- Results - oriented seasoned Senior Information Security Leader with over 15 years of broad cyber security and enterprise risk management experience and a proven record of success. Expert in managing cost-effective, high-performance, information technology security programs that balance enterprise risk with legislative and regulatory compliance in the support of key business objectives.
- Effective communicator skilled at gaining business buy-in to enterprise security initiatives. Expert at creating effective security awareness programs, conducting risk and security control assessments for the information assets of the organization. Known for solid time management and ability to work calmly, accurately under pressure.
- Results oriented, strong analytical skills, strong communication and vendor evaluation skills; able to interact across a varied extensive audience with effective results.
- Quickly adaptable and able to multitask in variable changing technical managerial roles that are common in today's fast paced, dynamic environment. Experience related knowledge in Federal budgeting, information technology Capital Planning and Investment Control (CPIC) management, management analysis, policy, guidance, regulatory, and legislative work.
- Experience managing all aspects of technology to include: large data center management, software development, enterprise architecture, information security, network operations and management.
- Expert in applying cost-effective risk-based principles to large cyber security programs to support of key business objectives.
- Intensive experience dealing with Cyberspace Operations which includes Signal Intelligence (SIGINT), or Computer Network Exploitation (CNE), or Digital Network Intelligence (DNI) Analysis.
- Comprehensive knowledge of Federal, DoD, and DoN IA/Security requirements and policies relating to communications and computer information systems, to include but not limited to evaluation, validation, and execution of compliance with DoD 8500 IA Controls, Security Technical Implementation Guides (STIG), Computer Tasking Orders (CTO), and their references.
- Extensive knowledge of Unix, Apple, Linux, Microsoft Server 2003/2008 Operating System, Microsoft Active Directory, Microsoft Exchange 2003/2007, Microsoft System Management Server, Microsoft XP, Microsoft Vista, ESM,SCCM, VMware and workstation imaging.
- Expert knowledge in the areas of SIGINT, IMINT, MASINT, OSINT, Information Operations (IO), the intelligence exploitation processes, and associated Tactics, Techniques and Procedures (TTP)
- Experience using and/or detailed knowledge of ArcGIS, Military Analyst, Falcon View, APIX, CIDNE, TIGR, MOTHRA, Multimedia Analysis Archive System (MAAS), Video Processing Capability (VPC), SOCET GXP, Advanced Intelligence Multimedia Exploitation Suite (AIMES), Smart-Track, Analyst's Notebook, Digital Video Analyzer (DVA), GeoTracker, National Technical Means (NTM), Peregrine, Tactical Common Datalink (TCDL), RemoteView, and/or Persistent Surveillance and Dissemination of Systems (PSDS2).
- Extensive security knowledge and experience in DoD and special environments - NISPOM; NISPOM supplement; JAFAN and DCID documentation; COMSEC; DD254 and Security Classification Guides; DSS; MDA Security Compliance Reviews (SCR). Knowledge of Network Management Systems (NMS) software, What's Up Gold (WUG), Ethernet Automated Protection Switching (EAPS), KG-175 TACLANE, KG-75 FASTLANE.
- Familiar with key data correlation tools, data mining (SBSS, Clementine, Matlab, etc) and visualization (Cold Fusion, COGNOS, etc) all designed to support insider threat detection.
- Extensive subject matter expertise in IT Services Management (ITSM) and ITIL, methods, processes, strategic technology infrastructure planning, and developing cost effective solutions to meet customer business requirements.
- Active Top Security Clearance of TS/SCI (DCID 1/14 Eligible)-DIA/DHS/NGA SCI CLEARED.
Systems: CICS/ISPF/Mainframe, UNIX, Windows 9X/NT/2000/XP/2K3/Vista/Windows 7, Novell NetWare, Mac OS, AIX, HP-UX, Solaris, DYNIX/ptx, VMS, NetWare, OS/2
Databases: Oracle, ADB2, Relational Databases
Languages: Visual Basic, SQL, HTML, ASP, CSS, C++, CGI, Perl, Java, FORTRAN, 70-90, PL/SQL, BASIC, COBOL, PowerBuilder, HTML, PHP, VBS (KIX SCRIPTS)
Software: Lotus Notes, Lotus Sametime, REMEDY, NETQ DRA(USAF),SCCM, ESM Centricity/Logician EMR, Microsoft SQL Enterprise Manager, Microsoft SQL Query Analyzer, Novell ZENworks, Compaq Insight Manager, Norton Ghost, Microsoft Project, Microsoft Visual FoxPro, Microsoft Visio, Remedy, Nortel Client, PC Anywhere, Macromedia Dreamweaver, Microsoft FrontPage, Microsoft Office 2003/2007
Businress Intelligence Analyst
- Serves as a political/military all-source strategic intelligence analyst in the South Asia Division (India Branch) at the United States Pacific Command Joint Intelligence Operations Center, Pearl Harbor, Hawaii. Developing high level briefs, recommending preventive actions, and using methods in applying analytical and evaluative techniques to the identification, consideration, and resolution of real or potential security threats to or problems for program operations; contributing to the preparation of detailed and complex studies, anticipating, solving problems, collecting, organizing, and interrelating large amounts of diversely formatted data drawn from a wide variety of sources.
- Primarily responsible for researching, developing, presenting and publishing All Source products at the tactical and operational level related to insurgent IED cell activities, and threats to local/regional stability as part of an overall analytical team.
- Develops counterintelligence initiatives, including insider threats and cyber threats, to effectively protect national security and the operational mission of DIA.
- Researches, analyzes, interprets, evaluates, and integrates extremely complex all-source intelligence data pertaining military political leadership, military strategy, strategic doctrine, regional relations, and security issues.
- Identifies information gaps and prepares collection requirements to meet current and anticipated intelligence needs. Studies the work of more seasoned analysts to learn the process of identifying significant intelligence trends and proposing new or revised analytical efforts which alert leadership to developments and meet customer requirements.
- Analyzes and reports on strategic information, including classified information, Internet search strategies for open source data, and threat forecasting methods.
- Ensures efficient completion of time sensitive research and executes all assignments in accordance with established procedures. Collects and analyzes data to determine best method for all source fusion into a final product.
- Prepares all-source intelligence products to support the combat commander. Assists in establishing and maintaining systematic, cross-referenced intelligence records and files.
- Assembles and proofreads intelligence reports and assists in consolidating them into military intelligence. Prepares Intelligence Preparation of the Battlefield (IPB) products.
- Provides analysis and research for industry, infrastructure, technology, and country, and geographic area, biographic and targeted vulnerability. Prepares assessments of current events based on the sophisticated collection, research and analysis of classified/unclassified and open source information.
IT Governance Manager
- As the DHS-NPPD-OCIO Manager of IT Governance , was responsible for directing, developing, implementing and integrating agency-wide investigative change management practices with a defense in depth strategy to ensure protection of the DHS IT UNCLASS/CLASSIFIED environments; managed a robust set of tools and techniques to control the change assessment, approval and implementation phases for maximizing benefit and minimizing impact on workers and processes. Reported to the executive Director of Information Technology with a dotted line to the Confidential CIO. Led the design and implementation of IT governance policies, procedures and standards. As NPPD ERB Chair participated in change control efforts for the DHS Infrastructure team by setting standards and best practices that defined and maintain appropriate SLAs for the group.
- Represented the executive Director of Information Technology at high level meetings stake holder meetings, other government agencies, and private vendors, and makes commitments in principle on behalf of the Director and/or the Service for the project.
- Chaired the National Protection and Programs Directorate Enterprise Review (NPPD ERB) change advisory boards to ensure all changes applied within the managed information technology infrastructure are properly approved, tested, documented, and validated.
- Directed organizational change management strategy and created change management roadmap; formulate change management plans, including allocation of resources, determination of risks, and identification of deadlines and deliverables with a goal of successful implementation of tasks which are completed on time while maintaining flexibility that is required to deal with changing conditions.
- Briefed executive management on strategies to be used to exploit and implement new developments and advanced techniques in the area of software development, design, and maintenance.
- Directed work and set priorities to be accomplished by subordinate employees, developed performance standards, evaluated employee performance, resolved minor employee complaints, and advised subordinate employees on administrative and technical matters.
- Drove the design, development and documentation of processes, procedures, metrics & KPI's for all ITIL processes including Incident, Problem, Change, Configuration, etc.
- Led efforts to create a Service Provider Governance Framework that supports all governance processes around Contract Change Management, Financial Management, Performance Management, Issue Management and Relationship management.
- Managed the creation of continuous monitoring strategy, identification of requirements, selection and implementation of future continuous monitoring solutions; identifying potential data sources, methods and techniques, and tools to automate data collection, normalization, and analysis in support of automated monitoring.
- Ensured that DHS NPPD utilized the Change Management process to respond to our customer's changing business needs while maximizing value and reducing incidents, disruption and re-work. Responsible for assessing the impact of business change on IT and analyzing the impact of a service change on business.
- Responsible for promoting an organizational culture of ITSM driven Change Management via; developing and conducting an active awareness campaign; Change Management training & heavy involvement/collaboration with the Service Design, Service Transition and Service Operation teams within the organization.
- Designed, built and implemented a performance management program; including a balanced scorecard, service management dashboard, KPI's and benchmarks.
- Ensured the following Change management activities were executed; planning and controlling, change and release scheduling, communications, decision making and change authorization, ensuring remediation plans are in place, measurement and control, management reporting assessing change impact, continual process improvement.
- Analyzed cyber security event data and other data sources for attack indicators and potential security breaches; produced reports, assisted in coordination during incidents; and coordinated with other team members to maintain all security monitoring systems on-line, up to date, and fully operational.
- Worked with all necessary parties to coordinate change building, testing and implementation, in accordance with schedules. Ensured all changes are recorded and then evaluated, authorized, prioritized, planned, tested, implemented, documented and reviewed in a controlled manner.
- Ensured adherence to CM policies and practices to protect systems from undocumented changes, monitored and tracked reported defects, provided controlled product builds, and exemplified the existence of a fallback version, build, or release.
- Establish governance processes of direction and control to ensure that objectives are achieved, risks are managed appropriately, and the organization's resources are used strategically in all areas of IT with consideration of emerging technologies within the industry.
- Developed written documents such as Concepts of Operations (CONOPS), Information Models, Operational Architectural Views, Systems Architectural Views, and Technical Reference Models and Technical Architectural Views, Capability Evolution Documents/Capability Roadmaps, Capability Plans and Integrated Sponsor Program Proposals.
- Directed the strategy and implementation of a long-term and sustainable solution that obtains security-related information from disparate data sources across the enterprise; analyzed the data to identify whether various system and security controls are being effectively maintained; and presents the data in a dashboard that supports the real-time continuous monitoring of the systems in support of certification and accreditation.
- Implemented security actions, security controls and protective measures to provide access to consistent, reliable, and timely data for predictive and descriptive modeling, data mining, text analytics, forecasting, optimization, simulation, and experimental design.
- Researched vulnerabilities, threats, and incident information for future products. Developed specific recommendations for subordinate IT Specialists on how to overcome identified system vulnerabilities and inform policy makers on the prevailing cyber threat environment so they can make appropriate policy or risk investment decisions.
- Improved customer service quality results by studying, evaluating, and re-designing processes; establishing and communicating service metrics; monitoring and analyzing results; implementing changes.
- Achieved customer service objectives by contributing customer service information, recommendations to strategic plans and reviews; preparing and completing action plans; implementing production, productivity, quality, and customer-service standards; resolving problems; completing audits; identifying customer service trends; determining system improvements; implementing change.