PROFESSIONAL EXPERIENCE

Confidential

Network Engineer/Analyst

• Currently working in Information Assurance as an Information Assurance Engineer creating DoD Information Assurance Certification and Accreditation Process DIACAP Packages for System Certification and Accreditation C A in the Joint Staff JS Command, Control, Communications and Computer Assessments Division C4AD . As part of this process, I use various tools such as Retina, Nessus, OpenVMS, Nexpose, and others, to scan completed systems and create input to documents such as the System Security Plan SSP , Systems Design Document SDD , etc., for networks and systems as part of the packages we submit for C A into VMS and EMASS. I'm familiar with NIST 800-53 controls and some GRC tools/processes. I'm also serving as an Information Assurance Officer and Systems Engineer for the Information Assurance Center of Excellence IA CoE network. Presently performing code reviews for the Systems Development Life Cycle for Software Development programs, penetration testing of completed systems and applications, reconnaissance of networks to gain access to systems and applications, and escalating that access on known and unknown targets White Box vs. Black Box . I use many DOD approved and open source products including Fortify SCA Applications, WebInspect, Nmap, Nessus, Gold Disk, Wireshark, SCC, Netcat, Digital Volcano, Google Hacking, Whois, NSLookup, Dig, VMWare, Metasploit, MetasploitPro, BurpSuite, and Retina. Currently, I am studying for certification as a Licensed Penetration Tester ECSA/LPT , and the Cisco Certified Network Associate CCNA . I have excellent written and oral communication skills which I routinely utilize in the performance of my duties.

Confidential

Information Assurance

• Worked as an Information Assurance Engineer at the Air and Space Operations Center Weapon System AOC WS creating DIACAP packages and associated documentation for system C A at U.S. Air Combat Command. Routinely scanning and mitigating vulnerabilities in systems via scripts, security policy and maintaining security posture using the following tools Gold Disk, Host Based Security System HBSS , and Retina. Experience with other tools include PowerShell, OSSEC, WSH, and VBScript. Third Party WS Analyst ensuring their use within the AOC WS. Auditing and assisting the writing of policy documents as needed for the AOC WS.

Confidential

Information Assurance

• I worked as an Information Assurance Engineer at JFCOM before it was disestablished and became a Joint Staff operation creating DoD Information Assurance Certification and Accreditation Process DIACAP Packages for System Certification and Accreditation C A in the Joint Command, Control, Communications and Computer Assessments Division C4AD of the Joint Staff J6 as prescribed under DoD regulations 8510 . As part of this process, I created documents such as the System Security Plan SSP , Systems Design Document SDD , etc., for networks and systems as part of the packages we submit for C A. I also served as an Information Assurance Officer and Systems Engineer for the Information Assurance Center of Excellence IA CoE network. I performed code reviews for the Systems Development Life Cycle for Software Development programs, penetration testing of completed systems and applications, reconnaissance of networks, gaining access to systems and applications, and escalating that access against known and unknown targets. I utilized the documents created and the results of that testing to submit DIACAP packages for the Authority To Operate ATO , Interim ATO IATO , or Interim Authority To Test IATT . I used many DOD approved and open source products including Fortify SCA Applications, WebInspect, Nmap, Nessus, Gold Disk, Wireshark, SCC, Netcat, Digital Volcano, Google Hacking, Whois, NSLookup, Dig, VMWare, Metasploit, MetasploitPro, BurpSuite, and Retina.

Confidential

Web Security Consultant-Contractor

• I developed new functionality into existing Public Information Website and eliminated security issues
• related to the site via Firewalls, Intrusion Prevention Systems IPS , Intrusion Detection Systems IDS , security policies, rules, static code reviews, Information Assurance IA controls, Secure Sockets layer SSL's , Virtual Private Networks VPN's and constraints stored procedures, triggers in databases.
• Software packages utilized included SQL 2005 Management Studio, SQL 2000, and SQL 7, JavaScript, Flash, Dreamweaver and Visual Studio 2005.
• Administered Public Key Infrastructure over the Internet and Intranet.

Confidential

Intranet Applications Specialist/Database Developer-Contractor

• Developing/Rebuilding Wyeth Pharmaceutical Global Intranet Operations site utilizing Active
• Server Pages, Active Server Pages.Net, C , JavaScript, Visual Basic, Visual Basic.Net, Access 2000, 2003,
• Excel 2000, 2003, Oracle 8X, 9X, SQL, MS Project.

Confidential

Webmaster/Security Analyst/Database Administrator/E-Commerce Manager

• Security Manager for an Application Service Provider, conducted static code reviews, IA controls compliance, and authored Security Policy for the organization.
• Developed and managed networks and websites for Application Service Provider as Systems Administrator.
• Built on time and under budget, an ASP network that included Linux/UNIX DNS servers, email, websites IIS and Apache , routers, switches, hubs, VPN's and network infrastructure.
• Major contributor for an online database processing system for multiple websites and secured those sites via SSL and Certificate Services.
• Performed as Systems Administrator for Active Directory domains creating accounts and restricting access via Roles, Discretionary and Mandatory access controls.
• Created and managed SQL 7, 2K, 2005, MySQL, and Oracle servers to host websites such as Seaworldvacations.com, Sesameplacevacations.com, Buschgardensvacations.com, Cocobayresorts.com, Williamsburghotel.com, Couples.com, MyWilliamsburgvacations.com, and GolfMesquite.com.and many others Ensured maximum uptime for all sites 99.75 .
• Responsibilities included developing Business Continuity and Disaster Recovery Planning, Business Impact Analysis, Logical and Administrative Security, offsite restoration, reporting and analysis.
• Languages utilized included WSH, VBScript, C , VB6, ASP, VB.NET, ASP.NET, JAVA, JSP, JAVASCRIPT, PERL, C .
• Familiar with the following IDEs Visual Studio.NET 2003, 2005, 2005, CS4, Visio, FrontPage, Macromedia CS4, PowerScript, Eclipse, and MS Project.
• Designed, developed, and participated in diverse team project for military inventory and supply in forward areas using Windows Servers and MS SQL 2005.

Confidential

Network Engineer/Analyst

• LAN and WAN Networking, DHCP, Static IP, and Router Configuration.
• Customer Training and complex problem resolution.
• Supported Client/Server Applications for LAN's.

Confidential

Flight Instructor/Aircraft Mechanic

• Researched, developed, and taught educational curriculum for ground/flight instrument school including flight, air traffic procedures, cockpit resource management, and safety for light single and multi-engine aircraft.
• During non-flight status, maintained and inspected aircraft for flight school as a qualified A P Mechanic.