SKILLS:

• Implemented TEMPEST and DOD 5200.1 - R requirements for Confidential and Secure Storage and Transmission of Classified Material
• Applied the requirements of DOD 5200.1 and DOD 8500.1-2 regarding the establishment of the Information Assurance program for the Iraq Theater
• VBScripts and batch files to locate files on networked computers, pull registry keys, collect the contents of files on network computers, and parse out data from DNS and BlueCoat logs.
• Received CISSP Certification in December of 2003
• QTIP
• Websense/BlueCoat/BlueCoat Reporter
• GFI Languard
• Eeye Retina Scanner
• HBSS Trained and Certified by Confidential
• Sans SIFT
• Remnux - Plaso, log2timeline, Autopsy, Bokken, and MantaRay
• Confidential Toolbox
• USBDetect
• Log Collector xDomain tool - provided by NSA to find cross-domain connected computers
• PSTools and scripts utilizing psexec
• Completed SANS Firewall, VPN, and Perimeter Protection Course-October 2002
• Experienced with CellQuest software, DNAStar sequencing software, and the Microsoft Office line.
• Can create user-interface forms to databases using Microsoft Access or Corel Paradox and VBScript.
• Speak and read Mandarin Chinese on an Intermediate level.

EMPLOYMENT HISTORY:

CyberPoint IT Security Engineer/ Sr. SOC Analyst

Confidential

Responsibilities:

• Responsible for the configuration of Arcsight ESM, Arcsight Loggers, Connector Appliances, Tripwire, Confidential EPO Security Suite, Tenable Security Suite, and Tipping Point
• Configured Solidcore, DLP, and File and Removable Media Protection in the Confidential Suite to protect our environment’s computers.
• Created Training Materials for Junior SOC Analysts for Utilizing Tripwire, Tipping Point, Confidential EPO, and Arcsight to trace Security Incidents and Establish a Timeline and Accountability for Cyber Security Incident Handling.
• Created a Sans SIFT/Remnux Malware Analysis and Forensic Image Analysis Baseline for Investigations of compromises of our internal Network
• Created Filters, Queries, and Data Monitors in Arcsight to Assist SOC Analysts with Incident Handling
• Tuning of Arcsight Connectors and Rules to Aggregate Events, Filter Events, and Troubleshooting Caching and Event Dropping Issues
• Administer and deploy Tripwire to all systems. Creating Promote by Match files to limit the amount of false - positives coming into Tripwire and Custom Reports to detect new software installed, USB use, and alterations in the baseline of Cisco, Windows, and Linux devices
• Trained SOC Personnel on using pyew, BurpSuite, BBCrack, Foremost,/Scalpel, Volatility, Bokken/pyew, Mantaray, and Plaso/log2timeline, Procdot for Security Investigations and Malware Analysis
• Administer Human Review Manager and OWLS/Deep Secure Data Diodes to ensure one-way data transfers

Confidential

Lead Centrix HBSS Engineer

Responsibilities:

• Presented at the Confidential 2015 HBSS Symposium on configuration of Confidential HIPS and DLP for maximum protection of DOD Assets
• Serving as Lead HBSS Engineer on CENTRIX-ISAF and CENTRIX-GCTF Networks at Camp Arifjan, Kuwait
• Lead a team of 4 individuals and liaise with our JNCC-A counterparts to maintain and administer approx. 28k machines throughout Kuwait, Afghanistan, Bahrain, Qatar, and Europe using ePo server 4.5
• Deploy DLP 9.2 policies to prevent USB use and CD burning on Classified Networks by integrating DLP with Active Directory
• Configured Policy Auditor to give timely STIG data in preparation for CCRI
• Modify and Deploy HIPS module to serve as a Host Intrusion Prevention module to all client machines and servers per CYBERCOM OPORD 12-1016
• Deploy and administer Confidential ’s VSE 8.8 Antivirus software to all client machines and servers to include custom server type specific policies to cover DHCP servers, Sharepoint Servers, SQL Servers, Exchange Servers, and Domain Controllers
• Deployed out Rogue System Detectors through the ePo server to detect new systems coming online as well as personal PC’s and/or Cross Domain Violations on the classified networks per TASKORD 12-0789
• Patch and Upgrade HBSS software as proscribed by Confidential and CYBERCOM to ensure our HBSS servers are STIG compliant.

Confidential

Information Assurance Security Officer

Responsibilities:

• Served as Theater Confidential (Information Assurance Security Officer) at Confidential in Iraq in the Joint Network Command Center
• Served as the technical SME for Confidential ’s in Iraq Confidential Theater in regards to testing and integrating INFOSEC products to improve the security posture of Confidential assets
• Supervise and serve as the technical lead for 15 Confidential ’s at 12 sites throughout the Iraq Theater who provide security for the Confidential NIPRNet, SIPRNet, and CENTRIX domains covering approximately 60k computers in heterogeneous computer environment in terms of networking environment and platform technology.
• Deployed and administer HBSS for the entire Iraq strategic network. Provide HBSS console access via customized dashboards and briefings to the military regarding HIPS, Confidential Antivirus deployment, Device Control Module deployment, and Rogue System Detection.
• SADR deployment to all bases in Iraq using HBSS and updating approx 40K machines
• Interview and hire employees for the Information Assurance program
• Write, interpret, and disseminate Information Assurance and Confidential (Computer Network Defense) policy to military and civilian personnel throughout the Iraq Theater
• Brief Information Assurance metrics and Confidential matters to Flag Officers
• Analyze DNS logs and BlueCoat logs to find unauthorized on infected machines on the network in response to requests from higher commands.
• Audit Active Directory settings and accounts to determine if unauthorized access is being permitted or accounts are not following DoD guidelines in respect to password age, CAC-authentication, or expiration.

Confidential

Information Assurance Security Officer

Responsibilities:

• Provided security audits for over 1500 computers
• Performed vulnerability scanning using eEye Retina and Confidential QTIP. Provided weekly reports on IAVA compliance to Theater Information Assurance in Baghdad
• Maintained Confidential and Symantec Antivirus servers for the base
• Performed Log Collector evidence collection for Confidential tickets for possible malicious traffic
• Performed Incident Handling for Classified information “spills” onto the NIPRNet
• Performed Exmerge cleanups of user’s mailboxes involved in Classified information spills
• Wrote custom installation packages to address IAVA’s that were non-Windows based
• Used GFI Languard to push Windows patches, custom VBScripts and batch files, as well as scans for vulnerabilities and enumerate software and hardware
• Wrote VB scripts and batch files to check registry key values and to enumerate machines. Used PSTools suite to update GPO’s, rehome Confidential and antivirus settings, force reboots, and to search for specific file names present on machines on the network
• Built and managed Confidential Hercules servers for the entire base
• Built and managed eEye Retina Enterprise Management servers
• Built and managed Websense server for URL filtering and web traffic analysis
• Managed a Cisco PIX 515E firewall. Wrote ACL’s, assigned static IP’s for NAT translation, created object and port groups, and performed traffic captures in support of the mission.

Confidential

Systems Engineer

Responsibilities:

• Maintained and repaired the 24 SIPRNet (Secure Internet Protocol Network) nodes at Confidential in order to allow encrypted classified traffic to be exchanged with other SIPRNet nodes throughout the world.
• Installed and configured various network devices as the PairGain DSL modems, Blackbox CSU/DSU’s, Cisco 2501 routers, Mykotronix KIV data encryptors, and RAD Fiber Optic modems. Also construct the appropriate cabling for the SIPRNet devices to and ensure that Confidential (Emissions Security) and Confidential (Computer Security) guidelines are understood and being followed by the Confidential ’s.
• Tested network vulnerabilities using RealSecure’s ISS vulnerability scanning software for all base subnets and assisted Confidential managers with implementing fixes for the possible security risks. To streamline this task, wrote a series of batch files to automate scanning and report generation.
• Analyze CacheFlow web traffic and web logs to determine if and which computers are violating base policy regarding appropriate use of the Internet or if illegal server software has been installed on computer systems that could pose a possible security risk. I have written a batch file to automatically search for specific keywords and dump the matching entries to a text file for later analysis. We also use WebTrends log analysis software to look for patterns such as most active IP and most visited websites.
• Analyzed Sidewinder firewall logs to determine if unauthorized access to base resources has been attempted. Recommendations are then passed to the Network Management Center to block offending IP addresses’ access to on the perimeter router. Used WebTrends Firewall Analysis Suite to expedite the analysis of logs.
• Assist Air Force Security Forces and the Judge Advocate General’s Office on computer-related investigations. Services provided were forensic duplication of hard drives, deleted file recovery, password cracking of protected files, and web-traffic tracking using proxy logs.
• Use NetStumbler, AirSnort and TCPDump packet-capturing and packet analysis software to scan the base for illegal or unauthorized wireless networks or wireless networks not using WEP encryption. Authorized wireless networks are outfitted with NetFortress wireless encryption software to ensure these communications are secure.
• In cases of outside hacking incidents or virus infection, assist the Air Force NOSC (Network Operations and Security Center) at Wright-Patterson AFB with incident handling. Our group provides analysis of the firewall logs, event and security logs of the hacked machine, and computer user information. We will also assist the sectional Confidential manager with pulling the infected machine offline and cleaning the virus from the hard drive. Our section will then determine if the infection came about by a violation of base security policy and the extent of the damage to the Hanscom LAN.

Confidential

Automation Technician

Responsibilities:

• Served as the Automation Technician for the Chelsea, Massachusetts Local Census Office managing accounts for over 100 employees.
• Trained and provided technical support to employees on database entry and data mining using the software packages PAMS/ADAMS (payroll and applicant selection) and OCS 2000 (inventory), word processing, and spreadsheet packages from Corel.
• Administered accounts and security on the LAN and administered Novell as a file and print server.
• Served as a local representative for the Automation Department of the Regional Census Center in Boston, Massachusetts in order to keep the LAN in operation. My responsibilities were to administer to problems with the local network and server and to troubleshoot any problems whose root is on the LAN and to provide accurate descriptions of any software or network problems that may have a systemic source.
• Worked with other Automation Technicians in Massachusetts, Maine, New York, Rhode Island and Connecticut to pinpoint problems in the network, distributed software, or client/server applications so that they can be remedied by the Regional or National offices.