OBJECTIVE:

To continue my expertise in Cyber Security within an organization that would allow me to express the knowledge, skills and abilities that I’ve gained from my prior experiences and educational training, and apply them into an existing or new network environment. My goal is to achieve a more challenging position that could lead into better opportunity for growth and advancements.

SUMMARY:

My knowledge, skills and abilities (KSA’s) varies in functional duties such as Operational, Technical and Jr. Managerial levels within the Information Technology environment. As an Information Technology Professional, I have over 17 years of experience as a Help Desk Analyst; Sr. Lead UNIX Computer Operator; Desktop Support LAN and System Administration; Backup and Recovery System Engineer; Network Security Engineer/Administrator; Information Assurance/Information System Security Officer (ISSO) and Sr. Information Security Engineer (ISSE).

TECHNICAL SKILLS:

Guidance Publications: NIST SP series, FIPS, FISMA, CNSS, DHS 4300 A/B, DIACAP, DoD8500, DOC, DOJ, DOE, LOC Directives

Servers/Operating Systems: Windows XP, Windows 2000, Windows 2000 Advance Server, Windows 2003 Server Standard/Enterprise Editions w/ ADS, UNIX, RedHat LINUX, Windows 7

Network Monitoring Tools: BigBrother, What s Up Gold, HP OpenView Console, SolarWinds, Syslog - ng, ArcSight Event Logger, SIEM EMS, RedHat Satellite Monitoring Server.

Vulnerability and Auditor Scanners: Belarc, MBSA, Nessus, LT Auditor for eDirectory, Nmap, Shavlik, NESSUS, CIS Benchmark, DISA GOLD, DISA STIGS, SRR Checklist, Symantec Control Compliance Suite (SCCS), EyeRetina

Antivirus: McAfee, Norton Internet Security Antivirus, Trend Micro Internet Security

Packet sniffers: WireShark

Remote Access: Putty, NET OPS Remote Control, Telnet, Terminal Services, VNC, RDP, Hyper-V, VPN, RSA SecureID Token

Security Assessment tools: TAF, RMF, CSAM, eMASS, Archer.

Misc: Microsoft Office Suite, Symantec Ghost Image Server 7.0, Oracle 8i/9i Client/Server, Citrix MetaFrame, Dell Server Assistant Open Management 4.x., OPNET, TAF, RMF, CSAM, eMASS, Archer.

PROFESSIONAL EXPERIENCE:

A&A Analyst/Security Advisor

Confidential, McLean, VA

Responsibilities:

• Led Joint Staff Directives (JDIRs) with the migration from DIACAP to the Risk Management Framework (RMF) process.
• Reviews AIS authorization packages for compliance and provide a determination recommendation to the certification authority.
• Tracks authorization compliance of current and future Joint Staff (JS) systems within JS - J6 networks and provide top level administration support for the Joint instance of eMASS (Joint Staff and COCOMS).
• Responsible for collaborating with the Risk Manager and Vulnerability management teams to obtain situational awareness on emerging vulnerabilities, associated with possible exploits.
• Interact with all JDIRs to ensure all security controls are validated, required network diagrams and other artifacts are provided for evidence of system compliance.
• Provides support to the Government on all matters involving the security of the information system.

Information Security Specialist

Confidential, McLean, VA

Responsibilities:

• Updated the Certification and Accreditation package for the Library of Congress the Congressional Research Service (CRS) Service Unit.
• Updated and implemented the security controls into the Archer system utilizing the Risk Management Framework (RMF).
• Performed Security Test and Evaluation (ST&E) and audits of information systems for C&A assessments.
• Collected artifacts to ensure that the system meets the expectation of the security control.
• Lead the efforts for Continuous Monitoring of the EI-GSS and Major Application by providing oversight and monitoring of the security controls of the system on an on-going basis and inform the Information Technology Security Project Manager (ITSPM) when changes occur that may negatively impact the security of the system and updated the system documentations.
• Create, maintain, and update all Information System documentation (e.g. SSP, CP, SOPs, BIA, CM, etc).
• Participated in peer review of deliverable and attending meetings.

Security Advisor

Confidential, McLean, VA

Responsibilities:

• Updated the Certification and Accreditation package for the Library of Congress the Congressional Research Service (CRS) Business Unit.
• Updated and implemented the security controls into the Archer system utilizing the Risk Management Framework (RMF).
• Performed Security Test and Evaluation (ST&E) and audits of information systems for C&A assessments.
• Collected artifacts to ensure that the system meets the expectation of the security control.
• Lead the efforts for Continuous Monitoring of the EI-GSS and Major Application by providing oversight and monitoring of the security controls of the system on an on-going basis and inform the Information Technology Security Project Manager (ITSPM) when changes occur that may negatively impact the security of the system and updated the system documentations.
• Participated in peer review of deliverable and attending meetings.

Information System Security Officer

Confidential, Herndon, VA

Responsibilities:

• Planned, developed, implemented and sustained the IT Security deliverables for the overall DHA/ECCM/DMIX Information Assurance/Cyber Security posture, which includes all the necessary security procedures, instructions, operating plans, and guidance.
• Reviewed, created and/or modified new and previous C&A documentations (DIACAP to NIST RMF conversion) to ensure that the new upcoming systems were in complaint with the NIST 800-53 Rev 4, Security Policy Directives, and DODI, DISA, DHA,FIPS, FISMA and regulated guidance documentations.
• Lead and provided oversight for Plans of Action and Milestone (POA&M) identified as part of system certifications/authorizations, audits, etc. and facilitate their closure/remediation with system/program area personnel
• Implemented, enforced and communicated security policies and/or plans for data, software applications, hardware and telecommunications.
• Created and or modified POA&M items after ST&E assessments were performed. Utilized eMASS system to track findings.
• Test/retest POA&M items and collected artifacts to ensure that the system level findings/weaknesses has been mitigated in accordance with the Corrective Action Plan (CAP) and it is in compliant with the security guidance /policy documentations
• Processed waivers and/or exceptions, as appropriate, to address POA&Ms that have adequate justification to support the waiver/exception per DHA/DMIX policy
• Lead the efforts in continuous monitoring of the major application by providing oversight and monitoring of the security controls of the system on an on-going basis and inform the system owner and authorizing official when changes occur that may negatively impact the security of the system.

Security Specialist III

Confidential, Herndon, VA

Responsibilities:

• Security Deficiency Management - Assist TMO in management, tracking, and reporting and remediation of IT security-related deficiencies, findings and security program progress in Corrective Action Plans (CAP), Plans of Action and Milestones
• Work with the Office of Information Security, Information Systems Support and Review Office, TMO Information Systems Security Officer, Systems, Database, and Network Administrators, and TMO developers/testers to implement system and application level security planning, controls, procedures and documentation for the Field Support Systems
• Ensure conformance to Census Bureau IT Security Policies, NIST 800-53, OMB, FISMA, and other applicable laws and guidance, as directed.
• Interpret security regulations/controls for appropriate implementation for the field data collection environment. Work closely with the TMO to develop business cases, risk analysis, waivers and other documentation needed to describe and justify rationale for security control implementations.

Security Analyst

Confidential, Columbia, MD

Responsibilities:

• Developed technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines.
• Performed Security Test and Evaluation (ST&E) and audits of information systems for audio panel.
• Participated in peer review of deliverable and attending meetings.
• Conducted research on emerging security threats for service representatives.

Security Analyst

Confidential, McLean, VA

Responsibilities:

• Maintained Information Assurance and Accreditation process for the Federal Energy Regularity Commission agency.
• Performed Security Test and Evaluation (ST&E) and audits of information systems for C&A assessments.
• Test/retest POA&M items and collected artifacts to ensure that the system level findings/weaknesses have been mitigated and is in compliant with the security guidance /policy documentations.
• Participated in peer review of deliverable and attending meetings.
• Conducted research on emerging security threats.

Information Security Engineer SME

Confidential, College Park, MD

Responsibilities:

• Provided support to the FDA System Owner and ISSOs to obtain the appropriate operational IA posture for a system, program, or enclave.
• Assisted in maintaining appropriate operational security posture for an information system or program.
• Provided support to the Government on all matters involving the security of the information system.
• Assisted with the development of Standard Operating Procedures (SOP), and Inventory Assets controls documentations.
• Provided support to plan, coordinate, and implement IT security programs and policies.
• Provided configuration management for security-relevant information system software, hardware, and firmware.

System Administrator

Confidential, Owings Mills, MD

Responsibilities:

• Captured installed software and hardware configuration settings and licenses of each workstation and laptops.
• Performed system migration from Windows XP to Windows 7 on workstation and laptops.
• Performed data migration and perform system inventory checks.
• Configured the specific end-user settings on each new system in accordance with the agreed installation Standard Operating Procedures (SOP).
• Re-installed end user approved software and removed all unapproved programs and applications.
• Joined device to the domain and Re-map network and local printers.
• Installed approved local peripherals devices that can be connected.
• Performed system inventory compliance scans and remove all non-operational workstations.
• Provided end user orientation.

Security Analyst/Engineer

Confidential, Reston, VA

Responsibilities:

• Installed and configured core products (ESM, Logger, Connector Appliance, and Express) on supported platforms (Linux, Windows).
• Developed basic content (rules, reports, and dashboard).
• Provided first level IDS monitoring, analysis and incident response to information security alerts events.
• Analyzed network traffic and IDS alerts to assess, prioritize and differentiate between potential intrusion attempts and false alarms.
• Launched and tracked investigations to resolution.
• Composed and sent alert notifications.
• Advised incident responders in the steps to take to investigate and resolve computer security incidents.

System Security Administrator

Confidential, Herndon, VA

Responsibilities:

• Identified security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives.
• Maintained up-to-date baselines for the secure configuration and operations of all devices.
• Participated in investigations into problematic activity
• Assisted with correcting/closing/mitigating/extending items there were identified as system level Plans of Action and Milestone (POA&M) findings and weaknesses in CSAM.
• Performed daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups.
• Provided high level Security monitoring events utilizing automated tool Big Brother network monitoring tool.
• Performed monthly/bi-weekly as required system/network vulnerability scans utilizing Nessus and EyeRetina Scanning tools.
• Maintained patch management and monitor activity for all servers and workstations to ensure service packs, hot fixes, and updates were installed and or remediated.
• Monitored and tracked Redhat Satellite server for Linux servers and workstations updates.
• Supported the implementation of the security controls by performing system monitoring and analysis of System Event logs and Syslog-ng and ArcSight Event Logger.
• Provided end user support for security solutions.
• Managed the remote access for RSA SecureID Tokens; administrator user’s account and performed weekly backup of the database and certificates.
• Developed and maintain technical Standard Operations Procedures (SOP).

Cyber Security Architect/IA

Confidential, Rockville, MD

Responsibilities:

• Planned, developed, implemented and sustained the IT Security documentation for the DHS Coast Guard Headquarters and field offices.
• Created, reviewed, and or modified new and previous C&A documentations to ensure that the new upcoming systems were in complaint with the NIST 800-53 Rev 3, DHS4300 A/B Handbook/Security Policy Directives, DIACAP and NSA regulated guidance documentations.
• Assisted in the development and implementation of IT deliverables of the overall Information Assurance/Cyber Security posture, which includes all the necessary security procedures, instructions, operating plans, and guidance.
• Implemented, enforced and communicated security policies and/or plans for data, software applications, hardware and telecommunications.
• Led the development and implementation of the Contingency Plan and Test Plan efforts to meet the statutory and practical requirements associated with NIST SP 800-34.

Information System Security Officer

Confidential, Washington, DC

Responsibilities:

• Applied information security/information assurance policies, principles, and practices in the delivery of all IT services. Utilized NIST, CNSS, DOJ, and other Federal Guideline documents.
• Ensured that all users have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to the IS and administers and witnesses sign user agreements.
• Conducted risk and vulnerability assessments of planned and installed systems to identify vulnerabilities, risks, and protection needs. Utilized DISA STIGS and SRR Checklist.
• Provided insight on items there were identified as system level findings/weakness and assisted with the how to correct/close/mitigate the Plans of Action and Milestone (POA&M) items. Utilized CARA as the tracking system.
• Created and or modification POA&M items after ST&E assessments were performed.
• Test/retest POA&M items and collected artifacts to ensure that the system level findings/weaknesses have been mitigated in compliant with the security guidance /policy documentations.
• Utilized automated tool Solar Winds to review Syslog events
• Ensured that system security requirements are addressed during all phases of the system lifecycle.
• Implemented security vulnerabilities remediation by applying Microsoft patches and software application patches on servers in accordance with prescribed policies and procedures.
• Performed system monitoring and optimizing system performance, monitoring system activity and running error reports.
• Coordinated with System Engineers in the planning and the installation, testing, operation, troubleshooting of software application.
• Created Change Request (CR) documentations. Attended and participated the Change Control Board (CCB) meetings.

Lead Information System Security Officer

Confidential, Reston, VA

Responsibilities:

• Assisted in the leadership efforts in developing and conducting structured security certification and accreditation activities for all types of Information Technology solutions supporting Agency assets, which contains all necessary security procedures, instructions, operating plans, and guidance. Utilized NIST, DHS 4300, FIPS, FISMA and other government required documents.
• Led the efforts in the development and revision of System-specific security safeguards and local operating procedures that are based on the above regulations.
• Worked closely with Certifiers to navigate the DHS ICE Certification & Accreditation process and produce all appropriate accreditation documentation.
• Led and provided oversight for Plans of Action and Milestone (POA&M) identified as part of system certifications/authorizations, audits, etc. and facilitate their closure/remediation with system/program area personnel
• Created and or modification POA&M items after ST&E assessments were performed. Utilized TAF system to track findings.
• Test/retest POA&M items and collected artifacts to ensure that the system level findings/weaknesses has been mitigated in accordance with the Corrective Action Plan (CAP) and it is in compliant with the security guidance /policy documentations
• Processed waivers and/or exceptions, as appropriate, to address POA&Ms that have adequate justification to support the waiver/exception per DHS ICE and DHS policy
• Led the efforts in continuous monitoring of the major application or general support system by providing oversight and monitoring of the security of the system on an on-going basis and inform the system owner and authorizing official when changes occur that may negatively impact the security of the system.

Information System Security Engineer Sr.

Confidential, Hanover, MD

Responsibilities:

• Developed technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines.
• Created and modified Standard Operating Procedural (SOP) documentations for Cisco PIX ASA Firewall, and a System Security Plan (SSP) template to be used for DoDI8500.2 and NIST SP 800-53 Rev3 migration to be used for up and coming DoD C&A packages.
• Implemented, enforced and communicated security policies and/or plans for data, software applications, hardware and telecommunications.
• Performed product evaluations, recommended and implemented products/services for network security.
• Reviewed and recommended the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.

Information Assurance Analyst/ISSO

Confidential, Columbia, MD

Responsibilities:

• Developed and implemented Information Security (INFOSEC) documentations for the Certification and Accreditation (C&A) efforts throughout the DOC NOAA agency.
• Performed Quality Assurance on all documents to ensure that C&A packages are IAW policies and guidelines to be presented for Authorize to Operate (AO) briefing and delivery.
• Evaluated the INFOSEC policies and procedures for compliance with regulations, guidelines and industry best practices.
• Conducted risk and vulnerability assessments on information systems to identify vulnerabilities, risks, and protection needs.
• Performed Security Test and Evaluation (ST&E) and audits of information systems for C&A assessments.
• Created and or modification Plans of Action and Milestone POA&M items after ST&E assessments were performed. Utilized CSAM and SharePoint to track items.
• Test/retest POA&M items and collected artifacts to ensure that the system level findings/weaknesses has been mitigated in accordance with the Corrective Action Plan (CAP) and it is in compliant with the security guidance /policy documentations.
• Performed intelligence gathering, vulnerability analysis, and identifies previously undisclosed software and hardware vulnerabilities. Performed technical analysis and exploitation of data from compromised systems. Read, analyzes, and interprets packet captures using various toolsets, e.g., tcpdump, ngrep, wireshark. Developed appropriate mitigation plans to address security conditions.
• Prepared Inspection and Examination Checklists for several client systems.
• Supported the implementation of the security controls by performing system monitoring and analysis of System Event logs and vulnerability assessment.
• Coordinated with System Engineers/Administrators with the planning and the installation, testing, operation, troubleshooting of software application.

Sr. Network Security Engineer

Confidential, Reston, VA

Responsibilities:

• Developed procedures for the continuation of operations of incase of disaster to the information system utilizing the NIST 800-34.
• Ensured Bureau wide standard operating system and applications are installed and configured to conform to established configuration management requirements.
• Utilized automated tools CIS Benchmark Scan tool and GOLD DISK Scan tools to perform scans on new and existing servers. Utilized automated tool BelManage and MSBA to perform baseline scans to ensure all systems were patched checked for license compliance, user privilege level, vulnerabilities, and other audits.
• Remediated security vulnerabilities and applying Microsoft patches on workstations and servers in accordance with prescribed policies and procedures. Worked with System Administrator Infrastructure Teams to resolve vulnerability issues or to complete organization wide security projects.
• Performed eDirectory audits utilizing LT Auditor to track creations, deletions and modifications of user’s accounts
• Performed day-to-day operational tasks including implementation of controls to define and remove of user’s accounts from a multi-platform environment.
• Monitored vulnerability notices from vendor, security agencies and governmental resources and generated a weekly report.
• Prepared security reports by collecting, analyzing, and summarizing system use data and trends; logging unauthorized attempts to access protected resources and commands.