SUMMARY

• Over 16 years of experience in Information Systems Administration, Engineering, Installation, Integration, and Security with Microsoft based operating systems, working with customer agencies in the Defense, Civilian and Banking arenas combined.
• Experienced in process improvement, Security Compliance and Governance, security auditing and reporting, as well as the day to day engineering and administration of servers within the boundary. Possess strong problem solving, communication, leadership, and mentoring abilities.
• Security Clearances in past positions: Public Trust Clearance, DoD Secret. TS was in adjudication when I left DC.

PROFESSIONAL EXPERIENCE

Confidential, Horsham PA

Information Security Engineer

Responsibilities:

• Performed Gap analysis of All in scope servers and the various controls in run up to 2013 PCI - DSS Audit.
• Ensured Compliance with Patching Procedures, and rewrote portions of the Procedures to eliminate communication issues between the teams to ensure PCI windows were achieved.
• Managed the Qualys scanning of all PCI-DSS in-scope servers in the environment, Wintel, Unix and Linux to determine what servers had a failing posture and managed the remediation of their vulnerabilities in order to pass the 2013 audit.
• Helped create a Vulnerability Management Process based on 30 day remediation timeline in accordance with PCI-DSS, and implemented the process to bring all PCI-DSS ins-cope servers in line for the coming 2014 audit.
• From the month of January to Month of March, brought all PCI-DSS in-scope servers, 300 servers, from a 14% vulnerability Completion ratio, to a 75% vulnerability completion ratio on a 100% scale.
• Managed the Tripwire Baselines of all in-scope servers, determining exceptions that applied to the environment, documenting them so they could be applied to ensure an 85% threshold of Baseline compliance was met.
• Managed the re-homing of servers to their proper OU’s to ensure they were acquiring the necessary GPO lockdowns.
• Performed preproduction scanning and baselining to ensure that the servers passed the necessary benchmarks prior to being approved for production.
• Worked very closely with the Server engineers to ensure the build process for Wintel servers was kept up to date and followed.
• Made Group Policy recommendations when gaps were discovered.

Confidential, DE

Information Security Engineer

Responsibilities:

• Performed a review of the security settings implemented in the Microsoft Windows Server 2003 baseline, vetting it back to CIS and NIST standards and created a new security baseline for the Microsoft Windows Server 2008 server builds. Documented the Security Compliance process as it applied to the MetLife Microsoft Server Engineering related teams, and helped the involved teams implement the process when implementing the necessary security scans for post build, and pre-production to ensure the baselines followed through the process.
• Implemented as much of the baseline as possible at the time in the current Active Directory and Group Policy Implementation.
• Performed and integral support role on the Project to remove Unnecessary, Unsecure, Unwanted Services (U3 project) residing on Microsoft, AIX, Linux servers Enterprise wide providing guidance about the services to the multiple Business Units and how to perform the necessary checks and verifications.
• Performed Active Directory modifications and corrections to each user’s old roaming profile, then migrated the users and profiles to the new OU created for the new Citrix version of XenServer and XenDesktop, verified with the customer that they had access and that all of the functionality worked, and decommissioned servers as necessary. Performed this process for 850 users in all sites across the U.S.
• Performed Citrix Migration from Prior version 5.0 to Citrix 6.5. The prior version did not have the capability to perform Roaming Profile Management. Brought new XenServers up as they became necessary.

Confidential, Norristown, PA

Information Security Engineer

Responsibilities:

• Performed an operational and engineering role on a project to encrypt all laptops within the organization country wide and overseas with the COTS product Safeguard Easy, to include scheduling with the customers, and implementing the encryption remotely and troubleshooting any issues to completion.
• Prior to encrypting ensured that all workstations were at correct patch level.
• Tested, Documented the process for the USB encryption Project utilizing the Truecrypt encryption for all USB mobile memory devices.
• Performed role on multiple teams that traveled to locations in country, and out of country performing Boundary assessments on the Tricare Project for DISA.
• The security Audits were performed on all devices that connected to the network within the boundary to reveal any security violations that needed to be documented, and remediated in order to obtain the Authorization to Operate approval.
• Worked with the Engineers helping them to resolve all vulnerabilities utilizing industry best practices, as well as all Department of Defense Advisories and tools to ensure that all devices met the necessary requirements to be connected to the Department of Defense MAN.
• Performed security scans and audit work using the following tools: Retina, Gold Disk, and DIACAP Audit Guidelines.
• Ensured all systems were part of a patch compliance process and verified that all servers were at current patch levels.
• Scanned all Security event logs that are collected, and investigated the cause and whether they warranted further investigation by Security.
• Audits performed solely by me were entirely focused on the Microsoft Active Directory Enterprise. Every Application; Active Directory, DNS, DHCP, Group Policy, Every Server and Server based Application.
• The site comprised of two physically separate networks, one classified network with 100 servers, and one un-classified network with 250 servers.
• Administrated to Physically Separate Active Directory Enterprises.
• Responsible for ensuring that all Servers were at current Patch Levels via WSUS, and Manual scripted Patch Bundles the security posture of the Microsoft based servers in both environments as well as all day to day break fix work as well as commissioning, and decommissioning servers. Work was performed utilizing SMS 2003 R2, WSUS, and manually managed and scripted Q-chains scripts that I ensured reflected the IAVA’s and recent updates..
• Managed the following technologies in the role: Microsoft Server Versions: NT 4.0, 2000, 2003, 2008; Microsoft Exchange 5.5, 2003; VPN Server 2003, SMS 2003 R2, Sharepoint 2005 R2, IIS 6.0 servers, MS SQL Servers various builds, Blackberry BES Server, VMWare.
• Performed security scans and audit work using the following tools: Retina, Gold Disk, and DIACAP Audit Guidelines.
• Scanned all Security event logs that are collected, and investigated the cause and whether they warranted further investigation by Security.

Confidential, Arlington, VA.

Lead Systems Administrator

Responsibilities:

• Led a team of 4 Systems Administrators on all aspects of Microsoft Server (2003/2008) administration tasks and day to day operation.
• Performed Active Directory modifications, DNS Administration, DHCP Administration, OU creations, deletions and security ACL changes to ensure security met DIACAP standards, and when integrating new products into the Active Directory Enterprise infrastructure.
• Performed Application code migrations to new server platforms when upgrades in architecture mandated the newer hardware.
• Setup and implemented a server build process to follow to ensure that all security was burned into the server prior to going into production.
• Monitored Active Directory to ensure it was functioning properly, and responsible for troubleshooting instances when we were experiencing issues within our Agency, or issues between Agencies.
• Managed the Group Policy Implementation, and troubleshooting Policy issues.
• Administrated the PKI smartcard, and Certificate server for the Agency. We had a console for managing cards and resetting passwords.
• Responsible for maintaining Security Posture of all Servers within the enclave following the Dept. of Defense alerts received from related security agencies.
• Also performed the role of the SMS/SCCM application SME.
• Implemented and managed the laptop and data encryption utilizing Credant Enterprise Server.
• Microsoft Server Versions: 2003, 2008; Certificate Authority Servers, Microsoft Exchange 2003, 2007; VPN Server 2003, SMS 2003 R2, Sharepoint 2005 R2, IIS 6.0 servers, MS SQL Servers various builds, Blackberry BES Server, VMWare.
• Performed security scans and audit work using the following tools: Retina, Gold Disk, and DIACAP Audit Guidelines and Compliance with current Patch levels on all servers and applications..
• Scanned all Security event logs that are collected, and investigated the cause and whether they warranted further investigation by Security.
• Microsoft Server Versions: 2003, 2008; Microsoft Exchange 2003, 2007; VPN Server 2003, SMS 2003 R2.
• Performed security scans and audit work using the following tools: Retina, MBSA, Gold Disk, and DIACAP Audit Guidelines.

Confidential, VA.

Systems Administrator

Responsibilities:

• Member of the Systems Administration of a secure network within the Bureau of Labor and Statistics that processed the Cost Pricing Index Report.
• Performed Active Directory modifications, DNS Administration, DHCP Administration OU creations, deletions and security ACL changes to ensure security met NIST and Agency standards, as well as when integrating new products into the Active Directory Enterprise infrastructure.
• Monitored Active Directory to ensure it was functioning properly, and responsible for troubleshooting instances when we were experiencing issues within our Agency, or issues between Agencies.
• Performed Active Directory modifications and troubleshooting and Replication Corrections, DNS Administration, DHCP Administration
• Managed the Group Policy Implementation, and troubleshooting Policy issues.
• Responsible for the security patching of servers and desktops within the boundary.
• Responsible for Server Migrations when platforms or hardware went end of life all applications and code were moved to the new hardware.
• Performed day to day administration tasks as well as break/fix work.
• Managed the SMS enclave within the secure boundary.
• Ensured that disaster recovery (COOP) site was tested and functioning monthly.
• Microsoft Server Versions: 2003, 2008; Microsoft Exchange 2003, SMS 2003 R2, IIS 6.0 servers, MS SQL Servers various builds.

Confidential, VA.

East Coast Remote Site Lead Systems Administrator / Engineer

Responsibilities:

• Responsible for managing the day to day Administration and IT tasks for 5 remote sites.
• 30 servers and 150 desktops.
• Performed IT requests made from the Network engineer at the Home office on Cisco Routers, Switches, Taclane tunnel encryptor devices.
• Managed remote site laptop encryption to ensure safety of data on mobile devices.
• Managed an NT 4.0 SP4 domain that was a precursor ‘Sharepoint site’ that was comprised of 2 Web Servers, 2 SQL servers, 2 IIS servers for document publishing for SPAWAR.
• Performed Active Directory modifications, OU creations, deletions and security ACL changes to ensure security met NIST and Company standards, as well as when integrating new products into the Active Directory Enterprise infrastructure.
• Performed Active Directory modifications and troubleshooting and Replication Corrections, DNS Administration, DHCP Administration
• Performed Migrations from NT Server 2000 to 2003, as well as the migrations of application code when possible, and upgraded applications to new versions to accommodate the new platform.
• Perfomed all monthly Patching and emergency Security Patches on all East Coast Remote Servers via WSUS, and some manual Scripted Patch Bundles that I managed and kept up to date.
• Monitored Active Directory to ensure it was functioning properly, and responsible for troubleshooting instances when we were experiencing issues within our Company, and between remote sites.
• Managed the Group Policy Implementation, and troubleshooting policy issues.
• Performed all patching on desktops and site based servers for each of my sites as well as day to day maintenance and break fix
• Performed cabling, and cable troubleshooting from desktop to patch panel, as well as troubleshooting connectivity between sites.
• Performed security scans and audit work using the following tools: Retina, Gold Disk, and DIACAP Audit Guidelines.
• Scanned all Security event logs that are collected, and investigated the cause and whether they warranted further investigation by Security.

TECHNICAL SKILLS

Antivirus Solutions: Symantec, McAffee EPO, Trend Micro, Nod32.

Endpoint Protection solutions: HBSS, BladeLogic, Symantec, Norton, Trend Micro, Nod32Enterprise monitoring: SCOM, Whatsup gold, MRTG, Nagios, Solar Winds, Net IQ, BMC

Security tools: Qualys, Tripwire, Retina, Nmap, WiresharkHardware: Dell, HP, Cisco, Security Appliances, Blade servers, Cisco devices.

SYSTEMSMicrosoft Server OS: NT 4.0, 2000, 2003(r2), 2008(r2)

Microsoft Desktop OS: 95, 98, NT workstation, 2000 workstation, XP, Windows 7.0

SECURITY STANDARDS

PCI-DSS v.2, v.3, DIACAP, NIST, CIS

EDUCATIONWittenberg University: Molecular Biology/Philosophy/English

Wilmington College: Molecular Biology/Philosophy/English

Certification Courses Completed:

C|EH Course CompletedJanuary 2012

CISSP Course CompletedOctober 2010

CCNA Course CompletedMarch 2010

SANS Course Securing Microsoft 505 SeriesDecember 2004

Microsoft System Management Server 2.0 TrainingSeptember 1999

Microsoft NT 4.0 MCSE TrainingMarch 1998