HIGHLIGHTS OF QUALIFICATIONS:

• 18 years’ experience in IT Security Management CISSP
• Experienced CISO, dealing with high value systems in disparate locations

PROFESSIONAL EXPERIENCE:

Chief Information Security Officer

Confidential, Silver Spring, MD

Responsibilities:

• Threat Management
• Security Incident and Event Management (SIEM)
• Penetration Testing
• Forensics/Insider Threat
• Firewall Management
• Intrusion Detection/Prevention Support
• Security Scanning Tool Management
• Security Operations Center and Network Operations Center, combined into the SMC

Chief Information Security Officer

Confidential, Washington, DC

Responsibilities:

• Implements higher - level security requirements resulting from laws, regulations, and directives, including Confidential ( Confidential ) and Confidential ( Confidential ).
• Develops policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to Systems, networks, and data. Promotes awareness of security issues among management, and ensures that security principles are reflected in the Confidential vision and goals.
• Develops systems security contingency plans and disaster recovery procedures. Develops and implements programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures. Monitors the vulnerabilities, security alerts, and logs of Confidential systems. Ensures the application of information security/information assurance policies, principles, and practices in the delivery of all IT services.
• Develops, updates, and maintains the Certification and Accreditation (C&A) Package for the Confidential . Conducts risk, vulnerability, and impact assessments of planned and installed information systems as well as the Confidential infrastructure as a whole.
• Assesses security events to determine impact and implements corrective actions. Coordinates the review and evaluation of the Confidential infrastructure protection program, including policies, guidelines, tools, methods, and technologies. Identifies current and potential problem areas; updates or establishes new requirements; and makes recommendations for a fully compliant infrastructure protection program to be implemented throughout the Confidential . Apprises Confidential management of risks and requirements, based on impact analyses and changes to corporate policies and procedures which impact information security. Monitors computer security privileges of users, and manages the development of access control requirements.

Senior Security Manager

Confidential, Greenbelt, MD

Responsibilities:

• IT Security Manager for the GUEST contract, managing the security personnel at Confidential as well as the Information System Security Officer (ISSO) for OAIT-Business Systems. I providing security management to all personnel on the contract, updating and enforcing policies to ensure compliance with Federal and NASA directives, and securing and documenting the information systems under the OA-IT Business Systems plan.
• I was responsible for maintaining the security of the IT systems to include Continuous Monitoring, Identity and Access Control, Scanning, and documentation (SSP & POA&M). As the GUEST Security Manager I also implemented a remediation plan to secure the Common Badging and Access Control System (CBACS) vulnerabilities from the previous C&A and completely pass the next audit within a one year time frame.
• This included the elimination of over 40 system vulnerabilities and the implementation of a separate network zone to house the CBACS systems to further reduce their exposure.

Cyber Risk Analyst

Confidential, Washington DC

Responsibilities:

• I was responsible for creating a Risk Based Framework for use at the Confidential ( Confidential ) Confidential ( Confidential ) headquarters office.
• This framework defined all Certification & Accreditation activities, vulnerability scans and reporting, configuration management testing, Cyber Site Threat Statement (SCTS), Cyber Security Program Plan (CSPP), Site Risk Assessment (CSRA), Site Cyber Security Improvement Plan (CSIP), Information System Security Plan (ISSP), Plan of Action and Milestones (POA&Ms), and any additional supporting documentation.

Senior Information Systems Security Analyst

Confidential, Washington, DC

Responsibilities:

• I served as the Senior IT Security Analyst providing security assessments and recommendations for all IT assets that were considered for adoption into the production network at Confidential .
• I provided detailed recommendations to Federal Leadership about the adoption of new technologies and the impact to existing systems security posture.
• I performed all of the security assessments for Confidential .

Executive Office of the President

Confidential, Washington, DC

Responsibilities:

• I served as an IT Security Analyst providing security assessments and recommendations for all IT assets.
• In addition to assessments of new equipment and software my group was responsible for security monitoring of the EOP production network as well as ongoing random security scans.