- Cyber - security and Information Risk Management professional with 10 years of experience.
- Experience in systems and security administration.
- Experience assessing and securing numerous technologies including: SEIM, Central Logging & Monitoring, DLP, Key Infrastructure, SAAS, Cloud Architecture, Two factor/Multi factor Authentication, VPN, Cross-Domain Solutions, etc.
- Familiar with security control and accreditation frameworks such as SOX, PCI, HIPAA, FFIEC, FISMA, DIACAP.
- Familiarity with control frameworks and governing bodies such as NIST, ISO, OWASP, SANS, DISA.
- CISSP-ISSAP, CASP, CompTia Network+ and Security+ certifications.
- TS/SCI Clearance Obtained.
Information Systems Security Officer
- Provides direct cyber-security coordination and advisement to Enterprise Shared Services line of business Chief Information Officer, technology leadership, and performance delivery teams.
- Uses knowledge of line of business portfolio projects and cyber-security controls and techniques to provide security consultations with line of business technology teams to determine potential security implications of business and technology projects and initiatives.
- Coordinates cyber-security interests in business and technology projects and initiatives including exceptions to policy, vendor selection and assessment, vulnerability assessments and penetration tests, and security architecture review.
- Provides line of business leadership with explanation and interpretation of decisions and findings from Technology Risk Management, Vulnerability Assessment and Penetration Testing, Enterprise Third Party Management, Security Engineering and Architecture, and various other risk and security teams.
- Responsible for reporting and escalating any cyber-security issues, questions, or concerns from within assigned line of business that may have enterprise-wide implications.
Information Risk Lead Specialist
- Performs application security and risk assessments including development procedures, security architectural impact, access control methodology, encryption, web access, cloud storage, mobile device access, Service -oriented Architecture, wireless networks, and VPN solutions.
- Performs security consultations with financial institution clients to determine security implications of technology projects.
- Develops risk acceptance and mitigation documentation for presentation to data owners and senior management.
- Coordination of risk mitigation and acceptance strategies with business and technology stakeholders through recommendations of industry best practices and controls found in control frameworks such as OWASP.
- Coordination and design of exceptions to industry best practice, bank policy and procedure, and existing doctrine.
- Reporting and presentation of overall Line of Business Risk through direct ongoing Business relationships.
- Tracks, monitors, and reports assessment findings and remediation activities through Archer eGRC, Microsoft Office, Sharepoint, and other standard tools.
Information Assurance Engineer
Colorado Springs, ColoradoResponsibilities:
- Ensured Department of Defense classified information systems enclave met compliance with all cyber security and Information Assurance (IA) controls per the DISA Information Assurance Certification and Accreditation Process (DIACAP), Federal Information Security Management Act of 2002 (FISMA) and DISA Security Technical Implementation Guidelines (STIGs).
- Performed auditing and verifications of controls compliance to support Certification and Accreditation (C&A) activities.
- Developed and maintained accreditation packages, standard operating procedures, and Disaster Recovery/Continuity of Operations plans including impact analysis and recovery procedures and exercises using Enterprise Mission Assurance Support Services (eMASS), Sharepoint, and Microsoft Office.
- Developed enclave incident response plans and held a leadership role on the security incident response team.
- Performed vulnerability assessments, analysis and penetration testing using various tools including Nessus, Retina, NetScout, Nmap and Wireshark.
- Assisted system administration personnel in vulnerability mitigation and patching of Windows, RedHat Enterprise Linux, VMware and Solaris systems.
- Managed configurations and maintenance of Microsoft Active Directory, Cisco ASA Firewalls, IDS, and IPS systems, Cross Domain Solutions and Juniper Routing/Switching systems.
- Managed the configurations and access control for system developers and development systems including Microsoft Visual SourceSafe.
- Coordinated security efforts with system and network engineers, configuration management team, physical security manager, agency management and government customers.
- Managed and mentored information assurance intern to provide training and guidance in cyber-security and information security principles.
- Completed 40 hour training course for McAfee Host Based Security System Administration
Colorado Springs, ColoradoResponsibilities:
- Responsible for daily operations, logging, monitoring and archiving, and basic troubleshooting on Microsoft Server 2003 and Active Directory, UNIX server equipment and Sun Solaris workstations, and Cisco and Juniper network security devices.
- Fulfilled the role of security administrator for proprietary guard/cross domain solution equipment to fulfill information access control filtering of confidential information.
- Performed vulnerability assessments through the use of eEye Retina Vulnerability Scanning tool DISA STIGs and Gold Disk procedures to ensure DIACAP compliance was met.
- Coordinated local incident response procedures with military response personnel and alternate site personnel.
- Responsible for analysis and troubleshooting of the signal flow of ground leased-line circuits and ground communications systems between geographically separated facilities.
- Performed periodic loading, handling, and destruction of hardcopy and electronic cryptographic material used in satellite control and monitoring and telecommunications devices.
- Coordinated command and control functions and network operations between geographically distant locations including failovers, redundancy testing, and parallel testing of operational procedures and software.
- Coordinated satellite control operations, information technology projects and troubleshooting efforts between various government contractors, Government employees, and military personnel.
Sergeant, Senior Satellite Controller Ft Meade,
Maryland / Peterson AFB, Colorado
- Responsible for the daily operations, maintenance and troubleshooting of satellite communications and control equipment including multiplexer, modems, amplifiers, and upconverters.
- Performed electronic diagnostics using spectrum analyzers, oscilloscopes, and voltmeters.
- Ensured compliance with various DISA, NSA, DoD, and Department of the Army information security controls for highly classified US Army satellite communications and controls systems and telecommunications systems.
- Responsible for the storage and operations of cryptographic material including key loading and destruction, accountability, and issuance.
- Managed and supervised the daily operations of a technical operations center and operations staff.
- Developed, implemented, and managed organizational physical security programs including identity management, access and entry control, and monitoring and surveillance systems.
- Responsible for oversight and implementation of network outage troubleshooting and recovery including the replacement of operational equipment and rerouting of traffic to redundant equipment or redundant control sites.
- Performed user acceptance testing and quality assurance for new operational software during development.
- Prepared and presented training on operations security, communications security, and a variety of technical Satellite Communications topics.
- Prepared and presented program overview and status presentations for senior military leadership to ensure organizational visibility and support from senior level command structure.
- Completed numerous training courses and certification courses for satellite control hardware and software.
- Graduated from the Confidential Warrior Leader’s Course