SUMMARY:

• Provided SME support to the Pentagon, for the design of a Network Operations and Security Center (NOSC) chartered to be a single ‘Authoritative Source’ for the Pentagon’s IT services and security by collecting and analyzing ITA information, defining metrics, fusing data with relevant external information to produce Reports, Intelligence, Analytics, Forecasting and Data Exploitation in a layered Common Operational Picture (COP)/Interactive Dashboard to facilitate stakeholders strategic and tactical decision - making.
• Built the entire IT infrastructure for the U.S. Army’s Global CERT operation from inception to its current world class status, defining metrics, measurements and display dashboards for complete Situational Awareness of Army Cyber Operations.
• Served as the contract lead responsible managing Army Materiel Command’s (AMC) IA Vulnerability Management (IAVM) Program, Certifications and Accreditation of systems and Circuits, FISMA, computer security incident reporting and providing assistance to the IAPM in the oversight, planning, execution, metrics tracking, and reporting of all aspects of the Command IA Program.

SKILL:

Core Competencies: RMF/DIACAP Assessment Authorization (A&A) / Certification and Accreditation (C&A), Vulnerability Assessments, Risk Assessments, NIST SP 800 Series, DoDI 8500 Series, Security Test and Evaluation, IA Strategy and Architecture, IA Program Development and Leadership

EXPERIENCE:

Information Assurance Certification Authority Verification Validator

Confidential, Ft Belvoir, VA

• Provide Senior IA level effort in reviewing DLA RMF/DIACAP Assessment Authorization (A&A) / Certification and Accreditation (C&A) Packages, assessing FIPS-199 High cloud based systems, such as Azure, providing analysis on test results, artifacts and POA&Ms and validating whether or not the standards have been met. Established security control standards for the implementation and design of FedRAMP based systems. Responsible for reviewing packages in eMass, preparing packages for review and writing detailed Control Verification and Authorization/Certification Review Reports to go to the AO/DAA for a decision. Maintain a strict schedule of deliverables to review an initial or recertification ATO package, perform a complete analysis and produce all the reports necessary to deliver to the customer.
• Information System Security Engineer, WebSTRATIS, Dumfries, VA, Performed IA SME/ISSE functions on the development of two parallel running systems during a conversion and system fielding. Successfully obtained an ATO for the new version while maintaining the security package for the current system. This encompassed Concept of Operations (CONOPS) development, updating the POA&Ms, documentation, and security scanning of the new and legacy system to verify the security baseline with the application interoperability. Held regular meetings with the ISSO and ISSM to review POA&M status updates and report findings; contribute to the systems development lifecycle (SDLC), enterprise architecture activities and decisions. Worked with developers and engineers to patch and remediate security vulnerabilities, implement protection for the information system including network transport and data assurance.
• Information Assurance Subject Matter Expert (SME), Joint Strike Fighter (JSF), Crystal City, VA, Provide SME level effort in the Design, Development, Certification and Accreditation (C&A) of Protection Level 2, 3 and 4 Special Access Program (SAP) networks. These highly complex networks include Multi-Level Security (MLS), Secure Access Baseline for the EnteRprise (SABER) devices and connect 6 separate SAP networks while maintaining the Confidentiality, Integrity and Availability of the information amongst multiple role and multinational partners. This task had previously been 6 months behind schedule before my selection for the position. The entire Body of Evidence has been created in accordance with JAFAN 6/3 and is now on schedule to receive a full Authority to Operate (ATO) in time for the network delivery date.

President/CEO

Confidential, Woodbridge, VA

• Responsible for all, profit/loss, business management, job costing, bid and proposal contracting and human resource management for an IT company. Provided corporate strategy for quality performance and service delivery. Managed contracts supporting the Office of the Director (OD), National Institutes of Health, Bethesda, MD that provided:
• Critical and Sensitive Infrastructure Asset Identification and Certification in accordance with NIST SP 800-37, SP 800-53, and related publications
• Follow Systems Development Life Cycle Plans
• Identify the applicable administrative controls, technical controls and operational controls
• Identify and track corrective actions in addressing vulnerabilities
• Maintain an inventory of all OD applications
• Track Certification and Accreditation status of all OD applications/systems
• Develop, assess, and review artifacts necessary to the Certification and Accreditation process
• Managed compliance, conducted security scans using Trusted Agent, AppScan and Nessus

Information Assurance Subject Matter Expert, Independent Consultant

Confidential, Ft Belvoir, VA

• Provided SME level effort in creating an Information Assurance Program for the newly formed command. Deliverables included writing the command’s IA Policy, performing a full assessment of the IA posture of the organization and developing reports/action plans to correct the deficiencies. Completed a full review of Certification and Accreditation packages, systems controls inheritance and Memorandums of Understanding for all systems in the organization. Created a complete staffing model used to form the organization Information Assurance and Compliance Office.

Information Assurance Specialist

Confidential, Ft Belvoir, VA

• Served as the contract lead responsible managing Army Materiel Command’s (AMC) IA Vulnerability Management (IAVM) Program, Certifications and Accreditation of systems and Circuits, FISMA, computer security incident reporting and providing assistance to the IAPM in the oversight, planning, execution, metric creation/tracking, and reporting of all aspects of the Command IA Program. Provide regular reports to the IAPM and other senior leadership on a wide variety of topics that may affect the AMC’s network security. Represent AMC at DOD, DA, and industry IA-related meetings and conferences, and develop general IA briefings on a variety of topics as well as AMC-specific initiatives. Generate and review best business practices and white papers to ensure compliance with DOD and Army IA Security.

Business Development Manager

Confidential, Herndon, VA

• Performed Business Development as the Manager of Army Programs, providing Information Assurance planning and strategy for Army enterprises. Responsible for managing a 3 x 12-month pipeline of opportunities and assisting the sales process. Role also included driving integrator contracts and prime/sub-contractor relationships. These integrator relationships ensured the delivery of a $3.1 Services engagement. Worked to educate the sales organization on key programs, funding flows, and introductions to key decision makers. Responsible for aligning McAfee products with programs pre-Request for Proposal and working with end-users and SI Partners: Northrop Grumman, General Dynamics, STG, NCI and CSC.

Manager

Confidential, Chantilly, VA

• Performed Business Development, Marketing, Capture Management and guidance to Smartronix’ Emerging Programs Department to build an Army IT practice. Developed and maintained a Federal pipeline of long-range, mid-term, and immediate bid opportunities for Services involving Information Security Specialties. Identified and described Federal IT procurement opportunities, contracts, and contacts. Prepared and presented professional briefings to Federal Customers. Established close professional and personal relationships with the NETCOM, INSCOM and CECOM Contracting Offices. Planned and programmed job fairs, product demonstrations and symposium participations for LandWarNet, NETCOM, PEO-EIS and INSCOM. Won INSCOM SETA III with BAE, TEIS II with STG, AXISS with NG, LIWA with NG, ITES 2S with SAIC and severed as Capture Manager on a prime contract proposal for the CONUS TNOSC ($300m).

Confidential, Ft Belvoir, VA

Computer Network Operations /ACERT

• Served as the Chief of Systems and Architecture and Senior Systems Architect designing solutions in support of Army Computer Network Defense, Attack, and Exploitation. Instrumental in the creation of the Information Dominance Center. Performed the planning, development, and implementation of computer network and database management systems, engineering the data flow architecture from enterprise computer network sensor sources into data warehouses in six separate theaters that transfer information to the Army level for use in defense of the Global Information Grid. Responsible for maintaining the organization's Web services providing critical Information Assurance support to military organizations around the world. Provided reliable real-time Attack Sensing and Warning capabilities in every Regional Computer Emergency Response Team and at the Army enterprise level. Managed 17 subordinates in three subordinate sections.
• Built the entire IT infrastructure for the U.S. Army’s Global CERT operation from inception to its current world class status.
• Responsible for the initial stand-up of all the operational and support systems for the RCERT in Kuwait, coving the security of systems in South West Asia.
• Developed a ‘hot’ contingency site with complete failover redundancy for the organization.