SUMMARY:

• Experienced Information systems professional, career covers Bell Labs, Siemens, Raytheon and 26 years supporting DoD Services & Agencies network operations design and testing. Extensive knowledge of DoD security networks, DISA data centers, Intel Community - consulting security practices and procedures.

TECHNICAL SKILLS:

Security: ISO/IEC 27001 implementation, Supply Chain Risk Management, DOS attack tools, DDOS attack tools, Vulnerability scanning Splunk, Metasploit, Wireshark, Nessus, SecureView, Nmap, Netcat, HPing, Ethercap, EnCase, Windows (netstat, NBTstat),

Packet capture: (Tcpdump, Packetyzer)

OS: Linux (Ubuntu, RedHat, SuSe), Windows 2003

Experience: Project Management (PMBOK), MS Office, SDLC, Network Architecture DoDAF2.0, BEA 9.0, FEA, Process Improvement ITIL v3,

Information Systems/ Cybersecurity: DoDI 8500, 8510.01, DoD 8502.2, DIACAP/DoD 8500.2/MAC, DCID 6/3NIST SP 800-53 rev4, NIST SP-800-30, NIST SP 800-171, FISMA, FIPS, Audits HIPAA, PCI - DSS, COBIT, CSAM, ISO 9001, ISO/IEC 27001, ISO/IEC 20000-1, FEDRAMP

Networks: PTSN, DSN, TSN, DRSN, JWICS, DISN (NiPRnet & SIPRnet), GIG-BE, DATMs-U, DISN SONET (BWM), DMS, EMSS, DISA-CSD OOBN, IPS/IDS, HAIPE, VPN, VoIP, LAN/WAN

PROFESSIONAL EXPERIENCE:

Risk Analyst

Confidential, Vienna, VA

• Reviewed published standards and provided feedback to upcoming audit.
• Performed gap analysis between current client documentation and standards compliance requirements.
• Worked closely with management to address identified gaps and compile data that supports policies and procedures.
• Provided objective and clear understanding of risks and vulnerabilities related to the client’s assets.
• Developed;
• Business Associate Policy
• Business Associate Risk Management Procedure
• Risk Register
• Policies and Procedures process flow

ISO Consultant

Confidential, Herndon, VA

• Conducted ISO/IEC 27001:2007 Internal Audits at Goldbelt Hawk LLC, VA and TechTrend, Inc., VA. Reviewed and checked companies’ compliance to the 114 security controls (SOA ISO 27001:2013 Controls). Provided Security Awareness Training to staff members and Gap Analysis of documents and records. Participated as a member of the Audit Team.
• Conducted ISO 9001 Stage 1 and Stage 2 as Auditor-In-Training at DKW Communications Inc. and Appteon, Inc.. Included Gap Analysis and a demonstration on mapping existing documents to the ISO 9001 mandatory documents. Conducted interviews with company executives and management staff.
• Conducted ISO/IEC 20000-1: 2011 & ISO/IEC 27001: 2007 Surveillance Audits as Auditor-In-Training at NOVA Corp, PA., and DCCA, Columbia MD. Reviewed customers’ documents and records to ensure continued compliance with standards. Trained internal auditor to be able to independently audit their ISO/IEC 20000-1 & ISO/IEC 27001 management systems.
• Perform Gap Analysis on customer’s data, conducted Internal Audits in preparation for ISO 9001:2008 Stage 1 and Stage 2 at Mainstay LLC, Arlington VA. Provided Awareness Training to executive staff and provided guidance on maintaining document readiness for next audit.
• Hands on development experience in service management process. Developed ISO 28001:2007 Supply Chain Management System at Confidential ISO 9001:2008, ISO 9001:2015, ISO/IEC 27001:Lead Auditor
• Conducted ISO 9001:2015 Stage 1 and Stage 2 audit to company in Fairfax VA

Sr. Security Engineer

Confidential, Chantilly, VA

• Developed and implemented IT policy domains to organize and communicate polices
• Developed survey for user groups in order to update and implement new performance metrics
• Defined and rewrote service catalogs for publication
• Revised/updated Communications Plan
• Validated technical, management and operation controls, analysis and assessment
• Updated CSAM with findings, documentation updates (SSP), report on POAM status

Solutions Architect

Confidential, Annandale, VA

• Lead-Computer Based Training Security Architecture
• Project solution developed based on SOW, knowledge of DoDAF, EA, and DoD security practices.
• Developed data collection methodology for analyzing user network requirements/trends.
• Prepared RFP responses to ATM Tech Refresh project

Doctoral Program

Confidential, Falls Church, VA

• Full time PhD student - Computer Science

Sr. Systems Engineer

Confidential, Chantilly, VA

• Change and Process Management Initiative for DISA NSF
• Researched “as-is” and drafted “to-be” state for DISA Circulars, Instructions and SOPs.
• Base-Level Support Guideline Circular supporting the DISN security operations.
• Conducted review of security documents to identify gaps between doc and policy and guidance
• Primary point of contact (SME) for ATM Tech Refresh and UC Requirements 2010(UCR 2010) Working Groups.

Installation Project Manager

Confidential, Chantilly, VA

• Point-of-Sales (POS) project for CONUS military commissaries
• Supervised test engineers, installers, programmers and electricians.
• Briefed stakeholders and customers and provided progress and resource reports.

Project Manager/ Systems Architect

Confidential

• Served as primary point of contact for support agencies, technical groups, vendors and customers.
• Supported network security, data integrity and availability at data center NOC HQ.
• Assessed and evaluated DISN ATM, Frame Relay and NIPRnet/SIPRnet connections to CSD data centers.
• Coordinated with FSO and vendors to identify LAN vulnerabilities and assist with security upgrades.
• Researched and edited DECC COOP and DRP.
• Project Lead - IC/DECC SCIF design and installation:
• Prioritized workflow between support teams to meet project schedule
• Worked closely with senior leadership and stakeholders to document system compliance.
• Assisted with C&A packages, coordinated with DISA NS to review NIPRnet and SIPRnet connections.
• Coordinated security compliance and vulnerability test, reviewed policies and procedures with DISA/FSO.
• GIG-BE IOT&E plan team:
• Reviewed STIGs for compliance and validated DIACAP/ C&A package
• Surveyed, interviewed and documented user community prior to IATO.
• DISN Optimization Project Lead - GIG-BE:
• Participated in Table-top and SRR of classified and unclassified network peering points.
• Presented management with technical progress reports on site readiness.
• Developed user/system performance test and analysis procedure.
• Data Center OC-48 & Diversity connection technical lead:
• Researched and evaluated bandwidth and connectivity requirements.
• Coordinated with NS to complete process steps to ensure approval of ASIs.
• Developed POA&M for testing phase completion.
• Out-of-Band Network implementation across CSD data centers:
• Documented project scope, identified risks and dependencies to ensure proper planning.
• Conducted technical review of CSD data center infrastructures.

Sr. Functional Analyst/ Engineer

Confidential, Reston, VA

• Supervised data center migration across DISA data centers.
• Network survey and analysis of naval communications assets.
• Project engineer and manager on two wireless projects.
• Researched and documented DoD programming requirements.
• Team member on Bosnia Operational C2 Augmentation Program - 3 node CONUS demonstration.
• Architected and installed VTC system for in-house DoD service.