SUMMARY:

• Seasoned senior information systems security professional, CISSP, with extensive experience in government agencies and accreditation projects to achieve FISMA, regulatory compliance including HIPAA, security architectures and strategies, security programs and policy development; risk assessment, security assessment, security authorization, identity and access management including credentialing using Public Key Infrastructure, messaging, and directory technology.
• Information Security / Information Assurance
• Security Leadership
• FISMA, NIST RMF, DOD 8500.1 & 2, DOD 8510.10, MHS TRICARE, CNSS Instructions including CNSSI 1253, ISO 27001, HIPAA, PCI, SOX, HSPD - 12, FIPS 201
• Regulatory Compliance (HIPAA, FISMA DIACAP, etc.)
• Risk Assessment, Management & Mitigation
• Privacy and Security
• Incident Response,
• Top Secret clearance
• Contingency Planning, Configuration Management, Continuous monitoring e-authentication Assessment
• Policy Development
• Information Security Architecture and Strategy
• Identity and Access Management / Identity Assurance
• Credentialing
• PKI, CAC, PIV, Smart Card

TECHNICAL SKILLS:

Software/Hardware: Microsoft Office Suite PC and Mac Microsoft Visio and Microsoft Project Sun workstation Lotus Notes/Domino

Operating System/Language: Unix, Microsoft Windows Pascal, C, Basic Linux FORTRAN, COBOL Lotus Notes/Domino

PROFESSIONAL EXPERIENCE:

Confidential

Lead Senior Systems Architect

Responsibilities:

• Development of technical reports for Portfolio, Service, or Element. Description for JIE IdAM, such as Authentication Gateway, Assertion Service, IdAM Data Management, etc
• Development of technical reports for technical architecture description (TAD) of elements and services in JIE IdAM solution architecture
• Use of modeling/architecture tools, such as MagicDraw by NoMagic, etc. for developing SysML and UPDM (DODAF) models of the solution architecture artifacts.
• Representing and bringing forward DISA Enterprise Engineering position in various working groups and committees
• Synergy and interaction with DoD CIO, other DoD combatant command/service/agency (CC/S/A), Government, and private industry fora on matters of IdAM, ICAM, and access control, such as the Federal ICAM, Gartner, AFCEA, etc.

Confidential

Principal Information Engineer

Responsibilities:

• Development of technical reports for architecture artifacts, technical and engineering Analyses, recommeniceair1ded design pattern, requirement analyses, and enterprise interoperability profiles for Policy Enforcement Point (PEP), Policy Decision Point (PDP), Attribute Service, Policy Service, and Resource Attribute Service.
• Support and utilization of model based system engineering approach, such as SysML with tools, such as TopCased, MagicDraw by NoMagic, etc. for developing SysML models of the architecture artifacts.
• Synergy and interaction with other DoD, Government, and private industry fora on matters of IdaM, ICAM, and access control, such as the DoD Joint Information Environment, Federal ICAM, Gartner, AFCEA, etc.

Confidential

Senior CAC/PKI Policy Analyst and Technology Analyst

Responsibilities:

• Identity and Access Management (IdAM), Identity, Credential, and Access Management (ICAM), and DoD Identity Assurance (IdA). IdAM addresses authentication (verifying the claimant is who she claims to be) and authorization (what is the authenticated entity allowed to do/see/access, her privileges, etc.). DoD IdA is the holistic view of identity in the enterprise (friend or foe) from cradle to grave. DoD IdA includes identity and credential life cycles, authentication and authorization services, and mission specific identity scenarios to deny anonymity in the DoD enterprise.
• Army Knowledge Online (AKO) single sign on (SSO) portal and LDAP service transition to stronger authentication mechanisms such as PKI, multiple factor one time password schemes, etc. Stronger authentication requires and should be followed by access control mechanisms (authorization service) such as attribute based access control (ABAC), role based AC (RBAC), AC lists (ACLs), etc.
• Homeland Security Presidential Directive (HSPD) 12, FIPS 201, Personal Identity Verification (PIV) and Interoperable (PIV-I) external interoperability. This area of support includes oversight of Army migration from Secure Hash Algorithm (SHA) 1 to SHA-256.
• Common Access Card (CAC)/Smartcard Applet and middleware assessment support, coordination, policy and technology guidance.
• CAC PKI action officer activity on various Army, department-wide and inter-agency committees and working groups, including identity Protection and Management Senior Coordination Group.
• Logical and physical access control
• Data at rest Data in transit

Confidential

Program Manager and Lead Principal engineer

Responsibilities:

• Led a use case analysis program for the DoD PKI PMO on potential benefits from utilization of Server-based Validation Protocol (SCVP) Request for Comments (RFC)
• Developed FAA Key Recovery Practices Statement (KRPS) based on Key Recovery Policy (KRP) also developed by Electrosoft.
• Participated in DoS zero-day Root Authority (CA) audit in support of a DoS PKI implementation

Confidential

Information Systems Security SME /Project Manager

Responsibilities:

• Conducted security C&A / compliance process and oversight (system owner support, agent support, information system security officer, authorizing official support, and/or assessor roles).
• Developed process compliant with the NIST Risk Management Framework (RMF) (assessment and authorization).
• Defined IA practice’s enterprise information security architecture, security program support, and standards
• Supported incident response and conducted security risk assessments, etc.
• Successfully rescued three projects that were behind schedule, over budget, and causing customer dissatisfaction
• Achieved Authority/Authorization to Operate (ATO) and customer satisfaction for all three projects ahead of schedule
• C&A Processes encompassed traditional Federal agency C&A
• DoDI 8510.01 DIACAP government-wide unified NIST RMF assessment and authorization process emphasizing single risk management based near-to-real-time continuous monitoring

Confidential

Principal Engineer

Responsibilities:

• Coordinated and conducted Personal Identify Verification (PIV) Card Issuer (PCI) assessment in accordance with NIST Special Publication 1.
• Served as C&A oversight for the Department of State Global AIDS Coordinator (S/GAC) to ensure appropriate and effective activity by development and contractors.
• Coordinated and conducted security and accreditation (C&A) projects,, annual Federal information Security Management Act of 2002 (FISMA) continuous monitoring assessments, and re-s and ISSO support of a key component of the GSA Networx acquisition program, which provides pricing information submission and processing capability to vendors, Federal agencies, and GSA contracting office staff.
• Coordinated and assisted C&A and HIPAA security and privacy compliance preparatory activity for the Department of Human Health Services Indian Health Service (IHS) Department of Oral Health (DOH) Electronic Dental Record (EDR) application.
• Key technical and architectural resource in developing, establishing, and implementing the GSA Access s for Electronic Services Program (ACES) by developing and updating ACES and CRL profile compliant with the FPKI and CRL profile developed by NIST;
• Conducted C&As, compliance audits, and operational assessments on ACES authority implementations seeking cross- with the Federal Bridge Authority (FBCA);
• Key technical resource revising the ACES Policy; and conducting compliance audits and security assessments for the ACES vendors participating in the Shared Service Provider program.
• Key technical and architectural resource in developing, establishing, and implementing the Federal Bridge Authority/FPKIA by performing key analyses in support of the Federal Bridge Authority pilot;
• Supported operational rollout activities by developing a System Security Plan, Practice Statement (CPS), and related documentation; and developing an architectural description for the customer of the new Federal PKI Architecture.
• Coordinated maintenance of the System Security Plan and Practice Statement to support the full accreditation of the FPKIA.
• Policy lead for the FPKIOA in FPKIPA committees and working groups
• Information security architecture, program, governance, and policy development support

Confidential

Advisory Engineer

Responsibilities:

• Gained extensive experience with information security issues (data, network, directory (X.500 and LDAP, and messaging (X.400)), technology (protocols, access control functions, s, policies) and practices.
• Supported and defined product and architecture evolution to support Electronic Commerce/Electronic Data Interchange, mobile connection-oriented and connection-less messaging applications, and current commercial industry product development trends.
• Worked on many integration release proposals.
• Defined reliable routing architecture providing message guaranteed delivery using one or more alternate routes.

Confidential

Staff Principal Engineer

Responsibilities:

• Actively coordinated, provided direct technical support to, and participated in senior engineering review teams for, internal development projects (e.g., Open Systems Interconnect OSI Mail Handling System, Directory, EDI, etc.).
• Disseminated internally the information developed within aeronautical industry standardization forums. As a result, provided valuable input to the company's strategic new directions.
• Advised, coordinated and led the development of the company OSI Directory Pilot Independent Research and Development Program.
• Coordinated and led the company attendance team to both international aeronautical industry and inter-industry standardization forums (e.g., International Air Transport Association, International Civil Aviation Organization, International Telecommunications Union and International Standards Organization, etc.). The areas of interest supported included aeronautical message handling (i.e., IATA ICM Type B and ICAO Aeronautical Fixed Telecommunications Network), OSI Message Handling System (CCITT X.400 | ISO/IEC 10021), batch and interactive EDI (ISO UN/ EDIFACT, ANSI ASC X12 and airline industry formats), OSI Directory (CCITT X.500 | ISO/IEC 9594), definition of standardized application programming interfaces for OSI, air-to-ground communications services and protocols, Systems Management standards (e.g., OSI Common Management Information Protocol/Service CMIP/CMIS, TCP/IP Simple Network Management Protocol, etc.).
• Led and coordinated a team for the company's attendance and participation to non-aeronautical international committees including, Open Systems Environment Implementers' Workshop, European Electronic Mail Association, ANSI/ISO, and US Department of State/ITU-T (formerly CCITT).

Confidential

Engineer III

Responsibilities:

• Defined and designed EDI messaging system architecture, making use of the underlying CCITT X.400/X.500 message handling system and OSI network.
• Defined and specified functional requirements for an object oriented modeling tool to aid in producing and constructing various Access Units. Utilized the tool to define, design and generate an X.400 EDI pilot Access Unit.
• Defined and specified the functional requirements to enable the integration of all the company's messaging services into one unified environment.
• Reviewed and monitored the implementations compared to the original requirements.
• Submitted contributions to the CCITT standards committees.

Confidential

Software Test Engineer

Responsibilities:

• Developed test suites to check the international version of the Phoenix MS-DOS, version3.3 and above, executing on AT&T PCs. Defined test suites to verify the international MS-DOS with the international version of application software (e.g., WordPerfect 5.1, Lotus 1-2-3, dBase IV, etc.).

Confidential

Applications architect

Responsibilities:

• Designed the architecture, defined the requirements, and set the standards for the Italian banking system X.400- and OSI-based distributed applications network.
• Coordinated and reviewed the implementation of the system (the User Agent) with the various bank representatives.
• Defined the requirements for an X.400-based file transfer service and related User Agent; and specified the requirements for an additional security layer to the company's implementation of the CCITT 1984 X.400.
• Managed a team of 5 systems analysts and programmers to add network security to the company's X.400 based network.
• Designed and implemented the company's physical premises security system.
• Contributed to the design of Olivetti's OSI project, IBM terminal and protocol emulators (2780/3780) and to the definition of their Point of Sale architecture requirements specification and design.