Summary:

More than twenty five years of experience in the Information Technology Field. Highly experienced in all facets of cyber security, network and systems architecture, and project planning and implementation. IT management, web and application development, vulnerability assessments and scanning, flaw remediation, risk management, Certification and Accreditation, FIPS and NIST compliance and all major operating systems and applications.

Goals s :

• To leverage my skills to enhance the organizations' capabilities and maximize and capitalize on opportunities to strengthen the company's overall cyber posture.
• To educate employees from the lowest to the highest level on the security threats currently targeting every organization with or without an Internet connection.

Competencies:

• Migrated classified and unclassified LANs to NIST 800-53 Rev 3.
• Thoroughly familiar with FIPS and NIST standards and procedures.
• Penetration Testing and Vulnerability Scanning to include patch management .
• Work with various tools to monitor network, workstation and server traffic when warranted.

System Administrator

• Applications Development
• Server/System Administrator for Windows, Solaris, Unix, Linux Red Hat and SUSE
• Network architecture and troubleshooting
• Packet analysis
• Malware detection/eradication
• Risk Assessments
• Technical Writing
• Lesson Plan/Curriculum Development
• Database Administrator
• More than twenty years' experience with mixed Windows and LINUX environment.

Work History:

Senior Cyber Security Analyst

• Obtained my CISSP and GSEC certifications from ISC2 and SANS respectively .
• Conducted over 1400 fraud, waste and abuse audits in 30 months.
• First to recognize targeted phishing attacks against sensitive targets in organization.
• Responded to many incidents and conducted numerous investigations.
• Discovered anomaly based antivirus software, tested it and am procuring it for use on both the Unclassified and Classified Networks. 800-53Rev. 3 requires such an application.
• Wrote web based interactive phishing test tied to a SQL backend for reporting.
• Worked closely with DOE to reverse engineer malware when possible.
• Used Metasploit Framework, WireShark and other tools to check for unusual network traffic.
• Wrote numerous applications in various versions of C, VB.net and ASP.net.
• Accredited a classified and unclassified network in the previous six months. HQ DOE inspectors stated our networks should be the model for all DOE systems due to our security posture and our diligence in securing and monitoring our systems .
• Implemented a continuous monitoring program that exceeds Federal standards and wrote a template for risk assessments that DOE has stated most closely meets their requirements.
• Currently migrating isolated classified LAN to Windows 7 and IPv6.
• Produced Cyber Security Newsletters for end user education.
• Selected by DOE to head committee to develop, test and implement continuous Cyber Security training for the entire Savannah River Site approximately 10,000 individuals .
• Worked with the site networking group to identify several accounts that were attempting to create covert connections. Our monitoring process initiated every one of the investigations.
• Designed and implemented system to scan unclassified network for PII and sensitive documents/files.
• Implemented system to ensure all data containers with PII are properly documented to Federal standards .
• Identified and thwarted several large scale nation state spear phishing attempts in the past several months.
• Wrote program to create and verify hashes of files we send via FTP to ensure integrity.

IT Director

• Used security assessments to determine all of the district web sites were using http rather than https. Immediately implemented https on all web applications both internal and external .
• Edgefield County Schools led the way in ensuring our school district in the state to meet FIPS compliance when we updated our student database. Several districts followed later but none before.
• Migrated Novell 6.5 forest to Suze Linux 10, Open Enterprise Standard 2.
• Instituted policies requiring strong passwords, to include students in middle and high school. Ensured said policies were enforced using various tools.
• Instituted OpenVPN using a self-generated 4096 bit certificate for secure, remote access.
• Wrote programs to monitor and store logins and dates/ times to negate student claims regarding vandalism of computers, software etc.
• Instituted software allowing teachers and media specialists to remotely and covertly monitor student web browsing.
• Created a sandbox to allow the network engineer and myself to work with malware safely.
• Used Snort and other open source software to assist in locking down our network and workstations by identifying weak areas to be fixed as a passive Network Intrusion Detector .
• Wrote a random password generator to ensure new accounts were properly secured.
• Built a streaming audio and video server to push out training, to include locally produced videos. Also worked with a local radio station to broadcast and archive high school football games using the Internet.

Database Administrator/System Administrator

• Earned a Bachelor of Science in Information Technology with a 3.83 gpa .
• Attended college level courses on Project Management, Unified Modeling Language, HTML, C, C and C , Java, Javascript, UNIX administration, telecommunications, relational databases and web development.
• Educated users on the various evolving techniques of the APT.
• Alerted CI to a new targeted phishing attack that was ignored by others until I brought it to their attention.
• Earned SANS Firewall/VPN certification as well as VB.Net and SQL DBA from Learning Tree, and Crystal Reporting certifications Levels 1-3 from Crystal Reports.
• Investigated abnormalities in logs, including Event Logs, IIS logs, SQL logs, etc.
• initiated and conducted incident reports.
• Created and implemented an Incident Response Plan and
• Migrated users from Novell client to Active Directory.
• Instituted password complexity verification program.
• Recoded applications to remove PII such as social security numbers and other unnecessary information.
• Hardened servers by minimizing unnecessary services.

Confidential

• Was requested by name to assist in writing and validating the initial Information Warfare field manual.
• Assisted in creating Linux laptops compatible with Unix software to allow strategic assets to push real time imagery and intelligence to deployed tactical units.
• Managed groups of soldiers from the team level to company level for 18 years.
• Worked with counterintelligence units on numerous occasions. Assisted in debriefing defectors, personnel updates and other investigations and incident responses.
• HUMINT mission manager for I Corps Pacific Rim .
• SCIF Corps Secure Facility approximately 20,000 square feet per floor two floors security manager for I Corps.
• First person in the US Army to successfully link encrypted systems including airborne and two different ground radio direction finding systems in a real world environment.
• Excelled as an instructor at the Electronic Warfare School and the Pre Command course for Battalion commanders. Recognized for achieving almost 1000 hours as primary instructor in less than twelve months.
• Graduated from the Basic Instructor Training Course 160 hours at Fort Devens, Massachusetts, a world class institution with students from all over the world. Very comfortable teaching as well as writing job analysis, lesson plans and creating job aids.
• Accrued over 600 hours of flight time working Peacetime Aerial Reconnaissance Program PARPRO missions along the DMZ in less than two years.