SUMMARY

• Highly dedicated, meticulous and quality driven professional analyst with IT security, project management, and application development experience in dynamic, fast - paced environments. Demonstrated expertise in all phases of the secure software development life cycle including analysis, design, coding, testing and deployment, while working with an array of relational databases and programming languages. Active CISSP and CSSLP, with a comprehensive understanding of the skills needed to conduct in-depth analysis, oversee information assurance and provide overall technical leadership.
• Skilled in conducting various hardware configurations, including Internet/Intranet, client-server, and mainframe platforms. Regarded for broad and deep cybersecurity, software development and technical acumen. Acknowledged for exceptional communication skills, with personnel at all levels. Collaborative team player, recognized for effectively implementing technical solutions while conducting ongoing maintenance and planning to ensure compliance across information systems.

CORE SKILLS AND COMPETENCIES:

• Information Security
• Software Security
• Personnel Training
• Cyber Security
• Hardware Configurations
• Team Leadership
• Expert Technical Acumen
• Compliance Standards
• Information Assurance
• Security Assessments
• Communication Skills
• Risk Management

TECHNICAL SKILLS:

Platforms: Mainframe, Client-server, Internet, Intranet, Windows, Linux

Software: Fortify Static Code Analyzer (SCA), Kali Linux, Burp Suite, NMAP, Nessus, Wireshark, Axure, ASP.NET, VB.Net, COBOL, MS Office Suite, MS Visual Studio.Net, JavaScript, VMWare Workstation COBOL, JCL, VSAM, TSO, ISPF, MF SQL, RACF, Abend-Aid, FOCUS, PC-FOCUS, PL/1, IBM REXX

PROFESSIONAL EXPERIENCE:

Confidential, Baltimore, MD

Information Security IT Specialist/Software Security

Responsibilities:

• Provide technical leadership for software development life cycle (SDLC), leading team in design, development, and implementation of security software. Deliver technical guidance, resolve issues and provide support to relevant clients and stakeholders.
• Coherently and dynamically express technical concepts, present ideas, and/or deliver oral and written recommendations, to technical and non-technical personnel, including contractors and vendors. Assessed, reviewed, and accepted/rejected vendor proposals for risk-based security controls. Prepared developer training for static and dynamic vulnerability scanning and quality control tool output.
• Conducted software security training sessions for developers and management on the use of Fortify vulnerability scanning tool. Identified SDLC risks and recommended immediate review and remediation processes.
• Provided technical and security guidance to software security assurance team in implementation of FISMA, OWASP, NIST, FIPS, CWE, and other government regulations, policies, laws, standards, and guidelines. Implemented best practices and guidelines for agency software security assurance program.
• Championed development and technical implementation of Software Security Assurance program. Research, develop, compile, and provide recommendations to improve application security practices. Contribute to technical development of RFP to select vendor management. Trained developers on use and interpretation of HP Fortify code scanning and quality control tool.
• Analyzed application attack surfaces, identified security risks, and made recommendations to implement specific security controls in software development lifecycle (SDLC). Developed secure coding checklist, inputted validation guidelines for developers and trained development staff and project managers on usage and implementation.
• Participated in risk assessment of Internet facing applications utilizing Risk Management Framework (RMF). Designed, developed, and coded security requirements application to assist in selection of NIST 800-53 controls.
• Organized, developed, and led security awareness lunchtime presentations for management and staff.

Project Manager/Technical Lead

Confidential

Responsibilities:

• Prepared and delivered oral/written presentations to management on various initiatives and projects. Chair weekly staff/contractor meetings to discuss proposals and determine implementation schedule.
• Lead team in analysis, assessment, resolution and mitigation of POA&Ms. Wrote and reviewed security policies, guidelines, and standards to support internal control. Selected to review and provide comments on agency cyber security policy.

Confidential, Baltimore, MD

Work Order Manager/Senior Systems Analyst

Responsibilities:

• Led team in automation of access control workflows, significantly reducing completion time from 6 weeks to less than 3 days. Provided technical guidance and issue problem resolution support to clients. Managed team of developers to fulfill contract work orders while simultaneously providing development team technical leadership.
• Interviewed stakeholders on proposed processes, compiled data and presented recommendations to management. Delegated work order assignments, interviewed clients to gather requirements, and prepared and delivered improvement recommendations, proposals and more.
• Selected to present ASP.NET platform as new platform for SSA following personal at-home training. Presentation resulted in .NET selection and subsequent cost savings.

Confidential, Wheaton, MD

Consultant

Responsibilities:

• As Resource Access Control Facility Administrator, implemented role-based realignment of access permissions and user training to reduce access violations by 85%+.