- Responsible for security testing and data analysis on systems including Client - Server, Workstations, Mid-range systems, Mainframes, and Network infrastructure devices. Also validated site’s documented security policies and procedures to ensure they are implemented as documented.
- Adept in developing effective security policies, procedures, project documentation, and technical/business specifications.
- Subject matter expert level of knowledge in developing, implementing, and maintaining (e.g., due care) strategic, technical, and operational security plans, diverse security architectures, risk management strategies, and security programs.
- Federal and DoD Cybersecurity expertise, with emphasis on DoD Information Assurance Certification and Accreditation Process (DIACAP - 8510.01) and Federal Experience using NIST Special Publications (800 series).
Senior Systems Engineer
- Held the IA Team Lead position for Information Assurance Officer (IAO) support for the NSWC Dahlgren Core Networks.
- Supply senior level technical and operational expertise in reference to the NETWARCOM, NAVSEA, and DoD DIACAP process.
- Conduct Information Assurance Officer (IAO) duties for 3 Core RTD&E Network systems.
- Develop the NSWCDD Core Network Inheritance process for Core Network child system Inheritance.
- Register and Revise systems within the Navy eMASS system.
- Added, Edited, and Deleted Network connected devices into the Corporate database (IPA) for asset tracking and monitoring.
Senior Systems Engineer
Confidential, Quantico, VA
- Validate systems in accordance with DODI 8500.2 using SCAP tools (Eeye Retina), DISA SRR’s, Platinum Gold Disk, Manual checklists, and 8500.2 validation procedures.
- Develop physical rack elevation and cabling diagrams for the NexGen Validation and Verification Lab.
- Supply Marine Corps Validation expertise in reference to the DoD DIACAP and Marine corps IA processes.
- Develop, review, and validate DIACAP artifacts following DON and Marine Corps policies and guidance.
- Review NMCI and Hewlett Packard NexGen Architecture and Configuration documentation for implementation into the NexGen Validation and Verification Lab.
Senior Systems Engineer, Dahlgren, VAConfidential
- Supply senior level technical and operational expertise in reference to the DoD DIACAP process.
- Develop, review, and validate DIACAP artifacts following DON, NETWARCOM, and NAVSEA policy and guidance.
- Develop, review, and validate Platform IT (PIT) and Platform IT Risk Acceptance (PRA) artifacts following DON, NETWARCOM, and NAVSEA policy and guidance.
- Conduct Information Assurance Officer (IAO) duties for 14 Naval RTD&E systems.
- Validate systems in accordance with DODI 8500.2 using SCAP tools (Eeye Retina), DISA SRR’s, Platinum Gold Disk, Manual checklists, and 8500.2 validation procedures. Complete the Validation Report and Certification Determination for the applicable systems.
Senior IA Engineer, Stafford, VAConfidential
- Supply senior level technical and operational expertise throughout the Marine Corps System command DIACAP process.
- Responsible for evaluating ST&E plans, traceability matrices, and residual risk assessments that were constructed based on the instructions presented in DoDI 8510.01 (DIACAP). These duties include, but are not limited to assisting clients with system security hardening and baseline development, analysis, and auditing as well as analyzing detailed system design documents, network topologies, operational procedures, and other security centric documentation in order to obtain an ATO.
- Provided analysis of DITSCAP and DIACAP C&A packages for Marine Corps Systems Command (MCSC) under a very constrained project schedule.
- Developed CA Risk Assessments and C&A Recommendations for high visibility systems during development or at time of fielding to ensure they meet the technical and non-technical security requirements.
- Mentor a team of C&A Analysts and junior IA Engineers to ensure the IA program provided outstanding customer service as the deputy team lead.
- Offer valuable insight and direct program IA expertise to the MCSC DDAA and CA.
- Supported the MCSC SIAT IA training program.
- Provided IA expertise and supported the client during DIACAP Information Assurance Control Implementation Determination (IACID) meetings, DIACAP Implementation Plan (DIP) Reviews, Independent Verification and Validation (IV&V) testing evolution, and comprehensive DIACAP C&A package reviews.
Senior Security Engineer, Stafford, VAConfidential
- Supply senior level technical and operational expertise throughout the entire Marine Corps System command C&A process.
- Act as a liaison for the IA team and client representatives in order to successfully manage the IA team and complete contract deliverables in a timely, professional, and organized manner.
- Review client DITSCAP and DIACAP C&A packages for Marine Corps Systems Command (MCSC) under a very constrained project schedule.
- Recommend the certification of mission systems during development or at time of fielding to ensure they meet the technical and physical security requirements.
Senior Security Engineer, Washington, DCConfidential
- Develop C&A Security Accreditation Packages (SAP) including: System Security Plans, SCAs, Risk Assessments, Contingency Plans, MOU/ISA, and Configuration Management Plans for multiple clients.
- Evaluate Security Technical Implementation Guides (STIG). This includes, but is not limited to: Assisting clients with system security hardening and baseline development, analysis, and auditing.
- Develop and maintain POA&Ms for several DITSCAP/DIACAP projects.
- Construct detailed weekly reports in order to provide our clients with a review of our accomplishments.
- Performed extensive vulnerability assessments against client systems to ensure Federal Information Security Management Act (FISMA) and DITSCAP compliancy.
- Worked in completing the Veterans Benefits Administration (VBA) C&A in 6 months from a previous 3 year schedule.
- Created the VBA template for System Security Plans (SSP) using the latest version of the NIST SP 800-53 as a guiding reference.
- Have a working knowledge for most of the NIST guidance documents reference for C&A.
- Mentor a team of C&A Analysts and ST&E engineers to ensure the IA program provides outstanding service.
- Assess client networks using Retina, ISS, AppDetective, Platinum Gold disk (PGD) and various other security tools.
- Analyze data and recommend remediation for vulnerabilities.
- Review client FISMA tool reviews and recommended FISMA survey additions to simplify the users experience.
- Conducted physical security assessments, lead engineering activities, conduct site interviews, etc.
- Familiarity with Department of State, Department of Transportation, Veterans Affairs, and Department of Defense Certification and Accreditation (C&A) processes. (DITSCAP, DIACAP, and NIST)
Senior Security Engineer, Washington, DCConfidential
- Develop security documents to include: Security Test and Evaluation (ST&E), Site Surveys, Risk Assessments, and Continuity of Operations (COOP) with data gathered from the client sites.
- Assess client networks using NESSUS and RETINA vulnerability scanners.
- Analyze network assessment data and recommend remediation for vulnerabilities in accordance with OMB, NIST and DOT standards.
- Conducted penetration tests on client networks using the Open Source Security Testing Methodology Manual (OSSTMM).
Information Security Analyst, Arlington, Va.Confidential
- Developed the Defense Information Systems Agency (DISA) Information Operations Condition (INFOCON) procedures. These procedures were developed in accordance with CJCS CM-510-99 and other service documents.
- Scan the area networks for rogue servers and find vulnerabilities. Use automated tools such as NMAP, ISS Scanner, GFI LanGuard, Etc. to locate and mitigate vulnerabilities on network assets.
- Revised the DISA Information Assurance Vulnerability Alert (IAVA) handbook. I worked with the Vulnerability Management System (VMS) and analyzed what reports and statistics were needed by the agency and recommended reporting procedures and analytical reports.
- Revised the DISA Information Assurance Division IAVA daily reporting procedures to reduce the number of hours it took to generate reports.
- Maintained daily and weekly DISA IAVA vulnerability reports for IAVA vulnerability statuses.
- Worked with agency Information System Security Manager (ISSM)’s to correct non-compliant assets and to mitigate open systems.
- Developed a compliance validation process that incorporates DISA’s vast activities for overall system compliance. This hierarchical process uses the current activity structure but gave responsibilities to the ISSMs and ISSOs.
- Analyze registered system data for inconsistencies in vulnerability information and fix information. Analyzed the vulnerability assessment with the VMS database to find inconsistencies in agency reporting.
- Develop standards and policies for quicker and easier system validation.
- Assist in the review and editing of SSAA’s, MOA’s, and MOU’s for submission to the Certification and Accreditation (C&A) review office. Familiar with the DITSCAP process and the DoD C&A process.
- Troubleshoot network/workstation problems for the branch.
- Track the IT inventory for the branch and perform equipment auditing for the agency.
- Train federal and contractor personnel on the use of various office applications and tools.
Security Analyst, Quantico, VirginiaConfidential
- Managed and coordinated a small team in scanning and reviewing all web sites residing within the Marine Corps Enterprise Network for Information Assurance.
- Conceived, developed, and implemented official Marine Corps web site policies and security procedures.
- Coordinated and conducted ISS Internet Scanner vulnerability assessment scans on web servers throughout the Marine Corps Enterprise Network.
- Managed, maintained, and updated the Marine Corps Network Operations Center web sites.
- Assisted in development of policies to establish Marine Corps standards in web site development pertaining to handicap accessibility in accordance with Section 508 of the Rehabilitation Act.
- Assessed all Marine Corps web sites for compliance with Federal and DoD web site policies and procedures.
Web Developer, Quantico, VirginiaConfidential
- Developed and administered the Marine Corps Y2K web site. (The information disseminated helped streamline the transition to Y2K compliant systems across the global Marine Corps Enterprise Network.)
- Managed the data collection of over 200 Marine Corps Y2K mission critical systems.
- Recognized by superiors for achievement.
Microwave Communications Operator, CaliforniaConfidential
- Supervised a team of over 30 members.
- Instructed team members on technical duties pertaining to individual skills.
- Supervised team training functions involving coordination with other departments.
- Configured and operated tactical microwave communications equipment in tactical and non-tactical environments.