My objective is to obtain a job as an IT Security Manager, Scrum Master or Information Systems Security Officer (ISSO) using my knowledge and managerial experience in systems administration, security engineering and software development to ensure that assessment and authorization (A&A) objectives are accomplished in accordance with current policies, guidelines and standards.
SUMMARY OF QUALIFICATIONS:
- I have wide range of experience and analytical skills, multi - tasking, and the ability to anticipate and resolve potential obstacles in the Federal Government, Department of Homeland Security, Confidential and Department of Defense ( Confidential ) information systems.
- Currently possess a current Public Trust with High Risk clearance, and am clearable for a Top-Secret level clearance.
- Ten-year veteran of the U.S. Army. I served as an Airborne Ranger with an Honorable Discharge.
- Experience performing the full cycle of system Assessment and Accreditation (A&A) activities.
- Strong working knowledge of the National Institute of Technology (NIST) Risk Management Framework (RMF).
- Strong technical background with strong understanding of network architectures and communications, operating systems, web platforms, and d Confidential bases.
- Good writing, interpersonal and communication skills
- Experience developing and maintaining system security documentation, including but not limited to System Security Plans, Security Assessment Reports, Contingency Plans, and Interconnection Security Agreements.
- Able to identify and assess risks and recommend appropriate remediation strategies.
- Experience developing and updating Plans of Actions and Milestones (POA&Ms) and overseeing efforts to rectify issues found as a result of security vulnerabilities and security controls analysis.
- Able to evaluate proposed changes to IT systems for potential security risks and impacts, and advise system stakeholders on those risks and proposed mitigations.
- Well-organized and detail-oriented with the ability to coordinate, prioritize multiple tasks, and be adaptable to change to accomplish assignments independently and with teams.
Confidential, Arlington, VA
Manager / Information Systems Security Officer
- I work directly with the System Owner, federal staff and system’s program office to mitigate cyber risk and threats.
- I collect evidence, interview personnel, and examine system artifacts to evaluate effectiveness of implementation controls.
- I document assessment evidence and develop assessment reports to document findings and actionable recommendations.
- I perform continuous monitoring of security control effectiveness within the Census’ Risk Management Program System (RMPS), that automates the risk management framework implementation.
- I actively participate in the development of business and vendor relationships.
- I brief the Census Senior Executive Staff (SES) Authorizing Official, Business Owner, System Owner, Program and OIS Chief Information Security Officer (CISO) on a weekly basis.
- I manage day-to-day interactions with clients and internal Confidential team.
- I display leadership and business judgment in anticipating client/project needs and developing alternative solutions.
- I provide counseling/coaching, oversight, and support for delivery teams and staff.
- I actively participate in staff recruitment and retention activities providing input and guidance into the staffing process.
- I manage/lead teams to develop new, and maintain existing, Information Security policies, processes, and methodologies in compliance with the Federal Information Security Management Act ( Confidential ), NIST Special Publications, other Federal laws & regulations, and direction from the client.
- I review, analyze, and coordinate remediation of vulnerability scans and other vulnerability information. Recommend corrective action and review remediation actions for effectiveness.
- Review and coordinate the remediation of control deficiencies and audit findings.
- I maintain Plans of Actions and Milestones (POA&Ms) and provide timely updates on their status.
- I assist System Owners with developing and reviewing Interconnection Security Agreements, and Memorandums of Understanding.
- I perform system assessments and reaccreditations within required timeframes.
- I perform configuration baseline compliance reviews.
- I provide advice and assistance to stakeholders on security-related issues.
- I manage/lead teams to work with client stakeholders to validate implementation statements of security controls for client systems, conducting Risk Profiling efforts, and coordinating/leading developers to maintain the Bureau’s governance, risk management and compliance solution within the Cyber Security Assessment and Management (CSAM) tool.
- I support and comply with Technical Review Board and Change Control Board activities for assigned systems and develop Security Impact Assessments (SIA).
- I develop and maintain a good working relationships with customers and other stakeholders, and provide advice and assistance to stakeholders on security-related issues.
- I collaborate with Census ISSO colleagues on the planning and implementation of enhancements to the Client's system risk management processes.
Confidential, Chantilly, VA
Sr. Information Systems Security Officer/Sr. Systems Engineer
- I served as the Center for Food Safety and Applied Nutrition ( Confidential ) security Subject Matter Expert (SME) and lead for all Confidential computing systems.
- I led the implementation and the system patch management maintenance program (including antivirus software) for all major operating systems (OS) that does not interfere with d Confidential acquisition or extended computations, e.g., no arbitrary reboots in the middle of work.
- I ensured that all identified workstations and server security weaknesses are routinely mitigated based on analysis by the integrated product teams (IPT).
- I was the lead for all the Confidential Federal Information Security Management Act ( Confidential ), Confidential IT security mandates, Scientific Computing IPT security guidance and the Confidential IT Security directives and regulations are being adhered to through ensuring that all systems are properly baselined and tested and that all findings are remediated or POA&M’d accordingly.
- I collaborated with Confidential System Owners, Program Managers (PM) project teams and the Confidential Information Systems Security Officers (ISSO) to ensure that system security requirements are identified, documented, constructed and validated throughout the project software development lifecycle (SDLC)
- I was escalation point for driving collaboration with developers, network engineers and multiple project team members to provide a resolution to security related conflicts, development and design show stoppers.
- I was the lead for all Confidential Authority-to-Operate (ATO) packages.
- I provided IT security related advice to the product and system owners improve the product development requirements through creating use cases and user stories.
- I advised System Owner, Business Owner(s) on potential security risks and provide risk management strategies for current and future IT system deployment.
- I provided systems integration and engineering technical support throughout the process of developing, testing, and perfecting information technology applications as they evolved from raw ideas to real world use throughout the Confidential infrastructure.
- I conducted overall system and project level risk assessment and provided a risk assessment report the program management office (PMO) and systems owner for review.
- I provided recommend updates to current Confidential security policies and processes that may improve the overall Confidential security posture through current industry best practices.
- I was a member of the Confidential Change Control Board (CCB).
- I served as the team lead for a small project team providing technical guidance and day-to-day team leadership, system and task assignments, task progress monitoring and control, and reporting guidance and approval.
- I developed and update security standards and templates as required, meeting new government and regulatory requirements.
- I analyzed penetration testing and vulnerability scan reports on all systems as required.
- I was responsible for determining, developing and implementing VA enterprise wide information security standards and procedures according to the VA Handbook 6500.
- I provided independent judgment within broadly defined policies and practices to determine best method for accomplishing work and achieving objectives.
- I independently resolved highly complex technical issues within the area of IT and Cyber Security in support of the VA Office of Information Technology (OIT) and the Office of Cyber Security (OCS).
- I reviewed system configuration plans to ensure that software and infrastructure are protected in accordance with the VA 6500, and NIST guidelines, policies and protocols.
- I collaborated with VA System Owners, Program Managers (PM) project team and VA Information Security Officers (ISO) to ensure that system security requirements are identified, documented, constructed and validated throughout the project software development lifecycle (SDLC)
- I assumed the primary responsibility for project artifacts related to Security and Privacy (e.g., Authority to Operate (ATO), System Characterization Document (SCD), Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), Security Impact Analysis (SIA), Information System Contingency Plan (ISCP), Test Plans/Results Report and System Security Plans (SSP),
- I coordinated with the VA System Owners and project team to establish and document processes for audit log management/review, account management, separation of duties and configuration management, and any other security relevant processes and procedures.
- I coordinated with VA ISO’s and system development teams to create; review and upload system security packages to be uploaded into the VA’s Agiliance RiskVision ATO artifact repository in support of multiple system ATO efforts.
- I developed schedules and project plans for security programs, including A&A, Plan of Action & Milestones (POA&M) remediation, configuration management, scanning, testing for multiple ATO efforts.
- I led multiple successful Confidential and FedRAMP ATO efforts.
- I managed scrum activities and coordinate accountability between teams including inter-team planning, estimating, status reporting, and impediment management.
- I collaborated with Program, Project Managers and Delivery Leads to ensure all dependencies are identified and managed within the verall project schedule.
- I established commitments together with the team based on product owner priorities, effort estimates and capacity (i.e. velocity).
- I define clear scope and work with team to manage scope including identifying, assessing, managing, communicating, and escalating changes in scope.
- I planned and facilitated daily stand up, sprint planning, sprint demo and retrospective meetings.
- I helped the product owner regularly groom and improve the product backlog including regular review and improvement of high priority user stories.
- I acted as an escalation point to drive collaboration with program and project team members to resolve conflicts, team issues, deviations and drove them to resolution.
- I worked with other project managers and scrum masters to drive consistent processes, deliverables, and communication across teams.
- I ensured compliance with regulations, policies, standards, procedures, and associated documentation including Information Systems that reside in and outside of the VA network.
- I served as subject matter expert of Agile tools and processes for scrum teams.
Confidential, Washington, DC
Sr. Cyber Security Engineer
- I reviewed VA architectural designs and the development of enterprise-wide applications, systems, and services, focusing on software assurance related security gaps.
- Performed pre-Office of Inspector General (OIG) Confidential and FISCAM audits at VA Medical Facilities and Regional Offices.
- I transitioned the VA from it legacy Security Management and Reporting Tool (SMART) Confidential compliance monitoring application to the Agiliance RiskVision governance, risk and compliance application.
- I made recommendation to VA leadership on current compliance with software security assurance policies, standards, and best practices.
- Analyzed and make recommendations to site System Security Plans (SSPs), Risk Assessments (RAs), Configuration Management Plans, and similar security documents.
- I was the lead to build a virtual test lab for the VA to better test and implement patch management solutions across the enterprise.
- Analyzed and make recommendations where needed to system or network diagrams and identify potential security vulnerabilities.
- Reviewed reports from common security scanning tools including Nmap, Nessus, AppScan to describe how to fix the security weaknesses listed and make recommendations to the director of the Director of the Office of Cyber Security (OCS).
Confidential, Fairfax, VA
Sr. Lead Security Engineer
- Evaluated and assessed compliance with established information assurance policies and regulations, along with daily oversight. I was responsible for planning, supervising, and reporting on the status of DHSS and Accreditation efforts to DHSS leadership. Also coordinate multiple program office wide IA initiatives in accordance with DHSS leadership direction.
- Responsible for overseeing the daily activities of Information Assurance Analysts and Information Security Engineers for multiple application program offices. Ensure the design and implementation of MHS support networks and applications meet the security and information assurance requirements of the Department of Defense ( Confidential ) and MHS.
- Responsible for ensuring DHSS Tier III application support is compliant with Confidential Information Assurance and Accreditation Processed (DIACAP) and Federal Information Security Management Act ( Confidential ) requirements for system accreditations, annual reviews, and contingency plan testing.
- Conducted technical design reviews on products and designs. Perform security assessments, review documentation, and support security analysts in a team of technically diverse personnel.
- Conducted and document risk and threat assessments and make recommendations for implementing countermeasures.
- Prepared activity and progress reports relating to the information systems audit function. Identifies information systems assurance programs and control guidelines.
- I conducted weekly briefings with the DHSS Chief Technical Officer (CTO), respective application Program Management Office (PMO) on technical issues, concerns for ATO efforts and/or daily operations.
- I created, coordinate assets, maintain/update and brief multiple Microsoft Office Project schedules for multiple MHS and DHSS applications.
- I created and distribute Confidential Information Assurance Vulnerability Alert reports to Tier III assets and resources for routine maintenance.
- I served as the direct IA liaison and manager to the multiple applications PMO, Government Technical Leads.
- Served as technical advisor to procurement and contract management in support of system and software acquisition, focusing on software assurance related concerns.
Confidential, Falls Church, VA
Sr. Security Engineer
- I made very technical recommendations for a very large TMA medical system. These recommendations include multiple flag level briefings for new MHS wide definitions and architecture design approval to ensure best network security practices within the Confidential .
- I established appropriate security and accreditation boundaries based on system components that store, process display or transmit Confidential sensitive d Confidential or otherwise interface with Confidential systems.
- I developed & Accreditation test plans to include the use of Confidential approved security assessment tools such as Security Readiness Reviewed (SRR), scripts for UNIX and DBMS, AppDetective, WebInspect, Nessus DISA Gold Disk, eRetina and the FSO STIG Checklist.
- I analyzed system security on Unix, Windows 2K/XP/2K3, Vista, 2K8 systems, network devises (firewalls, routers and switches), web servers and d Confidential base applications.
- I applied the INFOSEC best practice principles to network protocols, architectures, equipment, services, standards and technology.
- I supported the and Accreditation (C&A) processes for customer systems.
Confidential, Fredericksburg, VA
Sr. Security Engineer/ Project Manager
- Developed and implemented a start to finish timeline temple that is to be used by the system PMO office and the C&A and Engineering testing team.
- Performed the Department of Homeland Security (DHS) Gold Images IAW the DHS 4300 Guidelines and performed system audits under the Nessus Confidential policies IAW the DHS policies.
- Developed a & Accreditation program that will be executed within the Federal Emergency Management Agency ( Confidential ) IT Security Department.
- Performed weekly System Change Request (SCR) reviews and recommendations for denial or approval to the Confidential IT Security Department staff.
- Manages multiple contracts with multiple agencies having direct contact with the client as well and the Confidential employees that supported them, with without any of negative feedback.
- Developed a POA&M for existing and previous accepted risks from the previous Confidential C&A process and based on the Office of Inspector General (OIG) independent evaluation report.
- Performed systems scans utilizing the DISA Gold Disk, Nessus, Canvas and AppDetective security scan tools.
- Works as a first line manager/supervisor between Confidential D Confidential Base Administrators (DBA) in support of the FMC Statement of Work (SOW) and direct liaison between Confidential and the FMC, DHS and the DC government contracts.