SUMMARY:

• IT Security professional with a strong combination of technical ability, analytical talent, leadership skill and organizational expertise focused on achieving exceptional results in highly competitive environments that demand continuous improvement.
• Dominic has acquired many years of experience in Information Assurance/Cyber Security, Web Development and Information Support sectors.
• He is an innovative, motivated, resourceful, team - work oriented individual highly skilled with information technology implementation, support and management in both government and commercial environment.
• He maintains several industry certifications including Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), and Information Technology Infrastructure Library (ITIL).

CORE COMPETENCIES:

Certification & Accreditation (C&A) | FedRAMP/Cloud Security | Vulnerability Assessment & Management | Security Engineering & Administration | Web Application Development & Security | Incident Response | Logging & Monitoring | Configuration Management (CM) | SOC Support | SSAE16/SOC Compliance | Technical Advisory | Project Management

TECHNICAL SKILLS:

DoD/DISA eMASS, Amazon Web Services (AWS) / GovCloud, JIRA, NESSUS Security Center, McAfee ePolicy Orchestrator (ePO), DBProtect, CIRATS, MDOCS, Confluence, Qualys, ProofPoint, OpenVAS, XACTA, CSAM v3, PVCS Tracker, SAINT, WebInspect SPLUNK, ArcSight Logger, WebInspect, Confidential Fortify, Websense Web Security, Microsoft Threat Management Gateway (TMG), QRADAR, NetIQ, Symmantec Endpoint (SEP 12), Sourcefire Defense Center, Solera Networks, McAfee Firewall Enterprise (Sidewinder), McAfee Web Gateway (Web Washer), McAfee Foundstone, McAfee Email Gateway (Ironmail), REMEDY, Antigen, NIKSUN NetDetector, McAfee IntruShield, MS Sharepoint, MS Project 2010, Forefront, Nmap, Snort, Wireshark, CWSandbox, Active Directory, MS SQL Server, Encase Forensics, VMWARE and Cisco ASA.

EMPLOYMENT HISTORY:

Confidential

EHR Security SME/Consultant

Responsibilities:

• Independent assessment of technical feasibility; cost and schedule reasonableness; review of contractor deliverable security documents; and assessment of requirements, architecture and standards in deliverable documents and products.
• Ensure all applicable security requirements for the solution are identified and implemented within the requirement documents.
• Participate and engage as directed by the PM in Security Integrated Process Teams (IPTs), Design Reviews, and Working Groups to provide input on system security risks, independent cost estimates, cross-classification boundary security technologies, Platform IT packages, and other considerations which may either promote or hinder certification of new systems.
• Conduct research and make recommendations to the COR regarding system risks and security controls. Track, review, and make recommendations on Information Assurance Vulnerability Alerts (IAVA), Information Assurance Vulnerability Bulletins (IAVB) and Technical Advisories (TA) to determine possible security vulnerabilities within the current system configuration and integration approaches.
• Provide cybersecurity implementation support for Confidential compliance per DoD 8510.01 - Risk Management Framework (RMF) for DoD Information Technology (IT) and Confidential Special Publication 800-37 - Guide for Applying the Risk Management Framework to Federal Information Systems.
• Provide expert assessment and implementation of access control systems and methodology, application and file security, security practices, hostile intrusion detection and prevention, logical and physical security, network intrusion detection, cross-security boundary guards and interfaces, servers (enterprise, distributed, network), public key infrastructure (PKI), network architecture, information assurance (authentication and integrity), virtual private networks, disaster planning, and security of applications and systems from test environment to operational environment, for Confidential systems, software applications, and networks.
• Create, update & submit Confidential Security documents (such as PTA, PIA, SORN, ISA, System Security Plan, etc…) on-time for review and approval within Confidential and Confidential .

Confidential

Sr. IT Security Analyst

Responsibilities:

• Assess implementation of Confidential 800-53 Rev.3/Rev.4 security controls
• Review completeness of System Security Plans (SSP), Security Assessment Reports (SAR), contingency testing, incident response, awareness training, policy documentations and more.
• Prepare and submit Authorize to Operate (ATO) packages
• Create and review Plan of Action & Milestones (POA&Ms)
• Liaise with customers on Confidential audit and compliance requirements

Confidential

Sr. IT Security Analyst/Consultant

Responsibilities:

• Create and review Plan of Action & Milestones (POA&Ms)
• Advise on cloud security architecture and change control issues
• Review completeness of security documentation for Confidential and FedRAMP authorization efforts
• Plan, develop and execute scans for vulnerabilities using Nessus and DBProtect
• Support deployment and maintenance of ePolicy Orchestrator (ePO) and Splunk
• Track and remediate vulnerability findings for compliance
• Provide support to operations for Change Management

Confidential

Sr. Technical Security Project Manager

Responsibilities:

• Manage a team of 10 engineers and analysts across multiple work streams
• Lead project team calls to create project-specific project plans, track progress and establish timelines
• Publish minutes from project team meetings, and follow up regularly with resources to monitor progress
• Handle escalations as needed to clear roadblocks for resources
• Support program manager for global projects to complete large global projects that encompass multiple cloud locations
• Remediate SOC2 and PCI findings for compliance

Confidential

Security and Audit Focal

Responsibilities:

• Engage regularly with tower perform teams and account ISA (Information Security Advisor) to develop and execute Get-to-Green
• Manage Non-compliance ( Confidential ) and APARS issues via CIRATS
• Track creation, extension and closure of open issues
• Serve as primary interface for Issues Management to Confidential client and Confidential leadership on health/posture of Business Controls and Audit
• Review completeness of Confidential documentation for technical specification and implementation
• Track and report on Risk/Threat Letters
• Support SSAE16 team on requirements to insure audit readiness
• Assist DPE/Managers with leading meetings, presentations, escalations, and progress tracking

Confidential

Security Compliance Specialist

Responsibilities:

• Provide full life-cycle Certification and Accreditation (C&A) support for the client in compliance with Confidential and Confidential 800-53 Revision 4 standards including Security Testing & Evaluations (ST&E), Security Control Assessments, System Security Plan (SSP), Incident Response Plans (IRP), Risk Assessments (RA), Business Impact Analysis (BIA), Authorize to Operate (ATO) and Vulnerability Assessment efforts
• Create and review Plan of Action & Milestones (POA&Ms).
• Liaise with customers on compliance requirements.
• Review vulnerability scan results
• Create and review Security Assessment Reports (SAR)
• FedRAMP/Cloud Security Control Assessment Support

Confidential

Compliance Specialist

Responsibilities:

• Provide FedRAMP readiness and Confidential compliance evaluation support.
• Perform evaluations on Bureau-specific, non-financial systems to determine if they are Confidential compliant.
• Review completeness of System Security Plans (SSP), Security Assessment Reports (SAR), contingency testing, incident response, awareness training and more.
• Review Plan of Action & Milestones (POA&Ms).

Confidential

Information Security Consultant

Responsibilities:

• Support Certification & Accreditation (C&A) efforts including but not limited to Vulnerability Assessments, Security Control Assessments, System Security Plans (SSP), Plan of Action & Milestones (POAMS), and Policy Consolidation & Confidential 800-53 Mapping.
• Liaise with customers on security intrusions and provide remedial action
• Conduct security software research, assessments (Proof-of-Concepts) and make recommendations
• Provide monthly metrics on threats and vulnerabilities
• Plans, develops and executes scans for vulnerabilities using OpenVAS and Nessus
• Support day-to-day general security administration and threat intelligence efforts including but not limited to malware reporting, domain/email blocks, data transfer, ticket management, security updates and general security support.
• Analyze security incidents and formulate incident reports.

Confidential

Sr. IT Security Analyst/Project Manager

Responsibilities:

• Full life-cycle Certification and Accreditation (C&A) support for the client in compliance with the Confidential and Confidential standards including Security Testing & Evaluations (ST&E), Security Control Assessments, System Security Plan (SSP), Incident Response Plans (IRP), Risk Assessments (RA), Business Impact Analysis (BIA), Authorize to Operate (ATO) and Vulnerability Assessment efforts.
• Plans, develops and executes scans for vulnerabilities
• Perform Information System Security Officer duties
• Responsible for Information Assurance for ETA GSS and Major Application Systems
• Support System re-categorization and security control alignment efforts with the Agency implementation of Confidential 800-53 Rev.3/Rev.4
• Create, track, remediate and close POA&Ms
• Conduct security hardware/software research, assessments (Proof-of-Concepts) and make recommendations
• Provide engineering support for vulnerability management and application security tools
• Provide support for the detection, response, coordination, and escalation of issues to the Incident Response team.
• Track and monitor Personally Identifiable Information (PII) incidents, ESG and US-CERT alerts.
• Implements, enforces and communicates security policies to ensure operational integrity.
• Mentor and train junior IA staff members.
• Provide project management functions including technical leadership, quality assurance and decision oriented recommendations including providing project status, progress reporting, creating Work Breakdown Structure (WBS), risk register updates, leading meetings and any general project management related functions.
• Assist Program Manager with key deliverables.

Confidential

Sr. IT Security Consultant

Responsibilities:

• Support project manager with PMO efforts for PCI-DSS compliance
• Serve as senior advisory to Vulnerability Management and Logging & Monitoring work streams.
• Provide technical advisory and guidance for Vulnerability Management and Logging & Monitoring in the enterprise PCI-DSS remediation
• Assist project team with key deliverables.
• Lead weekly touch point meetings.
• Participate in Proof of Concepts to assist with selection of Vendor Solutions, Technologies, Methodologies and Frameworks.
• Create, track and close Plan of Action & Milestones (POAMS)
• Provides engineering analysis, design and support for security tools

Confidential

Sr. IT Security Consultant/Analyst

Responsibilities:

• Provide 24/7 SOC support for the detection, response, coordination, and escalation of issues to the Incident Response team.
• Monitor security device health and status
• Monitors security audit and intrusion detection system logs for system and network anomalies.
• Monitors user access process to ensure operational integrity of the system.
• Implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
• Provide support for Antivirus management and operations
• Ticket Management (Create, Update, Review, Prioritize & Resolve)

Confidential

Project Manager/Technical Lead

Responsibilities:

• Manage Web development and interactive projects.
• Develop project plans, specifications, and application prototypes/wireframes.
• Manage project change orders and impact analysis.
• Develop RFP responses, proposals and estimates.
• Conduct business process and requirements analysis.
• Contribute to new business development and marketing.
• Oversee project teams, developers and designers.
• Contribute to user interface, design and development efforts.
• Contribute to application and Web site testing efforts.
• Web page HTML and PHP code customization/modifications
• Web Server and Database installation/configuration.