SUMMARY:

• I am a solutions focused, team oriented Senior Information Assurance Engineer with broad - based experience and hands on skills in the assessment and accreditation of Federal government Information Technology systems. I have participated in the development of Security Accreditation Packages (SAP s) utilizing the National Institute of Standards (NIST) Special Publications (SP) A, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP, NIST SP-18, NIST SP-37 as well as the Federal Information Security Management Act (FISMA)and the Federal Information
• Processing Standards 199 and 200 publications and the Office of Management and Budgeting (OMB) 130 publication as guidelines for the assessment and accreditation process. I have also participated in the development of the Department of Defense s Information Technology Security and Accreditation (DITSCAP) process creating documentation such as Authority to Operate (ATO) and Authority to Connect (ATC).

PROFESSIONAL EXPERIENCE:

Information Assurance Analyst

Confidential, Silver Spring, MD

Responsibilities:

• From, I was tasked as an Information Assurance Analyst, Security Assessment Team (SAT) member with the National Oceanic Atmospheric Administration s (NOAA) National Ocean Service (NOS) and the National Environmental Satellite, Data, and Information Service (NESDIS) Security Assessment Team responsible for the Assessment and Authorization (A&A) of multiple NOS and NESDIS IT systems. During the A&A process, the SAT evaluated NESDIS systems based on the National Institute of Standards and Technology (NIST) criteria, Department of Commerce (DOC) and NOAA policies, and the policies and procedures outlined in the NESDIS IT Security Handbook.
• Components of the A&A process included compliance reviews of the systems documentation such as the System Security Plan (SSP), the Contingency Plan (CP), the Business Impact Analysis (BIA), the Continuous Monitoring Plan (CMP) and other core documents that make up the system s documentation package that is submitted to NOAA management for their compliance review and approval to gain the system an Authorization To Operate (ATO). The SAT also develops Vulnerability Assessment Reports (VAR) and Risk Assessment Reports (RAR) utilizing the Nessus vulnerability scanning tool as well as the Nipper Security Tool to help the system identify specific vulnerabilities and provide the opportunity to mitigate them. In particular, the SAT is responsible for:
• Reviewing system security documentation applicable to selected controls to ensure that it is current to the operating posture of the system.
• Examining documentation, manually inspecting selected systems, and interviewing key personnel in accordance with NIST SP A, Revision 4 assessment procedures for selected controls.
• Conducting a targeted assessment of the selected technical controls in place.
• Evaluating quarterly Nessus scanning results to assess vulnerability levels and produce VAR’s.

Senior Information Security Analyst

Confidential

Responsibilities:

• From (short term contract), I was tasked as a Task Leader with the Federal Aviation Administration (FAA) responsible for maintaining documents and records for a privacy and security program team, including document preparation, processing and tracking actions, monitoring program and project schedules, records management, document distribution, entering, verifying and reporting on departmental, program and financial data, and maintaining databases. Other tasks included acting as the assessed system s Information System Security Officer (ISSO) in order to produce a completed assessment package to acquire the system s Authorization to Operate (ATO). The package s documentation consisted of the System Security Plan (SSP) based on NIST Special Publication, Revision 4, the Risk Acceptance Report (RAR), the Security Assessment Report (SAR), McAfee Vulnerability Manager (MVM) scan results, HP Web Inspect scan results, the Executive Summary (ES), System Characterization (SC), the Contingency Plan (CP), the Contingency Plan Test Results (CPTR), and the Privacy Threshold Assessment (PTA).

Principal Information Assurance Engineer

Confidential, Bethesda, MD

Responsibilities:

• The IA Team is also responsible for supporting the government client, services, and the Base Re - Alignment and Closure (BRAC) 198 effort. The IA Team is also responsible for creating and applying group policies, applying Security Test Implementation Guides (STIG) rules to IT systems for a compliant, standardized environment, and creating enterprise wide Host Based Security System (HBSS) rules and regulations to alleviate unwarranted network intrusions. HBSS also provided FHP&R with Network Intrusion tools, Virus Protection, as well as a host of other tools to protect the desktop and server environment. I was also responsible for migrating Windows XP desktops to Windows 7 utilizing Symantec Ghost software. The process included creating various images for each type of various desktops, deploying the Sysprepped image, and insuring each machine is has all of the attributes as a standard desktop for FHP&R s environment. I was also responsible for updating patch definitions and scheduling their distribution utilizing Shavlik s NetChk Patch Management software as well as Secunia PSI scanning and patch management software. I was also the primary Engineer that performed Security Test Reviews on non-pre-approved DoD software.

Senior Security Analyst

Confidential, Fairfax, VA

Responsibilities:

• As a member of the Enterprise Access Management (EAM) team, I was responsible for developing and documenting the Department of s (DoE) Federal Student Aid s (FSA) Enterprise Access Management application, eliciting business requirements from application stakeholders, and conducting Joint Analysis Discussions (JAD) sessions to gain knowledge of the application. The development involved analyzing the DoE s FSA Enterprise legacy systems and implementing an enterprise wide solution to effectively establish and control user access management security policies and procedures. I was also responsible for creating templates for the documentation of each phase of the EAM implementation process. The implementation involved reviewing and applying policies and procedures from the documentation of various National Institute of Standards and Technology (NIST) Special Publications (SP) such as NIST SP Revision 2, Guide for Assessing Security Controls in Federal Information Systems, NIST SP, Security Considerations in the System Development Lifecycle, the Federal Information Processing Standards (FIPS) resource, the Federal Information Security Management Act (FISMA) resource, and in addition to numerous Department of materials.

Senior Security Analyst

Confidential, Silver Spring, M D

Responsibilities:

• I provided support for certifying the administration s National Ocean Services (NOS) program offices. The C&A process involved traveling to NOAA s Marine Sanctuary Program (MSP) offices, their Coastal Services Centers, and their National Centers for Coastal Ocean Science offices located throughout the continental United States as well as the Hawaiian Islands to perform the C&A process for their systems. . The team was responsible for compiling Security Accreditation Packages (SAP s) which included interviewing, testing, and documenting the IT systems to obtain and accreditation. The team created documentation such as risk assessment reports, system security plans, privacy impact assessments, contingency plans, and plans of actions and milestones. All documentation was modeled after the National Institute of Standards and Technology Special Publication Revision 1, Guide for Assessing Security Controls in Federal Information Systems methodology and the usage of NOAA s C&A methodology. I also provided assistance in the testing of NOAA s personal computers and servers using the Nessus security scanning software.

Senior Network Analyst

Confidential

Responsibilities:

• Area Network Cisco switches and routers. I also provided support for the creation and distribution of Microsoft Exchange 2003 user accounts. I served as the administrator for distributing software packages to the desktop utilizing WinInstall. I also administered the network monitoring applications which include Barracuda anti - spam devices, McAfee Webshield antivirus devices, Whatsup Professional network monitoring software, CiscoWorks, and PRTG Traffic Monitor. I was also responsible for the medical center s backup operations utilizing CommVault s QiNetix backup software on an ADIC Scalar 100 Magnetic Tape Library.

Enterprise IT Analyst

Confidential

Responsibilities:

• As a key member of a ten person and Accreditation (C&A) team at the Department of Transportation, we created and reviewed Security and Accreditation packages. We provided guidance to staff pertaining to the preparation, authentication, safeguarding and transmission of sensitive and confidential materials. The team reviewed security specifications from the National Institute Standards and Technology and applied those guidelines to the DOT s major applications and general support systems in the Office of the Secretary of Transportation. We provide expertise on security and security related tools and systems. We also function as security engineers for the systems reviewed. We develop, execute, and evaluate information assurance processes relating to and accreditation, system security engineering, system development, integration, and evaluation. We perform security analysis to include evaluation, risk management,, and testing of secure information systems. In addition, we also prepare accreditation packages such as system security plans, risk assessments, and statements. We coordinate with team representatives to establish and define programs, resources, schedules, and risks. Finally, we apply expertise to highly sensitive government systems and networks requiring specialized security features and procedures.

Distributed System Engineer

Confidential

Responsibilities:

• As a member of the Server Operations Team, I was responsible for all network servers throughout the LAN including users account creations, deletions and modifications as well as file access rights. This function also included configuring, monitoring and maintaining approximately 200 Microsoft NT 4.0 Windows 2000 servers as well as 30 Novell 5.0 servers. Also as a member of the Server Operations team, we were responsible for all of CareFirst s tier III desktop support and troubleshooting for over 1800 client workstations utilizing Windows 2000 as a desktop solution as related to connectivity to the LAN. I was also tasked as the Lotus Notes backup administrator to create and manage the Notes clients. I also performed automated software rollouts on the Novell server platform utilizing Novell s Zenworks application. I also performed network LAN server management on a Microsoft NT 4.0 and Novell Netware 5.0 platforms.

  These functions included managing the Novell network s NDS tree on the Novell platform and Active Directory on the Windows 2000 servers. I was also a member of CareFirst s migration team that was responsible for the migration of all 1800 workstations from Novell Netware 5.x to Windows 2000/Windows NT 4.0 workstation. As a part of the migration team from Novell Netware to Microsoft Windows 2000/Windows NT 4.0 workstation, I was the project plan coordinator and put in place a comprehensible project plan to accomplish the migration. I was also responsible for all network documentation utilizing Visio Professional 2000 Enterprise edition as well as all new server installations and configurations. Server Management Solutions on Novell servers included installation and configuration of Managewise 2.7 to set monitor and adjust thresholds for server availability. For the NT server environment, Server Management System 3.0 was used for server management and configuration. GroupWise 5.5 was also used as a collaboration solution for peer to peer communication.