SUMMARY:

• As a mission driven, and goal - oriented Information System Security Professional with over 20 years’ experience and certifications in Information Technology and Information Security, possess hands-on executive, managerial, and technical experience in the Corporate and Confidential environments.
• Proven ability to bring benefits of IT solutions to solve business issues while managing costs, and budget. Specialize in building security from the ground up, standing-up high-performing advanced security testing teams, and developing strategic plans for agency-wide implementation to address the operations of client services, product support, quality assurance, and information security training.
• Interface regularly and deliver positive Cybersecurity messages to senior vice presidents, and other high-level executives.
• In addition, bilingual (fluent in Spanish), and able to communicate across diverse organizations while developing business strategies.
• Information Technology Infrastructure Library FISMA/SOX/HIPAA/DOD/FISCAM Compliance
• Organization and Staff Development Data and Information System Protection & Training
• Agency Wide IT Delivery & Project Management Implement Organizational Changes
• Dynamic information assurance, security engineering, and cyber security management career with strong strategic, tactical, and innovative leadership, crisis management, trouble-shooting, problem solving, project management, and negotiating skills.
• Able to recruit, develop, motivate employees, and have the ability to structure teams that deliver results and savings.
• Full responsibility for multi-million dollar budgets. Confident under pressure

PROFESSIONAL EXPERIENCE:

Confidential, MD

Business Owner/Senior Security Engineer

Responsibilities:

• As a business owner, and senior information security consultant for the Confidential and Commercial sectors, manage teams responsible for the development, implementation, and maintenance of company and Confidential information security programs.
• Additionally, prepare responses to Requests for Proposals; oversee all of the financial aspects and operational aspects of the company; and network the company out seeking new customers/work.
• Worked with the Small Business Administration (SBA) to obtain the HUBZone certification and with the Veterans Administration to obtain the Service Disabled Veteran Owned Small Business (SDVOSB) small business certification. Currently working with the SBA on the 8a certification.
• Ensure information assets and intellectual property and IT infrastructure are properly protected through automated solutions and/or manual processes.
• Acted as a Contract Chief Information Security Officer ( Confidential ) for one non-profit lending firm, a large textile company until they hired a permanent Confidential, and a printing company.
• Collaborated with different stakeholders in different companies or organizations to develop a risk management framework for several organizations, implement a vulnerability management program, hire consultants to conduct penetration testing.
• Worked with business owners and Chief Technology Officers (CTOs) to implement security policy, standards, guidance and repeatable processes.
• Provide different types of services to different organizations, to include: information security, security engineering, information assurance, cyber security, event log monitoring, program management, IT auditing, implementation management, risk management, security controls assessments, source code analysis, vulnerability management, and pen testing.
• Oversee programs and projects, and provide senior level consultation to organizations that require compliance with the Confidential Information Security Management Act (FISMA), Payment Card Industry (PCI), Sarbanes Oxley (SOX), and Health Information Portability and Accountability Act (HIPAA).
• Utilize National Institute of Standards and Technology ( Confidential ), Confidential Risk and Authorization Program (FedRAMP), Open Web Application Security Project (OWASP) and/or DoD Information Assurance Certification & Accreditation Process ( Confidential ) guidance to build, document, and assess systems.
• Program reviews for different organizations.
• Application and Network vulnerability scanning and penetration testing for: NOAA, CMS, DOE, CFF, and USB.
• Run Burp Suite Professional, Nessus, Acunetix, and Rapid 7 Metasploit to assess security on several applications and general support systems.
• Security Controls Assessments for: Confidential, NOAA, CMS, CFF, DOJ, and USB.
• Security engineering documentation development for Confidential, and DOJ.
• Run and review results for Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs), specifically for MS-SQL servers for CMS.
• Reference OWASP, Confidential, and Confidential guidance to perform testing and/or assessments, and develop security-related documentation, to include System Security Plans (SSP), Information System Contingency Plans (ISCP), and Configuration Management Plans (CMP), architecture and engineering documentation, to include designs in Microsoft Visio. Develop reports. Brief upper management on issues identified on their systems or with their processes.
• Collaborated with a cloud service provider (CSP) to meet FedRAMP security requirements during the security controls assessment and implementation of a DOJ/EOUSA cloud solution/application on box.com. Also developed the application-specific security documentation, to include the CMP, ISCP, and SSP. Used Cyber Security Assessment and Management (CSAM) to upload documents, and download documents for review.
• Supported Zen Strategics on a 3-month engagement to manage the security controls assessment projects, and assess for two major NOAA general support systems, involving the Security and Network Operations Centers.
• Supported the Confidential ’s Enterprise Security Audit Trails (ESAT) Program to develop audit plans, referencing Confidential 800-53 Revision 4 Audit and Accountability controls.
• Provide (d) information security program, security engineering, and project management support for the Patient Protection and Affordable Care Act (PPACA) Information System being developed and implemented at the Confidential . Work includes:
• Guided PPACA on risk management, conducting security assessments & authorizations, conducting technical security assessments, developing security engineering documents, SSP’s and audit plans, reviewing Security Assessment Reports (SAR) and ISCP’s, developing, reviewing and updating Plan of Action & Milestones (POA&Ms). Developed the security sections for the Design Specification Report (DSR) for several systems.
• Oversaw the security engineering and implementation of the infrastructure supporting the Affordable Care Act (ACA) Information Systems. Supporting event log monitoring, vulnerability management, change management, penetration testing of different ACA releases, and audit plan testing. Supported the integration and configuration of SiteMinder, JBoss, webMethods, Oracle, ArcSight, and Greenplum into ACA.
• Developed the Confidential baselines for Red Hat Enterprise Linux (RHEL), JBoss, and webMethods.
• Provided smart grid security and cyber security support to Exelon/Baltimore Gas & Electric on their implementation of the Smart Grid. Reviewed ArcSight rule sets, analyzed systems for non-compliance, and reviewed auditable events for incidents. Updated POA&Ms and milestones. Developed, reviewed, and provided quality control Exelon policies and standards.
• Provide cyber security and information assurance training to individuals in a class room environment. Training includes security fundamentals, vulnerability management, and how to perform a security controls assessment using Confidential 800 series guidance.
• Several classes have been Pro Bono.

Confidential, Lanham, MD

Director/Associate Director/Senior Security Engineer/Senior Security Analyst

Responsibilities:

• As the Associate Director for Cybersecurity Operations from 05/2010 to 11/2012, provided leadership to the operations staff and managed the daily security operations at over 900 Confidential sites, thousands of information systems, and for over 100,000 users.
• Led and assisted in managing a staff of 120+ and over 40 contractors who are responsible for 24x7x365 monitoring, auditing, and safeguarding the Confidentiality, Integrity, and Availability (CIA) of Confidential information systems, to include Major Applications (MA) and General Support Systems (GSS), which transmit, process, or store Personally Identifiable Information (PII) and Sensitive but Unclassified (SBU) data. Work to meet all FISMA compliance. Utilize Confidential guidance to develop SOP’s and perform work.
• Led the successful transition from a legacy, geographic-based organization, to the Information Technology Infrastructure Library (ITIL) model around services and functions. This transition provided clear ownership of key processes and services. During this transition, successfully eliminated redundancy while leveraging capabilities across Confidential campuses and computing centers and also assisted in increasing employee satisfaction and reducing the number of front-line managers from 12 to 8. Also transitioned 77 employees from the 080 to 2210 series.
• Collaborated to integrate ArcSight ESM into the existing infrastructure. Successfully tested audit plans in conjunction with the deployment of ArcSight agents, connectors, and loggers on all UNIX servers.
• Developed a Concept of Operations (CONOPS) for the organization while providing hands-on leadership and guidance in developing and/or updating of several Confidential information security policies and 19 Standard Operating Procedures (SOP).
• Exceeded expectations when a true IT Security Auditing function, and a Vulnerability Analysis service was implemented. Developed all of the SOP’s for the various shops.
• Established and improved three (3) Operational Level Agreements with other business units within the Confidential that improved service quality for stakeholders.
• Led an IT project that enhanced security and reduced fraud on the Enterprise Confidential Payment Posting System.
• Led, developed, and managed the delivery of security awareness briefings and communications for the entire Confidential .
• Assist in managing a budget (labor, contractor, solution, training, travel, supply) of over $20 million dollars.
• Own and monitor the following internal common controls at the Confidential: Awareness and Training, and Auditing,
• As the Director of Criminal Investigations (CI) Cybersecurity from 11/2009 - 05/2010 , successfully provided executive leadership to Criminal Investigations as I stood up a new Information Security Program. Also led and managed CI’s Security Operations, Disaster Recovery/Business Continuity, FISMA Compliance departments during that six-month timeframe.
• Completed a Program Review for Information Security Management Assistance (PRISMA), which assisted CI in standing up their Cybersecurity/Information Security Program while improving other areas throughout CI, to include: improving support to their critical infrastructure protection planning; and facilitating an exchange of effective security practices with the Department of Justice and other agencies within the Confidential community.
• Managed a small staff to include contractors. Laid the groundwork to recruit and hire new employees into the security program; and by 2011, eight new employees began work within the security program.
• Integrated an automated vulnerability scanning solution into CI’s infrastructure to identify risks, and save countless man hours where this function had been completed by two CI personnel.
• Developed two new information security policies, and updated three different SOP’s to include vulnerability scanning, business continuity, and other functional services of the information security program.
• Successfully stood up the new Advanced Technical Analysis group which would be responsible for delivering advance security training, conducting source code analysis, application and network penetration tests on over 200 Confidential information systems, and in support of Certification & Accreditation (C&A) of information systems.
• Successfully spearheaded the development, implementation, and instruction of the CISSP Bootcamp and the Security+ training for the entire service while saving the Confidential over $160k in training dollars in a 28 month time frame.
• Oversaw the successful security engineering of the Confidential HSPD-12 Smart Card technology that would be used as Single Sign-On technology on all Confidential laptops. Implemented in 2010.
• Oversaw the successful procurement and implementation of BDNA ($3.5 million), nCircle ($2.6 million), AppScan Source ($800 thousand), AppScan Web ($1.8 Million), Guardium ($3.2 million), and Axway ($1.1 million) into the Confidential .
• Managed a budget of nearly $30 million dollars and a staff of 65 to include government workers and contractors while overseeing all of the security engineering for Confidential applications and information systems.
• Acted as the Information System Security Officer (ISSO) for the Confidential Development and Test GSS for the Confidential, managed the daily security operations for over 200+ servers, major applications, minor applications, and the network boundary infrastructure to include routers, firewall's, IDS, and switches.
• Led and managed several security engineering projects and provided projects with support by leading Security Architecture consultation, Security Impact Assessments, Security Risk Assessments, IT Assurance, and ensuring that the application development and other projects are following the Confidential ’s System Development Life Cycle, and the Confidential ’s Enterprise Life Cycle (ELC). Updated design documentation.

Confidential, Washington, DC

Senior Information Security Services Consultant/Engagement Manager/Lead

Responsibilities:

• As a member of the Confidential Information Security Services program, led and provided Information Security and IT Audit support. Confidential customers included Department of Energy, and the DOJ’s Drug Enforcement Administration (DEA), and Justice Management Division (JMD).
• Managed and performed Infrastructure and Application Vulnerability Assessments, C&A, Policy Review, DR/BCP, Risk Assessments, Penetration Testing, Wireless Reviews, IT General Controls, Applications (Oracle, MSSQL, SAP, Hyperion, Lawson, etc.) and Security Controls testing in support of HIPAA, PCI, SOX, Confidential Information System Controls Audit Manual (FISCAM), and FISMA.
• Reviewed all SAP user IDs and user roles, all sensitive SAP activity groups, and perform an internal audit on these activity groups in the SAP production environment.
• Utilized knowledge of OMB-A 130, Appendix III, and Confidential guidelines, including 800-18, 800-26, 800-30, 800-31, 800-37, 800-53, 800-61, and Confidential, to support the preparation and approval of SSPs or System Security Authorization Agreements (SSAAs)
• Audited and tested the Administrative, Physical, and Technical security safeguards at the Veteran Administration hospitals required for HIPAA compliance.

Confidential, Washington, DC

Senior Systems and Security Engineer

Responsibilities:

• As a member of the Network Infrastructure and Security team, assisted in the planning, procurement, engineering, and installation of all networking and personal computing equipment using Confidential and National Security Agency (NSA) guidelines. Also managed a team of four security engineers.
• Administered Windows 2000 Pro & Server, Linux and XP desktop Client/Server local area network, providing IT audit support, system security scanning, and using VERITAS as backup and recovery software.
• Consulted and provided tighter security using Tivoli on UNIX/Linux systems.
• Assisted with C&A type deliverables to include the SSP and the SAR.
• Assisted with Confidential 3600 Series routers and Catalyst 4006 switches. Configure ports and run cable from workstations to the switch. Assist with the implementation and configuration of a local VPN.
• Worked with Microsoft SQL Server 2000, creating databases, editing tables, and writing SQL source code. Assist with minor repairs to ONRA databases, and worked with the IT auditors during
• Supported the certification & accreditation process for NSA, DISA, and ONRA systems.

Confidential

Senior Systems Engineer

Responsibilities:

• Performed a security overview, and developed security related documentation for DISA, specifically for the Global Satellite Support Center (GSSC).
• Reviewed and updated SSP’s for DISA information systems.

Confidential

Software Engineer

Responsibilities:

• Updated shells scripts for the GSSC.
• Automated GSSC functions using Red Hat Linux shell scripting.
• Reviewed design documentation to map to the IT requirements.

Confidential

Spanish Language Analyst/Supervisor

Responsibilities:

• Performed translations and interpreted foreign languages.
• Transcribed and reviewed traffic to include counterdrug and diplomatic targets.
• Recorded over 1300 hours on the P-3 Orion performing counterdrug missions.
• Supported the security on the Hybrid information system.