office of the Secretary of Transportation (OST) and other newly migrated end users, post-migration
• Resolve WINS, DNS, and internet and intranet issues
• Utilize the emwprof.exe utility tool (Quest Software) by ensuring the exportation of user exchange settings to the new mail server
• Deliver exceptional customer service and timely end-user support to FHWA’s headquarters and field sites by accomplishing the OneDOT initiative that supports the Presidential directive of advancing the e-Government strategy
• Monitor and resolve assigned Outlook migration tickets in the Support Magic ticketing system
• Update tickets in a timely manner by entering problem resolution information into the Support Magic knowledge management tool
• Effectively work with the MS Exchange 2003 Cluster, Windows Server 2000/2003, DHCP, LAN, and DNS
• Remotely manage and update an E-Trust Antivirus Admin Server; routinely determine those clients running the latest version of the E-Trust Antivirus application on the network which is configured to scan the local subnet
• Responsible for the deletion and clean-up of GroupWise/Exchange domain email accounts utilizing Novell Console One
• Execute full data migrations and imaging of over 1000 user workstations by utilizing the File Transfer wizard, administrative sharing, and Norton Ghost
• Review unattended installations with answer files, update NTFS permissions, change inheritance information, and assign permissions

Confidential, Baltimore, MD

Image Capture Specialist/Project Management

Responsibilities:

• Traveled 100% of the time to Confidential (SSA), OHA, and DDS sites 3-5 weeks per site
• Provided project management of SSA training, site setups, knowledge transfer, and inventory control
• Consistently met deadlines for production according to government requirements
• Initiated and participated in on-site meetings with DDS and OHA staff; managed the agenda items along with site survey scheduled and conducted conference calls with the DDS and OHA administrators to perform a pre-arrival review of the site's compliance with items in the survey
• Trained IT staff on the maintenance of the 2650 Dell Servers and daily operations
• Performed installation, configuration, and testing with Connect Direct and Message Print Operation (MPO) on production, training and fax servers
• Executed testing and validation of local scanning and software applications
• Participated in conference calls to configure and test the T1/PRI fax line
• Managed and monitored the sites’ inventory of Dell 2650 servers, workstations, UPS 9125, and server tape back-ups
• Supervised the setup, construction, network connections, and connection of all the varied components and peripherals of the DMA server and scan station equipment, including UPS, switch boxes, etc.
• Conducted knowledge transfer and training to SSA IT staff of event logs, daily maintenance of servers, and the backing up of the production server with the fax server
• Modified system variables such as Back-up Domain Controller (BDC) and “lclsvr” to accommodate network settings for backing up the system
• Administered the set up of the fax, production, testing, and training servers
• Managed all configuration settings, installations, and troubleshooting of the Windows 2000 Dell 2650 servers and Dell workstations using Solaris
• Provided the proper safety specifications and set up of a UPS 9125 and other government equipment
• Configured the system variables for a Windows 2000 network
• Performed maintenance of the production, fax, and testing servers for implementing Fujitsu scanners for SSA

Confidential, Arlington, VA

Help Desk Engineer/Network Administrator

Responsibilities:

• Provided installation, configuration, and troubleshooting of various software and web-based applications on laptops and desktops
• Deployed and configured new computers and laptops for new hires using the Ghost tool; created images
• Recorded and prepared live tapings of talents for FBR on stations such as CNBC and Bloomberg
• Enhanced speed and performance along with maintenance on PC’s by cleaning up the registry and checking for viruses
• Performed troubleshooting of network problems, cabling, and installation of network equipment
• Wired and activated ports for Network Engineers
• Created and reset network, VPN, Syncticket, and EventDesk log-in passwords for users utilizing Active Directory
• Provided desktop and phone support remotely, using PC Anywhere, to users world-wide
• Resolved any hardware and software issues; resolved any issues with web-based applications, as well
• Worked with System Administrators and Developers to resolve network and application issues
• Set up projectors, audio sounds, and network connections for conferences
• Worked with domains and network protocols such as TCP/IP, DHCP and SNMP
• Upgraded PC and hardware devices, drivers, and RAM storage
• Replaced hard drives, power supplies, and NIC cards; communicated with vendors such as HP
• Utilized various Compaq/Dell desktops and laptop devices
• Provided LAN administration utilizing Windows 2000 and XP
• Supported and installed software such as MS Office, MS Outlook, Bridge, Factset, Rumba, and Excel add-in tools
• Provided desktop and phone support to 1000+ users

Confidential, Washington, DC

PC Specialist/Junior Administrator/Migration Team Lead

Responsibilities:

• Oversaw the effective implementation and execution of departmental guidelines and processes, encompassing normal and high-volume operations
• Prepared activity and progress reports regarding all assigned tasks
• Provided written and oral results to company and client representatives
• Completed tasks within estimated time frames and budget constraints.
• Trained/supervised employees on AC and SC (database) and the Ghosting tools
• Created manuals and training guides of protocols and procedures for the PC Deployment Team; implemented plans to allow the PC deployment team to function more effectively
• Installed, upgraded, troubleshooted, and configured back ups of data and the system; maintained the network storage using the Ghosting tool
• Migrated various operating systems such as Windows 95, 98, NT, XP Professional; migrated network operating systems such as Novell and Windows NT
• Supported various software applications such as MS Office and MS Outlook
• Provided desktop support systems to 1000+ users within SLA
• Maintained local area network hardware and software, such as personal computers’ software applications and printers; supported Blackberry devices
• Trained users on assigning attributes
• Established and maintained network users, the user environment, directories, and security settings
• Troubleshooted Peregrine working with Asset Center 5.0 and the wizard chain code
• Debugged error messages
• Tested and packaged software upgrades for Confidential using Wise Package Studio
• Remotely troubleshooted user’s PC’s by performing system management activities such as computer management, account management, and performing tuning
• Coordinated all migration activities
• Created technical reports and other required documentations; prepared all daily and weekly reports
• Set team goals and promoted overall team motivation and communication/teamwork
• Managed and updated deployment team appointments and inventory stock using Asset Center and the Peregrine (Service Center) database system